package org.neo4j.driver.internal.security;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLHandshakeException;
import org.neo4j.driver.internal.messaging.PackStreamMessageFormatV1;
import org.neo4j.driver.internal.net.BoltServerAddress;
import org.neo4j.driver.internal.net.ChunkedOutput;
import org.neo4j.driver.internal.util.BytePrinter;
import org.neo4j.driver.v1.Logger;
import org.neo4j.driver.v1.exceptions.ClientException;
import org.neo4j.driver.v1.exceptions.SecurityException;
import org.neo4j.driver.v1.exceptions.ServiceUnavailableException;

/* loaded from: input_file:org/neo4j/driver/internal/security/TLSSocketChannel.class */
public class TLSSocketChannel implements ByteChannel {
    private final ByteChannel channel;
    private final Logger logger;
    private SSLEngine sslEngine;
    private ByteBuffer cipherOut;
    private ByteBuffer cipherIn;
    private ByteBuffer plainIn;
    private ByteBuffer plainOut;
    private static final ByteBuffer DUMMY_BUFFER = ByteBuffer.allocate(0);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.neo4j.driver.internal.security.TLSSocketChannel$1, reason: invalid class name */
    /* loaded from: input_file:org/neo4j/driver/internal/security/TLSSocketChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public static TLSSocketChannel create(BoltServerAddress boltServerAddress, SecurityPlan securityPlan, ByteChannel byteChannel, Logger logger) throws IOException {
        SSLEngine createSSLEngine = securityPlan.sslContext().createSSLEngine(boltServerAddress.host(), boltServerAddress.port());
        createSSLEngine.setUseClientMode(true);
        return create(byteChannel, logger, createSSLEngine);
    }

    public static TLSSocketChannel create(ByteChannel byteChannel, Logger logger, SSLEngine sSLEngine) throws IOException {
        TLSSocketChannel tLSSocketChannel = new TLSSocketChannel(byteChannel, logger, sSLEngine);
        try {
            tLSSocketChannel.runHandshake();
            return tLSSocketChannel;
        } catch (SSLHandshakeException e) {
            throw new SecurityException("Failed to establish secured connection with the server: " + e.getMessage(), e);
        }
    }

    TLSSocketChannel(ByteChannel byteChannel, Logger logger, SSLEngine sSLEngine) throws IOException {
        this.logger = logger;
        this.channel = byteChannel;
        this.sslEngine = sSLEngine;
        this.plainIn = ByteBuffer.allocate(sSLEngine.getSession().getApplicationBufferSize());
        this.cipherIn = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
        this.plainOut = ByteBuffer.allocate(sSLEngine.getSession().getApplicationBufferSize());
        this.cipherOut = ByteBuffer.allocate(sSLEngine.getSession().getPacketBufferSize());
    }

    private void runHandshake() throws IOException {
        this.logger.debug("~~ [OPENING SECURE CHANNEL]", new Object[0]);
        this.sslEngine.beginHandshake();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                case 1:
                    handshakeStatus = runDelegatedTasks();
                    break;
                case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                    handshakeStatus = unwrap(DUMMY_BUFFER);
                    break;
                case PackStreamMessageFormatV1.NODE_FIELDS /* 3 */:
                    handshakeStatus = wrap(this.plainOut);
                    break;
            }
        }
    }

    private SSLEngineResult.HandshakeStatus runDelegatedTasks() {
        while (true) {
            Runnable delegatedTask = this.sslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return this.sslEngine.getHandshakeStatus();
            }
            delegatedTask.run();
        }
    }

    int channelRead(ByteBuffer byteBuffer) throws IOException {
        int read = this.channel.read(byteBuffer);
        if (read >= 0) {
            return read;
        }
        try {
            this.channel.close();
        } catch (IOException e) {
        }
        throw new ServiceUnavailableException("SSL Connection terminated while receiving data. This can happen due to network instabilities, or due to restarts of the database.");
    }

    int channelWrite(ByteBuffer byteBuffer) throws IOException {
        int write = this.channel.write(byteBuffer);
        if (write >= 0) {
            return write;
        }
        try {
            this.channel.close();
        } catch (IOException e) {
        }
        throw new ServiceUnavailableException("SSL Connection terminated while writing data. This can happen due to network instabilities, or due to restarts of the database.");
    }

