package org.webpieces.nio.impl.ssl;

import java.io.InputStream;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webpieces.data.api.BufferPool;
import org.webpieces.nio.api.SSLEngineFactory;
import org.webpieces.nio.api.SSLEngineFactoryWithHost;
import org.webpieces.nio.api.channels.Channel;
import org.webpieces.nio.api.channels.TCPChannel;
import org.webpieces.nio.api.handlers.ConnectionListener;
import org.webpieces.nio.api.handlers.DataListener;
import org.webpieces.ssl.api.AsyncSSLEngine;
import org.webpieces.ssl.api.AsyncSSLFactory;
import org.webpieces.ssl.api.SSLMetrics;
import org.webpieces.ssl.api.SslListener;
import org.webpieces.util.exceptions.NioClosedChannelException;
import org.webpieces.util.exceptions.SneakyThrow;

/* loaded from: input_file:org/webpieces/nio/impl/ssl/SslTCPChannel.class */
public class SslTCPChannel extends SslChannel implements TCPChannel {
    private static final Logger log = LoggerFactory.getLogger(SslTCPChannel.class);
    private AsyncSSLEngine sslEngine;
    private SslTryCatchListener clientDataListener;
    private final TCPChannel realChannel;
    private final SocketDataListener socketDataListener;
    private CompletableFuture<Void> closeFuture;
    private OurSslListener sslListener;
    private SSLEngineFactory sslFactory;
    private BufferPool pool;
    private ClientHelloParser parser;
    private boolean isInPlainTextMode;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/webpieces/nio/impl/ssl/SslTCPChannel$OurSslListener.class */
    public class OurSslListener implements SslListener {
        private ConnectionListener conectionListener;
        private CompletableFuture<Void> sslClientConnectFuture;

        public OurSslListener() {
        }

        public OurSslListener(ConnectionListener connectionListener) {
            if (connectionListener == null) {
                throw new IllegalArgumentException("conectionLsitener is null");
            }
            this.conectionListener = connectionListener;
        }

        public void setSslClientConnectFuture(CompletableFuture<Void> completableFuture) {
            this.sslClientConnectFuture = completableFuture;
        }

        public void encryptedLinkEstablished() {
            if (this.sslClientConnectFuture != null) {
                this.sslClientConnectFuture.complete(null);
                return;
            }
            CompletableFuture<DataListener> connected = this.conectionListener.connected(SslTCPChannel.this, true);
            if (!connected.isDone()) {
                this.conectionListener.failed(SslTCPChannel.this, new IllegalArgumentException("Client did not return a datalistener"));
            }
            try {
                SslTCPChannel.this.clientDataListener = new SslTryCatchListener(connected.get());
            } catch (Exception e) {
                throw SneakyThrow.sneak(e);
            }
        }

        public CompletableFuture<Void> packetEncrypted(ByteBuffer byteBuffer) {
            return SslTCPChannel.this.realChannel.write(byteBuffer);
        }

        public CompletableFuture<Void> sendEncryptedHandshakeData(ByteBuffer byteBuffer) {
            try {
                return SslTCPChannel.this.realChannel.write(byteBuffer);
            } catch (NioClosedChannelException e) {
                SslTCPChannel.log.info("Remote end closed before handshake was finished.  (nothing we can do about that)");
                return CompletableFuture.completedFuture(null);
            }
        }

        public CompletableFuture<Void> packetUnencrypted(ByteBuffer byteBuffer) {
            return SslTCPChannel.this.clientDataListener.incomingData(SslTCPChannel.this, byteBuffer);
        }

        public void closed(boolean z) {
            SslTCPChannel.this.closeFuture.complete(null);
            if (z) {
                return;
            }
            SslTCPChannel.this.clientDataListener.farEndClosed(SslTCPChannel.this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/webpieces/nio/impl/ssl/SslTCPChannel$SocketDataListener.class */
    public class SocketDataListener implements DataListener {
        private SSLMetrics sslMetrics;
        private DataListener plainTextListener;
        private boolean firstPacket = true;

        public SocketDataListener(SSLMetrics sSLMetrics) {
            this.sslMetrics = sSLMetrics;
        }

        public void init(DataListener dataListener) {
            this.plainTextListener = dataListener;
        }

