package io.undertow.server;

import io.undertow.UndertowMessages;
import io.undertow.UndertowOptions;
import io.undertow.connector.PooledByteBuffer;
import io.undertow.server.AbstractServerConnection;
import io.undertow.server.protocol.http.HttpServerConnection;
import java.io.Closeable;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.X509Certificate;
import org.xnio.ChannelListener;
import org.xnio.IoUtils;
import org.xnio.Options;
import org.xnio.SslClientAuthMode;
import org.xnio.channels.Channels;
import org.xnio.channels.SslChannel;
import org.xnio.channels.StreamSourceChannel;

/* loaded from: input_file:BOOT-INF/lib/undertow-core-2.0.30.SP4-redhat-00001.jar:io/undertow/server/ConnectionSSLSessionInfo.class */
public class ConnectionSSLSessionInfo implements SSLSessionInfo {
    private static final SSLPeerUnverifiedException PEER_UNVERIFIED_EXCEPTION = new SSLPeerUnverifiedException("");
    private static final RenegotiationRequiredException RENEGOTIATION_REQUIRED_EXCEPTION = new RenegotiationRequiredException();
    private static final long MAX_RENEGOTIATION_WAIT = 30000;
    private final SslChannel channel;
    private final HttpServerConnection serverConnection;
    private SSLPeerUnverifiedException unverified;
    private RenegotiationRequiredException renegotiationRequiredException;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.0.30.SP4-redhat-00001.jar:io/undertow/server/ConnectionSSLSessionInfo$SslHandshakeWaiter.class */
    public static class SslHandshakeWaiter implements ChannelListener<SslChannel> {
        private volatile boolean done;

        private SslHandshakeWaiter() {
            this.done = false;
        }

        boolean isDone() {
            return this.done;
        }

        @Override // org.xnio.ChannelListener
        public void handleEvent(SslChannel sslChannel) {
            this.done = true;
        }
    }

    public ConnectionSSLSessionInfo(SslChannel sslChannel, HttpServerConnection httpServerConnection) {
        this.channel = sslChannel;
        this.serverConnection = httpServerConnection;
    }

    @Override // io.undertow.server.SSLSessionInfo
    public byte[] getSessionId() {
        return this.channel.getSslSession().getId();
    }

    @Override // io.undertow.server.SSLSessionInfo
    public String getCipherSuite() {
        return this.channel.getSslSession().getCipherSuite();
    }

    @Override // io.undertow.server.SSLSessionInfo
    public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException, RenegotiationRequiredException {
        if (this.unverified != null) {
            throw this.unverified;
        }
        if (this.renegotiationRequiredException != null) {
            throw this.renegotiationRequiredException;
        }
        try {
            return this.channel.getSslSession().getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            if (((SslClientAuthMode) this.channel.getOption(Options.SSL_CLIENT_AUTH_MODE)) == SslClientAuthMode.NOT_REQUESTED) {
                this.renegotiationRequiredException = RENEGOTIATION_REQUIRED_EXCEPTION;
                throw this.renegotiationRequiredException;
            }
            this.unverified = PEER_UNVERIFIED_EXCEPTION;
            throw this.unverified;
        }
    }

    @Override // io.undertow.server.SSLSessionInfo
    public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException, RenegotiationRequiredException {
        if (this.unverified != null) {
            throw this.unverified;
        }
        if (this.renegotiationRequiredException != null) {
            throw this.renegotiationRequiredException;
        }
        try {
            return this.channel.getSslSession().getPeerCertificateChain();
        } catch (SSLPeerUnverifiedException e) {
            if (((SslClientAuthMode) this.channel.getOption(Options.SSL_CLIENT_AUTH_MODE)) == SslClientAuthMode.NOT_REQUESTED) {
                this.renegotiationRequiredException = RENEGOTIATION_REQUIRED_EXCEPTION;
                throw this.renegotiationRequiredException;
            }
            this.unverified = PEER_UNVERIFIED_EXCEPTION;
            throw this.unverified;
        }
    }

    @Override // io.undertow.server.SSLSessionInfo
    public void renegotiate(HttpServerExchange httpServerExchange, SslClientAuthMode sslClientAuthMode) throws IOException {
        this.unverified = null;
        this.renegotiationRequiredException = null;
        if (httpServerExchange.isRequestComplete()) {
            renegotiateNoRequest(httpServerExchange, sslClientAuthMode);
        } else {
            renegotiateBufferRequest(httpServerExchange, sslClientAuthMode);
        }
    }

