package org.wildfly.openssl;

import io.netty.handler.ssl.ApplicationProtocolNames;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.jboss.as.domain.management.ModelDescriptionConstants;

/* loaded from: input_file:m2repo/org/wildfly/openssl/wildfly-openssl-java/1.0.2.Final/wildfly-openssl-java-1.0.2.Final.jar:org/wildfly/openssl/OpenSSLEngine.class */
public final class OpenSSLEngine extends SSLEngine {
    private static final Logger LOG = Logger.getLogger(OpenSSLEngine.class.getName());
    private static final SSLException ENGINE_CLOSED = new SSLException(Messages.MESSAGES.engineIsClosed());
    private static final SSLException RENEGOTIATION_UNSUPPORTED = new SSLException(Messages.MESSAGES.renegotiationNotSupported());
    private static final SSLException ENCRYPTED_PACKET_OVERSIZED = new SSLException(Messages.MESSAGES.oversidedPacket());
    static final int MAX_PLAINTEXT_LENGTH = 16384;
    private static final int MAX_COMPRESSED_LENGTH = 17408;
    private static final int MAX_CIPHERTEXT_LENGTH = 18432;
    protected static final int VERIFY_DEPTH = 10;
    private static final String[] SUPPORTED_PROTOCOLS;
    private static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final int MAX_ENCRYPTED_PACKET_LENGTH = 18713;
    public static final int DEFAULT_CERTIFICATE_VALIDATION_DEPTH = 100;
    private static final AtomicIntegerFieldUpdater<OpenSSLEngine> DESTROYED_UPDATER;
    static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
    private static final long EMPTY_ADDR;
    private final long sslCtx;
    private long ssl;
    private long networkBIO;
    private int serverSelectedCipher;
    private final OpenSSLContextSPI openSSLContextSPI;
    private int accepted;
    private boolean alpnRegistered;
    private boolean handshakeFinished;
    private boolean receivedShutdown;
    private volatile int destroyed;
    private boolean wantClientAuth;
    private boolean needClientAuth;
    private volatile ClientAuthMode clientAuth;
    private boolean isInboundDone;
    private boolean isOutboundDone;
    private boolean engineClosed;
    private boolean clientMode;
    private String[] applicationProtocols;
    private String[] userSetEnabledCipherSuites;
    private String[] userSetEnabledProtocols;
    private String selectedApplicationProtocol;
    private SSLSession handshakeSession;
    private String host;
    private int port;
    private List<Runnable> tasks;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:m2repo/org/wildfly/openssl/wildfly-openssl-java/1.0.2.Final/wildfly-openssl-java-1.0.2.Final.jar:org/wildfly/openssl/OpenSSLEngine$ClientAuthMode.class */
    public enum ClientAuthMode {
        NONE,
        OPTIONAL,
        REQUIRE
    }

    public OpenSSLSessionContext getSessionContext() {
        return this.clientMode ? this.openSSLContextSPI.engineGetClientSessionContext() : this.openSSLContextSPI.engineGetServerSessionContext();
    }

    public boolean isClientMode() {
        return this.clientMode;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSSLEngine(long j, boolean z, OpenSSLContextSPI openSSLContextSPI) {
        this(j, z, openSSLContextSPI, null, -1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSSLEngine(long j, boolean z, OpenSSLContextSPI openSSLContextSPI, String str, int i) {
        this.ssl = 0L;
        this.networkBIO = 0L;
        this.serverSelectedCipher = -1;
        this.alpnRegistered = false;
        this.wantClientAuth = false;
        this.needClientAuth = false;
        this.clientAuth = ClientAuthMode.NONE;
        this.tasks = new ArrayList();
        if (j == 0) {
            throw new IllegalStateException(Messages.MESSAGES.noSslContext());
        }
        this.sslCtx = j;
        this.clientMode = z;
        this.openSSLContextSPI = openSSLContextSPI;
        this.host = str;
        this.port = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void initSsl() {
        if (this.ssl == 0 && DESTROYED_UPDATER.get(this) == 0) {
            this.ssl = SSL.getInstance().newSSL(this.sslCtx, !this.clientMode);
            this.networkBIO = SSL.getInstance().makeNetworkBIO(this.ssl);
            if (this.clientMode) {
                this.openSSLContextSPI.engineGetClientSessionContext().tryAttachClientSideSession(this.ssl, this.host, this.port);
            }
            Iterator<Runnable> it = this.tasks.iterator();
            while (it.hasNext()) {
                it.next().run();
            }
            this.tasks = null;
        }
    }

