package io.vproxy.base.util.ringbuffer;

import io.vproxy.base.GlobalInspection;
import io.vproxy.base.processor.httpbin.frame.SettingsFrame;
import io.vproxy.base.selector.SelectorEventLoop;
import io.vproxy.base.util.ByteBufferEx;
import io.vproxy.base.util.LogType;
import io.vproxy.base.util.Logger;
import io.vproxy.base.util.RingBuffer;
import io.vproxy.base.util.Utils;
import io.vproxy.base.util.nio.ByteArrayChannel;
import io.vproxy.base.util.ringbuffer.ssl.SSL;
import io.vproxy.base.util.thread.VProxyThread;
import io.vproxy.dep.tlschannel.impl.impl.TlsExplorer;
import io.vproxy.vfd.IPPort;
import io.vproxy.vfd.NetworkFD;
import io.vproxy.vfd.ReadableByteStream;
import io.vproxy.vmirror.MirrorDataFactory;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Objects;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/vproxy/base/util/ringbuffer/SSLUnwrapRingBuffer.class */
public class SSLUnwrapRingBuffer extends AbstractUnwrapByteBufferRingBuffer implements RingBuffer {
    private SSLEngine engine;
    private final SSL ssl;
    private final Consumer<Runnable> resumer;
    private String sni;
    private final SSLWrapRingBuffer pair;
    private SelectorEventLoop lastLoop;
    private final MirrorDataFactory plainMirrorDataFactory;
    private final MirrorDataFactory encryptedMirrorDataFactory;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLUnwrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, Consumer<Runnable> consumer, SSLWrapRingBuffer sSLWrapRingBuffer, NetworkFD<IPPort> networkFD) {
        this(byteBufferRingBuffer, sSLEngine, consumer, sSLWrapRingBuffer, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getRemoteAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting remote address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        }, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getLocalAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting local address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLUnwrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, Consumer<Runnable> consumer, SSLWrapRingBuffer sSLWrapRingBuffer, IPPort iPPort) {
        this(byteBufferRingBuffer, sSLEngine, consumer, sSLWrapRingBuffer, (Supplier<IPPort>) () -> {
            return iPPort;
        }, (Supplier<IPPort>) IPPort::bindAnyAddress);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLUnwrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSLEngine sSLEngine, Consumer<Runnable> consumer, SSLWrapRingBuffer sSLWrapRingBuffer, Supplier<IPPort> supplier, Supplier<IPPort> supplier2) {
        super(byteBufferRingBuffer);
        this.lastLoop = null;
        this.engine = sSLEngine;
        this.resumer = consumer;
        this.pair = sSLWrapRingBuffer;
        this.ssl = null;
        this.plainMirrorDataFactory = new MirrorDataFactory("ssl", mirrorData -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
        this.encryptedMirrorDataFactory = new MirrorDataFactory("ssl-encrypted", mirrorData2 -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData2.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLUnwrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSL ssl, Consumer<Runnable> consumer, SSLWrapRingBuffer sSLWrapRingBuffer, NetworkFD<IPPort> networkFD) {
        this(byteBufferRingBuffer, ssl, consumer, sSLWrapRingBuffer, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getRemoteAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting remote address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        }, (Supplier<IPPort>) () -> {
            try {
                return (IPPort) networkFD.getLocalAddress();
            } catch (IOException e) {
                Logger.shouldNotHappen("getting local address of " + networkFD + " failed", e);
                return IPPort.bindAnyAddress();
            }
        });
    }

    SSLUnwrapRingBuffer(ByteBufferRingBuffer byteBufferRingBuffer, SSL ssl, Consumer<Runnable> consumer, SSLWrapRingBuffer sSLWrapRingBuffer, Supplier<IPPort> supplier, Supplier<IPPort> supplier2) {
        super(byteBufferRingBuffer);
        this.lastLoop = null;
        this.ssl = ssl;
        this.resumer = consumer;
        this.pair = sSLWrapRingBuffer;
        this.plainMirrorDataFactory = new MirrorDataFactory("ssl", mirrorData -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
        this.encryptedMirrorDataFactory = new MirrorDataFactory("ssl-encrypted", mirrorData2 -> {
            IPPort iPPort = (IPPort) supplier.get();
            mirrorData2.setSrc(iPPort).setDst((IPPort) supplier2.get());
        });
    }

    public String getSni() {
        return this.sni;
    }

    @Override // io.vproxy.base.util.ringbuffer.AbstractUnwrapRingBuffer, io.vproxy.base.util.RingBuffer
    public int storeBytesFrom(ReadableByteStream readableByteStream) throws IOException {
        int i = 0;
        if (this.engine == null) {
            i = 0 + createSSLEngine(readableByteStream);
        }
        return i + super.storeBytesFrom(readableByteStream);
    }