    private SSLEngineResult.HandshakeStatus unwrap(ByteBuffer byteBuffer) throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        channelRead(this.cipherIn);
        this.cipherIn.flip();
        do {
            SSLEngineResult unwrap = this.sslEngine.unwrap(this.cipherIn, this.plainIn);
            SSLEngineResult.Status status = unwrap.getStatus();
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[status.ordinal()]) {
                case 1:
                    this.plainIn.flip();
                    bufferCopy(this.plainIn, byteBuffer);
                    this.plainIn.compact();
                    handshakeStatus = runDelegatedTasks();
                    break;
                case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                    this.plainIn.flip();
                    int capacity = this.plainIn.capacity();
                    int applicationBufferSize = this.sslEngine.getSession().getApplicationBufferSize();
                    int remaining = applicationBufferSize + this.plainIn.remaining();
                    if (remaining <= applicationBufferSize * 2) {
                        ByteBuffer allocate = ByteBuffer.allocate(remaining);
                        allocate.put(this.plainIn);
                        this.plainIn = allocate;
                        this.logger.debug("Enlarged application input buffer from %s to %s. This operation should be a rare operation.", Integer.valueOf(capacity), Integer.valueOf(remaining));
                        break;
                    } else {
                        throw new ClientException(String.format("Failed ro enlarge application input buffer from %s to %s, as the maximum buffer size allowed is %s. The content in the buffer is: %s\n", Integer.valueOf(capacity), Integer.valueOf(remaining), Integer.valueOf(applicationBufferSize * 2), BytePrinter.hex(this.plainIn)));
                    }
                case PackStreamMessageFormatV1.NODE_FIELDS /* 3 */:
                    int capacity2 = this.cipherIn.capacity();
                    int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize();
                    if (packetBufferSize > capacity2) {
                        ByteBuffer allocate2 = ByteBuffer.allocate(packetBufferSize);
                        allocate2.put(this.cipherIn);
                        this.cipherIn = allocate2;
                        this.logger.debug("Enlarged network input buffer from %s to %s. This operation should be a rare operation.", Integer.valueOf(capacity2), Integer.valueOf(packetBufferSize));
                    } else {
                        this.cipherIn.compact();
                    }
                    return handshakeStatus;
                case 4:
                    this.sslEngine.closeInbound();
                    break;
                default:
                    throw new ClientException("Got unexpected status " + status + ", " + unwrap);
            }
        } while (this.cipherIn.hasRemaining());
        this.cipherIn.compact();
        return handshakeStatus;
    }

    private SSLEngineResult.HandshakeStatus wrap(ByteBuffer byteBuffer) throws IOException, ClientException {
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        SSLEngineResult.Status status = this.sslEngine.wrap(byteBuffer, this.cipherOut).getStatus();
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[status.ordinal()]) {
            case 1:
                handshakeStatus = runDelegatedTasks();
                this.cipherOut.flip();
                while (this.cipherOut.hasRemaining()) {
                    channelWrite(this.cipherOut);
                }
                this.cipherOut.clear();
                break;
            case ChunkedOutput.CHUNK_HEADER_SIZE /* 2 */:
                int capacity = this.cipherOut.capacity();
                int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize();
                if (packetBufferSize <= capacity) {
                    this.cipherOut.flip();
                    if (channelWrite(this.cipherOut) != 0) {
                        this.cipherOut.compact();
                        this.logger.debug("Network output buffer couldn't be enlarged, flushing data to the channel instead.", new Object[0]);
                        break;
                    } else {
                        throw new ClientException(String.format("Failed to enlarge network buffer from %s to %s. This is either because the new size is however less than the old size, or because the application buffer size %s is so big that the application data still cannot fit into the new network buffer.", Integer.valueOf(capacity), Integer.valueOf(packetBufferSize), Integer.valueOf(byteBuffer.capacity())));
                    }
                } else {
                    this.cipherOut = ByteBuffer.allocate(packetBufferSize);
                    this.logger.debug("Enlarged network output buffer from %s to %s. This operation should be a rare operation.", Integer.valueOf(capacity), Integer.valueOf(packetBufferSize));
                    break;
                }
            default:
                throw new ClientException("Got unexpected status " + status);
        }
        return handshakeStatus;
    }

    private static int bufferCopy(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        int min = Math.min(byteBuffer2.remaining(), byteBuffer.remaining());
        ByteBuffer duplicate = byteBuffer.duplicate();
        duplicate.limit(duplicate.position() + min);
        byteBuffer2.put(duplicate);
        byteBuffer.position(byteBuffer.position() + min);
        return min;
    }

    @Override // java.nio.channels.ReadableByteChannel
    public int read(ByteBuffer byteBuffer) throws IOException {
        int remaining = byteBuffer.remaining();
        this.plainIn.flip();
        if (this.plainIn.hasRemaining()) {
            bufferCopy(this.plainIn, byteBuffer);
            this.plainIn.compact();
        } else {
            this.plainIn.clear();
            unwrap(byteBuffer);
        }
        return remaining - byteBuffer.remaining();
    }

    @Override // java.nio.channels.WritableByteChannel
    public int write(ByteBuffer byteBuffer) throws IOException {
        int remaining = byteBuffer.remaining();
        while (byteBuffer.remaining() > 0) {
            wrap(byteBuffer);
        }
        return remaining;
    }

    @Override // java.nio.channels.Channel
    public boolean isOpen() {
        return this.channel.isOpen();
    }

    @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        try {
            this.plainOut.clear();
            this.sslEngine.closeOutbound();
            while (!this.sslEngine.isOutboundDone()) {
                this.sslEngine.wrap(this.plainOut, this.cipherOut);
                this.cipherOut.flip();
                while (this.cipherOut.hasRemaining()) {
                    channelWrite(this.cipherOut);
                }
                this.cipherOut.clear();
            }
            this.channel.close();
            this.logger.debug("~~ [CLOSED SECURE CHANNEL]", new Object[0]);
        } catch (IOException e) {
            this.logger.warn("TLS socket could not be closed cleanly: '" + e.getMessage() + "'", e);
        }
    }

    public String toString() {
        return "TLSSocketChannel{plainIn: " + this.plainIn + ", cipherIn:" + this.cipherIn + "}";
    }
}
