package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.function.BiFunction;
import javax.crypto.BadPaddingException;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;
import sun.security.ssl.Ciphertext;

/* loaded from: input_file:META-INF/modules/java.base/classes/sun/security/ssl/SSLEngineImpl.class */
public final class SSLEngineImpl extends SSLEngine {
    private int connectionState;
    private static final int cs_START = 0;
    private static final int cs_HANDSHAKE = 1;
    private static final int cs_DATA = 2;
    private static final int cs_RENEGOTIATE = 3;
    private static final int cs_ERROR = 4;
    private static final int cs_CLOSED = 6;
    private boolean inboundDone;
    private boolean outboundDone;
    private SSLContextImpl sslContext;
    private Handshaker handshaker;
    private SSLSessionImpl sess;
    private volatile SSLSessionImpl handshakeSession;
    private boolean expectingFinished;
    private boolean recvCN;
    private SSLException closeReason;
    private ClientAuthType doClientAuth;
    private boolean enableSessionCreation;
    InputRecord inputRecord;
    OutputRecord outputRecord;
    private AccessControlContext acc;
    private CipherSuiteList enabledCipherSuites;
    private String identificationProtocol;
    private AlgorithmConstraints algorithmConstraints;
    List<SNIServerName> serverNames;
    Collection<SNIMatcher> sniMatchers;
    String[] applicationProtocols;
    String applicationProtocol;
    BiFunction<SSLEngine, List<String>, String> applicationProtocolSelector;
    private boolean serverModeSet;
    private boolean roleIsServer;
    private ProtocolList enabledProtocols;
    private ProtocolVersion protocolVersion;
    private boolean secureRenegotiation;
    private byte[] clientVerifyData;
    private byte[] serverVerifyData;
    private Object wrapLock;
    private Object unwrapLock;
    Object writeLock;
    private boolean preferLocalCipherSuites;
    private boolean enableRetransmissions;
    private int maximumPacketSize;
    private final boolean isDTLS;
    private static final Debug debug;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngineImpl(SSLContextImpl sSLContextImpl, boolean z) {
        this.inboundDone = false;
        this.outboundDone = false;
        this.doClientAuth = ClientAuthType.CLIENT_AUTH_NONE;
        this.enableSessionCreation = true;
        this.identificationProtocol = null;
        this.algorithmConstraints = null;
        this.serverNames = Collections.emptyList();
        this.sniMatchers = Collections.emptyList();
        this.applicationProtocols = new String[0];
        this.applicationProtocol = null;
        this.serverModeSet = false;
        this.preferLocalCipherSuites = false;
        this.enableRetransmissions = false;
        this.maximumPacketSize = 0;
        this.isDTLS = z;
        init(sSLContextImpl, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngineImpl(SSLContextImpl sSLContextImpl, String str, int i, boolean z) {
        super(str, i);
        this.inboundDone = false;
        this.outboundDone = false;
        this.doClientAuth = ClientAuthType.CLIENT_AUTH_NONE;
        this.enableSessionCreation = true;
        this.identificationProtocol = null;
        this.algorithmConstraints = null;
        this.serverNames = Collections.emptyList();
        this.sniMatchers = Collections.emptyList();
        this.applicationProtocols = new String[0];
        this.applicationProtocol = null;
        this.serverModeSet = false;
        this.preferLocalCipherSuites = false;
        this.enableRetransmissions = false;
        this.maximumPacketSize = 0;
        this.isDTLS = z;
        init(sSLContextImpl, z);
    }

    private void init(SSLContextImpl sSLContextImpl, boolean z) {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println("Using SSLEngineImpl.");
        }
        this.sslContext = sSLContextImpl;
        this.sess = SSLSessionImpl.nullSession;
        this.handshakeSession = null;
        this.protocolVersion = z ? ProtocolVersion.DEFAULT_DTLS : ProtocolVersion.DEFAULT_TLS;
        this.roleIsServer = true;
        this.connectionState = 0;
        this.serverNames = Utilities.addToSNIServerNameList(this.serverNames, getPeerHost());
        this.secureRenegotiation = false;
        this.clientVerifyData = new byte[0];
        this.serverVerifyData = new byte[0];
        this.enabledCipherSuites = this.sslContext.getDefaultCipherSuiteList(this.roleIsServer);
        this.enabledProtocols = this.sslContext.getDefaultProtocolList(this.roleIsServer);
        this.wrapLock = new Object();
        this.unwrapLock = new Object();
        this.writeLock = new Object();
        this.acc = AccessController.getContext();
        if (z) {
            this.enableRetransmissions = true;
            this.outputRecord = new DTLSOutputRecord();
            this.inputRecord = new DTLSInputRecord();
        } else {
            this.outputRecord = new SSLEngineOutputRecord();
            this.inputRecord = new SSLEngineInputRecord();
        }
        this.maximumPacketSize = this.outputRecord.getMaxPacketSize();
    }

