package oracle.kv.impl.util.registry.ssl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.Thread;
import java.net.ServerSocket;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import javax.net.ssl.SSLSocket;
import oracle.kv.impl.async.EndpointConfigBuilder;
import oracle.kv.impl.async.ListenerConfigBuilder;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.ssl.SSLControl;
import oracle.kv.impl.util.ObjectUtil;
import oracle.kv.impl.util.PortRange;
import oracle.kv.impl.util.registry.AsyncRegistryUtils;
import oracle.kv.impl.util.registry.ServerSocketFactory;

/* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory.class */
public class SSLServerSocketFactory extends ServerSocketFactory {
    private static final int HANDSHAKE_THREAD_MAX = 10;
    private static final int HANDSHAKE_QUEUE_MAX = 10;
    private static final long KEEPALIVE_MS = 10000;
    private static final AtomicInteger hsThreadCounter = new AtomicInteger(0);
    private final SSLControl sslControl;
    private final Map<Integer, ServerSocket> pendingSocketMap;

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$HandshakeAndVerify.class */
    private final class HandshakeAndVerify implements Runnable {
        private final SSLSocket sslSocket;
        private final ServerSocketFactory.AcceptQueue acceptQueue;

        private HandshakeAndVerify(SSLSocket sSLSocket, ServerSocketFactory.AcceptQueue acceptQueue) {
            this.sslSocket = sSLSocket;
            this.acceptQueue = acceptQueue;
        }

        @Override // java.lang.Runnable
        public void run() {
            if (!SSLServerSocketFactory.this.authenticateNewSocket(this.sslSocket) || this.acceptQueue.offer(this.sslSocket)) {
                return;
            }
            if (SSLServerSocketFactory.this.connectionLogger != null) {
                SSLServerSocketFactory.this.connectionLogger.info("Refused socket because accept queue is full");
            }
            SSLServerSocketFactory.this.forceCloseSocket(this.sslSocket);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$HandshakeThreadFactory.class */
    public class HandshakeThreadFactory implements ThreadFactory {
        private volatile int listenPort;

        HandshakeThreadFactory(int i) {
            this.listenPort = i;
        }

        @Override // java.util.concurrent.ThreadFactory
        public Thread newThread(Runnable runnable) {
            Thread thread = new Thread(runnable, "SSLHandshake-" + this.listenPort + "-" + SSLServerSocketFactory.hsThreadCounter.getAndIncrement());
            thread.setDaemon(true);
            thread.setUncaughtExceptionHandler(new LogUncaughtException());
            return thread;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$LogUncaughtException.class */
    private class LogUncaughtException implements Thread.UncaughtExceptionHandler {
        private LogUncaughtException() {
        }

        @Override // java.lang.Thread.UncaughtExceptionHandler
        public void uncaughtException(Thread thread, Throwable th) {
            if (SSLServerSocketFactory.this.connectionLogger != null) {
                SSLServerSocketFactory.this.connectionLogger.severe(thread + " experienced uncaught exception of " + th);
            }
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$RawAcceptor.class */
    private final class RawAcceptor implements Runnable {
        private final SSLPeerAuthServerSocket serverSocket;
        private final ThreadPoolExecutor handshakeExecutor;
        private final ServerSocketFactory.AcceptQueue acceptQueue;

        RawAcceptor(SSLPeerAuthServerSocket sSLPeerAuthServerSocket, ThreadPoolExecutor threadPoolExecutor, ServerSocketFactory.AcceptQueue acceptQueue) {
            this.serverSocket = sSLPeerAuthServerSocket;
            this.handshakeExecutor = threadPoolExecutor;
            this.acceptQueue = acceptQueue;
        }

        @Override // java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    SSLSocket wrapSSLSocket = SSLServerSocketFactory.this.wrapSSLSocket(this.serverSocket.normalAccept(), null);
                    try {
                        this.handshakeExecutor.execute(new HandshakeAndVerify(wrapSSLSocket, this.acceptQueue));
                    } catch (RejectedExecutionException e) {
                        if (SSLServerSocketFactory.this.connectionLogger != null) {
                            SSLServerSocketFactory.this.connectionLogger.info("Unable to queue socket for verification - interrupted.");
                        }
                        SSLServerSocketFactory.this.forceCloseSocket(wrapSSLSocket);
                    }
                } catch (IOException e2) {
                    try {
                        this.acceptQueue.close(e2);
                    } catch (IOException e3) {
                    }
                    try {
                        this.serverSocket.close();
                    } catch (IOException e4) {
                    }
                    if (SSLServerSocketFactory.this.connectionLogger != null) {
                        SSLServerSocketFactory.this.connectionLogger.info("Shutdown accept queue for port " + this.serverSocket.getLocalPort());
                        return;
                    }
                    return;
                }
            }
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$SSLAsyncServerSocket.class */
    private class SSLAsyncServerSocket extends ServerSocketFactory.AsyncServerSocket {
        private final Object handshakeExecutorLock;
        private ThreadPoolExecutor handshakeExecutor;

