package org.opends.server.extensions;

import java.net.InetAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLSession;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionSecurityProvider;
import org.opends.server.api.KeyManagerProvider;
import org.opends.server.api.TrustManagerProvider;
import org.opends.server.config.ConfigEntry;
import org.opends.server.config.ConfigException;
import org.opends.server.core.DirectoryException;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.InitializationException;
import org.opends.server.loggers.Debug;
import org.opends.server.messages.ExtensionsMessages;
import org.opends.server.messages.MessageHandler;
import org.opends.server.types.SSLClientAuthPolicy;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/extensions/TLSConnectionSecurityProvider.class */
public class TLSConnectionSecurityProvider extends ConnectionSecurityProvider {
    private static final String CLASS_NAME = "org.opends.server.extensions.TLSConnectionSecurityProvider";
    private static final String SSL_CONTEXT_INSTANCE_NAME = "TLS";
    private ByteBuffer clearInBuffer;
    private ByteBuffer clearOutBuffer;
    private ByteBuffer sslInBuffer;
    private ByteBuffer sslOutBuffer;
    private ClientConnection clientConnection;
    private int clearBufferSize;
    private int sslBufferSize;
    private SocketChannel socketChannel;
    private SSLClientAuthPolicy sslClientAuthPolicy;
    private SSLContext sslContext;
    private SSLEngine sslEngine;
    private String[] enabledCipherSuites;
    private String[] enabledProtocols;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opends.server.extensions.TLSConnectionSecurityProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/opends/server/extensions/TLSConnectionSecurityProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$org$opends$server$types$SSLClientAuthPolicy = new int[SSLClientAuthPolicy.values().length];
            try {
                $SwitchMap$org$opends$server$types$SSLClientAuthPolicy[SSLClientAuthPolicy.REQUIRED.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$opends$server$types$SSLClientAuthPolicy[SSLClientAuthPolicy.DISABLED.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$opends$server$types$SSLClientAuthPolicy[SSLClientAuthPolicy.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    public TLSConnectionSecurityProvider() {
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, new String[0])) {
            throw new AssertionError();
        }
    }

