package com.sun.enterprise.web.connector.grizzly.ssl;

import com.sun.enterprise.web.connector.grizzly.Constants;
import com.sun.enterprise.web.connector.grizzly.DefaultReadTask;
import com.sun.enterprise.web.connector.grizzly.StreamAlgorithm;
import com.sun.enterprise.web.connector.grizzly.WorkerThread;
import java.io.ByteArrayInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.security.cert.X509Certificate;
import org.apache.tomcat.util.net.SSLImplementation;

/* loaded from: input_file:com/sun/enterprise/web/connector/grizzly/ssl/SSLReadTask.class */
public class SSLReadTask extends DefaultReadTask {
    protected ByteBuffer inputBB;
    protected ByteBuffer outputBB;
    protected SSLImplementation sslImplementation;
    protected SSLEngine sslEngine = null;
    protected int appBBSize = 5 * Constants.CHANNEL_BYTE_SIZE;
    protected int inputBBSize = 5 * Constants.CHANNEL_BYTE_SIZE;
    protected boolean handshake = true;

    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask, com.sun.enterprise.web.connector.grizzly.ReadTask
    public void initialize(StreamAlgorithm streamAlgorithm, boolean z, boolean z2) {
        this.type = 1;
        this.algorithm = streamAlgorithm;
        this.inputStream = new SSLByteBufferInputStream();
        this.useDirectByteBuffer = z;
        this.useByteBufferView = z2;
    }

    protected void allocateBuffers() {
        SSLWorkerThread sSLWorkerThread = (SSLWorkerThread) Thread.currentThread();
        if (sSLWorkerThread.getInputBB() == null) {
            int packetBufferSize = this.sslEngine.getSession().getPacketBufferSize();
            if (this.inputBBSize < packetBufferSize) {
                this.inputBBSize = packetBufferSize;
            }
            this.inputBB = ByteBuffer.allocate(this.inputBBSize);
            this.outputBB = ByteBuffer.allocate(this.inputBBSize);
            this.byteBuffer = ByteBuffer.allocate(this.inputBBSize * 2);
        } else {
            this.inputBB = sSLWorkerThread.getInputBB();
            this.outputBB = sSLWorkerThread.getOutputBB();
            this.byteBuffer = sSLWorkerThread.getByteBuffer();
            int packetBufferSize2 = this.sslEngine.getSession().getPacketBufferSize();
            if (packetBufferSize2 > this.inputBBSize) {
                this.inputBB = ByteBuffer.allocate(packetBufferSize2);
                this.outputBB = ByteBuffer.allocate(packetBufferSize2);
            }
        }
        sSLWorkerThread.setInputByteBuffer(this.inputBB);
        sSLWorkerThread.setOutputBB(this.outputBB);
        sSLWorkerThread.setByteBuffer(this.byteBuffer);
        int applicationBufferSize = this.sslEngine.getSession().getApplicationBufferSize();
        if (applicationBufferSize > this.byteBuffer.capacity()) {
            this.byteBuffer = ByteBuffer.allocate(applicationBufferSize);
        }
        this.outputBB.position(0);
        this.outputBB.limit(0);
        sSLWorkerThread.setSSLEngine(this.sslEngine);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask
    public void registerKey() {
        this.key.attach(this.sslEngine);
        super.registerKey();
    }

    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask, com.sun.enterprise.web.connector.grizzly.Task
    public void doTask() throws IOException {
        boolean z;
        int i = 0;
        SSLWorkerThread sSLWorkerThread = (SSLWorkerThread) Thread.currentThread();
        this.isReturned = false;
        SocketChannel socketChannel = (SocketChannel) this.key.channel();
        try {
            try {
                allocateBuffers();
                if (doHandshake()) {
                    this.handshake = false;
                    try {
                        i = socketChannel.read(this.inputBB);
                        if (i == -1) {
                            try {
                                this.sslEngine.closeInbound();
                            } catch (IOException e) {
                                Logger logger = SSLSelectorThread.logger();
                                if (logger.isLoggable(Level.FINE)) {
                                    logger.log(Level.FINE, "closeInbound", (Throwable) e);
                                }
                                manageKeepAlive(false, i, null);
                                return;
                            }
                        }
                        this.byteBuffer = SSLUtils.unwrapAll(this.byteBuffer, this.inputBB, this.sslEngine);
                        sSLWorkerThread.setByteBuffer(this.byteBuffer);
                        z = process();
                    } catch (IOException e2) {
                        z = false;
                    }
                } else {
                    z = false;
                }
                manageKeepAlive(z, i, null);
            } catch (Throwable th) {
                manageKeepAlive(false, 0, null);
                throw th;
            }
        } catch (IOException e3) {
            Logger logger2 = SSLSelectorThread.logger();
            if (logger2.isLoggable(Level.FINE)) {
                logger2.log(Level.FINE, "doRead", (Throwable) e3);
            }
            manageKeepAlive(false, 0, e3);
        } catch (RuntimeException e4) {
            manageKeepAlive(false, 0, e4);
        }
    }