    public synchronized void shutdown() {
        if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
            if (this.ssl != 0) {
                SSL.getInstance().shutdownSSL(this.ssl);
                SSL.getInstance().freeSSL(this.ssl);
                SSL.getInstance().freeBIO(this.networkBIO);
            }
            this.networkBIO = 0L;
            this.ssl = 0L;
            this.engineClosed = true;
            this.isOutboundDone = true;
            this.isInboundDone = true;
        }
    }

    private int writePlaintextData(ByteBuffer byteBuffer) {
        int writeToSSL;
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(limit - position, 16384);
        initSsl();
        if (byteBuffer.isDirect()) {
            writeToSSL = SSL.getInstance().writeToSSL(this.ssl, SSL.getInstance().bufferAddress(byteBuffer) + position, min);
            if (writeToSSL > 0) {
                byteBuffer.position(position + writeToSSL);
                return writeToSSL;
            }
        } else {
            ByteBuffer allocateDirect = ByteBuffer.allocateDirect(min);
            try {
                long memoryAddress = memoryAddress(allocateDirect);
                byteBuffer.limit(position + min);
                allocateDirect.put(byteBuffer);
                byteBuffer.limit(limit);
                writeToSSL = SSL.getInstance().writeToSSL(this.ssl, memoryAddress, min);
                if (writeToSSL > 0) {
                    byteBuffer.position(position + writeToSSL);
                    allocateDirect.clear();
                    ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                    return writeToSSL;
                }
                byteBuffer.position(position);
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            } catch (Throwable th) {
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                throw th;
            }
        }
        throw new IllegalStateException(Messages.MESSAGES.sslWriteFailed(writeToSSL));
    }

    private int writeEncryptedData(ByteBuffer byteBuffer) {
        int position = byteBuffer.position();
        int remaining = byteBuffer.remaining();
        if (byteBuffer.isDirect()) {
            int writeToBIO = SSL.getInstance().writeToBIO(this.networkBIO, SSL.getInstance().bufferAddress(byteBuffer) + position, remaining);
            if (writeToBIO < 0) {
                return -1;
            }
            byteBuffer.position(position + writeToBIO);
            return writeToBIO;
        }
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(remaining);
        try {
            long memoryAddress = memoryAddress(allocateDirect);
            allocateDirect.put(byteBuffer);
            int writeToBIO2 = SSL.getInstance().writeToBIO(this.networkBIO, memoryAddress, remaining);
            if (writeToBIO2 >= 0) {
                byteBuffer.position(position + writeToBIO2);
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return writeToBIO2;
            }
            byteBuffer.position(position);
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            return -1;
        } catch (Throwable th) {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            throw th;
        }
    }

    private int readPlaintextData(ByteBuffer byteBuffer) throws SSLException {
        initSsl();
        if (byteBuffer.isDirect()) {
            int position = byteBuffer.position();
            int readFromSSL = SSL.getInstance().readFromSSL(this.ssl, SSL.getInstance().bufferAddress(byteBuffer) + position, byteBuffer.limit() - position);
            if (readFromSSL > 0) {
                byteBuffer.position(position + readFromSSL);
                return readFromSSL;
            }
            long lastErrorNumber = SSL.getInstance().getLastErrorNumber();
            if (lastErrorNumber == 0) {
                return 0;
            }
            String errorString = SSL.getInstance().getErrorString(lastErrorNumber);
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine(Messages.MESSAGES.readFromSSLFailed(lastErrorNumber, readFromSSL, errorString));
            }
            shutdown();
            throw new SSLException(errorString);
        }
        int position2 = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - position2);
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(min);
        try {
            int readFromSSL2 = SSL.getInstance().readFromSSL(this.ssl, memoryAddress(allocateDirect), min);
            if (readFromSSL2 > 0) {
                allocateDirect.limit(readFromSSL2);
                byteBuffer.limit(position2 + readFromSSL2);
                byteBuffer.put(allocateDirect);
                byteBuffer.limit(limit);
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return readFromSSL2;
            }
            long lastErrorNumber2 = SSL.getInstance().getLastErrorNumber();
            if (lastErrorNumber2 == 0) {
                return 0;
            }
            String errorString2 = SSL.getInstance().getErrorString(lastErrorNumber2);
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine(Messages.MESSAGES.readFromSSLFailed(lastErrorNumber2, readFromSSL2, errorString2));
            }
            shutdown();
            throw new SSLException(errorString2);
        } finally {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
        }
    }