    private void initHandshaker() {
        switch (this.connectionState) {
            case 0:
            case 2:
                if (this.connectionState == 0) {
                    this.connectionState = 1;
                } else {
                    this.connectionState = 3;
                }
                if (this.roleIsServer) {
                    this.handshaker = new ServerHandshaker(this, this.sslContext, this.enabledProtocols, this.doClientAuth, this.protocolVersion, this.connectionState == 1, this.secureRenegotiation, this.clientVerifyData, this.serverVerifyData, this.isDTLS);
                    this.handshaker.setSNIMatchers(this.sniMatchers);
                    this.handshaker.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
                } else {
                    this.handshaker = new ClientHandshaker(this, this.sslContext, this.enabledProtocols, this.protocolVersion, this.connectionState == 1, this.secureRenegotiation, this.clientVerifyData, this.serverVerifyData, this.isDTLS);
                    this.handshaker.setSNIServerNames(this.serverNames);
                }
                this.handshaker.setMaximumPacketSize(this.maximumPacketSize);
                this.handshaker.setEnabledCipherSuites(this.enabledCipherSuites);
                this.handshaker.setEnableSessionCreation(this.enableSessionCreation);
                this.handshaker.setApplicationProtocols(this.applicationProtocols);
                this.handshaker.setApplicationProtocolSelectorSSLEngine(this.applicationProtocolSelector);
                this.outputRecord.initHandshaker();
                return;
            case 1:
            case 3:
                return;
            default:
                throw new IllegalStateException("Internal error");
        }
    }

    private SSLEngineResult.HandshakeStatus getHSStatus(SSLEngineResult.HandshakeStatus handshakeStatus) {
        if (handshakeStatus != null) {
            return handshakeStatus;
        }
        synchronized (this) {
            if (!this.outputRecord.isEmpty()) {
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            }
            if (this.handshaker == null) {
                if (this.connectionState != 6 || isInboundDone()) {
                    return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
                }
                return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
            }
            if (this.handshaker.taskOutstanding()) {
                return SSLEngineResult.HandshakeStatus.NEED_TASK;
            }
            if (!this.isDTLS || this.inputRecord.isEmpty()) {
                return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
            }
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN;
        }
    }

    private synchronized void checkTaskThrown() throws SSLException {
        if (this.handshaker != null) {
            this.handshaker.checkThrown();
        }
    }

    private synchronized int getConnectionState() {
        return this.connectionState;
    }

    private synchronized void setConnectionState(int i) {
        this.connectionState = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlContext getAcc() {
        return this.acc;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return getHSStatus(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void changeWriteCiphers() throws IOException {
        try {
            CipherBox newWriteCipher = this.handshaker.newWriteCipher();
            this.outputRecord.changeWriteCiphers(this.handshaker.newWriteAuthenticator(), newWriteCipher);
        } catch (GeneralSecurityException e) {
            throw new SSLException("Algorithm missing:  ", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setVersion(ProtocolVersion protocolVersion) {
        this.protocolVersion = protocolVersion;
        this.outputRecord.setVersion(protocolVersion);
    }

