package io.vproxy.base.util.ringbuffer;

import io.vproxy.base.util.ByteBufferEx;
import io.vproxy.base.util.LogType;
import io.vproxy.base.util.Logger;
import io.vproxy.base.util.RingBuffer;
import io.vproxy.base.util.Utils;
import io.vproxy.vfd.IPPort;
import io.vproxy.vfd.NetworkFD;
import io.vproxy.vmirror.MirrorDataFactory;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.function.Supplier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/vproxy/base/util/ringbuffer/SSLWrapRingBuffer.class */
public class SSLWrapRingBuffer extends AbstractWrapByteBufferRingBuffer implements RingBuffer {
    SSLEngine engine;
    private final MirrorDataFactory plainMirrorDataFactory;
    private final MirrorDataFactory encryptedMirrorDataFactory;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLWrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, NetworkFD<IPPort> networkFD) {
        this(byteBufferRingBuffer, sSLEngine, () -> {
            try {
                return (IPPort) networkFD.getLocalAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting local address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        }, () -> {
            try {
                return (IPPort) networkFD.getRemoteAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting remote address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLWrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, IPPort iPPort) {
        this(byteBufferRingBuffer, sSLEngine, IPPort::bindAnyAddress, () -> {
            return iPPort;
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLWrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, Supplier<IPPort> supplier, Supplier<IPPort> supplier2) {
        super(byteBufferRingBuffer);
        this.engine = sSLEngine;
        this.plainMirrorDataFactory = new MirrorDataFactory("ssl", mirrorData -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
        this.encryptedMirrorDataFactory = new MirrorDataFactory("ssl-encrypted", mirrorData2 -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData2.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
        init();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLWrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, NetworkFD<IPPort> networkFD) {
        this(byteBufferRingBuffer, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getLocalAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting local address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        }, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getRemoteAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting remote address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        });
    }

    SSLWrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, Supplier<IPPort> supplier, Supplier<IPPort> supplier2) {
        super(byteBufferRingBuffer);
        this.plainMirrorDataFactory = new MirrorDataFactory("ssl", mirrorData -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
        this.encryptedMirrorDataFactory = new MirrorDataFactory("ssl-encrypted", mirrorData2 -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData2.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
    }

    private void init() {
        if (this.engine.getUseClientMode()) {
            generalWrap();
        }
    }

    private String mirrorMeta(SSLEngineResult sSLEngineResult) {
        return "r.s=" + sSLEngineResult.getStatus() + ";e.hs=" + this.engine.getHandshakeStatus() + ";ib=" + intermediateBufferCap() + "/" + intermediateBufferCount() + ";e=" + getEncryptedBufferForOutputUsedSize() + "/" + getEncryptedBufferForOutputCap() + ";seq=" + sSLEngineResult.sequenceNumber() + ";";
    }

    private void mirrorPlain(ByteBufferEx byteBufferEx, int i, SSLEngineResult sSLEngineResult) {
        if (byteBufferEx.position() == i || sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            return;
        }
        this.plainMirrorDataFactory.build().setMeta(mirrorMeta(sSLEngineResult)).setDataAfter(byteBufferEx, i).mirror();
    }

    private void mirrorEncrypted(ByteBuffer byteBuffer, SSLEngineResult sSLEngineResult) {
        if (byteBuffer.position() == 0 || sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            return;
        }
        this.encryptedMirrorDataFactory.build().setMeta(mirrorMeta(sSLEngineResult)).setDataAfter(byteBuffer, 0).mirror();
    }

    @Override // io.vproxy.base.util.ringbuffer.AbstractWrapRingBuffer
    protected void handlePlainBuffer(ByteBufferEx byteBufferEx, boolean[] zArr, IOException[] iOExceptionArr) {
        int position = byteBufferEx.position();
        ByteBuffer temporaryBuffer = getTemporaryBuffer(this.engine.getSession().getPacketBufferSize());
        try {
            SSLEngineResult wrap = this.engine.wrap(byteBufferEx.realBuffer(), temporaryBuffer);
            if (this.plainMirrorDataFactory.isEnabled()) {
                mirrorPlain(byteBufferEx, position, wrap);
            }
            if (this.encryptedMirrorDataFactory.isEnabled()) {
                mirrorEncrypted(temporaryBuffer, wrap);
            }
            if (!$assertionsDisabled && !Logger.lowLevelDebug("wrap: " + wrap)) {
                throw new AssertionError();
            }
            if (wrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                if (!$assertionsDisabled && !Logger.lowLevelDebug("the wrapping returned CLOSED")) {
                    throw new AssertionError();
                }
                zArr[0] = true;
                iOExceptionArr[0] = new IOException(Utils.SSL_ENGINE_CLOSED_MSG);
                return;
            }
            if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                byteBufferEx.position(position);
                if (!$assertionsDisabled && !Logger.lowLevelDebug("buffer overflow, so make a bigger buffer and try again")) {
                    throw new AssertionError();
                }
                temporaryBuffer = Utils.allocateByteBuffer(this.engine.getSession().getPacketBufferSize());
                try {
                    wrap = this.engine.wrap(byteBufferEx.realBuffer(), temporaryBuffer);
                    if (this.plainMirrorDataFactory.isEnabled()) {
                        mirrorPlain(byteBufferEx, position, wrap);
                    }
                    if (this.encryptedMirrorDataFactory.isEnabled()) {
                        mirrorEncrypted(temporaryBuffer, wrap);
                    }
                    if (!$assertionsDisabled && !Logger.lowLevelDebug("wrap2: " + wrap)) {
                        throw new AssertionError();
                    }
                } catch (SSLException e) {
                    Logger.error(LogType.SSL_ERROR, "got error when wrapping", e);
                    zArr[0] = true;
                    iOExceptionArr[0] = e;
                    return;
                }
            } else if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                if (!$assertionsDisabled && !Logger.lowLevelDebug("buffer underflow, waiting for more data")) {
                    throw new AssertionError();
                }
                return;
            }
            if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                Logger.error(LogType.SSL_ERROR, "still getting BUFFER_OVERFLOW after retry");
                zArr[0] = true;
                return;
            }
            if (temporaryBuffer.position() != 0) {
                recordIntermediateBuffer(temporaryBuffer.flip());
                discardTemporaryBuffer();
            }
            if (wrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                wrapHandshake(wrap);
                return;
            }
            this.transferring = true;
            if (!$assertionsDisabled && wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new AssertionError();
            }
        } catch (SSLException e2) {
            Logger.error(LogType.SSL_ERROR, "got error when wrapping", e2);
            zArr[0] = true;
            iOExceptionArr[0] = e2;
        }
    }

    private void wrapHandshake(SSLEngineResult sSLEngineResult) {
        if (!$assertionsDisabled && !Logger.lowLevelDebug("wrapHandshake: " + sSLEngineResult)) {
            throw new AssertionError();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = sSLEngineResult.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("handshake finished")) {
                throw new AssertionError();
            }
        } else if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("ssl engine returns NEED_TASK when wrapping")) {
                throw new AssertionError();
            }
        } else if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP && !$assertionsDisabled && !Logger.lowLevelDebug("get need_unwrap when handshaking, waiting for more data...")) {
            throw new AssertionError();
        }
    }

    static {
        $assertionsDisabled = !SSLWrapRingBuffer.class.desiredAssertionStatus();
    }
}
