package tigase.io;

import java.nio.ByteBuffer;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import tigase.cert.CertCheckResult;
import tigase.cert.CertificateUtil;
import tigase.db.Schema;

/* loaded from: input_file:tigase/io/JcaTLSWrapper.class */
public class JcaTLSWrapper implements TLSWrapper {
    private static final Logger log = Logger.getLogger(JcaTLSWrapper.class.getName());
    private int appBuffSize;
    private String debugId;
    private TLSEventHandler eventHandler;
    private int netBuffSize;
    private SSLEngine tlsEngine;
    private SSLEngineResult tlsEngineResult;

    /* renamed from: tigase.io.JcaTLSWrapper$1, reason: invalid class name */
    /* loaded from: input_file:tigase/io/JcaTLSWrapper$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public JcaTLSWrapper(SSLContext sSLContext, TLSEventHandler tLSEventHandler, String str, int i, boolean z, boolean z2) {
        this(sSLContext, tLSEventHandler, str, i, z, z2, false);
    }

    public JcaTLSWrapper(SSLContext sSLContext, TLSEventHandler tLSEventHandler, String str, int i, boolean z, boolean z2, boolean z3) {
        this(sSLContext, tLSEventHandler, str, i, z, z2, z3, null, null);
    }

    public JcaTLSWrapper(SSLContext sSLContext, TLSEventHandler tLSEventHandler, String str, int i, boolean z, boolean z2, boolean z3, String[] strArr, String[] strArr2) {
        this.appBuffSize = 0;
        this.debugId = null;
        this.eventHandler = null;
        this.netBuffSize = 0;
        this.tlsEngine = null;
        this.tlsEngineResult = null;
        if (!z || str == null) {
            this.tlsEngine = sSLContext.createSSLEngine();
        } else {
            this.tlsEngine = sSLContext.createSSLEngine(str, i);
        }
        this.tlsEngine.setUseClientMode(z);
        if (strArr != null) {
            this.tlsEngine.setEnabledCipherSuites(strArr);
        }
        if (strArr2 != null) {
            this.tlsEngine.setEnabledProtocols(strArr2);
        }
        this.netBuffSize = this.tlsEngine.getSession().getPacketBufferSize();
        this.appBuffSize = Math.min(tLSEventHandler.getSocketInputSize(), this.tlsEngine.getSession().getApplicationBufferSize());
        this.eventHandler = tLSEventHandler;
        if (!z && z2) {
            this.tlsEngine.setWantClientAuth(true);
        }
        if (!z && z3) {
            this.tlsEngine.setNeedClientAuth(true);
        }
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Created " + (z ? "client" : Schema.SERVER_SCHEMA_ID) + " TLSWrapper. Protocols:" + (this.tlsEngine.getEnabledProtocols() == null ? " default" : Arrays.toString(this.tlsEngine.getEnabledProtocols())) + "; Ciphers:" + (this.tlsEngine.getEnabledCipherSuites() == null ? " default" : Arrays.toString(this.tlsEngine.getEnabledCipherSuites())));
        }
    }

    @Override // tigase.io.TLSWrapper
    public int bytesConsumed() {
        return this.tlsEngineResult.bytesConsumed();
    }

    @Override // tigase.io.TLSWrapper
    public void close() throws SSLException {
        this.tlsEngine.closeOutbound();
        this.tlsEngine.getSession().invalidate();
    }

    @Override // tigase.io.TLSWrapper
    public int getAppBuffSize() {
        return this.appBuffSize;
    }

    @Override // tigase.io.TLSWrapper
    public CertCheckResult getCertificateStatus(boolean z, SSLContextContainerIfc sSLContextContainerIfc) {
        try {
            try {
                return CertificateUtil.validateCertificate(this.tlsEngine.getSession().getPeerCertificates(), sSLContextContainerIfc.getTrustStore(), z);
            } catch (Exception e) {
                log.log(Level.WARNING, "Problem validating certificate", (Throwable) e);
                return CertCheckResult.invalid;
            }
        } catch (SSLPeerUnverifiedException e2) {
            return CertCheckResult.none;
        }
    }

    @Override // tigase.io.TLSWrapper
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return this.tlsEngine.getHandshakeStatus();
    }

    @Override // tigase.io.TLSWrapper
    public Certificate[] getLocalCertificates() {
        return this.tlsEngine.getSession().getLocalCertificates();
    }