    private int readEncryptedData(ByteBuffer byteBuffer, int i) {
        if (byteBuffer.isDirect() && byteBuffer.remaining() >= i) {
            int position = byteBuffer.position();
            int readFromBIO = SSL.getInstance().readFromBIO(this.networkBIO, SSL.getInstance().bufferAddress(byteBuffer) + position, i);
            if (readFromBIO <= 0) {
                return 0;
            }
            byteBuffer.position(position + readFromBIO);
            return readFromBIO;
        }
        ByteBuffer allocateDirect = ByteBuffer.allocateDirect(i);
        try {
            int readFromBIO2 = SSL.getInstance().readFromBIO(this.networkBIO, memoryAddress(allocateDirect), i);
            if (readFromBIO2 <= 0) {
                allocateDirect.clear();
                ByteBufferUtils.cleanDirectBuffer(allocateDirect);
                return 0;
            }
            allocateDirect.limit(readFromBIO2);
            int limit = byteBuffer.limit();
            byteBuffer.limit(byteBuffer.position() + readFromBIO2);
            byteBuffer.put(allocateDirect);
            byteBuffer.limit(limit);
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            return readFromBIO2;
        } catch (Throwable th) {
            allocateDirect.clear();
            ByteBufferUtils.cleanDirectBuffer(allocateDirect);
            throw th;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        if (this.destroyed != 0) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
        }
        if (byteBufferArr == null) {
            throw new IllegalArgumentException(Messages.MESSAGES.bufferIsNull());
        }
        if (byteBuffer == null) {
            throw new IllegalArgumentException(Messages.MESSAGES.bufferIsNull());
        }
        if (i + i2 > byteBufferArr.length) {
            throw new IndexOutOfBoundsException(Messages.MESSAGES.invalidOffset(i, i2, byteBufferArr.length));
        }
        if (byteBuffer.isReadOnly()) {
            throw new ReadOnlyBufferException();
        }
        if (this.accepted == 0) {
            beginHandshakeImplicitly();
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = getHandshakeStatus();
        if ((!this.handshakeFinished || this.engineClosed) && handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            return new SSLEngineResult(getEngineStatus(), SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        }
        int pendingWrittenBytesInBIO = SSL.getInstance().pendingWrittenBytesInBIO(this.networkBIO);
        if (pendingWrittenBytesInBIO > 0) {
            if (byteBuffer.remaining() < pendingWrittenBytesInBIO) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus, 0, 0);
            }
            try {
                int readEncryptedData = 0 + readEncryptedData(byteBuffer, pendingWrittenBytesInBIO);
                if (this.serverSelectedCipher == -1 && !this.clientMode) {
                    ByteBuffer duplicate = byteBuffer.duplicate();
                    duplicate.flip();
                    this.serverSelectedCipher = OpenSSLServerHelloExplorer.getCipherSuite(duplicate);
                    SSL.getInstance().saveServerCipher(this.ssl, this.serverSelectedCipher);
                }
                if (this.isOutboundDone) {
                    shutdown();
                }
                return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), 0, readEncryptedData);
            } catch (Exception e) {
                throw new SSLException(e);
            }
        }
        int i3 = 0;
        int i4 = i + i2;
        for (int i5 = i; i5 < i4; i5++) {
            ByteBuffer byteBuffer2 = byteBufferArr[i5];
            if (byteBuffer2 == null) {
                throw new IllegalArgumentException(Messages.MESSAGES.bufferIsNull());
            }
            while (byteBuffer2.hasRemaining()) {
                try {
                    i3 += writePlaintextData(byteBuffer2);
                    int pendingWrittenBytesInBIO2 = SSL.getInstance().pendingWrittenBytesInBIO(this.networkBIO);
                    if (pendingWrittenBytesInBIO2 > 0) {
                        if (byteBuffer.remaining() < pendingWrittenBytesInBIO2) {
                            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(), i3, 0);
                        }
                        try {
                            int readEncryptedData2 = 0 + readEncryptedData(byteBuffer, pendingWrittenBytesInBIO2);
                            if (this.serverSelectedCipher == -1 && !this.clientMode) {
                                ByteBuffer duplicate2 = byteBuffer.duplicate();
                                duplicate2.flip();
                                this.serverSelectedCipher = OpenSSLServerHelloExplorer.getCipherSuite(duplicate2);
                                SSL.getInstance().saveServerCipher(this.ssl, this.serverSelectedCipher);
                            }
                            return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, readEncryptedData2);
                        } catch (Exception e2) {
                            throw new SSLException(e2);
                        }
                    }
                } catch (Exception e3) {
                    throw new SSLException(e3);
                }
            }
        }
        return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), i3, 0);
    }

