package com.questdb.net;

import com.questdb.ex.JournalNetworkException;
import com.questdb.ex.JournalRuntimeException;
import com.questdb.log.Log;
import com.questdb.log.LogFactory;
import com.questdb.misc.ByteBuffers;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.ByteChannel;
import java.nio.channels.SocketChannel;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:com/questdb/net/SecureSocketChannel.class */
public class SecureSocketChannel implements ByteChannel {
    private static final Log LOG = LogFactory.getLog(SecureSocketChannel.class);
    private final SocketChannel socketChannel;
    private final SSLEngine engine;
    private final ByteBuffer inBuf;
    private final ByteBuffer outBuf;
    private final int sslDataLimit;
    private final boolean client;
    private final ByteBuffer swapBuf;
    private boolean inData = false;
    private SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_WRAP;
    private boolean fillInBuf = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.questdb.net.SecureSocketChannel$1, reason: invalid class name */
    /* loaded from: input_file:com/questdb/net/SecureSocketChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public SecureSocketChannel(SocketChannel socketChannel, SslConfig sslConfig) {
        this.socketChannel = socketChannel;
        this.engine = sslConfig.getSslContext().createSSLEngine();
        this.engine.setEnableSessionCreation(true);
        this.engine.setUseClientMode(sslConfig.isClient());
        this.engine.setNeedClientAuth(sslConfig.isRequireClientAuth());
        this.client = sslConfig.isClient();
        SSLSession session = this.engine.getSession();
        this.sslDataLimit = session.getApplicationBufferSize();
        this.inBuf = ByteBuffer.allocateDirect(session.getPacketBufferSize()).order(ByteOrder.LITTLE_ENDIAN);
        this.outBuf = ByteBuffer.allocateDirect(session.getPacketBufferSize()).order(ByteOrder.LITTLE_ENDIAN);
        this.swapBuf = ByteBuffer.allocateDirect(this.sslDataLimit * 2).order(ByteOrder.LITTLE_ENDIAN);
    }

    @Override // java.nio.channels.Channel
    public boolean isOpen() {
        return this.socketChannel.isOpen();
    }

    @Override // java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.socketChannel.close();
        ByteBuffers.release(this.inBuf);
        ByteBuffers.release(this.outBuf);
        ByteBuffers.release(this.swapBuf);
        if (this.engine.isOutboundDone()) {
            this.engine.closeOutbound();
        }
        while (!this.engine.isInboundDone()) {
            try {
                this.engine.closeInbound();
            } catch (SSLException e) {
            }
        }
    }

    @Override // java.nio.channels.ReadableByteChannel
    public int read(ByteBuffer byteBuffer) throws IOException {
        if (this.handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
            handshake();
        }
        int position = byteBuffer.position();
        while (true) {
            int remaining = byteBuffer.remaining();
            if (remaining == 0) {
                return byteBuffer.position() - position;
            }
            if (this.swapBuf.hasRemaining()) {
                ByteBuffers.copy(this.swapBuf, byteBuffer);
            } else {
                if (this.fillInBuf) {
                    this.inBuf.clear();
                    int read = this.socketChannel.read(this.inBuf);
                    if (read == -1) {
                        throw new IOException("Did not expect -1 from socket channel");
                    }
                    if (read == 0) {
                        throw new IOException("Blocking connection must not return 0");
                    }
                    this.inBuf.flip();
                }
                if (remaining < this.sslDataLimit) {
                    this.swapBuf.clear();
                    this.fillInBuf = unwrap(this.swapBuf);
                    this.swapBuf.flip();
                    ByteBuffers.copy(this.swapBuf, byteBuffer);
                } else {
                    this.fillInBuf = unwrap(byteBuffer);
                }
            }
        }
    }

