package tigase.extras.bcstarttls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.SocketChannel;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.TlsServerProtocol;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import tigase.cert.CertCheckResult;
import tigase.cert.CertificateUtil;
import tigase.io.CertificateContainerIfc;
import tigase.io.IOInterface;
import tigase.io.SSLContextContainerIfc;
import tigase.io.TLSEventHandler;
import tigase.io.TLSIOIfc;
import tigase.io.TLSStatus;
import tigase.io.TLSWrapper;
import tigase.stats.StatisticsList;

/* loaded from: input_file:tigase/extras/bcstarttls/BcTLSIO.class */
public class BcTLSIO implements IOInterface, TLSIOIfc {
    public static final String TLS_CAPS = "tls-caps";
    private static final Logger log = Logger.getLogger(BcTLSIO.class.getName());
    private final TrustManager[] clientTrustManagers;
    private final boolean needClientAuth;
    private final DefaultTls13Server server;
    private final TlsServerProtocol serverProtocol;
    private final boolean wantClientAuth;
    private IOInterface io;
    private Certificate peerCertificate;
    private byte[] tlsExporter;
    private ByteBuffer tlsInput;
    private byte[] tlsUnique;
    private int bytesRead = 0;
    private boolean handshakeCompleted = false;
    private final TLSWrapper fakeWrapper = new TLSWrapper() { // from class: tigase.extras.bcstarttls.BcTLSIO.1
        public int bytesConsumed() {
            throw new RuntimeException("Cannot be used!");
        }

        public void close() throws SSLException {
            try {
                BcTLSIO.this.serverProtocol.close();
            } catch (IOException e) {
                BcTLSIO.log.log(Level.FINE, "Cannot close Server Protocol", (Throwable) e);
            }
        }

        public int getAppBuffSize() {
            throw new RuntimeException("Cannot be used!");
        }

        public CertCheckResult getCertificateStatus(boolean z, SSLContextContainerIfc sSLContextContainerIfc) {
            try {
                java.security.cert.Certificate[] peerCertificates = getPeerCertificates();
                if (peerCertificates == null || peerCertificates.length == 0) {
                    return CertCheckResult.none;
                }
                try {
                    return CertificateUtil.validateCertificate(peerCertificates, sSLContextContainerIfc.getTrustStore(), z);
                } catch (Exception e) {
                    BcTLSIO.log.log(Level.WARNING, "Problem validating certificate", (Throwable) e);
                    return CertCheckResult.invalid;
                }
            } catch (SSLPeerUnverifiedException e2) {
                return CertCheckResult.none;
            }
        }

        public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
            return BcTLSIO.this.handshakeCompleted ? SSLEngineResult.HandshakeStatus.FINISHED : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
        }

        public java.security.cert.Certificate[] getLocalCertificates() {
            return BcTLSIO.this.gen(BcTLSIO.this.server.getLocalCertificates());
        }

        public int getNetBuffSize() {
            throw new RuntimeException("Cannot be used!");
        }

        public int getPacketBuffSize() {
            throw new RuntimeException("Cannot be used!");
        }

        public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            if (BcTLSIO.this.peerCertificate == null) {
                return null;
            }
            return BcTLSIO.this.gen(BcTLSIO.this.peerCertificate);
        }

        public TLSStatus getStatus() {
            return TLSStatus.OK;
        }

        public byte[] getTlsExporterBindingData() {
            return BcTLSIO.this.tlsExporter;
        }

        public byte[] getTlsUniqueBindingData() {
            return BcTLSIO.this.tlsUnique;
        }

        public boolean isClientMode() {
            return false;
        }

        public boolean isNeedClientAuth() {
            return BcTLSIO.this.needClientAuth;
        }

        public void setDebugId(String str) {
            throw new RuntimeException("Cannot be used!");
        }

        public ByteBuffer unwrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
            throw new RuntimeException("Cannot be used!");
        }

        public boolean wantClientAuth() {
            return BcTLSIO.this.wantClientAuth;
        }

        public void wrap(ByteBuffer byteBuffer, ByteBuffer byteBuffer2) throws SSLException {
            throw new RuntimeException("Cannot be used!");
        }
    };

    public BcTLSIO(CertificateContainerIfc certificateContainerIfc, TLSEventHandler tLSEventHandler, IOInterface iOInterface, String str, ByteOrder byteOrder, boolean z, boolean z2, TrustManager[] trustManagerArr) throws IOException {
        this.io = null;
        this.tlsInput = null;
        this.clientTrustManagers = trustManagerArr;
        this.wantClientAuth = z;
        this.needClientAuth = z2;
        BcTlsCrypto bcTlsCrypto = new BcTlsCrypto(new SecureRandom());
        this.io = iOInterface;
        this.tlsInput = ByteBuffer.allocate(2048);
        this.tlsInput.order(byteOrder);
        this.serverProtocol = new TlsServerProtocol();
        this.server = new DefaultTls13Server(bcTlsCrypto, z2, z, getAcceptedIssuers(), new SimpleCredentialsProvider(bcTlsCrypto, certificateContainerIfc, str), (certificate, bArr, bArr2) -> {
            this.peerCertificate = certificate;
            this.tlsUnique = bArr;
            this.tlsExporter = bArr2;
            this.handshakeCompleted = true;
            tLSEventHandler.handshakeCompleted(this.fakeWrapper);
        });
        this.serverProtocol.accept(this.server);
        if (log.isLoggable(Level.FINER)) {
            log.log(Level.FINER, "TLS Socket created: {0}", this.io.toString());
        }
    }