    /* JADX WARN: Code restructure failed: missing block: B:101:0x0245, code lost:
    
        continue;
     */
    @Override // javax.net.ssl.SSLEngine
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer r8, java.nio.ByteBuffer[] r9, int r10, int r11) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 681
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wildfly.openssl.OpenSSLEngine.unwrap(java.nio.ByteBuffer, java.nio.ByteBuffer[], int, int):javax.net.ssl.SSLEngineResult");
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (this.isInboundDone) {
            return;
        }
        this.isInboundDone = true;
        this.engineClosed = true;
        shutdown();
        if (this.accepted != 0 && !this.receivedShutdown) {
            throw new SSLException(Messages.MESSAGES.inboundIsClosed());
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.isInboundDone || this.engineClosed;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        if (this.isOutboundDone) {
            return;
        }
        this.isOutboundDone = true;
        this.engineClosed = true;
        if (this.accepted == 0 || this.destroyed != 0) {
            shutdown();
        } else if ((SSL.getInstance().getShutdown(this.ssl) & 1) != 1) {
            SSL.getInstance().shutdownSSL(this.ssl);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        return this.isOutboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return OpenSSLContextSPI.getAvailableCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        if (this.ssl == 0) {
            return this.userSetEnabledCipherSuites != null ? this.userSetEnabledCipherSuites : this.openSSLContextSPI.getCiphers();
        }
        initSsl();
        String[] ciphers = SSL.getInstance().getCiphers(this.ssl);
        if (ciphers == null) {
            return new String[0];
        }
        for (int i = 0; i < ciphers.length; i++) {
            String javaCipherSuite = toJavaCipherSuite(ciphers[i], this.ssl);
            if (javaCipherSuite != null) {
                ciphers[i] = javaCipherSuite;
            }
        }
        return ciphers;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException(Messages.MESSAGES.nullCipherSuites());
        }
        this.userSetEnabledCipherSuites = strArr;
        Runnable runnable = () -> {
            StringBuilder sb = new StringBuilder();
            for (String str : strArr) {
                if (str == null) {
                    break;
                }
                String openSsl = CipherSuiteConverter.toOpenSsl(str);
                if (openSsl != null) {
                    str = openSsl;
                }
                HashSet hashSet = new HashSet();
                HashSet hashSet2 = new HashSet(Arrays.asList(OpenSSLContextSPI.getAvailableCipherSuites()));
                if (!hashSet2.contains(str) && LOG.isLoggable(Level.FINEST)) {
                    hashSet.add(str);
                }
                if (!hashSet.isEmpty() && LOG.isLoggable(Level.FINEST)) {
                    LOG.fine("Unsupported cypher suites " + hashSet + " available " + hashSet2);
                }
                sb.append(str);
                sb.append(':');
            }
            if (sb.length() == 0) {
                throw new IllegalArgumentException(Messages.MESSAGES.emptyCipherSuiteList());
            }
            sb.setLength(sb.length() - 1);
            String sb2 = sb.toString();
            try {
                SSL.getInstance().setCipherSuites(this.ssl, sb2);
            } catch (Exception e) {
                throw new IllegalStateException(Messages.MESSAGES.failedCipherSuite(sb2), e);
            }
        };
        if (this.ssl == 0) {
            this.tasks.add(runnable);
        } else {
            runnable.run();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return (String[]) SUPPORTED_PROTOCOLS.clone();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        if (this.ssl == 0 && this.userSetEnabledProtocols != null) {