    private synchronized void kickstartHandshake() throws IOException {
        switch (this.connectionState) {
            case 0:
                if (!this.serverModeSet) {
                    throw new IllegalStateException("Client/Server mode not yet set.");
                }
                initHandshaker();
                break;
            case 1:
                break;
            case 2:
                if (!this.secureRenegotiation && !Handshaker.allowUnsafeRenegotiation) {
                    throw new SSLHandshakeException("Insecure renegotiation is not allowed");
                }
                if (!this.secureRenegotiation && debug != null && Debug.isOn("handshake")) {
                    System.out.println("Warning: Using insecure renegotiation");
                }
                initHandshaker();
                break;
                break;
            case 3:
                return;
            default:
                throw new SSLException("SSLEngine is closing/closed");
        }
        if (this.handshaker.activated()) {
            return;
        }
        if (this.connectionState == 3) {
            this.handshaker.activate(this.protocolVersion);
        } else {
            this.handshaker.activate(null);
        }
        if (this.handshaker instanceof ClientHandshaker) {
            this.handshaker.kickstart();
        } else {
            if (this.connectionState == 1) {
                return;
            }
            this.handshaker.kickstart();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        try {
            kickstartHandshake();
        } catch (Exception e) {
            fatal((byte) 40, "Couldn't kickstart handshaking", e);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        SSLEngineResult readNetRecord;
        checkEngineParas(byteBuffer, byteBufferArr, i, i2, false);
        try {
            synchronized (this.unwrapLock) {
                readNetRecord = readNetRecord(byteBuffer, byteBufferArr, i, i2);
            }
            return readNetRecord;
        } catch (SSLProtocolException e) {
            fatal((byte) 10, e.getMessage(), e);
            return null;
        } catch (Exception e2) {
            fatal((byte) 80, "problem unwrapping net record", e2);
            return null;
        }
    }

    private static void checkEngineParas(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2, boolean z) {
        if (byteBuffer == null || byteBufferArr == null) {
            throw new IllegalArgumentException("src/dst is null");
        }
        if (i < 0 || i2 < 0 || i > byteBufferArr.length - i2) {
            throw new IndexOutOfBoundsException();
        }
        if (z && byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        for (int i3 = i; i3 < i + i2; i3++) {
            if (byteBufferArr[i3] == null) {
                throw new IllegalArgumentException("appData[" + i3 + "] == null");
            }
            if (!z && byteBufferArr[i3].isReadOnly()) {
                throw new ReadOnlyBufferException();
            }
        }
    }

    private SSLEngineResult readNetRecord(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        checkTaskThrown();
        if (isInboundDone()) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHSStatus(null), 0, 0);
        }
        synchronized (this) {
            if (this.connectionState == 1 || this.connectionState == 0) {
                kickstartHandshake();
                handshakeStatus = getHSStatus(null);
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
                }
            }
            if (handshakeStatus == null) {
                handshakeStatus = getHSStatus(null);
            }
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
            }
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) {
                try {
                    Plaintext readRecord = readRecord(null, null, 0, 0);
                    return new SSLEngineResult(isInboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, getHSStatus(readRecord.handshakeStatus), 0, 0, readRecord.recordSN);
                } catch (SSLException e) {
                    throw e;
                } catch (IOException e2) {
                    throw new SSLException("readRecord", e2);
                }
            }
            try {
                int bytesInCompletePacket = this.inputRecord.bytesInCompletePacket(byteBuffer);
                if (bytesInCompletePacket > this.sess.getPacketBufferSize()) {
                    if (bytesInCompletePacket <= (this.isDTLS ? DTLSRecord.maxRecordSize : SSLRecord.maxLargeRecordSize) && !this.isDTLS) {
                        this.sess.expandBufferSizes();
                    }
                    int packetBufferSize = this.sess.getPacketBufferSize();
                    if (bytesInCompletePacket > packetBufferSize) {
                        throw new SSLProtocolException("Input record too big: max = " + packetBufferSize + " len = " + bytesInCompletePacket);
                    }
                }
                int position = byteBuffer.position();
                int i3 = 0;
                for (int i4 = i; i4 < i + i2; i4++) {
                    if (byteBufferArr[i4] == null) {
                        throw new IllegalArgumentException("appData[" + i4 + "] == null");
                    }
                    i3 += byteBufferArr[i4].remaining();
                }
                if ((this.connectionState == 2 || this.connectionState == 3) && this.inputRecord.estimateFragmentSize(bytesInCompletePacket) > i3) {
                    return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus, 0, 0);
                }
                if (bytesInCompletePacket == -1 || byteBuffer.remaining() < bytesInCompletePacket) {
                    return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, handshakeStatus, 0, 0);
                }
                try {
                    Plaintext readRecord2 = readRecord(byteBuffer, byteBufferArr, i, i2);
                    SSLEngineResult.Status status = isInboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
                    SSLEngineResult.HandshakeStatus hSStatus = getHSStatus(readRecord2.handshakeStatus);
                    int position2 = byteBuffer.position() - position;
                    int i5 = i3;
                    for (int i6 = i; i6 < i + i2; i6++) {
                        i5 -= byteBufferArr[i6].remaining();
                    }
                    return new SSLEngineResult(status, hSStatus, position2, i5, readRecord2.recordSN);
                } catch (SSLException e3) {
                    throw e3;
                } catch (IOException e4) {
                    throw new SSLException("readRecord", e4);
                }
            } catch (SSLException e5) {
                if (!this.isDTLS) {
                    throw e5;
                }
                if (debug != null && Debug.isOn("ssl")) {
                    System.out.println(Thread.currentThread().getName() + " discard invalid record: " + ((Object) e5));
                }
                int remaining = byteBuffer.remaining();
                byteBuffer.position(byteBuffer.limit());
                return new SSLEngineResult(isInboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, getHSStatus(handshakeStatus), remaining, 0, -1L);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void expectingFinishFlight() {
        this.inputRecord.expectingFinishFlight();
    }