    @Override // tigase.io.TLSWrapper
    public int getNetBuffSize() {
        return this.netBuffSize;
    }

    @Override // tigase.io.TLSWrapper
    public int getPacketBuffSize() {
        return this.tlsEngine.getSession().getPacketBufferSize();
    }

    @Override // tigase.io.TLSWrapper
    public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
        return this.tlsEngine.getSession().getPeerCertificates();
    }

    @Override // tigase.io.TLSWrapper
    public TLSStatus getStatus() {
        TLSStatus tLSStatus;
        if (this.tlsEngineResult != null && this.tlsEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            tLSStatus = TLSStatus.UNDERFLOW;
        } else if (this.tlsEngineResult == null || this.tlsEngineResult.getStatus() != SSLEngineResult.Status.CLOSED) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.tlsEngine.getHandshakeStatus().ordinal()]) {
                case 1:
                    tLSStatus = TLSStatus.NEED_WRITE;
                    break;
                case 2:
                    tLSStatus = TLSStatus.NEED_READ;
                    break;
                default:
                    tLSStatus = TLSStatus.OK;
                    break;
            }
        } else {
            tLSStatus = TLSStatus.CLOSED;
        }
        return tLSStatus;
    }

    @Override // tigase.io.TLSWrapper
    public byte[] getTlsUniqueBindingData() {
        return null;
    }

    @Override // tigase.io.TLSWrapper
    public boolean isClientMode() {
        return this.tlsEngine.getUseClientMode();
    }

    @Override // tigase.io.TLSWrapper
    public boolean isNeedClientAuth() {
        return this.tlsEngine.getNeedClientAuth();
    }

    @Override // tigase.io.TLSWrapper
    public void setDebugId(String str) {
        this.debugId = str;
    }

    @Override // tigase.io.TLSWrapper
    public ByteBuffer unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        ByteBuffer byteBuffer3 = byteBuffer2;
        byteBuffer3.order(byteBuffer2.order());
        this.tlsEngineResult = this.tlsEngine.unwrap(byteBuffer, byteBuffer3);
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, unwrap() tlsEngineRsult.getStatus() = {1}, tlsEngineRsult.getHandshakeStatus() = {2}", new Object[]{this.debugId, this.tlsEngineResult.getStatus(), this.tlsEngineResult.getHandshakeStatus()});
        }
        if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED && this.eventHandler != null) {
            this.eventHandler.handshakeCompleted(this);
        }
        if (this.tlsEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            byteBuffer3 = resizeApplicationBuffer(byteBuffer, byteBuffer3);
            this.tlsEngineResult = this.tlsEngine.unwrap(byteBuffer, byteBuffer3);
        }
        if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            doTasks();
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "unwrap() doTasks(), handshake: {0}, {1}", new Object[]{this.tlsEngine.getHandshakeStatus(), this.debugId});
            }
        }
        return byteBuffer3;
    }

    @Override // tigase.io.TLSWrapper
    public boolean wantClientAuth() {
        return this.tlsEngine.getWantClientAuth();
    }

    @Override // tigase.io.TLSWrapper
    public void wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
        this.tlsEngineResult = this.tlsEngine.wrap(byteBuffer, byteBuffer2);
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "{0}, tlsEngineRsult.getStatus() = {1}, tlsEngineRsult.getHandshakeStatus() = {2}", new Object[]{this.debugId, this.tlsEngineResult.getStatus(), this.tlsEngineResult.getHandshakeStatus()});
        }
        if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED && this.eventHandler != null) {
            this.eventHandler.handshakeCompleted(this);
        }
        if (this.tlsEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            doTasks();
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "doTasks(): {0}, {1}", new Object[]{this.tlsEngine.getHandshakeStatus(), this.debugId});
            }
        }
    }

    private void doTasks() {
        while (true) {
            Runnable delegatedTask = this.tlsEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            } else {
                delegatedTask.run();
            }
        }
    }

    private ByteBuffer resizeApplicationBuffer(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) {
        int capacity = byteBuffer2.capacity() * 2;
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Resizing tlsInput to {0} bytes, {1}", new Object[]{Integer.valueOf(capacity), this.debugId});
        }
        ByteBuffer allocate = ByteBuffer.allocate(capacity);
        allocate.order(byteBuffer2.order());
        byteBuffer2.flip();
        allocate.put(byteBuffer2);
        return allocate;
    }
}