            return this.userSetEnabledProtocols;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("SSLv2Hello");
        int options = this.ssl != 0 ? SSL.getInstance().getOptions(this.ssl) : this.openSSLContextSPI.supportedCiphers;
        if ((options & 67108864) == 0) {
            arrayList.add(ModelDescriptionConstants.TLSV1);
        }
        if ((options & 268435456) == 0) {
            arrayList.add(ModelDescriptionConstants.TLSV1_1);
        }
        if ((options & 134217728) == 0) {
            arrayList.add("TLSv1.2");
        }
        if ((options & 16777216) == 0) {
            arrayList.add("SSLv2");
        }
        if ((options & 33554432) == 0) {
            arrayList.add("SSLv3");
        }
        int size = arrayList.size();
        return size == 0 ? new String[0] : (String[]) arrayList.toArray(new String[size]);
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException();
        }
        this.userSetEnabledProtocols = strArr;
        Runnable runnable = () -> {
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            boolean z5 = false;
            for (String str : strArr) {
                if (!SUPPORTED_PROTOCOLS_SET.contains(str)) {
                    throw new IllegalArgumentException(Messages.MESSAGES.unsupportedProtocol(str));
                }
                if (str.equals("SSLv2")) {
                    z = true;
                } else if (str.equals("SSLv3")) {
                    z2 = true;
                } else if (str.equals(ModelDescriptionConstants.TLSV1)) {
                    z3 = true;
                } else if (str.equals(ModelDescriptionConstants.TLSV1_1)) {
                    z4 = true;
                } else if (str.equals("TLSv1.2")) {
                    z5 = true;
                }
            }
            SSL.getInstance().setOptions(this.ssl, 4095);
            if (!z) {
                SSL.getInstance().setOptions(this.ssl, 16777216);
            }
            if (!z2) {
                SSL.getInstance().setOptions(this.ssl, 33554432);
            }
            if (!z3) {
                SSL.getInstance().setOptions(this.ssl, 67108864);
            }
            if (!z4) {
                SSL.getInstance().setOptions(this.ssl, 268435456);
            }
            if (z5) {
                return;
            }
            SSL.getInstance().setOptions(this.ssl, 134217728);
        };
        if (this.ssl == 0) {
            this.tasks.add(runnable);
        } else {
            runnable.run();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        initSsl();
        if (!this.handshakeFinished) {
            return getHandshakeSession();
        }
        SSLSession session = getSessionContext().getSession(SSL.getInstance().getSessionId(getSsl()));
        if (session != null) {
            return session;
        }
        if (this.handshakeSession == null) {
            this.handshakeSession = new OpenSSlSession(!this.clientMode, getSessionContext());
        }
        return this.handshakeSession;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void beginHandshake() throws SSLException {
        if (this.engineClosed || this.destroyed != 0) {
            throw ENGINE_CLOSED;
        }
        if (!this.clientMode) {
            if (this.accepted > 0) {
                renegotiate();
            }
            this.accepted = 2;
            return;
        }
        switch (this.accepted) {
            case 0:
                handshake();
                this.accepted = 2;
                return;
            case 1:
                this.accepted = 2;
                return;
            case 2:
                throw RENEGOTIATION_UNSUPPORTED;
            default:
                throw new Error();
        }
    }

    private void beginHandshakeImplicitly() throws SSLException {
        if (this.engineClosed || this.destroyed != 0) {
            throw ENGINE_CLOSED;
        }
        if (this.accepted == 0) {
            handshake();
            this.accepted = 1;
        }
    }

