package org.apache.nifi.remote.io.socket.ssl;

import java.io.Closeable;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.nio.channels.ClosedByInterruptException;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.nifi.remote.exception.TransmissionDisabledException;
import org.apache.nifi.remote.io.socket.BufferStateManager;
import org.apache.nifi.security.util.CertificateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.9.1.jar:org/apache/nifi/remote/io/socket/ssl/SSLSocketChannel.class */
public class SSLSocketChannel implements Closeable {
    public static final int MAX_WRITE_SIZE = 65536;
    private static final Logger logger = LoggerFactory.getLogger(SSLSocketChannel.class);
    private static final long BUFFER_FULL_EMPTY_WAIT_NANOS = TimeUnit.NANOSECONDS.convert(1, TimeUnit.MILLISECONDS);
    private final String hostname;
    private final int port;
    private final SSLEngine engine;
    private final SocketAddress socketAddress;
    private BufferStateManager streamInManager;
    private BufferStateManager streamOutManager;
    private BufferStateManager appDataManager;
    private SocketChannel channel;
    private final byte[] oneByteBuffer;
    private int timeoutMillis;
    private volatile boolean connected;
    private boolean handshaking;
    private boolean closed;
    private volatile boolean interrupted;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.9.1.jar:org/apache/nifi/remote/io/socket/ssl/SSLSocketChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    public SSLSocketChannel(SSLContext sSLContext, String str, int i, InetAddress inetAddress, boolean z) throws IOException {
        this.oneByteBuffer = new byte[1];
        this.timeoutMillis = 30000;
        this.connected = false;
        this.handshaking = false;
        this.closed = false;
        this.interrupted = false;
        this.socketAddress = new InetSocketAddress(str, i);
        this.channel = SocketChannel.open();
        if (inetAddress != null) {
            this.channel.bind((SocketAddress) new InetSocketAddress(inetAddress, 0));
        }
        this.hostname = str;
        this.port = i;
        this.engine = sSLContext.createSSLEngine();
        this.engine.setUseClientMode(z);
        this.engine.setNeedClientAuth(true);
        this.streamInManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.streamOutManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.appDataManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getApplicationBufferSize()));
    }

    public SSLSocketChannel(SSLContext sSLContext, SocketChannel socketChannel, boolean z) throws IOException {
        this.oneByteBuffer = new byte[1];
        this.timeoutMillis = 30000;
        this.connected = false;
        this.handshaking = false;
        this.closed = false;
        this.interrupted = false;
        if (!socketChannel.isConnected()) {
            throw new IllegalArgumentException("Cannot pass an un-connected SocketChannel");
        }
        this.channel = socketChannel;
        this.socketAddress = socketChannel.getRemoteAddress();
        Socket socket = socketChannel.socket();
        this.hostname = socket.getInetAddress().getHostName();
        this.port = socket.getPort();
        this.engine = sSLContext.createSSLEngine();
        this.engine.setUseClientMode(z);
        this.engine.setNeedClientAuth(true);
        this.streamInManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.streamOutManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.appDataManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getApplicationBufferSize()));
    }

    public SSLSocketChannel(SSLEngine sSLEngine, SocketChannel socketChannel) throws IOException {
        this.oneByteBuffer = new byte[1];
        this.timeoutMillis = 30000;
        this.connected = false;
        this.handshaking = false;
        this.closed = false;
        this.interrupted = false;
        if (!socketChannel.isConnected()) {
            throw new IllegalArgumentException("Cannot pass an un-connected SocketChannel");
        }
        this.channel = socketChannel;
        this.socketAddress = socketChannel.getRemoteAddress();
        Socket socket = socketChannel.socket();
        this.hostname = socket.getInetAddress().getHostName();
        this.port = socket.getPort();
        this.engine = sSLEngine;
        this.streamInManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.streamOutManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getPacketBufferSize()));
        this.appDataManager = new BufferStateManager(ByteBuffer.allocate(this.engine.getSession().getApplicationBufferSize()));
    }

    public void setTimeout(int i) {
        this.timeoutMillis = i;
    }

    public int getTimeout() {
        return this.timeoutMillis;
    }

    public void connect() throws IOException {
        try {
            this.channel.configureBlocking(false);
            if (!this.channel.isConnected()) {
                long currentTimeMillis = System.currentTimeMillis();
                if (!this.channel.connect(this.socketAddress)) {
                    while (!this.channel.finishConnect()) {
                        if (this.interrupted) {
                            throw new TransmissionDisabledException();
                        }
                        if (System.currentTimeMillis() > currentTimeMillis + this.timeoutMillis) {
                            throw new SocketTimeoutException("Timed out connecting to " + this.hostname + ":" + this.port);
                        }
                        try {
                            Thread.sleep(50L);
                        } catch (InterruptedException e) {
                        }
                    }
                }
            }
            this.engine.beginHandshake();
            performHandshake();
            logger.debug("{} Successfully completed SSL handshake", this);
            this.streamInManager.clear();
            this.streamOutManager.clear();
            this.appDataManager.clear();
            this.connected = true;
        } catch (Exception e2) {
            logger.error("{} Failed to connect due to {}", this, e2);
            if (logger.isDebugEnabled()) {
                logger.error("", e2);
            }
            closeQuietly(this.channel);
            this.engine.closeInbound();
            this.engine.closeOutbound();
            throw e2;
        }
    }