    private Plaintext readRecord(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        Plaintext plaintext = null;
        if (getConnectionState() == 4) {
            return Plaintext.PLAINTEXT_NULL;
        }
        try {
            if (this.isDTLS) {
                plaintext = this.inputRecord.acquirePlaintext();
            }
            if ((!this.isDTLS || plaintext == null) && byteBuffer != null) {
                plaintext = this.inputRecord.decode(byteBuffer);
            }
        } catch (UnsupportedOperationException e) {
            if (!this.isDTLS) {
                this.outputRecord.encodeV2NoCipher();
            }
            fatal((byte) 10, e);
        } catch (BadPaddingException e2) {
            fatal(this.connectionState != 2 ? (byte) 40 : (byte) 20, e2.getMessage(), e2);
        } catch (SSLHandshakeException e3) {
            fatal((byte) 40, e3);
        } catch (IOException e4) {
            fatal((byte) 10, e4);
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        if (plaintext == Plaintext.PLAINTEXT_NULL) {
            if (this.enableRetransmissions) {
                if (debug != null && Debug.isOn("verbose")) {
                    Debug.log("Retransmit the previous handshake flight messages.");
                }
                synchronized (this) {
                    this.outputRecord.launchRetransmission();
                }
            }
        } else if (!this.isDTLS || plaintext != null) {
            handshakeStatus = processInputRecord(plaintext, byteBufferArr, i, i2);
        }
        if (handshakeStatus == null) {
            handshakeStatus = getHSStatus(null);
        }
        if (plaintext == null) {
            plaintext = Plaintext.PLAINTEXT_NULL;
        }
        plaintext.handshakeStatus = handshakeStatus;
        return plaintext;
    }