    private void handshake() throws SSLException {
        initSsl();
        if (!this.alpnRegistered) {
            this.alpnRegistered = true;
            if (!isClientMode()) {
                SSL.getInstance().setServerALPNCallback(this.ssl, new ServerALPNCallback() { // from class: org.wildfly.openssl.OpenSSLEngine.1
                    @Override // org.wildfly.openssl.ServerALPNCallback
                    public String select(String[] strArr) {
                        String version = SSL.getInstance().getVersion(OpenSSLEngine.this.ssl);
                        if (OpenSSLEngine.this.applicationProtocols == null || version == null || !version.equals("TLSv1.2")) {
                            for (String str : strArr) {
                                if (str.equals(ApplicationProtocolNames.HTTP_1_1)) {
                                    return str;
                                }
                            }
                            return null;
                        }
                        for (String str2 : OpenSSLEngine.this.applicationProtocols) {
                            for (String str3 : strArr) {
                                if (str3.equals(str2)) {
                                    OpenSSLEngine.this.selectedApplicationProtocol = str2;
                                    return str2;
                                }
                            }
                        }
                        return null;
                    }
                });
            } else if (this.applicationProtocols != null) {
                SSL.getInstance().setAlpnProtos(this.ssl, this.applicationProtocols);
            }
        }
        if (SSL.getInstance().doHandshake(this.ssl) > 0) {
            handshakeFinished();
            return;
        }
        long lastErrorNumber = SSL.getInstance().getLastErrorNumber();
        if (lastErrorNumber != 0) {
            String errorString = SSL.getInstance().getErrorString(lastErrorNumber);
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("Engine handshake failure " + errorString);
            }
            shutdown();
            throw new SSLException(errorString);
        }
    }

    private void handshakeFinished() {
        this.handshakeFinished = true;
        if (isClientMode() && this.applicationProtocols != null) {
            this.selectedApplicationProtocol = SSL.getInstance().getAlpnSelected(this.ssl);
        }
        if (this.handshakeSession != null || this.clientMode) {
            byte[] sessionId = SSL.getInstance().getSessionId(this.ssl);
            if (this.handshakeSession != null) {
                getSessionContext().mergeHandshakeSession(this.handshakeSession, sessionId);
            }
            if (this.clientMode) {
                this.openSSLContextSPI.engineGetClientSessionContext().storeClientSideSession(this.ssl, this.host, this.port, sessionId);
            }
        }
    }

    private void renegotiate() throws SSLException {
        initSsl();
        this.handshakeFinished = false;
        if (SSL.getInstance().renegotiate(this.ssl) <= 0) {
            long lastErrorNumber = SSL.getInstance().getLastErrorNumber();
            if (lastErrorNumber != 0) {
                String errorString = SSL.getInstance().getErrorString(lastErrorNumber);
                if (LOG.isLoggable(Level.FINE)) {
                    LOG.fine("Renegotiation failure " + errorString);
                }
                shutdown();
                throw new SSLException(errorString);
            }
        }
    }

    private static long memoryAddress(ByteBuffer byteBuffer) {
        return SSL.getInstance().bufferAddress(byteBuffer);
    }

    private SSLEngineResult.Status getEngineStatus() {
        return this.engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        if (this.accepted == 0 || this.destroyed != 0) {
            return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        initSsl();
        if (this.handshakeFinished) {
            return this.engineClosed ? SSL.getInstance().pendingWrittenBytesInBIO(this.networkBIO) != 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }
        if (SSL.getInstance().pendingWrittenBytesInBIO(this.networkBIO) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_WRAP;
        }
        if (SSL.getInstance().isInInit(this.ssl) != 0) {
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
        handshakeFinished();
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String toJavaCipherSuite(String str, long j) {
        if (str == null) {
            return null;
        }
        return CipherSuiteConverter.toJava(str, toJavaCipherSuitePrefix(SSL.getInstance().getVersion(j)));
    }