    @Override // java.nio.channels.WritableByteChannel
    public int write(ByteBuffer byteBuffer) throws IOException {
        if (this.handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
            handshake();
        }
        int remaining = byteBuffer.remaining();
        while (byteBuffer.hasRemaining()) {
            this.outBuf.clear();
            SSLEngineResult wrap = this.engine.wrap(byteBuffer, this.outBuf);
            if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                throw new IOException("Expected OK, got: " + wrap.getStatus());
            }
            this.outBuf.flip();
            try {
                ByteBuffers.copy(this.outBuf, this.socketChannel);
            } catch (JournalNetworkException e) {
                throw new IOException(e);
            }
        }
        return remaining;
    }

    private void closureOnException() throws IOException {
        this.swapBuf.position(0);
        this.swapBuf.limit(0);
        do {
            this.outBuf.clear();
            SSLEngineResult wrap = this.engine.wrap(this.swapBuf, this.outBuf);
            this.outBuf.flip();
            this.socketChannel.write(this.outBuf);
            if (wrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                break;
            }
        } while (!this.engine.isInboundDone());
        this.engine.closeOutbound();
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:20:0x010e. Please report as an issue. */
    private void handshake() throws IOException {
        if (this.handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            return;
        }
        this.engine.beginHandshake();
        while (this.handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.handshakeStatus.ordinal()]) {
                case 1:
                    throw new IOException("Not handshaking");
                case 2:
                    this.outBuf.clear();
                    this.swapBuf.clear();
                    try {
                        this.handshakeStatus = this.engine.wrap(this.swapBuf, this.outBuf).getHandshakeStatus();
                        this.outBuf.flip();
                        this.socketChannel.write(this.outBuf);
                        break;
                    } catch (SSLException e) {
                        LOG.error().$((CharSequence) "Server SSL handshake failed: ").$((CharSequence) e.getMessage()).$();
                        closureOnException();
                        this.socketChannel.close();
                        throw e;
                    }
                case 3:
                    if (!this.inData || !this.inBuf.hasRemaining()) {
                        this.inBuf.clear();
                        this.socketChannel.read(this.inBuf);
                        this.inBuf.flip();
                        this.inData = true;
                    }
                    try {
                        SSLEngineResult unwrap = this.engine.unwrap(this.inBuf, this.swapBuf);
                        this.handshakeStatus = unwrap.getHandshakeStatus();
                        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                            case 1:
                                this.inBuf.compact();
                                this.socketChannel.read(this.inBuf);
                                this.inBuf.flip();
                                break;
                            case 2:
                                throw new IOException("Did not expect OVERFLOW here");
                            case 4:
                                throw new IOException("Did not expect CLOSED");
                        }
                    } catch (SSLException e2) {
                        LOG.error().$((CharSequence) "Client SSL handshake failed: ").$((CharSequence) e2.getMessage()).$();
                        this.handshakeStatus = SSLEngineResult.HandshakeStatus.FINISHED;
                        this.socketChannel.close();
                        throw e2;
                    }
                case 4:
                    while (true) {
                        Runnable delegatedTask = this.engine.getDelegatedTask();
                        if (delegatedTask == null) {
                            this.handshakeStatus = this.engine.getHandshakeStatus();
                            break;
                        } else {
                            delegatedTask.run();
                        }
                    }
                default:
                    throw new JournalRuntimeException("Unknown handshake status: %s", this.handshakeStatus);
            }
        }
        this.inBuf.clear();
        this.swapBuf.position(this.swapBuf.limit());
        LOG.info().$((CharSequence) "Handshake SSL complete: ").$((CharSequence) (this.client ? "CLIENT" : "SERVER")).$();
    }

    private boolean unwrap(ByteBuffer byteBuffer) throws IOException {
        while (this.inBuf.hasRemaining()) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[this.engine.unwrap(this.inBuf, byteBuffer).getStatus().ordinal()]) {
                case 1:
                    this.inBuf.compact();
                    this.socketChannel.read(this.inBuf);
                    this.inBuf.flip();
                    break;
                case 2:
                    return false;
                case 4:
                    throw new IOException("Did not expect CLOSED");
            }
        }
        return true;
    }
}