    private synchronized SSLEngineResult.HandshakeStatus processInputRecord(Plaintext plaintext, ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        switch (plaintext.contentType) {
            case 20:
                if (this.connectionState != 1 && this.connectionState != 3) {
                    fatal((byte) 10, "illegal change cipher spec msg, conn state = " + this.connectionState);
                } else if (plaintext.fragment.remaining() != 1 || plaintext.fragment.get() != 1) {
                    fatal((byte) 10, "Malformed change cipher spec msg");
                }
                this.handshaker.receiveChangeCipherSpec();
                try {
                    this.inputRecord.changeReadCiphers(this.handshaker.newReadAuthenticator(), this.handshaker.newReadCipher());
                    this.expectingFinished = true;
                    break;
                } catch (GeneralSecurityException e) {
                    throw new SSLException("Algorithm missing:  ", e);
                }
                break;
            case 21:
                recvAlert(plaintext.fragment);
                break;
            case 22:
                initHandshaker();
                if (!this.handshaker.activated()) {
                    if (this.connectionState == 3) {
                        this.handshaker.activate(this.protocolVersion);
                    } else {
                        this.handshaker.activate(null);
                    }
                }
                this.handshaker.processRecord(plaintext.fragment, this.expectingFinished);
                this.expectingFinished = false;
                if (this.handshaker.invalidated) {
                    finishHandshake();
                    if (this.connectionState == 3) {
                        this.connectionState = 2;
                        break;
                    }
                } else if (this.handshaker.isDone()) {
                    this.secureRenegotiation = this.handshaker.isSecureRenegotiation();
                    this.clientVerifyData = this.handshaker.getClientVerifyData();
                    this.serverVerifyData = this.handshaker.getServerVerifyData();
                    this.applicationProtocol = this.handshaker.getHandshakeApplicationProtocol();
                    this.sess = this.handshaker.getSession();
                    this.handshakeSession = null;
                    if (this.outputRecord.isEmpty()) {
                        handshakeStatus = finishHandshake();
                        this.connectionState = 2;
                        break;
                    }
                } else if (this.handshaker.taskOutstanding()) {
                    handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_TASK;
                    break;
                }
                break;
            case 23:
                if (this.connectionState != 2 && this.connectionState != 3 && this.connectionState != 6) {
                    throw new SSLProtocolException("Data received in non-data state: " + this.connectionState);
                }
                if (this.expectingFinished) {
                    throw new SSLProtocolException("Expecting finished message, received data");
                }
                if (!this.inboundDone) {
                    ByteBuffer byteBuffer = plaintext.fragment;
                    int remaining = byteBuffer.remaining();
                    for (int i3 = i; i3 < i + i2 && remaining > 0; i3++) {
                        int min = Math.min(byteBufferArr[i3].remaining(), remaining);
                        byteBuffer.limit(byteBuffer.position() + min);
                        byteBufferArr[i3].put(byteBuffer);
                        remaining -= min;
                    }
                }
                break;
            default:
                if (debug != null && Debug.isOn("ssl")) {
                    System.out.println(Thread.currentThread().getName() + ", Received record type: " + ((int) plaintext.contentType));
                    break;
                }
                break;
        }
        SSLEngineResult.HandshakeStatus hSStatus = getHSStatus(handshakeStatus);
        if (this.connectionState < 4 && !isInboundDone() && hSStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && this.inputRecord.seqNumIsHuge()) {
            if (debug != null && Debug.isOn("ssl")) {
                System.out.println(Thread.currentThread().getName() + ", request renegotiation to avoid sequence number overflow");
            }
            beginHandshake();
            hSStatus = getHSStatus(null);
        }
        return hSStatus;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        SSLEngineResult writeAppRecord;
        checkEngineParas(byteBuffer, byteBufferArr, i, i2, true);
        if (byteBuffer.remaining() < this.sess.getPacketBufferSize()) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0);
        }
        try {
            synchronized (this.wrapLock) {
                writeAppRecord = writeAppRecord(byteBufferArr, i, i2, byteBuffer);
            }
            return writeAppRecord;
        } catch (SSLProtocolException e) {
            fatal((byte) 10, e.getMessage(), e);
            return null;
        } catch (Exception e2) {
            fatal((byte) 80, "problem wrapping app data", e2);
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:47:0x0165  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x0194 A[LOOP:1: B:49:0x018c->B:51:0x0194, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:55:0x016b  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private javax.net.ssl.SSLEngineResult writeAppRecord(java.nio.ByteBuffer[] r10, int r11, int r12, java.nio.ByteBuffer r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 443
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sun.security.ssl.SSLEngineImpl.writeAppRecord(java.nio.ByteBuffer[], int, int, java.nio.ByteBuffer):javax.net.ssl.SSLEngineResult");
    }

    private Ciphertext writeRecord(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws IOException {
        Ciphertext ciphertext = null;
        try {
            if (!this.outputRecord.isEmpty() || (this.enableRetransmissions && this.handshaker != null)) {
                ciphertext = this.outputRecord.acquireCiphertext(byteBuffer);
            }
            if (ciphertext == null && byteBufferArr != null) {
                ciphertext = this.outputRecord.encode(byteBufferArr, i, i2, byteBuffer);
            }
            if (ciphertext == null) {
                return Ciphertext.CIPHERTEXT_NULL;
            }
            SSLEngineResult.HandshakeStatus handshakeStatus = null;
            Ciphertext.RecordType recordType = ciphertext.recordType;
            if (recordType.contentType == 22 && recordType.handshakeType == 20 && this.outputRecord.isEmpty()) {
                if (this.handshaker == null) {
                    handshakeStatus = SSLEngineResult.HandshakeStatus.FINISHED;
                } else if (this.handshaker.isDone()) {
                    handshakeStatus = finishHandshake();
                    this.connectionState = 2;
                    if (this.isDTLS && this.enableRetransmissions) {
                        if (debug != null && Debug.isOn("verbose")) {
                            Debug.log("Retransmit the last flight messages.");
                        }
                        synchronized (this) {
                            this.outputRecord.launchRetransmission();
                        }
                        handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
                    }
                }
            }
            SSLEngineResult.HandshakeStatus hSStatus = getHSStatus(handshakeStatus);
            if (this.connectionState < 4 && !isOutboundDone() && hSStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && this.outputRecord.seqNumIsHuge()) {
                if (debug != null && Debug.isOn("ssl")) {
                    System.out.println(Thread.currentThread().getName() + ", request renegotiation to avoid sequence number overflow");
                }
                beginHandshake();
                hSStatus = getHSStatus(null);
            }
            ciphertext.handshakeStatus = hSStatus;
            return ciphertext;
        } catch (SSLHandshakeException e) {
            fatal((byte) 40, e);
            return Ciphertext.CIPHERTEXT_NULL;
        } catch (IOException e2) {
            fatal((byte) 10, e2);
            return Ciphertext.CIPHERTEXT_NULL;
        }
    }

