package sk.eset.era.g2webconsole.server.modules.connection.layers;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import sk.eset.era.g2webconsole.server.modules.connection.ConnectionSettings;
import sk.eset.era.g2webconsole.server.modules.connection.SslTools;
import sk.eset.era.g2webconsole.server.modules.connection.exceptions.MessageParsingErrorException;
import sk.eset.era.g2webconsole.server.modules.connection.protocollayer.ProtocolLayer;
import sk.eset.era.g2webconsole.server.modules.connection.protocollayer.ProtocolLayerId;
import sk.eset.phoenix.common.logger.Logger;

/* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/connection/layers/SSLLayer.class */
public class SSLLayer extends ProtocolLayer {
    private SSLContext context;
    private SSLEngine sslEngine;
    private final Logger logger;
    private final ConnectionSettings.SSLLayerSettings sslLayerSettings;
    private boolean handshakeFinished;
    private ByteBuffer writeByteBuffer;
    private ByteBuffer readByteBuffer;
    private boolean haveDataToTransmit;
    private boolean haveDataToReceive;
    private volatile boolean processingRequired;
    private volatile boolean processing;
    private final Object processingRequiredSynchronizationObject;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: sk.eset.era.g2webconsole.server.modules.connection.layers.SSLLayer$1, reason: invalid class name */
    /* loaded from: input_file:WEB-INF/lib/commons-0.0.1-SNAPSHOT.jar:sk/eset/era/g2webconsole/server/modules/connection/layers/SSLLayer$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public SSLLayer(Logger logger, ConnectionSettings.SSLLayerSettings sSLLayerSettings) {
        super(true, true);
        this.context = null;
        this.sslEngine = null;
        this.handshakeFinished = false;
        this.writeByteBuffer = null;
        this.readByteBuffer = null;
        this.haveDataToTransmit = false;
        this.haveDataToReceive = false;
        this.processingRequired = false;
        this.processing = false;
        this.processingRequiredSynchronizationObject = new Object();
        this.logger = logger;
        this.sslLayerSettings = sSLLayerSettings;
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public ProtocolLayerId getId() {
        return ProtocolLayerId.ID_SECURITY_LAYER;
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public int getVersion() {
        return 1;
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public boolean isReceiveEnabled() {
        return true;
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public boolean isTransmitEnabled() {
        return true;
    }

    public void initSecureContext() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyManagementException {
        TrustManager[] trustManagers = SslTools.getTrustManagers(this.sslLayerSettings.getServerCertificates(), this.logger);
        this.context = SSLContext.getInstance(this.sslLayerSettings.getContextProtocol());
        this.context.init(null, trustManagers, null);
        this.sslEngine = this.context.createSSLEngine();
        String[] supportedProtocols = this.sslEngine.getSupportedProtocols();
        ArrayList arrayList = new ArrayList();
        for (String str : supportedProtocols) {
            if (str.startsWith("TLSv")) {
                arrayList.add(str);
            }
        }
        this.sslEngine.setEnabledProtocols((String[]) arrayList.toArray(new String[0]));
        this.sslEngine.setUseClientMode(this.sslLayerSettings.getUseClientMode());
        this.writeByteBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getPacketBufferSize());
        this.readByteBuffer = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public void init() throws IOException {
        this.sslEngine.beginHandshake();
        try {
            doAllProcessing();
        } catch (MessageParsingErrorException e) {
            throw new IOException(e);
        }
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.ProtocolLayer, sk.eset.era.g2webconsole.server.modules.connection.protocollayer.IsProtocolLayer
    public void receive(byte[] bArr) throws MessageParsingErrorException {
        if (this.receivingBuffer != null) {
            this.receivingBuffer.put(bArr);
            processReceivedData();
        } else if (!$assertionsDisabled) {
            throw new AssertionError();
        }
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.ProtocolLayer
    protected void processReceivedData() throws MessageParsingErrorException {
        this.haveDataToReceive = true;
        try {
            doAllProcessing();
        } catch (SSLException e) {
            throw new MessageParsingErrorException(e);
        } catch (IOException e2) {
            throw new MessageParsingErrorException(e2);
        }
    }