    private int createSSLEngine(ReadableByteStream readableByteStream) throws IOException {
        ByteBuffer allocateByteBuffer = Utils.allocateByteBuffer(SettingsFrame.DEFAULT_MAX_FRAME_SIZe);
        int read = readableByteStream.read(allocateByteBuffer);
        allocateByteBuffer.flip();
        try {
            SNIServerName sNIServerName = (SNIServerName) TlsExplorer.explore(allocateByteBuffer).get(0);
            String str = null;
            if (sNIServerName instanceof SNIHostName) {
                str = ((SNIHostName) sNIServerName).getAsciiName();
            }
            this.sni = str;
            SSLContext choose = this.ssl.sslContextHolder.choose(str);
            if (choose == null) {
                throw new IOException("ssl context not provided");
            }
            this.engine = this.ssl.sslEngineBuilder.build(choose);
            this.pair.engine = this.engine;
            int storeBytesFrom = super.storeBytesFrom(ByteArrayChannel.from(allocateByteBuffer.array(), 0, read, 0));
            if ($assertionsDisabled || read == storeBytesFrom) {
                return read;
            }
            throw new AssertionError();
        } catch (Throwable th) {
            Logger.error(LogType.INVALID_EXTERNAL_DATA, "got exception when decoding CLIENT_HELLO", th);
            throw new IOException(th);
        }
    }

    public SSLEngine getEngine() {
        return this.engine;
    }

    private void doResume(Runnable runnable) {
        if (this.resumer == null && this.lastLoop == null) {
            Logger.fatal(LogType.IMPROPER_USE, "cannot get resumer or event loop to callback from the task");
            return;
        }
        if (this.resumer != null) {
            this.resumer.accept(runnable);
        } else {
            if (!$assertionsDisabled && this.lastLoop == null) {
                throw new AssertionError();
            }
            this.lastLoop.runOnLoop(runnable);
        }
    }

    private void resumeGeneralUnwrap() {
        doResume(this::generalUnwrap);
    }

    private void resumeGeneralWrap() {
        SSLWrapRingBuffer sSLWrapRingBuffer = this.pair;
        Objects.requireNonNull(sSLWrapRingBuffer);
        doResume(sSLWrapRingBuffer::generalWrap);
    }

    private String mirrorMeta(SSLEngineResult sSLEngineResult) {
        return "r.s=" + sSLEngineResult.getStatus() + ";e.hs=" + this.engine.getHandshakeStatus() + ";ib=" + intermediateBufferCap() + "/" + intermediateBufferCount() + ";p=" + getPlainBufferForApp().used() + "/" + getPlainBufferForApp().capacity() + ";seq=" + sSLEngineResult.sequenceNumber() + ";";
    }

    private void mirrorPlain(ByteBuffer byteBuffer, SSLEngineResult sSLEngineResult) {
        if (byteBuffer.position() == 0) {
            return;
        }
        this.plainMirrorDataFactory.build().setMeta(mirrorMeta(sSLEngineResult)).setDataAfter(byteBuffer, 0).mirror();
    }

    private void mirrorEncrypted(ByteBufferEx byteBufferEx, int i, SSLEngineResult sSLEngineResult) {
        if (byteBufferEx.position() <= i) {
            return;
        }
        this.encryptedMirrorDataFactory.build().setMeta(mirrorMeta(sSLEngineResult)).setDataAfter(byteBufferEx, i).mirror();
    }