    private SSLEngineResult.HandshakeStatus finishHandshake() {
        this.handshaker = null;
        this.inputRecord.setHandshakeHash(null);
        this.outputRecord.setHandshakeHash(null);
        this.connectionState = 2;
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    private void closeOutboundInternal() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", closeOutboundInternal()");
        }
        if (this.outboundDone) {
            return;
        }
        switch (this.connectionState) {
            case 0:
                try {
                    this.outputRecord.close();
                } catch (IOException e) {
                }
                this.outboundDone = true;
                try {
                    this.inputRecord.close();
                } catch (IOException e2) {
                }
                this.inboundDone = true;
                break;
            case 4:
            case 6:
                break;
            default:
                warning((byte) 0);
                try {
                    this.outputRecord.close();
                } catch (IOException e3) {
                }
                this.outboundDone = true;
                break;
        }
        this.connectionState = 6;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", called closeOutbound()");
        }
        closeOutboundInternal();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        return this.outboundDone && this.outputRecord.isEmpty();
    }

    private void closeInboundInternal() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", closeInboundInternal()");
        }
        if (this.inboundDone) {
            return;
        }
        closeOutboundInternal();
        try {
            this.inputRecord.close();
        } catch (IOException e) {
        }
        this.inboundDone = true;
        this.connectionState = 6;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", called closeInbound()");
        }
        if (this.connectionState == 0 || this.recvCN) {
            closeInboundInternal();
        } else {
            this.recvCN = true;
            fatal((byte) 80, "Inbound closed before receiving peer's close_notify: possible truncation attack?");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.inboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getSession() {
        return this.sess;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getHandshakeSession() {
        return this.handshakeSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setHandshakeSession(SSLSessionImpl sSLSessionImpl) {
        this.inputRecord.changeFragmentSize(sSLSessionImpl.getNegotiatedMaxFragSize());
        this.outputRecord.changeFragmentSize(sSLSessionImpl.getNegotiatedMaxFragSize());
        this.handshakeSession = sSLSessionImpl;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized Runnable getDelegatedTask() {
        if (this.handshaker != null) {
            return this.handshaker.getTask();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void warning(byte b) {
        sendAlert((byte) 1, b);
    }

    synchronized void fatal(byte b, String str) throws SSLException {
        fatal(b, str, null, false);
    }

    synchronized void fatal(byte b, Throwable th) throws SSLException {
        fatal(b, null, th, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void fatal(byte b, String str, Throwable th) throws SSLException {
        fatal(b, str, th, false);
    }

    synchronized void fatal(byte b, String str, Throwable th, boolean z) throws SSLException {
        if (str == null) {
            str = "General SSLEngine problem";
        }
        if (th == null) {
            th = Alerts.getSSLException(b, th, str);
        }
        if (this.closeReason != null) {
            if (debug != null && Debug.isOn("ssl")) {
                System.out.println(Thread.currentThread().getName() + ", fatal: engine already closed.  Rethrowing " + th.toString());
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (th instanceof SSLException) {
                throw ((SSLException) th);
            }
            if (th instanceof Exception) {
                throw new SSLException("fatal SSLEngine condition", th);
            }
        }
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", fatal error: " + ((int) b) + ": " + str + "\n" + th.toString());
        }
        int i = this.connectionState;
        this.connectionState = 4;
        try {
            this.inputRecord.close();
        } catch (IOException e) {
        }
        this.inboundDone = true;
        this.sess.invalidate();
        if (this.handshakeSession != null) {
            this.handshakeSession.invalidate();
        }
        if (i != 0 && !z) {
            sendAlert((byte) 2, b);
        }
        if (th instanceof SSLException) {
            this.closeReason = (SSLException) th;
        } else {
            this.closeReason = Alerts.getSSLException(b, th, str);
        }
        try {
            this.outputRecord.close();
        } catch (IOException e2) {
        }
        this.outboundDone = true;
        this.connectionState = 6;
        if (!(th instanceof RuntimeException)) {
            throw this.closeReason;
        }
        throw ((RuntimeException) th);
    }