    @Override // io.undertow.server.SSLSessionInfo
    public SSLSession getSSLSession() {
        return this.channel.getSslSession();
    }

    public void renegotiateBufferRequest(HttpServerExchange httpServerExchange, SslClientAuthMode sslClientAuthMode) throws IOException {
        int i = httpServerExchange.getConnection().getUndertowOptions().get(UndertowOptions.MAX_BUFFERED_REQUEST_SIZE, 16384);
        if (i <= 0) {
            throw new SSLPeerUnverifiedException("");
        }
        boolean z = false;
        StreamSourceChannel existingRequestChannel = Connectors.getExistingRequestChannel(httpServerExchange);
        if (existingRequestChannel == null) {
            existingRequestChannel = httpServerExchange.getRequestChannel();
            z = true;
        }
        PooledByteBuffer allocate = httpServerExchange.getConnection().getByteBufferPool().allocate();
        int remaining = allocate.getBuffer().remaining();
        int i2 = ((i + remaining) - 1) / remaining;
        PooledByteBuffer[] pooledByteBufferArr = new PooledByteBuffer[i2];
        int i3 = 0 + 1;
        pooledByteBufferArr[0] = allocate;
        boolean z2 = false;
        while (true) {
            try {
                ByteBuffer buffer = allocate.getBuffer();
                int readBlocking = Channels.readBlocking(existingRequestChannel, buffer);
                if (buffer.hasRemaining()) {
                    if (readBlocking == -1) {
                        buffer.flip();
                        break;
                    }
                } else {
                    buffer.flip();
                    if (i2 == i3) {
                        z2 = true;
                        break;
                    }
                    allocate = httpServerExchange.getConnection().getByteBufferPool().allocate();
                    int i4 = i3;
                    i3++;
                    pooledByteBufferArr[i4] = allocate;
                }
            } catch (Throwable th) {
                if (1 != 0) {
                    for (PooledByteBuffer pooledByteBuffer : pooledByteBufferArr) {
                        if (pooledByteBuffer != null) {
                            pooledByteBuffer.close();
                        }
                    }
                }
                if (z) {
                    httpServerExchange.requestChannel = null;
                }
                throw th;
            }
        }
        Connectors.ungetRequestBytes(httpServerExchange, pooledByteBufferArr);
        if (z2) {
            throw new SSLPeerUnverifiedException("Cannot renegotiate");
        }
        renegotiateNoRequest(httpServerExchange, sslClientAuthMode);
        if (0 != 0) {
            for (PooledByteBuffer pooledByteBuffer2 : pooledByteBufferArr) {
                if (pooledByteBuffer2 != null) {
                    pooledByteBuffer2.close();
                }
            }
        }
        if (z) {
            httpServerExchange.requestChannel = null;
        }
    }

    public void renegotiateNoRequest(HttpServerExchange httpServerExchange, SslClientAuthMode sslClientAuthMode) throws IOException {
        AbstractServerConnection.ConduitState resetChannel = this.serverConnection.resetChannel();
        try {
            if (((SslClientAuthMode) this.channel.getOption(Options.SSL_CLIENT_AUTH_MODE)) == SslClientAuthMode.NOT_REQUESTED) {
                SslHandshakeWaiter sslHandshakeWaiter = new SslHandshakeWaiter();
                this.channel.getHandshakeSetter().set(sslHandshakeWaiter);
                this.channel.setOption(Options.SSL_CLIENT_AUTH_MODE, sslClientAuthMode);
                this.channel.getSslSession().invalidate();
                this.channel.startHandshake();
                this.serverConnection.getOriginalSinkConduit().flush();
                ByteBuffer wrap = ByteBuffer.wrap(new byte[1]);
                long currentTimeMillis = System.currentTimeMillis() + 30000;
                while (!sslHandshakeWaiter.isDone() && this.serverConnection.isOpen() && System.currentTimeMillis() < currentTimeMillis) {
                    if (this.serverConnection.getSourceChannel().read(wrap) != 0) {
                        throw new SSLPeerUnverifiedException("");
                    }
                    if (!sslHandshakeWaiter.isDone()) {
                        this.serverConnection.getSourceChannel().awaitReadable(currentTimeMillis - System.currentTimeMillis(), TimeUnit.MILLISECONDS);
                    }
                }
                if (!sslHandshakeWaiter.isDone()) {
                    if (this.serverConnection.isOpen()) {
                        IoUtils.safeClose((Closeable) this.serverConnection);
                        throw UndertowMessages.MESSAGES.rengotiationTimedOut();
                    }
                    IoUtils.safeClose((Closeable) this.serverConnection);
                    throw UndertowMessages.MESSAGES.rengotiationFailed();
                }
            }
        } finally {
            if (resetChannel != null) {
                this.serverConnection.restoreChannel(resetChannel);
            }
        }
    }
}
