package org.elasticsearch.xpack.security.transport.nio;

import java.nio.ByteBuffer;
import java.util.ArrayList;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.elasticsearch.nio.InboundChannelBuffer;
import org.elasticsearch.nio.utils.ExceptionsHelper;

/* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver.class */
public class SSLDriver implements AutoCloseable {
    private static final ByteBuffer[] EMPTY_BUFFER_ARRAY;
    private final SSLEngine engine;
    private final boolean isClientMode;
    private Mode currentMode = new HandshakeMode(this, null);
    private ByteBuffer networkWriteBuffer;
    private ByteBuffer networkReadBuffer;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.elasticsearch.xpack.security.transport.nio.SSLDriver$1, reason: invalid class name */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver$ApplicationMode.class */
    public class ApplicationMode implements Mode {
        private ApplicationMode() {
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public void read(InboundChannelBuffer inboundChannelBuffer) throws SSLException {
            SSLDriver.this.ensureApplicationBufferSize(inboundChannelBuffer);
            boolean z = true;
            while (z && SSLDriver.this.networkReadBuffer.position() > 0) {
                SSLDriver.this.networkReadBuffer.flip();
                SSLEngineResult unwrap = SSLDriver.this.unwrap(inboundChannelBuffer);
                z = unwrap.bytesProduced() > 0 && !(unwrap.getStatus() != SSLEngineResult.Status.CLOSED && maybeRenegotiation(unwrap.getHandshakeStatus()));
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public int write(ByteBuffer[] byteBufferArr) throws SSLException {
            SSLEngineResult wrap = SSLDriver.this.wrap(byteBufferArr);
            maybeRenegotiation(wrap.getHandshakeStatus());
            return wrap.bytesConsumed();
        }

        private boolean maybeRenegotiation(SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
                return false;
            }
            SSLDriver.this.renegotiate();
            return true;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean needsNonApplicationWrite() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isHandshake() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isApplication() {
            return true;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isClose() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public String modeName() {
            return "APPLICATION";
        }

        /* synthetic */ ApplicationMode(SSLDriver sSLDriver, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver$CloseMode.class */
    public class CloseMode implements Mode {
        private boolean needToSendClose;
        private boolean needToReceiveClose;
        static final /* synthetic */ boolean $assertionsDisabled;

        private CloseMode(boolean z) {
            this.needToSendClose = true;
            this.needToReceiveClose = true;
            if (z && !SSLDriver.this.engine.isInboundDone()) {
                this.needToReceiveClose = false;
            } else if (SSLDriver.this.engine.isInboundDone()) {
                this.needToReceiveClose = false;
            }
            if (SSLDriver.this.engine.isOutboundDone()) {
                this.needToSendClose = false;
            } else {
                SSLDriver.this.engine.closeOutbound();
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public void read(InboundChannelBuffer inboundChannelBuffer) throws SSLException {
            if (this.needToReceiveClose) {
                SSLDriver.this.ensureApplicationBufferSize(inboundChannelBuffer);
                boolean z = true;
                while (z && SSLDriver.this.networkReadBuffer.position() > 0) {
                    SSLDriver.this.networkReadBuffer.flip();
                    SSLEngineResult unwrap = SSLDriver.this.unwrap(inboundChannelBuffer);
                    z = unwrap.bytesProduced() > 0 || unwrap.bytesConsumed() > 0;
                }
                if (SSLDriver.this.engine.isInboundDone()) {
                    this.needToReceiveClose = false;
                }
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public int write(ByteBuffer[] byteBufferArr) throws SSLException {
            if (SSLDriver.this.hasFlushPending() || !SSLDriver.this.engine.isOutboundDone()) {
                SSLDriver.this.wrap(SSLDriver.EMPTY_BUFFER_ARRAY);
                if ($assertionsDisabled || SSLDriver.this.hasFlushPending()) {
                    return 0;
                }
                throw new AssertionError("Should have produced close message");
            }
            this.needToSendClose = false;
            if (this.needToReceiveClose || SSLDriver.this.engine.isInboundDone()) {
                return 0;
            }
            closeInboundAndSwallowPeerDidNotCloseException();
            return 0;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean needsNonApplicationWrite() {
            return this.needToSendClose;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isHandshake() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isApplication() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isClose() {
            return true;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public String modeName() {
            return "CLOSE";
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isCloseDone() {
            return (this.needToSendClose || this.needToReceiveClose) ? false : true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void closeInboundAndSwallowPeerDidNotCloseException() throws SSLException {
            try {
                SSLDriver.this.engine.closeInbound();
            } catch (SSLException e) {
                if (!e.getMessage().contains("before receiving peer's close_notify")) {
                    throw e;
                }
            }
        }