    public String getDn() throws CertificateException, SSLPeerUnverifiedException {
        Certificate[] peerCertificates = this.engine.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            throw new SSLPeerUnverifiedException("No certificates found");
        }
        X509Certificate convertAbstractX509Certificate = CertificateUtils.convertAbstractX509Certificate(peerCertificates[0]);
        convertAbstractX509Certificate.checkValidity();
        return convertAbstractX509Certificate.getSubjectDN().getName().trim();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x0022. Please report as an issue. */
    private void performHandshake() throws IOException {
        byte[] bArr = new byte[0];
        this.handshaking = true;
        logger.debug("{} Performing Handshake", this);
        while (true) {
            try {
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.engine.getHandshakeStatus().ordinal()]) {
                    case 1:
                        return;
                    case 2:
                        SSLEngineResult wrap = this.engine.wrap(ByteBuffer.wrap(bArr), this.streamOutManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize()));
                        if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
                            this.streamOutManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize());
                        } else {
                            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                                throw new SSLHandshakeException("Could not generate SSL Handshake information: SSLEngineResult: " + wrap.toString());
                            }
                            logger.trace("{} Handshake response after wrapping: {}", this, wrap);
                            ByteBuffer prepareForRead = this.streamOutManager.prepareForRead(1);
                            int remaining = prepareForRead.remaining();
                            writeFully(prepareForRead);
                            logger.trace("{} Sent {} bytes of wrapped data for handshake", this, Integer.valueOf(remaining));
                            this.streamOutManager.clear();
                        }
                    case 3:
                        ByteBuffer prepareForRead2 = this.streamInManager.prepareForRead(0);
                        ByteBuffer prepareForWrite = this.appDataManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize());
                        logger.trace("{} Unwrapping: {} to {}", new Object[]{this, prepareForRead2, prepareForWrite});
                        SSLEngineResult unwrap = this.engine.unwrap(prepareForRead2, prepareForWrite);
                        logger.trace("{} Handshake response after unwrapping: {}", this, unwrap);
                        if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                            int readData = readData(this.streamInManager.prepareForWrite(this.engine.getSession().getPacketBufferSize()));
                            if (readData > 0) {
                                logger.trace("{} Read {} bytes for handshake", this, Integer.valueOf(readData));
                            }
                            if (readData < 0) {
                                throw new SSLHandshakeException("Reached End-of-File marker while performing handshake");
                            }
                        } else {
                            if (unwrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                                throw new IOException("Channel was closed by peer during handshake");
                            }
                            this.streamInManager.compact();
                            this.appDataManager.clear();
                        }
                    case 4:
                        performTasks();
                    case 5:
                        this.handshaking = false;
                        return;
                }
            } finally {
                this.handshaking = false;
            }
        }
    }

    private void performTasks() {
        while (true) {
            Runnable delegatedTask = this.engine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            } else {
                delegatedTask.run();
            }
        }
    }

    private void closeQuietly(Closeable closeable) {
        try {
            closeable.close();
        } catch (Exception e) {
        }
    }

    public void consume() throws IOException {
        int read;
        this.channel.shutdownInput();
        ByteBuffer wrap = ByteBuffer.wrap(new byte[4096]);
        do {
            read = this.channel.read(wrap);
            wrap.flip();
        } while (read > 0);
    }

    private int readData(ByteBuffer byteBuffer) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        while (!this.interrupted) {
            if (byteBuffer.remaining() == 0) {
                return 0;
            }
            int read = this.channel.read(byteBuffer);
            if (read != 0) {
                logger.trace("{} Read {} bytes", this, Integer.valueOf(read));
                return read;
            }
            if (System.currentTimeMillis() > currentTimeMillis + this.timeoutMillis) {
                throw new SocketTimeoutException("Timed out reading from socket connected to " + this.hostname + ":" + this.port);
            }
            try {
                TimeUnit.NANOSECONDS.sleep(1L);
                Math.min(1 * 2, BUFFER_FULL_EMPTY_WAIT_NANOS);
            } catch (InterruptedException e) {
                close();
                Thread.currentThread().interrupt();
                throw new ClosedByInterruptException();
            }
        }
        throw new TransmissionDisabledException();
    }