        @Override // org.webpieces.nio.api.handlers.DataListener
        public CompletableFuture<Void> incomingData(Channel channel, ByteBuffer byteBuffer) {
            if (SslTCPChannel.this.isInPlainTextMode && this.firstPacket) {
                if (firstCharacterIsSSL(byteBuffer)) {
                    SslTCPChannel.this.isInPlainTextMode = false;
                }
                this.firstPacket = false;
            }
            if (SslTCPChannel.this.isInPlainTextMode) {
                return feedPlainPacketWithCatch(channel, byteBuffer);
            }
            if (SslTCPChannel.this.sslEngine == null) {
                byteBuffer = setupSSLEngine(channel, byteBuffer);
                if (byteBuffer == null) {
                    return CompletableFuture.completedFuture(null);
                }
            }
            return SslTCPChannel.this.sslEngine.feedEncryptedPacket(byteBuffer);
        }

        private boolean firstCharacterIsSSL(ByteBuffer byteBuffer) {
            int position = byteBuffer.position();
            byte b = byteBuffer.get();
            if (position + 1 != byteBuffer.position()) {
                throw new IllegalArgumentException("Bug, for some reason, consuming a byte did not increase the position marker");
            }
            byteBuffer.position(position);
            int signedByteToUnsignedByteAsInt = signedByteToUnsignedByteAsInt(b);
            return signedByteToUnsignedByteAsInt == 22 || signedByteToUnsignedByteAsInt >= 128;
        }

        public int signedByteToUnsignedByteAsInt(byte b) {
            return b & 255;
        }

        private CompletableFuture<Void> feedPlainPacketWithCatch(Channel channel, ByteBuffer byteBuffer) {
            return this.plainTextListener.incomingData(channel, byteBuffer);
        }

        private ByteBuffer setupSSLEngine(Channel channel, ByteBuffer byteBuffer) {
            try {
                return setupSSLEngineImpl(channel, byteBuffer);
            } catch (SSLException e) {
                throw SneakyThrow.sneak(e);
            }
        }

        private ByteBuffer setupSSLEngineImpl(Channel channel, ByteBuffer byteBuffer) throws SSLException {
            if (!(SslTCPChannel.this.sslFactory instanceof SSLEngineFactoryWithHost)) {
                SSLEngine createSslEngine = SslTCPChannel.this.sslFactory.createSslEngine();
                SslTCPChannel.this.sslEngine = AsyncSSLFactory.create(SslTCPChannel.this.realChannel, createSslEngine, SslTCPChannel.this.pool, SslTCPChannel.this.sslListener, this.sslMetrics);
                return byteBuffer;
            }
            SSLEngineFactoryWithHost sSLEngineFactoryWithHost = (SSLEngineFactoryWithHost) SslTCPChannel.this.sslFactory;
            ParseResult fetchServerNamesIfEntirePacketAvailable = SslTCPChannel.this.parser.fetchServerNamesIfEntirePacketAvailable(byteBuffer);
            List<String> names = fetchServerNamesIfEntirePacketAvailable.getNames();
            if (names.size() == 0) {
                SslTCPChannel.log.error("SNI servernames missing from client.  channel=" + channel.getRemoteAddress());
            } else if (names.size() > 1) {
                SslTCPChannel.log.error("SNI servernames are too many. names=" + names + " channel=" + channel.getRemoteAddress());
            }
            SSLEngine createSslEngine2 = sSLEngineFactoryWithHost.createSslEngine(names.get(0));
            SslTCPChannel.this.sslEngine = AsyncSSLFactory.create(SslTCPChannel.this.realChannel, createSslEngine2, SslTCPChannel.this.pool, SslTCPChannel.this.sslListener, this.sslMetrics);
            return fetchServerNamesIfEntirePacketAvailable.getBuffer();
        }

        @Override // org.webpieces.nio.api.handlers.DataListener
        public void farEndClosed(Channel channel) {
            if (SslTCPChannel.this.clientDataListener != null) {
                SslTCPChannel.this.clientDataListener.farEndClosed(SslTCPChannel.this);
            }
        }