    private void recvAlert(ByteBuffer byteBuffer) throws IOException {
        byte b = byteBuffer.get();
        byte b2 = byteBuffer.get();
        if (debug != null && (Debug.isOn("record") || Debug.isOn("handshake"))) {
            synchronized (System.out) {
                System.out.print(Thread.currentThread().getName());
                System.out.print(", RECV " + ((Object) this.protocolVersion) + " ALERT:  ");
                if (b == 2) {
                    System.out.print("fatal, ");
                } else if (b == 1) {
                    System.out.print("warning, ");
                } else {
                    System.out.print("<level " + (255 & b) + ">, ");
                }
                System.out.println(Alerts.alertDescription(b2));
            }
        }
        if (b != 1) {
            String str = "Received fatal alert: " + Alerts.alertDescription(b2);
            this.handshaker = null;
            fatal(b2, null, Alerts.getSSLException(b2, str), true);
        } else {
            if (b2 == -1) {
                fatal((byte) 47, "Short alert message");
                return;
            }
            if (b2 != 0) {
                if (this.handshaker != null) {
                    this.handshaker.handshakeAlert(b2);
                }
            } else if (this.connectionState == 1) {
                fatal((byte) 10, "Received close_notify during handshake");
            } else {
                this.recvCN = true;
                closeInboundInternal();
            }
        }
    }