    @Override // io.vproxy.base.util.ringbuffer.AbstractUnwrapRingBuffer
    protected void handleEncryptedBuffer(ByteBufferEx byteBufferEx, boolean[] zArr, boolean[] zArr2, IOException[] iOExceptionArr) {
        int position = byteBufferEx.position();
        ByteBuffer temporaryBuffer = getTemporaryBuffer(this.engine.getSession().getApplicationBufferSize());
        try {
            SSLEngineResult unwrap = this.engine.unwrap(byteBufferEx.realBuffer(), temporaryBuffer);
            if (this.encryptedMirrorDataFactory.isEnabled()) {
                mirrorEncrypted(byteBufferEx, position, unwrap);
            }
            if (this.plainMirrorDataFactory.isEnabled()) {
                mirrorPlain(temporaryBuffer, unwrap);
            }
            if (!$assertionsDisabled && !Logger.lowLevelDebug("unwrap: " + unwrap)) {
                throw new AssertionError();
            }
            if (unwrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                if (!$assertionsDisabled && !Logger.lowLevelDebug("the unwrapping returned CLOSED")) {
                    throw new AssertionError();
                }
                zArr2[0] = true;
                iOExceptionArr[0] = new IOException(Utils.SSL_ENGINE_CLOSED_MSG);
                return;
            }
            if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                byteBufferEx.position(position);
                Logger.shouldNotHappen("the unwrapping returned BUFFER_OVERFLOW, do retry");
                temporaryBuffer = Utils.allocateByteBuffer(this.engine.getSession().getApplicationBufferSize());
                try {
                    unwrap = this.engine.unwrap(byteBufferEx.realBuffer(), temporaryBuffer);
                    if (this.encryptedMirrorDataFactory.isEnabled()) {
                        mirrorEncrypted(byteBufferEx, position, unwrap);
                    }
                    if (this.plainMirrorDataFactory.isEnabled()) {
                        mirrorPlain(temporaryBuffer, unwrap);
                    }
                    if (!$assertionsDisabled && !Logger.lowLevelDebug("unwrap2: " + unwrap)) {
                        throw new AssertionError();
                    }
                } catch (SSLException e) {
                    Logger.error(LogType.SSL_ERROR, "got error when unwrapping", e);
                    zArr2[0] = true;
                    iOExceptionArr[0] = e;
                    return;
                }
            } else if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                byteBufferEx.position(position);
                if (!$assertionsDisabled && !Logger.lowLevelDebug("got BUFFER_UNDERFLOW when unwrapping, expecting: " + this.engine.getSession().getPacketBufferSize() + ", the buffer has " + (byteBufferEx.limit() - byteBufferEx.position()))) {
                    throw new AssertionError();
                }
                zArr[0] = true;
                return;
            }
            if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                Logger.error(LogType.SSL_ERROR, "still getting BUFFER_OVERFLOW after retry");
                zArr2[0] = true;
                return;
            }
            if (temporaryBuffer.position() != 0) {
                recordIntermediateBuffer(temporaryBuffer.flip());
                discardTemporaryBuffer();
            }
            if (unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                unwrapHandshake(unwrap);
            } else if (!$assertionsDisabled && unwrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new AssertionError();
            }
        } catch (SSLException e2) {
            Logger.error(LogType.SSL_ERROR, "got error when unwrapping", e2);
            zArr2[0] = true;
            iOExceptionArr[0] = e2;
        }
    }

    private void unwrapHandshake(SSLEngineResult sSLEngineResult) {
        if (!$assertionsDisabled && !Logger.lowLevelDebug("unwrapHandshake: " + sSLEngineResult)) {
            throw new AssertionError();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = sSLEngineResult.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("handshake finished")) {
                throw new AssertionError();
            }
            resumeGeneralWrap();
            return;
        }
        if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_TASK) {
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                resumeGeneralWrap();
                return;
            } else {
                if (!$assertionsDisabled && handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    throw new AssertionError();
                }
                return;
            }
        }
        if (!$assertionsDisabled && !Logger.lowLevelDebug("ssl engine returns NEED_TASK")) {
            throw new AssertionError();
        }
        if (this.resumer == null) {
            this.lastLoop = SelectorEventLoop.current();
            if (!$assertionsDisabled && !Logger.lowLevelDebug("resumer not specified, so we use the current event loop: " + this.lastLoop)) {
                throw new AssertionError();
            }
        }
        VProxyThread.create(() -> {
            if (!$assertionsDisabled && !Logger.lowLevelDebug("TASK begins")) {
                throw new AssertionError();
            }
            long currentTimeMillis = System.currentTimeMillis();
            while (true) {
                Runnable delegatedTask = this.engine.getDelegatedTask();
                if (delegatedTask == null) {
                    break;
                } else {
                    delegatedTask.run();
                }
            }
            GlobalInspection.getInstance().sslUnwrapTask(System.currentTimeMillis() - currentTimeMillis);
            if (!$assertionsDisabled && !Logger.lowLevelDebug("ssl engine returns " + this.engine.getHandshakeStatus() + " after task")) {
                throw new AssertionError();
            }
            if (this.engine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                resumeGeneralWrap();
            } else if (this.engine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED) {
                resumeGeneralUnwrap();
            } else {
                resumeGeneralWrap();
                resumeGeneralUnwrap();
            }
        }, "ssl-unwrap-task").start();
    }

    static {
        $assertionsDisabled = !SSLUnwrapRingBuffer.class.desiredAssertionStatus();
    }
}