    private SSLEngineResult.Status encryptAndWriteFully(BufferStateManager bufferStateManager) throws IOException {
        SSLEngineResult sSLEngineResult = null;
        ByteBuffer prepareForRead = bufferStateManager.prepareForRead(0);
        ByteBuffer prepareForWrite = this.streamOutManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize());
        logger.trace("{} Encrypting {} bytes", this, Integer.valueOf(prepareForRead.remaining()));
        while (prepareForRead.remaining() > 0) {
            sSLEngineResult = this.engine.wrap(prepareForRead, prepareForWrite);
            if (sSLEngineResult.getStatus() != SSLEngineResult.Status.OK) {
                return sSLEngineResult.getStatus();
            }
            writeFully(this.streamOutManager.prepareForRead(0));
            this.streamOutManager.clear();
        }
        return sSLEngineResult.getStatus();
    }

    private void writeFully(ByteBuffer byteBuffer) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        int i = 0;
        while (byteBuffer.hasRemaining()) {
            if (this.interrupted) {
                throw new TransmissionDisabledException();
            }
            int write = this.channel.write(byteBuffer);
            i += write;
            long currentTimeMillis2 = System.currentTimeMillis();
            if (write > 0) {
                currentTimeMillis = currentTimeMillis2;
            } else {
                if (currentTimeMillis2 > currentTimeMillis + this.timeoutMillis) {
                    throw new SocketTimeoutException("Timed out writing to socket connected to " + this.hostname + ":" + this.port);
                }
                try {
                    TimeUnit.NANOSECONDS.sleep(1L);
                    Math.min(1 * 2, BUFFER_FULL_EMPTY_WAIT_NANOS);
                } catch (InterruptedException e) {
                    close();
                    Thread.currentThread().interrupt();
                    throw new ClosedByInterruptException();
                }
            }
        }
        logger.trace("{} Wrote {} bytes", this, Integer.valueOf(i));
    }

    public boolean isClosed() {
        int i;
        if (this.closed) {
            return true;
        }
        try {
            i = this.channel.read(this.streamInManager.prepareForWrite(this.engine.getSession().getPacketBufferSize()));
        } catch (IOException e) {
            logger.error("{} Failed to readData due to {}", new Object[]{this, e});
            if (logger.isDebugEnabled()) {
                logger.error("", e);
            }
            i = -1;
        }
        if (i == 0) {
            return false;
        }
        if (i > 0) {
            logger.trace("{} Read {} bytes", this, Integer.valueOf(i));
            try {
                SSLEngineResult unwrap = this.engine.unwrap(this.streamInManager.prepareForRead(1), this.appDataManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize()));
                logger.trace("{} When checking if closed, (handshake={}) Unwrap response: {}", new Object[]{this, Boolean.valueOf(this.handshaking), unwrap});
                if (!unwrap.getStatus().equals(SSLEngineResult.Status.CLOSED)) {
                    this.streamInManager.compact();
                    return false;
                }
                ByteBuffer allocate = ByteBuffer.allocate(8192);
                int read = this.channel.read(allocate);
                while (read > 0) {
                    allocate.clear();
                    read = this.channel.read(allocate);
                }
                this.engine.closeInbound();
            } catch (IOException e2) {
                logger.error("{} Failed to check if closed due to {}. Closing channel.", new Object[]{this, e2});
                if (logger.isDebugEnabled()) {
                    logger.error("", e2);
                }
            }
        }
        closeQuietly(this.channel.socket());
        closeQuietly(this.channel);
        this.closed = true;
        return true;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        logger.debug("{} Closing Connection", this);
        if (this.channel == null || this.closed) {
            return;
        }
        try {
            this.engine.closeOutbound();
            if (this.engine.wrap(ByteBuffer.wrap(new byte[0]), this.streamOutManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize())).getStatus() != SSLEngineResult.Status.CLOSED) {
                throw new IOException("Invalid close state - will not send network data");
            }
            writeFully(this.streamOutManager.prepareForRead(1));
            ByteBuffer allocate = ByteBuffer.allocate(8192);
            try {
                int read = this.channel.read(allocate);
                while (read > 0) {
                    allocate.clear();
                    read = this.channel.read(allocate);
                }
            } catch (Exception e) {
            }
            closeQuietly(this.channel.socket());
            closeQuietly(this.channel);
            this.closed = true;
        } catch (Throwable th) {
            ByteBuffer allocate2 = ByteBuffer.allocate(8192);
            try {
                int read2 = this.channel.read(allocate2);
                while (read2 > 0) {
                    allocate2.clear();
                    read2 = this.channel.read(allocate2);
                }
            } catch (Exception e2) {
            }
            closeQuietly(this.channel.socket());
            closeQuietly(this.channel);
            this.closed = true;
            throw th;
        }
    }

