package io.undertow.server;

import io.undertow.UndertowMessages;
import io.undertow.server.AbstractServerConnection;
import io.undertow.server.protocol.http.HttpServerConnection;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.X509Certificate;
import org.xnio.ChannelListener;
import org.xnio.Options;
import org.xnio.SslClientAuthMode;
import org.xnio.channels.SslChannel;

/* loaded from: input_file:io/undertow/server/ConnectionSSLSessionInfo.class */
public class ConnectionSSLSessionInfo implements SSLSessionInfo {
    private final SslChannel channel;
    private final HttpServerConnection serverConnection;

    /* loaded from: input_file:io/undertow/server/ConnectionSSLSessionInfo$SslHandshakeWaiter.class */
    private static class SslHandshakeWaiter implements ChannelListener<SslChannel> {
        private volatile boolean done;

        private SslHandshakeWaiter() {
            this.done = false;
        }

        boolean isDone() {
            return this.done;
        }

        public void handleEvent(SslChannel sslChannel) {
            this.done = true;
        }
    }

    public ConnectionSSLSessionInfo(SslChannel sslChannel, HttpServerConnection httpServerConnection) {
        this.channel = sslChannel;
        this.serverConnection = httpServerConnection;
    }

    @Override // io.undertow.server.SSLSessionInfo
    public byte[] getSessionId() {
        return this.channel.getSslSession().getId();
    }

    @Override // io.undertow.server.SSLSessionInfo
    public String getCipherSuite() {
        return this.channel.getSslSession().getCipherSuite();
    }

    @Override // io.undertow.server.SSLSessionInfo
    public Certificate[] getPeerCertificates(boolean z) throws SSLPeerUnverifiedException {
        try {
            return this.channel.getSslSession().getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            if (z) {
                AbstractServerConnection.ConduitState resetChannel = this.serverConnection.resetChannel();
                try {
                    try {
                        if (((SslClientAuthMode) this.channel.getOption(Options.SSL_CLIENT_AUTH_MODE)) == SslClientAuthMode.NOT_REQUESTED) {
                            SslHandshakeWaiter sslHandshakeWaiter = new SslHandshakeWaiter();
                            this.channel.getHandshakeSetter().set(sslHandshakeWaiter);
                            this.channel.setOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUESTED);
                            this.channel.getSslSession().invalidate();
                            this.channel.startHandshake();
                            ByteBuffer wrap = ByteBuffer.wrap(new byte[1]);
                            while (!sslHandshakeWaiter.isDone()) {
                                if (this.serverConnection.getSourceChannel().read(wrap) != 0) {
                                    throw new SSLPeerUnverifiedException("");
                                }
                                if (!sslHandshakeWaiter.isDone()) {
                                    this.serverConnection.getSourceChannel().awaitReadable();
                                }
                            }
                            Certificate[] peerCertificates = this.channel.getSslSession().getPeerCertificates();
                            this.serverConnection.restoreChannel(resetChannel);
                            return peerCertificates;
                        }
                        this.serverConnection.restoreChannel(resetChannel);
                    } catch (Throwable th) {
                        this.serverConnection.restoreChannel(resetChannel);
                        throw th;
                    }
                } catch (IOException e2) {
                    throw e;
                }
            }
            throw e;
        }
    }

    @Override // io.undertow.server.SSLSessionInfo
    public X509Certificate[] getPeerCertificateChain(boolean z) throws SSLPeerUnverifiedException {
        try {
            return this.channel.getSslSession().getPeerCertificateChain();
        } catch (SSLPeerUnverifiedException e) {
            if (z) {
                AbstractServerConnection.ConduitState resetChannel = this.serverConnection.resetChannel();
                try {
                    try {
                        if (((SslClientAuthMode) this.channel.getOption(Options.SSL_CLIENT_AUTH_MODE)) == SslClientAuthMode.NOT_REQUESTED) {
                            SslHandshakeWaiter sslHandshakeWaiter = new SslHandshakeWaiter();
                            this.channel.getHandshakeSetter().set(sslHandshakeWaiter);
                            this.channel.setOption(Options.SSL_CLIENT_AUTH_MODE, SslClientAuthMode.REQUESTED);
                            this.channel.getSslSession().invalidate();
                            this.channel.startHandshake();
                            ByteBuffer wrap = ByteBuffer.wrap(new byte[1]);
                            while (!sslHandshakeWaiter.isDone()) {
                                if (this.serverConnection.getSourceChannel().read(wrap) != 0) {
                                    throw UndertowMessages.MESSAGES.couldNotRenegotiate();
                                }
                                if (!sslHandshakeWaiter.isDone()) {
                                    this.serverConnection.getSourceChannel().awaitReadable();
                                }
                            }
                            X509Certificate[] peerCertificateChain = this.channel.getSslSession().getPeerCertificateChain();
                            this.serverConnection.restoreChannel(resetChannel);
                            return peerCertificateChain;
                        }
                        this.serverConnection.restoreChannel(resetChannel);
                    } catch (Throwable th) {
                        this.serverConnection.restoreChannel(resetChannel);
                        throw th;
                    }
                } catch (IOException e2) {
                    throw e;
                }
            }
            throw e;
        }
    }
}
