package org.apache.mina.filter.ssl;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import org.apache.mina.core.buffer.IoBuffer;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.filterchain.IoFilterChain;
import org.apache.mina.core.future.DefaultWriteFuture;
import org.apache.mina.core.future.IoFuture;
import org.apache.mina.core.future.IoFutureListener;
import org.apache.mina.core.future.WriteFuture;
import org.apache.mina.core.service.IoAcceptor;
import org.apache.mina.core.session.AttributeKey;
import org.apache.mina.core.session.IoSession;
import org.apache.mina.core.write.WriteRequest;
import org.apache.mina.core.write.WriteRequestWrapper;
import org.apache.mina.core.write.WriteToClosedSessionException;

/* loaded from: classes2.dex */
public class SslFilter extends IoFilterAdapter {
    public static final SslFilterMessage SESSION_SECURED;
    public static final SslFilterMessage SESSION_UNSECURED;
    private static final boolean START_HANDSHAKE = true;
    private final boolean autoStart;
    private boolean client;
    private String[] enabledCipherSuites;
    private String[] enabledProtocols;
    private boolean needClientAuth;
    final SSLContext sslContext;
    private boolean wantClientAuth;
    private static final h5.a LOGGER = h5.b.i(SslFilter.class);
    public static final AttributeKey SSL_SESSION = new AttributeKey(SslFilter.class, "session");
    public static final AttributeKey DISABLE_ENCRYPTION_ONCE = new AttributeKey(SslFilter.class, "disableOnce");
    public static final AttributeKey USE_NOTIFICATION = new AttributeKey(SslFilter.class, "useNotification");
    public static final AttributeKey PEER_ADDRESS = new AttributeKey(SslFilter.class, "peerAddress");
    private static final AttributeKey NEXT_FILTER = new AttributeKey(SslFilter.class, "nextFilter");
    private static final AttributeKey SSL_HANDLER = new AttributeKey(SslFilter.class, "handler");

    /* loaded from: classes2.dex */
    public static class SslFilterMessage {
        private final String name;

        private SslFilterMessage(String str) {
            this.name = str;
        }

        /* synthetic */ SslFilterMessage(String str, a aVar) {
            this(str);
        }

        public String toString() {
            return this.name;
        }
    }

    /* loaded from: classes2.dex */
    class a implements IoFutureListener<IoFuture> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ IoFilter.NextFilter f15083a;

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ IoSession f15084b;

        a(IoFilter.NextFilter nextFilter, IoSession ioSession) {
            this.f15083a = nextFilter;
            this.f15084b = ioSession;
        }

        @Override // org.apache.mina.core.future.IoFutureListener
        public void operationComplete(IoFuture ioFuture) {
            this.f15083a.filterClose(this.f15084b);
        }
    }

    /* loaded from: classes2.dex */
    private static class b extends WriteRequestWrapper {

        /* renamed from: a, reason: collision with root package name */
        private final IoBuffer f15086a;

        private b(WriteRequest writeRequest, IoBuffer ioBuffer) {
            super(writeRequest);
            this.f15086a = ioBuffer;
        }

        /* synthetic */ b(WriteRequest writeRequest, IoBuffer ioBuffer, a aVar) {
            this(writeRequest, ioBuffer);
        }

        @Override // org.apache.mina.core.write.WriteRequestWrapper, org.apache.mina.core.write.WriteRequest
        public Object getMessage() {
            return this.f15086a;
        }
    }

    static {
        a aVar = null;
        SESSION_SECURED = new SslFilterMessage("SESSION_SECURED", aVar);
        SESSION_UNSECURED = new SslFilterMessage("SESSION_UNSECURED", aVar);
    }

    public SslFilter(SSLContext sSLContext) {
        this(sSLContext, START_HANDSHAKE);
    }

    public SslFilter(SSLContext sSLContext, boolean z5) {
        if (sSLContext == null) {
            throw new IllegalArgumentException("sslContext");
        }
        this.sslContext = sSLContext;
        this.autoStart = z5;
    }

    private org.apache.mina.filter.ssl.a getSslSessionHandler(IoSession ioSession) {
        org.apache.mina.filter.ssl.a aVar = (org.apache.mina.filter.ssl.a) ioSession.getAttribute(SSL_HANDLER);
        if (aVar == null) {
            throw new IllegalStateException();
        }
        if (aVar.l() == this) {
            return aVar;
        }
        throw new IllegalArgumentException("Not managed by this filter.");
    }

    private void handleAppDataRead(IoFilter.NextFilter nextFilter, org.apache.mina.filter.ssl.a aVar) {
        IoBuffer g6 = aVar.g();
        if (g6.hasRemaining()) {
            aVar.x(nextFilter, g6);
        }
    }

    private void handleSslData(IoFilter.NextFilter nextFilter, org.apache.mina.filter.ssl.a aVar) throws SSLException {
        h5.a aVar2 = LOGGER;
        if (aVar2.c()) {
            aVar2.p("{}: Processing the SSL Data ", getSessionInfo(aVar.k()));
        }
        if (aVar.o()) {
            aVar.i();
        }
        aVar.B(nextFilter);
        handleAppDataRead(nextFilter, aVar);
    }