        /* synthetic */ CloseMode(SSLDriver sSLDriver, boolean z, AnonymousClass1 anonymousClass1) {
            this(z);
        }

        static {
            $assertionsDisabled = !SSLDriver.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver$HandshakeMode.class */
    public class HandshakeMode implements Mode {
        private SSLEngineResult.HandshakeStatus handshakeStatus;

        private HandshakeMode() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void startHandshake() throws SSLException {
            this.handshakeStatus = SSLDriver.this.engine.getHandshakeStatus();
            if (this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP || this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                return;
            }
            try {
                handshake();
            } catch (SSLException e) {
                SSLDriver.this.closingInternal();
                throw e;
            }
        }

        private void handshake() throws SSLException {
            boolean z = true;
            while (z) {
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.handshakeStatus.ordinal()]) {
                    case 1:
                        z = false;
                        break;
                    case 2:
                        if (!SSLDriver.this.hasFlushPending()) {
                            this.handshakeStatus = SSLDriver.this.wrap(SSLDriver.EMPTY_BUFFER_ARRAY).getHandshakeStatus();
                        }
                        if (this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                            break;
                        } else {
                            z = false;
                            break;
                        }
                    case 3:
                        runTasks();
                        this.handshakeStatus = SSLDriver.this.engine.getHandshakeStatus();
                        break;
                    case 4:
                        maybeFinishHandshake();
                        z = false;
                        break;
                    case 5:
                        maybeFinishHandshake();
                        z = false;
                        break;
                }
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public void read(InboundChannelBuffer inboundChannelBuffer) throws SSLException {
            SSLDriver.this.ensureApplicationBufferSize(inboundChannelBuffer);
            boolean z = true;
            while (z && SSLDriver.this.networkReadBuffer.position() > 0) {
                SSLDriver.this.networkReadBuffer.flip();
                try {
                    SSLEngineResult unwrap = SSLDriver.this.unwrap(inboundChannelBuffer);
                    this.handshakeStatus = unwrap.getHandshakeStatus();
                    handshake();
                    z = unwrap.bytesConsumed() > 0 && SSLDriver.this.currentMode.isHandshake();
                } catch (SSLException e) {
                    SSLDriver.this.closingInternal();
                    throw e;
                }
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public int write(ByteBuffer[] byteBufferArr) throws SSLException {
            try {
                handshake();
                return 0;
            } catch (SSLException e) {
                SSLDriver.this.closingInternal();
                throw e;
            }
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean needsNonApplicationWrite() {
            return this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || this.handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || this.handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isHandshake() {
            return true;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isApplication() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public boolean isClose() {
            return false;
        }

        @Override // org.elasticsearch.xpack.security.transport.nio.SSLDriver.Mode
        public String modeName() {
            return "HANDSHAKE";
        }

        private void runTasks() {
            while (true) {
                Runnable delegatedTask = SSLDriver.this.engine.getDelegatedTask();
                if (delegatedTask == null) {
                    return;
                } else {
                    delegatedTask.run();
                }
            }
        }

        private void maybeFinishHandshake() {
            if (SSLDriver.this.engine.isOutboundDone() || SSLDriver.this.engine.isInboundDone()) {
                if (!SSLDriver.this.currentMode.isHandshake()) {
                    throw new AssertionError("Expected to be in handshaking mode. Instead in non-handshaking mode: " + SSLDriver.this.currentMode);
                }
                SSLDriver.this.currentMode = new CloseMode(SSLDriver.this, true, null);
                return;
            }
            if (SSLDriver.this.hasFlushPending()) {
                return;
            }
            if (!SSLDriver.this.currentMode.isHandshake()) {
                throw new AssertionError("Attempted to transition to application mode from non-handshaking mode: " + SSLDriver.this.currentMode);
            }
            SSLDriver.this.currentMode = new ApplicationMode(SSLDriver.this, null);
        }