    private int copyFromAppDataBuffer(byte[] bArr, int i, int i2) {
        ByteBuffer prepareForRead = this.appDataManager.prepareForRead(1);
        int remaining = prepareForRead.remaining();
        if (remaining <= 0) {
            return 0;
        }
        int min = Math.min(i2, prepareForRead.remaining());
        prepareForRead.get(bArr, i, min);
        int remaining2 = remaining - prepareForRead.remaining();
        logger.trace("{} Copied {} ({}) bytes from unencrypted application buffer to user space", new Object[]{this, Integer.valueOf(min), Integer.valueOf(remaining2)});
        return remaining2;
    }

    public int available() throws IOException {
        int remaining = this.appDataManager.prepareForRead(1).remaining() + this.streamInManager.prepareForRead(1).remaining();
        if (remaining > 0) {
            return remaining;
        }
        if (!isDataAvailable()) {
            return 0;
        }
        return this.appDataManager.prepareForRead(1).remaining() + this.streamInManager.prepareForRead(1).remaining();
    }

    public boolean isDataAvailable() throws IOException {
        ByteBuffer prepareForRead = this.appDataManager.prepareForRead(1);
        ByteBuffer prepareForRead2 = this.streamInManager.prepareForRead(1);
        if (prepareForRead.remaining() > 0 || prepareForRead2.remaining() > 0) {
            return true;
        }
        return this.channel.read(this.streamInManager.prepareForWrite(this.engine.getSession().getPacketBufferSize())) > 0;
    }

    public int read() throws IOException {
        if (read(this.oneByteBuffer) == -1) {
            return -1;
        }
        return this.oneByteBuffer[0] & 255;
    }

    public int read(byte[] bArr) throws IOException {
        return read(bArr, 0, bArr.length);
    }

    public int read(byte[] bArr, int i, int i2) throws IOException {
        logger.debug("{} Reading up to {} bytes of data", this, Integer.valueOf(i2));
        if (!this.connected) {
            connect();
        }
        int copyFromAppDataBuffer = copyFromAppDataBuffer(bArr, i, i2);
        if (copyFromAppDataBuffer > 0) {
            return copyFromAppDataBuffer;
        }
        this.appDataManager.clear();
        while (true) {
            SSLEngineResult unwrap = this.engine.unwrap(this.streamInManager.prepareForRead(1), this.appDataManager.prepareForWrite(this.engine.getSession().getApplicationBufferSize()));
            logger.trace("{} When reading data, (handshake={}) Unwrap response: {}", new Object[]{this, Boolean.valueOf(this.handshaking), unwrap});
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    throw new SSLHandshakeException("Buffer Overflow, which is not allowed to happen from an unwrap");
                case 2:
                    if (readData(this.streamInManager.prepareForWrite(this.engine.getSession().getPacketBufferSize())) >= 0) {
                        break;
                    } else {
                        return -1;
                    }
                case 3:
                    int copyFromAppDataBuffer2 = copyFromAppDataBuffer(bArr, i, i2);
                    if (copyFromAppDataBuffer2 == 0) {
                        return -1;
                    }
                    this.streamInManager.compact();
                    return copyFromAppDataBuffer2;
                case 4:
                    int copyFromAppDataBuffer3 = copyFromAppDataBuffer(bArr, i, i2);
                    if (copyFromAppDataBuffer3 == 0) {
                        throw new IOException("Failed to decrypt data");
                    }
                    this.streamInManager.compact();
                    return copyFromAppDataBuffer3;
            }
        }
    }

    public void write(int i) throws IOException {
        write(new byte[]{(byte) i}, 0, 1);
    }

    public void write(byte[] bArr) throws IOException {
        write(bArr, 0, bArr.length);
    }

    public void write(byte[] bArr, int i, int i2) throws IOException {
        logger.debug("{} Writing {} bytes of data", this, Integer.valueOf(i2));
        if (!this.connected) {
            connect();
        }
        int i3 = i2 / 65536;
        if (i2 % 65536 > 0) {
            i3++;
        }
        for (int i4 = 0; i4 < i3; i4++) {
            this.streamOutManager.clear();
            int i5 = i + (i4 * 65536);
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[encryptAndWriteFully(new BufferStateManager(ByteBuffer.wrap(bArr, i5, Math.min(i2 - i5, 65536)), BufferStateManager.Direction.READ)).ordinal()]) {
                case 1:
                    this.streamOutManager.ensureSize(this.engine.getSession().getPacketBufferSize());
                    this.appDataManager.ensureSize(this.engine.getSession().getApplicationBufferSize());
                    break;
                case 2:
                    throw new AssertionError("Got Buffer Underflow but should not have...");
                case 3:
                    throw new IOException("Channel is closed");
            }
        }
    }

    public void interrupt() {
        this.interrupted = true;
    }
}
