package org.aoju.bus.socket.origin.plugins.ssl;

import java.io.FileInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousSocketChannel;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.aoju.bus.logger.Logger;

/* loaded from: input_file:org/aoju/bus/socket/origin/plugins/ssl/SSLService.class */
public class SSLService {
    private SSLContext sslContext;
    private SSLConfig config;
    private Completion handshakeCompletion = new Completion(this);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.aoju.bus.socket.origin.plugins.ssl.SSLService$2, reason: invalid class name */
    /* loaded from: input_file:org/aoju/bus/socket/origin/plugins/ssl/SSLService$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            $SwitchMap$org$aoju$bus$socket$origin$plugins$ssl$ClientAuth = new int[ClientAuth.values().length];
            try {
                $SwitchMap$org$aoju$bus$socket$origin$plugins$ssl$ClientAuth[ClientAuth.OPTIONAL.ordinal()] = 1;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$aoju$bus$socket$origin$plugins$ssl$ClientAuth[ClientAuth.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$aoju$bus$socket$origin$plugins$ssl$ClientAuth[ClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e12) {
            }
        }
    }

    public SSLService(SSLConfig sSLConfig) {
        init(sSLConfig);
    }

    private void init(SSLConfig sSLConfig) {
        TrustManager[] trustManagerArr;
        try {
            this.config = sSLConfig;
            KeyManager[] keyManagerArr = null;
            if (sSLConfig.getKeyFile() != null) {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(sSLConfig.getKeyFile()), sSLConfig.getKeystorePassword().toCharArray());
                keyManagerFactory.init(keyStore, sSLConfig.getKeyPassword().toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            if (sSLConfig.getTrustFile() != null) {
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(new FileInputStream(sSLConfig.getTrustFile()), sSLConfig.getTrustPassword().toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: org.aoju.bus.socket.origin.plugins.ssl.SSLService.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }
                }};
            }
            this.sslContext = SSLContext.getInstance("TLS");
            this.sslContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public Handshake createSSLEngine(AsynchronousSocketChannel asynchronousSocketChannel) {
        try {
            Handshake handshake = new Handshake();
            SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
            SSLSession session = createSSLEngine.getSession();
            createSSLEngine.setUseClientMode(this.config.isClientMode());
            if (!this.config.isClientMode()) {
                switch (this.config.getClientAuth()) {
                    case OPTIONAL:
                        createSSLEngine.setWantClientAuth(true);
                        break;
                    case REQUIRE:
                        createSSLEngine.setNeedClientAuth(true);
                        break;
                    case NONE:
                        break;
                    default:
                        throw new Error("Unknown auth " + this.config.getClientAuth());
                }
            }
            handshake.setSslEngine(createSSLEngine);
            handshake.setAppWriteBuffer(ByteBuffer.allocate(0));
            handshake.setNetWriteBuffer(ByteBuffer.allocate(session.getPacketBufferSize()));
            handshake.getNetWriteBuffer().flip();
            handshake.setAppReadBuffer(ByteBuffer.allocate(1));
            handshake.setNetReadBuffer(ByteBuffer.allocate(1));
            createSSLEngine.beginHandshake();
            handshake.setSocketChannel(asynchronousSocketChannel);
            return handshake;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0049. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x016d. Please report as an issue. */
    public void doHandshake(Handshake handshake) {
        try {
            ByteBuffer netReadBuffer = handshake.getNetReadBuffer();
            ByteBuffer appReadBuffer = handshake.getAppReadBuffer();
            ByteBuffer netWriteBuffer = handshake.getNetWriteBuffer();
            ByteBuffer appWriteBuffer = handshake.getAppWriteBuffer();
            SSLEngine sslEngine = handshake.getSslEngine();
            if (handshake.isEof()) {
                Logger.warn("the ssl handshake is terminated", new Object[0]);
                handshake.setFinished(true);
                return;
            }
            while (!handshake.isFinished()) {
                SSLEngineResult.HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus();
                switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                    case 1:
                        netReadBuffer.flip();
                        if (!netReadBuffer.hasRemaining()) {
                            netReadBuffer.clear();
                            handshake.getSocketChannel().read(netReadBuffer, handshake, this.handshakeCompletion);
                            return;
                        }
                        SSLEngineResult unwrap = sslEngine.unwrap(netReadBuffer, appReadBuffer);
                        netReadBuffer.compact();
                        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                            handshake.setFinished(true);
                            netReadBuffer.clear();
                        }
                        switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                            case 1:
                                break;
                            case 2:
                                appReadBuffer = enlargeApplicationBuffer(sslEngine, appReadBuffer);
                                handshake.setAppReadBuffer(appReadBuffer);
                                break;
                            case 3:
                                ByteBuffer handleBufferUnderflow = handleBufferUnderflow(sslEngine.getSession(), netReadBuffer);
                                handshake.setNetReadBuffer(handleBufferUnderflow);
                                handshake.getSocketChannel().read(handleBufferUnderflow, handshake, this.handshakeCompletion);
                                return;
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + unwrap.getStatus());
                        }
                    case 2:
                        if (netWriteBuffer.hasRemaining()) {
                            Logger.warn("数据未输出完毕...", new Object[0]);
                            handshake.getSocketChannel().write(netWriteBuffer, handshake, this.handshakeCompletion);
                            return;
                        }
                        netWriteBuffer.clear();
                        SSLEngineResult wrap = sslEngine.wrap(appWriteBuffer, netWriteBuffer);
                        switch (AnonymousClass2.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                            case 1:
                                appWriteBuffer.clear();
                                netWriteBuffer.flip();
                                if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                                    handshake.setFinished(true);
                                }
                                handshake.getSocketChannel().write(netWriteBuffer, handshake, this.handshakeCompletion);
                                return;
                            case 2:
                                Logger.warn("NEED_WRAP BUFFER_OVERFLOW", new Object[0]);
                                netWriteBuffer = enlargePacketBuffer(sslEngine.getSession(), netWriteBuffer);
                                if (netWriteBuffer.position() > 0) {
                                    netWriteBuffer.compact();
                                } else {
                                    netWriteBuffer.position(netWriteBuffer.limit());
                                    netWriteBuffer.limit(netWriteBuffer.capacity());
                                }
                                handshake.setNetWriteBuffer(netWriteBuffer);
                            case 3:
                                throw new SSLException("Buffer underflow occured after a wrap. I don't think we should ever get here.");
                            case 4:
                                try {
                                    netWriteBuffer.flip();
                                    netReadBuffer.clear();
                                } catch (Exception e) {
                                    Logger.error("Failed to send server's CLOSE message due to socket channel's failure.", new Object[0]);
                                }
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + wrap.getStatus());
                        }
                    case 3:
                        while (true) {
                            Runnable delegatedTask = sslEngine.getDelegatedTask();
                            if (delegatedTask != null) {
                                delegatedTask.run();
                            }
                        }
                        break;
                    case 4:
                        Logger.info("HandshakeFinished", new Object[0]);
                    case 5:
                        Logger.info("NOT_HANDSHAKING", new Object[0]);
                        System.exit(-1);
                    default:
                        throw new IllegalStateException("Invalid SSL status: " + handshakeStatus);
                }
            }
            Logger.debug("握手完毕", new Object[0]);
            handshake.getHandshakeCallback().callback();
        } catch (Exception e2) {
            try {
                handshake.getSslEngine().closeInbound();
            } catch (SSLException e3) {
                e3.printStackTrace();
            }
            handshake.getSslEngine().closeOutbound();
            try {
                handshake.getSocketChannel().close();
            } catch (IOException e4) {
                e4.printStackTrace();
            }
            Logger.error("", new Object[]{e2});
        }
    }

    protected ByteBuffer enlargePacketBuffer(SSLSession sSLSession, ByteBuffer byteBuffer) {
        return enlargeBuffer(byteBuffer, sSLSession.getPacketBufferSize());
    }

    protected ByteBuffer enlargeApplicationBuffer(SSLEngine sSLEngine, ByteBuffer byteBuffer) {
        return enlargeBuffer(byteBuffer, sSLEngine.getSession().getApplicationBufferSize());
    }

    protected ByteBuffer enlargeBuffer(ByteBuffer byteBuffer, int i) {
        return i > byteBuffer.capacity() ? ByteBuffer.allocate(i) : ByteBuffer.allocate(byteBuffer.capacity() * 2);
    }

    protected ByteBuffer handleBufferUnderflow(SSLSession sSLSession, ByteBuffer byteBuffer) {
        if (sSLSession.getPacketBufferSize() < byteBuffer.limit()) {
            return byteBuffer;
        }
        ByteBuffer enlargePacketBuffer = enlargePacketBuffer(sSLSession, byteBuffer);
        byteBuffer.flip();
        enlargePacketBuffer.put(byteBuffer);
        return enlargePacketBuffer;
    }
}