        /* synthetic */ HandshakeMode(SSLDriver sSLDriver, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/transport/nio/SSLDriver$Mode.class */
    public interface Mode {
        void read(InboundChannelBuffer inboundChannelBuffer) throws SSLException;

        int write(ByteBuffer[] byteBufferArr) throws SSLException;

        boolean needsNonApplicationWrite();

        boolean isHandshake();

        boolean isApplication();

        boolean isClose();

        String modeName();
    }

    public SSLDriver(SSLEngine sSLEngine, boolean z) {
        this.engine = sSLEngine;
        this.isClientMode = z;
        SSLSession session = sSLEngine.getSession();
        this.networkReadBuffer = ByteBuffer.allocate(session.getPacketBufferSize());
        this.networkWriteBuffer = ByteBuffer.allocate(session.getPacketBufferSize());
        this.networkWriteBuffer.position(this.networkWriteBuffer.limit());
    }

    public void init() throws SSLException {
        this.engine.setUseClientMode(this.isClientMode);
        if (!this.currentMode.isHandshake()) {
            throw new AssertionError("Attempted to init outside from non-handshaking mode: " + this.currentMode.modeName());
        }
        this.engine.beginHandshake();
        ((HandshakeMode) this.currentMode).startHandshake();
    }

    public void renegotiate() throws SSLException {
        if (!this.currentMode.isApplication()) {
            throw new IllegalStateException("Attempted to renegotiate while in invalid mode: " + this.currentMode.modeName());
        }
        this.currentMode = new HandshakeMode(this, null);
        this.engine.beginHandshake();
        ((HandshakeMode) this.currentMode).startHandshake();
    }

    public SSLEngine getSSLEngine() {
        return this.engine;
    }

    public boolean hasFlushPending() {
        return this.networkWriteBuffer.hasRemaining();
    }

    public boolean isHandshaking() {
        return this.currentMode.isHandshake();
    }

    public ByteBuffer getNetworkWriteBuffer() {
        return this.networkWriteBuffer;
    }

    public ByteBuffer getNetworkReadBuffer() {
        return this.networkReadBuffer;
    }

    public void read(InboundChannelBuffer inboundChannelBuffer) throws SSLException {
        Mode mode;
        do {
            mode = this.currentMode;
            this.currentMode.read(inboundChannelBuffer);
        } while (mode != this.currentMode);
    }

    public boolean readyForApplicationWrites() {
        return this.currentMode.isApplication();
    }

    public boolean needsNonApplicationWrite() {
        return this.currentMode.needsNonApplicationWrite();
    }

    public int applicationWrite(ByteBuffer[] byteBufferArr) throws SSLException {
        if ($assertionsDisabled || readyForApplicationWrites()) {
            return this.currentMode.write(byteBufferArr);
        }
        throw new AssertionError("Should not be called if driver is not ready for application writes");
    }

    public void nonApplicationWrite() throws SSLException {
        if (!$assertionsDisabled && this.currentMode.isApplication()) {
            throw new AssertionError("Should not be called if driver is in application mode");
        }
        if (this.currentMode.isApplication()) {
            throw new AssertionError("Attempted to non-application write from invalid mode: " + this.currentMode.modeName());
        }
        this.currentMode.write(EMPTY_BUFFER_ARRAY);
    }

    public void initiateClose() {
        closingInternal();
    }

    public boolean isClosed() {
        return this.currentMode.isClose() && ((CloseMode) this.currentMode).isCloseDone();
    }