    @Override // sk.eset.era.g2webconsole.server.modules.connection.protocollayer.ProtocolLayer
    protected void processTransmittedData() throws IOException {
        this.haveDataToTransmit = true;
        try {
            doAllProcessing();
        } catch (MessageParsingErrorException e) {
            throw new IOException(e);
        }
    }

    private void checkHandshakeStatus(SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
            case 1:
                if (!this.handshakeFinished) {
                    SSLSession session = this.sslEngine.getSession();
                    if (session != null) {
                        String protocol = session.getProtocol();
                        this.logger.info("ssl_handshake_finished", protocol);
                        if ("TLSv1".equals(protocol)) {
                            this.logger.error("ssl_handshake_unsafe_protocol", protocol);
                        }
                    } else {
                        this.logger.error("ssl_handshake_no_session", new Object[0]);
                    }
                }
                this.handshakeFinished = true;
                return;
            case 2:
            case 3:
            case 4:
                if (this.handshakeFinished) {
                    throw new SSLHandshakeException("Rehandshake not supported.");
                }
                return;
            case 5:
                return;
            default:
                throw new SSLHandshakeException("Unknown handshake status.");
        }
    }

    private void doAllProcessing() throws IOException, MessageParsingErrorException {
        synchronized (this.processingRequiredSynchronizationObject) {
            this.processingRequired = true;
        }
        while (true) {
            synchronized (this.processingRequiredSynchronizationObject) {
                if (this.processing) {
                    return;
                }
                if (!this.processingRequired) {
                    return;
                }
                this.processingRequired = false;
                this.processing = true;
            }
            boolean doProcessing = doProcessing();
            synchronized (this.processingRequiredSynchronizationObject) {
                this.processing = false;
                if (doProcessing) {
                    this.processingRequired = true;
                }
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0035. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:25:0x00a5 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00a7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private synchronized boolean doProcessing() throws java.io.IOException, sk.eset.era.g2webconsole.server.modules.connection.exceptions.MessageParsingErrorException {
        /*
            Method dump skipped, instructions count: 244
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: sk.eset.era.g2webconsole.server.modules.connection.layers.SSLLayer.doProcessing():boolean");
    }

    private boolean doWrap() throws SSLException, IOException {
        ByteBuffer[] peekAllByteBuffersCopy = this.transmittingBuffer.peekAllByteBuffersCopy();
        this.writeByteBuffer.clear();
        SSLEngineResult wrap = this.sslEngine.wrap(peekAllByteBuffersCopy, this.writeByteBuffer);
        this.transmittingBuffer.remove(wrap.bytesConsumed());
        this.writeByteBuffer.flip();
        if (this.writeByteBuffer.remaining() > 0) {
            byte[] bArr = new byte[this.writeByteBuffer.remaining()];
            this.writeByteBuffer.get(bArr);
            getLowerLayer().transmit(bArr, true);
        }
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
            case 1:
                throw new IOException("SSL Engine writing side closed.");
            case 2:
                int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize();
                if (packetBufferSize <= this.writeByteBuffer.capacity()) {
                    throw new IOException("Unable to reallocate writing buffer.");
                }
                this.writeByteBuffer = ByteBuffer.allocate(packetBufferSize);
                return true;
            case 3:
                this.haveDataToTransmit = false;
                return false;
            default:
                SSLEngineResult.HandshakeStatus handshakeStatus = wrap.getHandshakeStatus();
                checkHandshakeStatus(handshakeStatus);
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                    case 1:
                        return true;
                    case 2:
                    case 3:
                        return false;
                    case 4:
                        return true;
                    case 5:
                        return this.transmittingBuffer.getCount() > 0 && wrap.bytesConsumed() > 0;
                    default:
                        return false;
                }
        }
    }

    private boolean doUnwrap() throws SSLException, IOException, MessageParsingErrorException {
        ByteBuffer peekAllInByteBuffer = this.receivingBuffer.peekAllInByteBuffer();
        if (peekAllInByteBuffer == null) {
            return false;
        }
        this.readByteBuffer.clear();
        SSLEngineResult unwrap = this.sslEngine.unwrap(peekAllInByteBuffer, this.readByteBuffer);
        this.receivingBuffer.remove(unwrap.bytesConsumed());
        this.readByteBuffer.flip();
        if (this.readByteBuffer.remaining() > 0) {
            byte[] bArr = new byte[this.readByteBuffer.remaining()];
            this.readByteBuffer.get(bArr);
            getUpperLayer().receive(bArr);
        }
        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
            case 1:
                throw new IOException("SSL Engine reading side closed.");
            case 2:
                int applicationBufferSize = this.sslEngine.getSession().getApplicationBufferSize();
                if (applicationBufferSize <= this.readByteBuffer.capacity()) {
                    throw new MessageParsingErrorException("Unable to reallocate writing buffer.");
                }
                this.readByteBuffer = ByteBuffer.allocate(applicationBufferSize);
                return true;
            case 3:
                this.haveDataToReceive = false;
                return false;
            default:
                SSLEngineResult.HandshakeStatus handshakeStatus = unwrap.getHandshakeStatus();
                checkHandshakeStatus(handshakeStatus);
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                    case 1:
                        return true;
                    case 2:
                    case 4:
                        return false;
                    case 3:
                        return true;
                    case 5:
                        return this.receivingBuffer.getCount() > 0 && unwrap.bytesConsumed() > 0;
                    default:
                        return false;
                }
        }
    }

    static {
        $assertionsDisabled = !SSLLayer.class.desiredAssertionStatus();
    }
}