    protected boolean doHandshake() throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        boolean z = true;
        while (this.handshake) {
            try {
                SSLEngineResult.HandshakeStatus doHandshake = SSLUtils.doHandshake(this.key, this.byteBuffer, this.inputBB, this.outputBB, this.sslEngine, handshakeStatus);
                handshakeStatus = doHandshake;
                if (doHandshake == SSLEngineResult.HandshakeStatus.FINISHED) {
                    break;
                }
                this.byteBuffer = ((SSLWorkerThread) Thread.currentThread()).getByteBuffer();
            } catch (EOFException e) {
                z = false;
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object[] doPeerCertificateChain(boolean z) throws IOException {
        Logger logger = SSLSelectorThread.logger();
        this.sslEngine.setNeedClientAuth(true);
        X509Certificate[] x509CertificateArr = null;
        try {
            x509CertificateArr = this.sslEngine.getSession().getPeerCertificateChain();
        } catch (Exception e) {
        }
        if (x509CertificateArr == null) {
            x509CertificateArr = new X509Certificate[0];
        }
        if (x509CertificateArr.length <= 0 && z) {
            this.sslEngine.getSession().invalidate();
            this.sslEngine.beginHandshake();
            this.handshake = true;
            if (!doHandshake()) {
                throw new IOException("Handshake failed");
            }
        }
        try {
            Certificate[] peerCertificates = this.sslEngine.getSession().getPeerCertificates();
            if (peerCertificates == null) {
                return null;
            }
            java.security.cert.X509Certificate[] x509CertificateArr2 = new java.security.cert.X509Certificate[peerCertificates.length];
            for (int i = 0; i < peerCertificates.length; i++) {
                if (peerCertificates[i] instanceof java.security.cert.X509Certificate) {
                    x509CertificateArr2[i] = (java.security.cert.X509Certificate) peerCertificates[i];
                } else {
                    try {
                        x509CertificateArr2[i] = (java.security.cert.X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(peerCertificates[i].getEncoded()));
                    } catch (Exception e2) {
                        logger.log(Level.INFO, "Error translating cert " + peerCertificates[i], (Throwable) e2);
                        return null;
                    }
                }
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "Cert #" + i + " = " + x509CertificateArr2[i]);
                }
            }
            if (x509CertificateArr2.length < 1) {
                return null;
            }
            return x509CertificateArr2;
        } catch (Throwable th) {
            if (!logger.isLoggable(Level.FINE)) {
                return null;
            }
            logger.log(Level.FINE, "Error getting client certs", th);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask
    public void configureProcessorTask() {
        super.configureProcessorTask();
        ((SSLProcessorTask) this.processorTask).setSSLSupport(this.sslImplementation.getSSLSupport(this.sslEngine));
        ((SSLProcessorTask) this.processorTask).setSslReadTask(this);
    }

    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask, com.sun.enterprise.web.connector.grizzly.ReadTask
    public void detachProcessor() {
        if (this.processorTask != null) {
            ((SSLProcessorTask) this.processorTask).setSSLSupport(null);
            ((SSLProcessorTask) this.processorTask).setSslReadTask(null);
        }
        super.detachProcessor();
    }

    protected boolean process() throws IOException {
        SocketChannel socketChannel = (SocketChannel) this.key.channel();
        socketChannel.socket();
        this.algorithm.setSocketChannel(socketChannel);
        this.inputStream.setByteBuffer(this.byteBuffer);
        this.inputStream.setSelectionKey(this.key);
        if (this.processorTask == null) {
            attachProcessor(this.selectorThread.getProcessorTask());
        }
        if (this.algorithm.parse(this.byteBuffer)) {
            return executeProcessorTask();
        }
        return true;
    }

    @Override // com.sun.enterprise.web.connector.grizzly.DefaultReadTask, com.sun.enterprise.web.connector.grizzly.TaskBase, com.sun.enterprise.web.connector.grizzly.Task
    public void recycle() {
        if (this.byteBuffer != null) {
            WorkerThread workerThread = (WorkerThread) Thread.currentThread();
            this.byteBuffer = this.algorithm.postParse(this.byteBuffer);
            this.byteBuffer.clear();
            workerThread.setByteBuffer(this.byteBuffer);
        }
        this.handshake = true;
        this.inputStream.recycle();
        this.algorithm.recycle();
        this.key = null;
        this.inputStream.setSelectionKey(null);
        this.inputBB.clear();
        this.outputBB.clear();
        this.outputBB.position(0);
        this.outputBB.limit(0);
        this.inputBB = null;
        this.outputBB = null;
        this.byteBuffer = null;
        this.sslEngine = null;
    }

    public void setSSLImplementation(SSLImplementation sSLImplementation) {
        this.sslImplementation = sSLImplementation;
    }

    public void setHandshake(boolean z) {
        this.handshake = z;
    }

    public boolean getHandshake() {
        return this.handshake;
    }

    public void setSSLEngine(SSLEngine sSLEngine) {
        this.sslEngine = sSLEngine;
    }
}