    private TLSConnectionSecurityProvider(ClientConnection clientConnection, SocketChannel socketChannel, TLSConnectionSecurityProvider tLSConnectionSecurityProvider) {
        if (!$assertionsDisabled && !Debug.debugConstructor(CLASS_NAME, String.valueOf(clientConnection))) {
            throw new AssertionError();
        }
        this.clientConnection = clientConnection;
        this.socketChannel = socketChannel;
        Socket socket = socketChannel.socket();
        InetAddress inetAddress = socketChannel.socket().getInetAddress();
        this.sslContext = tLSConnectionSecurityProvider.sslContext;
        this.sslEngine = this.sslContext.createSSLEngine(inetAddress.getHostName(), socket.getPort());
        this.sslEngine.setUseClientMode(false);
        this.enabledProtocols = tLSConnectionSecurityProvider.enabledProtocols;
        if (this.enabledProtocols != null) {
            this.sslEngine.setEnabledProtocols(this.enabledProtocols);
        }
        this.enabledCipherSuites = tLSConnectionSecurityProvider.enabledCipherSuites;
        if (this.enabledCipherSuites != null) {
            this.sslEngine.setEnabledCipherSuites(this.enabledCipherSuites);
        }
        this.sslClientAuthPolicy = tLSConnectionSecurityProvider.sslClientAuthPolicy;
        if (this.sslClientAuthPolicy == null) {
            this.sslClientAuthPolicy = SSLClientAuthPolicy.OPTIONAL;
        }
        switch (this.sslClientAuthPolicy) {
            case REQUIRED:
                this.sslEngine.setWantClientAuth(true);
                this.sslEngine.setNeedClientAuth(true);
                break;
            case DISABLED:
                this.sslEngine.setNeedClientAuth(false);
                this.sslEngine.setWantClientAuth(false);
                break;
            case OPTIONAL:
            default:
                this.sslEngine.setNeedClientAuth(false);
                this.sslEngine.setWantClientAuth(true);
                break;
        }
        SSLSession session = this.sslEngine.getSession();
        this.clearBufferSize = session.getApplicationBufferSize();
        this.clearInBuffer = ByteBuffer.allocate(this.clearBufferSize);
        this.clearOutBuffer = ByteBuffer.allocate(this.clearBufferSize);
        this.sslBufferSize = session.getPacketBufferSize();
        this.sslInBuffer = ByteBuffer.allocate(this.sslBufferSize);
        this.sslOutBuffer = ByteBuffer.allocate(this.sslBufferSize);
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public void initializeConnectionSecurityProvider(ConfigEntry configEntry) throws ConfigException, InitializationException {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "initializeConnectionSecurityProvider", String.valueOf(configEntry))) {
            throw new AssertionError();
        }
        this.clientConnection = null;
        this.socketChannel = null;
        this.clearInBuffer = null;
        this.clearOutBuffer = null;
        this.sslInBuffer = null;
        this.sslOutBuffer = null;
        this.clearBufferSize = -1;
        this.sslBufferSize = -1;
        this.sslEngine = null;
        KeyManagerProvider keyManagerProvider = DirectoryServer.getKeyManagerProvider();
        TrustManagerProvider trustManagerProvider = DirectoryServer.getTrustManagerProvider();
        try {
            this.sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE_NAME);
            this.sslContext.init(keyManagerProvider.getKeyManagers(), trustManagerProvider.getTrustManagers(), null);
            this.enabledProtocols = null;
            this.enabledCipherSuites = null;
            this.sslClientAuthPolicy = SSLClientAuthPolicy.OPTIONAL;
        } catch (Exception e) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "initializeConnectionSecurityProvider", e)) {
                throw new AssertionError();
            }
            throw new InitializationException(ExtensionsMessages.MSGID_TLS_SECURITY_PROVIDER_CANNOT_INITIALIZE, MessageHandler.getMessage(ExtensionsMessages.MSGID_TLS_SECURITY_PROVIDER_CANNOT_INITIALIZE, StaticUtils.stackTraceToSingleLineString(e)), e);
        }
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public void finalizeConnectionSecurityProvider() {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "finalizeConnectionSecurityProvider", new String[0])) {
            throw new AssertionError();
        }
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public String getSecurityMechanismName() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getSecurityMechanismName", new String[0])) {
            return SSL_CONTEXT_INSTANCE_NAME;
        }
        throw new AssertionError();
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public boolean isSecure() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "isSecure", new String[0])) {
            return true;
        }
        throw new AssertionError();
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public ConnectionSecurityProvider newInstance(ClientConnection clientConnection, SocketChannel socketChannel) throws DirectoryException {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "newInstance", String.valueOf(clientConnection), String.valueOf(socketChannel))) {
            return new TLSConnectionSecurityProvider(clientConnection, socketChannel, this);
        }
        throw new AssertionError();
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:14:0x003c. Please report as an issue. */
    @Override // org.opends.server.api.ConnectionSecurityProvider
    public void disconnect(boolean z) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "disconnect", new String[0])) {
            throw new AssertionError();
        }
        if (!z) {
            return;
        }
        try {
            this.sslEngine.closeInbound();
            this.sslEngine.closeOutbound();
            while (true) {
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.sslEngine.getHandshakeStatus().ordinal()]) {
                    case 1:
                    case 2:
                        return;
                    case 3:
                        this.sslEngine.getDelegatedTask().run();
                    case 4:
                        this.clearOutBuffer.clear();
                        this.sslOutBuffer.clear();
                        this.sslEngine.wrap(this.clearOutBuffer, this.sslOutBuffer);
                        this.sslOutBuffer.flip();
                        while (this.sslOutBuffer.hasRemaining()) {
                            this.socketChannel.write(this.sslOutBuffer);
                        }
                    case 5:
                        if (this.sslInBuffer.hasRemaining()) {
                            this.clearInBuffer.clear();
                            this.sslEngine.unwrap(this.sslInBuffer, this.clearInBuffer);
                            this.clearInBuffer.flip();
                        } else {
                            this.sslInBuffer.clear();
                            this.clearInBuffer.clear();
                            if (this.socketChannel.read(this.sslInBuffer) <= 0) {
                                return;
                            }
                            this.sslEngine.unwrap(this.sslInBuffer, this.clearInBuffer);
                            this.clearInBuffer.flip();
                        }
                }
            }
        } catch (Exception e) {
            if (!$assertionsDisabled && !Debug.debugException(CLASS_NAME, "disconnect", e)) {
                throw new AssertionError();
            }
        }
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public int getClearBufferSize() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getClearBufferSize", new String[0])) {
            return this.clearBufferSize;
        }
        throw new AssertionError();
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public int getEncodedBufferSize() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getEncodedBufferSize", new String[0])) {
            return this.sslBufferSize;
        }
        throw new AssertionError();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: RegionMakerVisitor
        jadx.core.utils.exceptions.JadxRuntimeException: Failed to find switch 'out' block (already processed)
        	at jadx.core.dex.visitors.regions.RegionMaker.calcSwitchOut(RegionMaker.java:923)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:797)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processLoop(RegionMaker.java:263)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:135)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:740)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processFallThroughCases(RegionMaker.java:841)
        	at jadx.core.dex.visitors.regions.RegionMaker.processSwitch(RegionMaker.java:800)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:157)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeEndlessLoop(RegionMaker.java:411)
        	at jadx.core.dex.visitors.regions.RegionMaker.processLoop(RegionMaker.java:201)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:135)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:740)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeEndlessLoop(RegionMaker.java:411)
        	at jadx.core.dex.visitors.regions.RegionMaker.processLoop(RegionMaker.java:201)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:135)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMaker.processIf(RegionMaker.java:735)
        	at jadx.core.dex.visitors.regions.RegionMaker.traverse(RegionMaker.java:152)
        	at jadx.core.dex.visitors.regions.RegionMaker.makeRegion(RegionMaker.java:91)
        	at jadx.core.dex.visitors.regions.RegionMakerVisitor.visit(RegionMakerVisitor.java:52)
        */
    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x005c. Please report as an issue. */
    @Override // org.opends.server.api.ConnectionSecurityProvider
    public boolean readData() {
        /*
            Method dump skipped, instructions count: 628
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.extensions.TLSConnectionSecurityProvider.readData():boolean");
    }