    private void sendAlert(byte b, byte b2) {
        if (this.connectionState >= 6) {
            return;
        }
        if (this.connectionState > 1 || (this.handshaker != null && this.handshaker.started() && this.handshaker.activated())) {
            try {
                this.outputRecord.encodeAlert(b, b2);
            } catch (IOException e) {
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnableSessionCreation(boolean z) {
        this.enableSessionCreation = z;
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnableSessionCreation(this.enableSessionCreation);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getEnableSessionCreation() {
        return this.enableSessionCreation;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setNeedClientAuth(boolean z) {
        this.doClientAuth = z ? ClientAuthType.CLIENT_AUTH_REQUIRED : ClientAuthType.CLIENT_AUTH_NONE;
        if (this.handshaker == null || !(this.handshaker instanceof ServerHandshaker) || this.handshaker.activated()) {
            return;
        }
        ((ServerHandshaker) this.handshaker).setClientAuth(this.doClientAuth);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getNeedClientAuth() {
        return this.doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setWantClientAuth(boolean z) {
        this.doClientAuth = z ? ClientAuthType.CLIENT_AUTH_REQUESTED : ClientAuthType.CLIENT_AUTH_NONE;
        if (this.handshaker == null || !(this.handshaker instanceof ServerHandshaker) || this.handshaker.activated()) {
            return;
        }
        ((ServerHandshaker) this.handshaker).setClientAuth(this.doClientAuth);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getWantClientAuth() {
        return this.doClientAuth == ClientAuthType.CLIENT_AUTH_REQUESTED;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setUseClientMode(boolean z) {
        switch (this.connectionState) {
            case 0:
                if (this.roleIsServer != (!z)) {
                    if (this.sslContext.isDefaultProtocolList(this.enabledProtocols)) {
                        this.enabledProtocols = this.sslContext.getDefaultProtocolList(!z);
                    }
                    if (this.sslContext.isDefaultCipherSuiteList(this.enabledCipherSuites)) {
                        this.enabledCipherSuites = this.sslContext.getDefaultCipherSuiteList(!z);
                    }
                }
                this.roleIsServer = !z;
                this.serverModeSet = true;
                return;
            case 1:
                if (!$assertionsDisabled && this.handshaker == null) {
                    throw new AssertionError();
                }
                if (!this.handshaker.activated()) {
                    if (this.roleIsServer != (!z)) {
                        if (this.sslContext.isDefaultProtocolList(this.enabledProtocols)) {
                            this.enabledProtocols = this.sslContext.getDefaultProtocolList(!z);
                        }
                        if (this.sslContext.isDefaultCipherSuiteList(this.enabledCipherSuites)) {
                            this.enabledCipherSuites = this.sslContext.getDefaultCipherSuiteList(!z);
                        }
                    }
                    this.roleIsServer = !z;
                    this.connectionState = 0;
                    initHandshaker();
                    return;
                }
                break;
        }
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(Thread.currentThread().getName() + ", setUseClientMode() invoked in state = " + this.connectionState);
        }
        throw new IllegalArgumentException("Cannot change mode after SSL traffic has started");
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getUseClientMode() {
        return !this.roleIsServer;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return this.sslContext.getSupportedCipherSuiteList().toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = new CipherSuiteList(strArr);
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnabledCipherSuites(this.enabledCipherSuites);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites.toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return this.sslContext.getSuportedProtocolList().toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = new ProtocolList(strArr);
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnabledProtocols(this.enabledProtocols);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledProtocols() {
        return this.enabledProtocols.toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = super.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm(this.identificationProtocol);
        sSLParameters.setAlgorithmConstraints(this.algorithmConstraints);
        sSLParameters.setSNIMatchers(this.sniMatchers);
        sSLParameters.setServerNames(this.serverNames);
        sSLParameters.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
        sSLParameters.setEnableRetransmissions(this.enableRetransmissions);
        sSLParameters.setMaximumPacketSize(this.maximumPacketSize);
        sSLParameters.setApplicationProtocols(this.applicationProtocols);
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setSSLParameters(SSLParameters sSLParameters) {
        super.setSSLParameters(sSLParameters);
        this.identificationProtocol = sSLParameters.getEndpointIdentificationAlgorithm();
        this.algorithmConstraints = sSLParameters.getAlgorithmConstraints();
        this.preferLocalCipherSuites = sSLParameters.getUseCipherSuitesOrder();
        this.enableRetransmissions = sSLParameters.getEnableRetransmissions();
        this.maximumPacketSize = sSLParameters.getMaximumPacketSize();
        if (this.maximumPacketSize != 0) {
            this.outputRecord.changePacketSize(this.maximumPacketSize);
        } else {
            this.maximumPacketSize = this.outputRecord.getMaxPacketSize();
        }
        List<SNIServerName> serverNames = sSLParameters.getServerNames();
        if (serverNames != null) {
            this.serverNames = serverNames;
        }
        Collection<SNIMatcher> sNIMatchers = sSLParameters.getSNIMatchers();
        if (sNIMatchers != null) {
            this.sniMatchers = sNIMatchers;
        }
        this.applicationProtocols = sSLParameters.getApplicationProtocols();
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setIdentificationProtocol(this.identificationProtocol);
        this.handshaker.setAlgorithmConstraints(this.algorithmConstraints);
        this.handshaker.setMaximumPacketSize(this.maximumPacketSize);
        this.handshaker.setApplicationProtocols(this.applicationProtocols);
        if (!this.roleIsServer) {
            this.handshaker.setSNIServerNames(this.serverNames);
        } else {
            this.handshaker.setSNIMatchers(this.sniMatchers);
            this.handshaker.setUseCipherSuitesOrder(this.preferLocalCipherSuites);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String getApplicationProtocol() {
        return this.applicationProtocol;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String getHandshakeApplicationProtocol() {
        if (this.handshaker == null || !this.handshaker.started()) {
            return null;
        }
        return this.handshaker.getHandshakeApplicationProtocol();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setHandshakeApplicationProtocolSelector(BiFunction<SSLEngine, List<String>, String> biFunction) {
        this.applicationProtocolSelector = biFunction;
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setApplicationProtocolSelectorSSLEngine(biFunction);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized BiFunction<SSLEngine, List<String>, String> getHandshakeApplicationProtocolSelector() {
        return this.applicationProtocolSelector;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(80);
        sb.append(Integer.toHexString(hashCode()));
        sb.append("[");
        sb.append("SSLEngine[hostname=");
        String peerHost = getPeerHost();
        sb.append(peerHost == null ? "null" : peerHost);
        sb.append(" port=");
        sb.append(Integer.toString(getPeerPort()));
        sb.append(" role=" + (this.roleIsServer ? "Server" : "Client"));
        sb.append("] ");
        sb.append(getSession().getCipherSuite());
        sb.append("]");
        return sb.toString();
    }

    static {
        $assertionsDisabled = !SSLEngineImpl.class.desiredAssertionStatus();
        debug = Debug.getInstance("ssl");
    }
}