    @Override // java.lang.AutoCloseable
    public void close() throws SSLException {
        ArrayList arrayList = new ArrayList(2);
        closingInternal();
        CloseMode closeMode = (CloseMode) this.currentMode;
        if (closeMode.needToSendClose) {
            arrayList.add(new SSLException("Closed engine without completely sending the close alert message."));
            this.engine.closeOutbound();
        }
        if (closeMode.needToReceiveClose) {
            arrayList.add(new SSLException("Closed engine without receiving the close alert message."));
            closeMode.closeInboundAndSwallowPeerDidNotCloseException();
        }
        ExceptionsHelper.rethrowAndSuppress(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLEngineResult unwrap(InboundChannelBuffer inboundChannelBuffer) throws SSLException {
        while (true) {
            SSLEngineResult unwrap = this.engine.unwrap(this.networkReadBuffer, inboundChannelBuffer.sliceBuffersFrom(inboundChannelBuffer.getIndex()));
            inboundChannelBuffer.incrementIndex(unwrap.bytesProduced());
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                case 1:
                    this.networkReadBuffer.compact();
                    return unwrap;
                case 2:
                    int capacity = this.networkReadBuffer.capacity();
                    ensureNetworkReadBufferSize();
                    if (capacity == this.networkReadBuffer.capacity()) {
                        this.networkReadBuffer.compact();
                    }
                    return unwrap;
                case 3:
                    ensureApplicationBufferSize(inboundChannelBuffer);
                case 4:
                    if (!$assertionsDisabled && !this.engine.isInboundDone()) {
                        throw new AssertionError("We received close_notify so read should be done");
                    }
                    closingInternal();
                    return unwrap;
                default:
                    throw new IllegalStateException("Unexpected UNWRAP result: " + unwrap.getStatus());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr) throws SSLException {
        SSLEngineResult wrap;
        int capacity;
        if (!$assertionsDisabled && hasFlushPending()) {
            throw new AssertionError("Should never called with pending writes");
        }
        this.networkWriteBuffer.clear();
        do {
            try {
                wrap = byteBufferArr.length == 1 ? this.engine.wrap(byteBufferArr[0], this.networkWriteBuffer) : this.engine.wrap(byteBufferArr, this.networkWriteBuffer);
                switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                    case 1:
                        this.networkWriteBuffer.flip();
                        return wrap;
                    case 2:
                        throw new IllegalStateException("Should not receive BUFFER_UNDERFLOW on WRAP");
                    case 3:
                        capacity = this.networkWriteBuffer.capacity();
                        ensureNetworkWriteBufferSize();
                        break;
                    case 4:
                        if (wrap.bytesProduced() > 0) {
                            this.networkWriteBuffer.flip();
                        } else if (!$assertionsDisabled) {
                            throw new AssertionError("WRAP during close processing should produce close message.");
                        }
                        return wrap;
                    default:
                        throw new IllegalStateException("Unexpected WRAP result: " + wrap.getStatus());
                }
            } catch (SSLException e) {
                this.networkWriteBuffer.position(this.networkWriteBuffer.limit());
                throw e;
            }
        } while (capacity != this.networkWriteBuffer.capacity());
        return wrap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void closingInternal() {
        if (this.currentMode.isClose()) {
            return;
        }
        this.currentMode = new CloseMode(this, this.currentMode.isHandshake(), null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void ensureApplicationBufferSize(InboundChannelBuffer inboundChannelBuffer) {
        if (inboundChannelBuffer.getRemaining() < this.engine.getSession().getApplicationBufferSize()) {
            inboundChannelBuffer.ensureCapacity(inboundChannelBuffer.getIndex() + this.engine.getSession().getApplicationBufferSize());
        }
    }

    private void ensureNetworkWriteBufferSize() {
        this.networkWriteBuffer = ensureNetBufferSize(this.networkWriteBuffer);
    }

    private void ensureNetworkReadBufferSize() {
        this.networkReadBuffer = ensureNetBufferSize(this.networkReadBuffer);
    }

    private ByteBuffer ensureNetBufferSize(ByteBuffer byteBuffer) {
        int packetBufferSize = this.engine.getSession().getPacketBufferSize();
        if (byteBuffer.capacity() >= packetBufferSize) {
            return byteBuffer;
        }
        ByteBuffer allocate = ByteBuffer.allocate(packetBufferSize);
        byteBuffer.flip();
        allocate.put(byteBuffer);
        return allocate;
    }

    static {
        $assertionsDisabled = !SSLDriver.class.desiredAssertionStatus();
        EMPTY_BUFFER_ARRAY = new ByteBuffer[0];
    }
}