        @Override // org.webpieces.nio.api.handlers.DataListener
        public void failure(Channel channel, ByteBuffer byteBuffer, Exception exc) {
            SslTCPChannel.this.clientDataListener.failure(SslTCPChannel.this, byteBuffer, exc);
        }
    }

    public SslTCPChannel(Function<SslListener, AsyncSSLEngine> function, TCPChannel tCPChannel, SSLMetrics sSLMetrics) {
        super(tCPChannel);
        this.closeFuture = new CompletableFuture<>();
        this.sslListener = new OurSslListener();
        this.socketDataListener = new SocketDataListener(sSLMetrics);
        this.sslEngine = function.apply(this.sslListener);
        this.realChannel = tCPChannel;
        this.isInPlainTextMode = false;
    }

    public SslTCPChannel(BufferPool bufferPool, TCPChannel tCPChannel, ConnectionListener connectionListener, SSLEngineFactory sSLEngineFactory, SSLMetrics sSLMetrics, boolean z) {
        super(tCPChannel);
        this.closeFuture = new CompletableFuture<>();
        this.pool = bufferPool;
        this.isInPlainTextMode = z;
        this.socketDataListener = new SocketDataListener(sSLMetrics);
        this.parser = new ClientHelloParser(bufferPool);
        this.realChannel = tCPChannel;
        this.sslListener = new OurSslListener(connectionListener);
        this.sslFactory = sSLEngineFactory;
    }

    @Override // org.webpieces.nio.api.channels.Channel
    public CompletableFuture<Void> connect(SocketAddress socketAddress, DataListener dataListener) {
        this.clientDataListener = new SslTryCatchListener(dataListener);
        return this.realChannel.connect(socketAddress, this.socketDataListener).thenCompose(r3 -> {
            return beginHandshake();
        });
    }

    public SocketDataListener getSocketDataListener(DataListener dataListener) {
        this.socketDataListener.init(dataListener);
        return this.socketDataListener;
    }

    private CompletableFuture<Void> beginHandshake() {
        CompletableFuture<Void> completableFuture = new CompletableFuture<>();
        this.sslListener.setSslClientConnectFuture(completableFuture);
        return this.sslEngine.beginHandshake().thenCompose(r3 -> {
            return completableFuture;
        });
    }

    @Override // org.webpieces.nio.api.channels.Channel
    public CompletableFuture<Void> write(ByteBuffer byteBuffer) {
        if (byteBuffer.remaining() == 0) {
            throw new IllegalArgumentException("You must pass in bytebuffers that contain data.  b.remaining==0 in this buffer");
        }
        return this.isInPlainTextMode ? this.realChannel.write(byteBuffer) : this.sslEngine.feedPlainPacket(byteBuffer);
    }

    @Override // org.webpieces.nio.api.channels.Channel
    public CompletableFuture<Void> close() {
        if (this.sslEngine == null) {
            return this.realChannel.close();
        }
        this.sslEngine.close();
        actuallyCloseSocket(this, this.realChannel);
        return CompletableFuture.completedFuture(null);
    }

    private Void actuallyCloseSocket(Channel channel, Channel channel2) {
        channel2.close();
        return null;
    }

    public SSLEngine createSslEngine() {
        try {
            InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("selfsigned.jks");
            char[] charArray = "password".toCharArray();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(resourceAsStream, charArray);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, charArray);
            sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            return createSSLEngine;
        } catch (Exception e) {
            throw SneakyThrow.sneak(e);
        }
    }

    @Override // org.webpieces.nio.api.channels.TCPChannel
    public boolean getKeepAlive() {
        return this.realChannel.getKeepAlive();
    }

    @Override // org.webpieces.nio.api.channels.TCPChannel
    public void setKeepAlive(boolean z) {
        this.realChannel.setKeepAlive(z);
    }

    public DataListener getDataListener() {
        return this.socketDataListener;
    }

    @Override // org.webpieces.nio.api.channels.Channel
    public boolean isSslChannel() {
        return !this.isInPlainTextMode;
    }

    @Override // org.webpieces.nio.api.channels.Channel
    public Boolean isServerSide() {
        return this.realChannel.isServerSide();
    }
}