        SSLAsyncServerSocket(int i) throws IOException {
            super(i);
            this.handshakeExecutorLock = new Object();
        }

        @Override // oracle.kv.impl.util.registry.ServerSocketFactory.AsyncServerSocket, oracle.kv.impl.util.registry.NullServerSocket, java.net.ServerSocket, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            synchronized (this.closeLock) {
                if (this.closed) {
                    return;
                }
                synchronized (this.handshakeExecutorLock) {
                    if (this.handshakeExecutor != null) {
                        this.handshakeExecutor.shutdown();
                    }
                }
                super.close();
            }
        }

        @Override // oracle.kv.impl.async.SocketPrepared
        public void onPrepared(ByteBuffer byteBuffer, Socket socket) {
            synchronized (this.closeLock) {
                if (this.closed) {
                    return;
                }
                boolean z = false;
                try {
                    try {
                        SSLSocket wrapSSLSocket = SSLServerSocketFactory.this.wrapSSLSocket(socket, byteBuffer);
                        if (SSLServerSocketFactory.this.sslControl.peerAuthenticator() != null) {
                            try {
                                getHandshakeExecutor().execute(new HandshakeAndVerify(wrapSSLSocket, this.acceptQueue));
                                z = true;
                            } catch (RejectedExecutionException e) {
                                if (SSLServerSocketFactory.this.connectionLogger != null) {
                                    SSLServerSocketFactory.this.connectionLogger.info("Unable to queue socket for verification - interrupted.");
                                }
                            }
                        } else if (this.acceptQueue.offer(wrapSSLSocket)) {
                            z = true;
                        } else if (SSLServerSocketFactory.this.connectionLogger != null) {
                            SSLServerSocketFactory.this.connectionLogger.info("Refused socket because accept queue is full");
                        }
                    } catch (IOException e2) {
                        if (SSLServerSocketFactory.this.connectionLogger != null) {
                            SSLServerSocketFactory.this.connectionLogger.log(Level.WARNING, "Problem creating SSL socket: " + e2, (Throwable) e2);
                        }
                        if (0 == 0) {
                            SSLServerSocketFactory.this.forceCloseSocket(socket);
                        }
                    }
                } finally {
                    if (!z) {
                        SSLServerSocketFactory.this.forceCloseSocket(socket);
                    }
                }
            }
        }

        private ThreadPoolExecutor getHandshakeExecutor() {
            ThreadPoolExecutor threadPoolExecutor;
            synchronized (this.handshakeExecutorLock) {
                if (this.handshakeExecutor == null) {
                    this.handshakeExecutor = SSLServerSocketFactory.this.createHandshakeExecutor(getLocalPort());
                }
                threadPoolExecutor = this.handshakeExecutor;
            }
            return threadPoolExecutor;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$SSLNoPeerAuthServerSocket.class */
    private class SSLNoPeerAuthServerSocket extends ServerSocket {
        SSLNoPeerAuthServerSocket(int i, int i2) throws IOException {
            super(i, i2);
        }

        @Override // java.net.ServerSocket
        public Socket accept() throws IOException {
            return SSLServerSocketFactory.this.wrapSSLSocket(super.accept(), null);
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/registry/ssl/SSLServerSocketFactory$SSLPeerAuthServerSocket.class */
    private class SSLPeerAuthServerSocket extends ServerSocket {
        private final ServerSocketFactory.AcceptQueue acceptQueue;
        private final ThreadPoolExecutor handshakeExecutor;
        private final Thread rawAcceptor;

        SSLPeerAuthServerSocket(int i, int i2) throws IOException {
            super(i, i2);
            this.acceptQueue = new ServerSocketFactory.AcceptQueue();
            int localPort = getLocalPort();
            this.handshakeExecutor = SSLServerSocketFactory.this.createHandshakeExecutor(localPort);
            this.rawAcceptor = new Thread(new RawAcceptor(this, this.handshakeExecutor, this.acceptQueue), "SSLAccept-" + localPort);
            this.rawAcceptor.setDaemon(true);
            this.rawAcceptor.setUncaughtExceptionHandler(new LogUncaughtException());
            this.rawAcceptor.start();
        }

        Socket normalAccept() throws IOException {
            return super.accept();
        }

        @Override // java.net.ServerSocket
        public Socket accept() throws IOException {
            return this.acceptQueue.accept();
        }