    @Override // org.opends.server.api.ConnectionSecurityProvider
    public boolean writeData(ByteBuffer byteBuffer) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "writeData", "java.nio.ByteBuffer")) {
            throw new AssertionError();
        }
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        try {
            if (limit - position <= this.clearBufferSize) {
                boolean writeInternal = writeInternal(byteBuffer);
                byteBuffer.position(position);
                byteBuffer.limit(limit);
                return writeInternal;
            }
            int i = position;
            int i2 = position + this.clearBufferSize;
            while (i < limit) {
                byteBuffer.position(i);
                byteBuffer.limit(i2);
                if (!writeInternal(byteBuffer)) {
                    return false;
                }
                i = i2;
                i2 = Math.min(limit, i + this.clearBufferSize);
            }
            byteBuffer.position(position);
            byteBuffer.limit(limit);
            return true;
        } finally {
            byteBuffer.position(position);
            byteBuffer.limit(limit);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:38:0x0181. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:64:0x0274 A[Catch: IOException -> 0x029e, Exception -> 0x02ca, TryCatch #2 {IOException -> 0x029e, Exception -> 0x02ca, blocks: (B:2:0x0000, B:3:0x000e, B:4:0x0028, B:7:0x0039, B:8:0x0061, B:10:0x006b, B:14:0x007b, B:18:0x0090, B:28:0x00b0, B:25:0x00c6, B:22:0x00d9, B:32:0x00fa, B:34:0x0101, B:35:0x0129, B:37:0x0176, B:38:0x0181, B:39:0x019c, B:40:0x01ad, B:41:0x01d5, B:43:0x01df, B:47:0x01f1, B:50:0x0206, B:59:0x0228, B:56:0x023f, B:54:0x0252, B:62:0x026a, B:64:0x0274, B:68:0x0284, B:73:0x0147, B:76:0x0159), top: B:1:0x0000 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean writeInternal(java.nio.ByteBuffer r10) {
        /*
            Method dump skipped, instructions count: 766
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.opends.server.extensions.TLSConnectionSecurityProvider.writeInternal(java.nio.ByteBuffer):boolean");
    }

    public String[] getEnabledProtocols() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getEnabledProtocols", new String[0])) {
            return this.enabledProtocols;
        }
        throw new AssertionError();
    }

    public void setEnabledProtocols(String[] strArr) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "setEnabledProtocols", String.valueOf(strArr))) {
            throw new AssertionError();
        }
        this.enabledProtocols = strArr;
    }

    public String[] getEnabledCipherSuites() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getEnabledCipherSuites", new String[0])) {
            return this.enabledCipherSuites;
        }
        throw new AssertionError();
    }

    public void setEnabledCipherSuites(String[] strArr) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "setEnabledCipherSuites", String.valueOf(strArr))) {
            throw new AssertionError();
        }
        this.enabledCipherSuites = strArr;
    }

    public SSLClientAuthPolicy getSSLClientAuthPolicy() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getSSLClientAuthPolicy", new String[0])) {
            return this.sslClientAuthPolicy;
        }
        throw new AssertionError();
    }

    public void setSSLClientAuthPolicy(SSLClientAuthPolicy sSLClientAuthPolicy) {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "setSSLClientAuthPolicy", String.valueOf(sSLClientAuthPolicy))) {
            throw new AssertionError();
        }
        this.sslClientAuthPolicy = sSLClientAuthPolicy;
    }

    public SSLSession getSSLSession() {
        if ($assertionsDisabled || Debug.debugEnter(CLASS_NAME, "getSSLSession", new String[0])) {
            return this.sslEngine.getSession();
        }
        throw new AssertionError();
    }

    public Certificate[] getClientCertificateChain() {
        if (!$assertionsDisabled && !Debug.debugEnter(CLASS_NAME, "getClientCertificateChain", new String[0])) {
            throw new AssertionError();
        }
        try {
            return this.sslEngine.getSession().getPeerCertificates();
        } catch (Exception e) {
            if ($assertionsDisabled || Debug.debugException(CLASS_NAME, "getClientCertificateChain", e)) {
                return null;
            }
            throw new AssertionError();
        }
    }

    static {
        $assertionsDisabled = !TLSConnectionSecurityProvider.class.desiredAssertionStatus();
    }
}