    private static String toJavaCipherSuitePrefix(String str) {
        switch ((str == null || str.length() == 0) ? (char) 0 : str.charAt(0)) {
            case 'S':
                return "SSL";
            case 'T':
                return "TLS";
            default:
                return "UNKNOWN";
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        if (this.ssl == 0) {
            this.clientMode = z;
        } else if (z != this.clientMode) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.clientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
        setClientAuth(this.needClientAuth ? ClientAuthMode.REQUIRE : this.wantClientAuth ? ClientAuthMode.OPTIONAL : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.clientAuth == ClientAuthMode.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
        setClientAuth(this.needClientAuth ? ClientAuthMode.REQUIRE : this.wantClientAuth ? ClientAuthMode.OPTIONAL : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.clientAuth == ClientAuthMode.OPTIONAL;
    }

    private void setClientAuth(ClientAuthMode clientAuthMode) {
        if (this.clientMode || this.clientAuth == clientAuthMode) {
            return;
        }
        this.clientAuth = clientAuthMode;
        Runnable runnable = () -> {
            if (this.clientMode) {
                return;
            }
            switch (clientAuthMode) {
                case NONE:
                    SSL.getInstance().setSSLVerify(this.ssl, 0, 10);
                    return;
                case REQUIRE:
                    SSL.getInstance().setSSLVerify(this.ssl, 2, 10);
                    return;
                case OPTIONAL:
                    SSL.getInstance().setSSLVerify(this.ssl, 1, 10);
                    return;
                default:
                    return;
            }
        };
        if (this.ssl == 0) {
            this.tasks.add(runnable);
        } else {
            runnable.run();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        if (z) {
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return false;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        shutdown();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        initSsl();
        if (this.handshakeFinished) {
            return null;
        }
        if (this.handshakeSession == null) {
            this.handshakeSession = new OpenSSlSession(!this.clientMode, getSessionContext());
        }
        return this.handshakeSession;
    }

    public String getSelectedApplicationProtocol() {
        return this.selectedApplicationProtocol;
    }

    public String[] getApplicationProtocols() {
        return this.applicationProtocols;
    }

    public void setApplicationProtocols(String... strArr) {
        this.applicationProtocols = strArr;
    }

    public static boolean isAlpnSupported() {
        return SSL.getInstance().isAlpnSupported();
    }

    long getSsl() {
        initSsl();
        return this.ssl;
    }

    boolean isHandshakeFinished() {
        return this.handshakeFinished;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLParameters getSSLParameters() {
        return super.getSSLParameters();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setSSLParameters(SSLParameters sSLParameters) {
        super.setSSLParameters(sSLParameters);
        Runnable runnable = () -> {
            boolean z = false;
            try {
                z = SSL.getInstance().hasOp(4194304);
                if (z && sSLParameters.getUseCipherSuitesOrder()) {
                    SSL.getInstance().setSSLOptions(this.ssl, 4194304);
                }
            } catch (UnsatisfiedLinkError e) {
            }
            if (!z) {
                LOG.fine("The version of SSL in use does not support cipher ordering");
            }
            if (this.clientMode) {
                return;
            }
            SSL.getInstance().setSSLVerify(this.ssl, sSLParameters.getNeedClientAuth() ? 2 : sSLParameters.getWantClientAuth() ? 1 : 0, 100);
        };
        if (this.ssl == 0) {
            this.tasks.add(runnable);
        } else {
            runnable.run();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setHost(String str) {
        this.host = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPort(int i) {
        this.port = i;
    }

    static {
        ENGINE_CLOSED.setStackTrace(new StackTraceElement[0]);
        RENEGOTIATION_UNSUPPORTED.setStackTrace(new StackTraceElement[0]);
        ENCRYPTED_PACKET_OVERSIZED.setStackTrace(new StackTraceElement[0]);
        DESTROYED_UPDATER = AtomicIntegerFieldUpdater.newUpdater(OpenSSLEngine.class, "destroyed");
        SUPPORTED_PROTOCOLS = new String[]{"SSLv2Hello", "SSLv2", "SSLv3", ModelDescriptionConstants.TLSV1, ModelDescriptionConstants.TLSV1_1, "TLSv1.2"};
        SUPPORTED_PROTOCOLS_SET = new HashSet(Arrays.asList(SUPPORTED_PROTOCOLS));
        EMPTY_ADDR = SSL.getInstance().bufferAddress(ByteBuffer.allocate(0));
    }
}