        @Override // java.net.ServerSocket, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            if (this.handshakeExecutor != null) {
                this.handshakeExecutor.shutdown();
            }
            super.close();
        }
    }

    public SSLServerSocketFactory(SSLControl sSLControl, int i, int i2, int i3) {
        super(i, i2, i3);
        this.sslControl = (SSLControl) ObjectUtil.checkNull("sslControl", sSLControl);
        this.pendingSocketMap = new HashMap();
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public SSLServerSocketFactory newInstance(int i) {
        return new SSLServerSocketFactory(this.sslControl, this.backlog, i, i);
    }

    public String toString() {
        return "<SSLServerSocketFactory backlog=" + this.backlog + " portRange=" + this.startPort + ParameterUtils.HELPER_HOST_SEPARATOR + this.endPort + " sslControl=" + this.sslControl + (AsyncRegistryUtils.serverUseAsync ? " useAsync" : "") + ">";
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public int hashCode() {
        return (31 * super.hashCode()) + this.sslControl.hashCode();
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        return super.equals(obj) && (obj instanceof SSLServerSocketFactory) && this.sslControl.equals(((SSLServerSocketFactory) obj).sslControl);
    }

    public static SSLServerSocketFactory create(SSLControl sSLControl, int i, String str) {
        if (str == null || PortRange.isUnconstrained(str)) {
            return new SSLServerSocketFactory(sSLControl, i, 0, 0);
        }
        List<Integer> range = PortRange.getRange(str);
        return new SSLServerSocketFactory(sSLControl, i, range.get(0).intValue(), range.get(1).intValue());
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    protected ServerSocket instantiateServerSocket(int i) throws IOException {
        ServerSocket retrievePendingSocket;
        return (i == 0 || (retrievePendingSocket = retrievePendingSocket(i)) == null) ? this.sslControl.peerAuthenticator() == null ? new SSLNoPeerAuthServerSocket(i, this.backlog) : new SSLPeerAuthServerSocket(i, this.backlog) : retrievePendingSocket;
    }

    private synchronized ServerSocket retrievePendingSocket(int i) {
        return this.pendingSocketMap.remove(Integer.valueOf(i));
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public synchronized ServerSocket preallocateServerSocket() throws IOException {
        if (this.sslControl.peerAuthenticator() == null) {
            return null;
        }
        ServerSocket createServerSocket = createServerSocket(0);
        this.pendingSocketMap.put(Integer.valueOf(createServerSocket.getLocalPort()), createServerSocket);
        return createServerSocket;
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public synchronized void discardServerSocket(ServerSocket serverSocket) {
        Iterator<ServerSocket> it = this.pendingSocketMap.values().iterator();
        while (it.hasNext()) {
            if (it.next() == serverSocket) {
                it.remove();
                break;
            }
        }
        try {
            serverSocket.close();
        } catch (IOException e) {
        }
    }

    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    protected ServerSocket createAsyncServerSocket(int i) throws IOException {
        ServerSocket retrievePendingSocket;
        return (i == 0 || (retrievePendingSocket = retrievePendingSocket(i)) == null) ? new SSLAsyncServerSocket(i) : retrievePendingSocket;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.kv.impl.util.registry.ServerSocketFactory
    public ListenerConfigBuilder getListenerConfigBuilder(int i) {
        ListenerConfigBuilder listenerConfigBuilder = super.getListenerConfigBuilder(i);
        listenerConfigBuilder.endpointConfigBuilder(new EndpointConfigBuilder().sslControl(this.sslControl));
        return listenerConfigBuilder;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLSocket wrapSSLSocket(Socket socket, ByteBuffer byteBuffer) throws IOException {
        ByteArrayInputStream byteArrayInputStream = null;
        if (byteBuffer != null) {
            byte[] bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
            byteArrayInputStream = new ByteArrayInputStream(bArr);
        }
        SSLSocket sSLSocket = (SSLSocket) this.sslControl.sslContext().getSocketFactory().createSocket(socket, byteArrayInputStream, true);
        sSLSocket.setUseClientMode(false);
        this.sslControl.applySSLParameters(sSLSocket);
        return sSLSocket;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ThreadPoolExecutor createHandshakeExecutor(int i) {
        return new ThreadPoolExecutor(1, 10, 10000L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue(10), new HandshakeThreadFactory(i));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean authenticateNewSocket(SSLSocket sSLSocket) {
        try {
            sSLSocket.startHandshake();
            if (this.sslControl.peerAuthenticator().isTrusted(sSLSocket.getSession())) {
                return true;
            }
            if (this.connectionLogger != null) {
                this.connectionLogger.info("Rejecting client connection");
            }
            forceCloseSocket(sSLSocket);
            return false;
        } catch (IOException e) {
            if (this.connectionLogger != null) {
                this.connectionLogger.info("error while handshaking: " + e);
            }
            forceCloseSocket(sSLSocket);
            return false;
        }
    }
}