    public int bytesRead() {
        return this.bytesRead;
    }

    public boolean checkCapabilities(String str) {
        return str.contains(TLS_CAPS) || this.io.checkCapabilities(str);
    }

    public long getBuffOverflow(boolean z) {
        return this.io.getBuffOverflow(z);
    }

    public long getBytesReceived(boolean z) {
        return this.io.getBytesReceived(z);
    }

    public long getBytesSent(boolean z) {
        return this.io.getBytesSent(z);
    }

    public int getInputPacketSize() throws IOException {
        return this.io.getInputPacketSize();
    }

    public SocketChannel getSocketChannel() {
        return this.io.getSocketChannel();
    }

    public void getStatistics(StatisticsList statisticsList, boolean z) {
        if (this.io != null) {
            this.io.getStatistics(statisticsList, z);
        }
    }

    public long getTotalBuffOverflow() {
        return this.io.getTotalBuffOverflow();
    }

    public long getTotalBytesReceived() {
        return this.io.getTotalBytesReceived();
    }

    public long getTotalBytesSent() {
        return this.io.getTotalBytesSent();
    }

    public boolean isConnected() {
        return this.io.isConnected();
    }

    public boolean isRemoteAddress(String str) {
        return this.io.isRemoteAddress(str);
    }

    public void processHandshake(byte[] bArr) throws IOException {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Process handshake data: " + bArr.length + " bytes.");
        }
        this.serverProtocol.offerInput(bArr);
        pumpData();
    }

    public ByteBuffer read(ByteBuffer byteBuffer) throws IOException {
        pumpData();
        this.bytesRead = this.serverProtocol.readInput(byteBuffer.array(), byteBuffer.position(), byteBuffer.remaining());
        if (this.bytesRead > 0) {
            byteBuffer.position(byteBuffer.position() + this.bytesRead);
            byteBuffer.flip();
        }
        pumpData();
        return byteBuffer;
    }

    public void setLogId(String str) {
        this.io.setLogId(str);
    }

    public void stop() throws IOException {
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Stop called..." + this);
        }
        this.io.stop();
        this.serverProtocol.close();
    }

    public String toString() {
        return "TLS: " + this.io.toString();
    }

    public boolean waitingToSend() {
        return this.io.waitingToSend();
    }

    public int waitingToSendSize() {
        return this.io.waitingToSendSize();
    }

    public int write(ByteBuffer byteBuffer) throws IOException {
        try {
            pumpData();
            if (byteBuffer == null) {
                return this.io.write((ByteBuffer) null);
            }
            this.serverProtocol.writeApplicationData(byteBuffer.array(), byteBuffer.position(), byteBuffer.remaining());
            int remaining = byteBuffer.remaining();
            byteBuffer.position(byteBuffer.position() + remaining);
            this.serverProtocol.flush();
            pumpData();
            return remaining;
        } catch (IOException e) {
            log.log(Level.WARNING, "Cannot write data!", (Throwable) e);
            throw new SSLException(e);
        }
    }

    private X509Certificate[] gen(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[certificate.getLength()];
            for (int i = 0; i < certificate.getLength(); i++) {
                x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getCertificateAt(i).getEncoded()));
            }
            return x509CertificateArr;
        } catch (Exception e) {
            log.log(Level.WARNING, "Cannot create certificate", (Throwable) e);
            return null;
        }
    }

    private Collection<X500Name> getAcceptedIssuers() {
        if (this.clientTrustManagers == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : this.clientTrustManagers) {
            if (trustManager instanceof X509TrustManager) {
                for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                    arrayList.add(new X500Name(x509Certificate.getSubjectX500Principal().toString()));
                }
            }
        }
        return arrayList;
    }

    private byte[] getBytes(ByteBuffer byteBuffer) {
        byte[] bArr;
        if (byteBuffer != null) {
            bArr = new byte[byteBuffer.remaining()];
            byteBuffer.get(bArr);
            byteBuffer.compact();
        } else {
            bArr = null;
        }
        return bArr;
    }

    private void pumpData() throws IOException {
        byte[] bytes;
        int i = 0;
        if (log.isLoggable(Level.FINEST)) {
            log.finest("Copying data from&to TLS Engine");
        }
        do {
            try {
                i++;
                int i2 = 0;
                int availableOutputBytes = this.serverProtocol.getAvailableOutputBytes();
                if (availableOutputBytes > 0) {
                    ByteBuffer allocate = ByteBuffer.allocate(availableOutputBytes);
                    int readOutput = this.serverProtocol.readOutput(allocate.array(), 0, allocate.array().length);
                    if (readOutput > 0) {
                        i2 = 0 + readOutput;
                        allocate.position(i2);
                        allocate.flip();
                        this.io.write(allocate);
                    }
                }
                int i3 = 0;
                ByteBuffer read = this.io.read(this.tlsInput);
                if (this.io.bytesRead() > 0 && (bytes = getBytes(read)) != null && bytes.length > 0) {
                    i3 = 0 + bytes.length;
                    this.serverProtocol.offerInput(bytes);
                }
                if (i3 <= 0 && i2 <= 0) {
                    break;
                }
            } catch (IOException e) {
                log.log(Level.WARNING, "Error on reading/writing data.", (Throwable) e);
                throw e;
            } catch (Throwable th) {
                log.log(Level.WARNING, "Error on reading/writing data.", th);
                throw new IOException("Data copying exception", th);
            }
        } while (i <= 1000);
    }
}