    private WriteFuture initiateClosure(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            if (!sslSessionHandler.b()) {
                return DefaultWriteFuture.newNotWrittenFuture(ioSession, new IllegalStateException("SSL session is shut down already."));
            }
            WriteFuture B = sslSessionHandler.B(nextFilter);
            if (B == null) {
                B = DefaultWriteFuture.newWrittenFuture(ioSession);
            }
            if (sslSessionHandler.p()) {
                sslSessionHandler.d();
            }
            if (ioSession.containsAttribute(USE_NOTIFICATION)) {
                sslSessionHandler.x(nextFilter, SESSION_UNSECURED);
            }
            return B;
        } catch (SSLException e6) {
            sslSessionHandler.u();
            throw e6;
        }
    }

    private void initiateHandshake(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        LOGGER.p("{} : Starting the first handshake", getSessionInfo(ioSession));
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                sslSessionHandler.m(nextFilter);
            }
            sslSessionHandler.j();
        } catch (SSLException e6) {
            sslSessionHandler.u();
            throw e6;
        }
    }

    private boolean isCloseNotify(Object obj) {
        if (!(obj instanceof IoBuffer)) {
            return false;
        }
        IoBuffer ioBuffer = (IoBuffer) obj;
        int position = ioBuffer.position();
        if (ioBuffer.get(position + 0) != 21 || ioBuffer.get(position + 1) != 3) {
            return false;
        }
        int i6 = position + 2;
        if ((ioBuffer.get(i6) == 0 || ioBuffer.get(i6) == 1 || ioBuffer.get(i6) == 2 || ioBuffer.get(i6) == 3) && ioBuffer.get(position + 3) == 0) {
            return START_HANDSHAKE;
        }
        return false;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void exceptionCaught(IoFilter.NextFilter nextFilter, IoSession ioSession, Throwable th) throws Exception {
        boolean z5;
        if (th instanceof WriteToClosedSessionException) {
            List<WriteRequest> requests = ((WriteToClosedSessionException) th).getRequests();
            Iterator<WriteRequest> it = requests.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (isCloseNotify(it.next().getMessage())) {
                        z5 = START_HANDSHAKE;
                        break;
                    }
                } else {
                    z5 = false;
                    break;
                }
            }
            if (z5) {
                if (requests.size() == 1) {
                    return;
                }
                ArrayList arrayList = new ArrayList(requests.size() - 1);
                for (WriteRequest writeRequest : requests) {
                    if (!isCloseNotify(writeRequest.getMessage())) {
                        arrayList.add(writeRequest);
                    }
                }
                if (arrayList.isEmpty()) {
                    return;
                } else {
                    th = new WriteToClosedSessionException(arrayList, th.getMessage(), th.getCause());
                }
            }
        }
        nextFilter.exceptionCaught(ioSession, th);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterClose(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        org.apache.mina.filter.ssl.a aVar = (org.apache.mina.filter.ssl.a) ioSession.getAttribute(SSL_HANDLER);
        if (aVar == null) {
            nextFilter.filterClose(ioSession);
            return;
        }
        WriteFuture writeFuture = null;
        try {
            try {
                synchronized (aVar) {
                    if (isSslStarted(ioSession)) {
                        writeFuture = initiateClosure(nextFilter, ioSession);
                        writeFuture.addListener((IoFutureListener<?>) new a(nextFilter, ioSession));
                    }
                }
                aVar.j();
            } catch (SSLException e6) {
                aVar.u();
                throw e6;
            }
        } finally {
            if (0 == 0) {
                nextFilter.filterClose(ioSession);
            }
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void filterWrite(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) throws SSLException {
        boolean z5;
        h5.a aVar = LOGGER;
        if (aVar.c()) {
            aVar.b("{}: Writing Message : {}", getSessionInfo(ioSession), writeRequest);
        }
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                if (isSslStarted(ioSession)) {
                    AttributeKey attributeKey = DISABLE_ENCRYPTION_ONCE;
                    if (ioSession.containsAttribute(attributeKey)) {
                        ioSession.removeAttribute(attributeKey);
                    } else {
                        IoBuffer ioBuffer = (IoBuffer) writeRequest.getMessage();
                        if (!sslSessionHandler.r()) {
                            if (sslSessionHandler.o()) {
                                ioBuffer.mark();
                                sslSessionHandler.f(ioBuffer.buf());
                                sslSessionHandler.w(nextFilter, new b(writeRequest, sslSessionHandler.h(), null));
                                z5 = START_HANDSHAKE;
                            } else {
                                if (ioSession.isConnected()) {
                                    sslSessionHandler.y(nextFilter, writeRequest);
                                }
                                z5 = false;
                            }
                        }
                    }
                }
                sslSessionHandler.w(nextFilter, writeRequest);
                z5 = START_HANDSHAKE;
            }
            if (z5) {
                sslSessionHandler.j();
            }
        } catch (SSLException e6) {
            sslSessionHandler.u();
            throw e6;
        }
    }

    public String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getSessionInfo(IoSession ioSession) {
        String str;
        StringBuilder sb = new StringBuilder();
        sb.append(ioSession.getService() instanceof IoAcceptor ? "Session Server" : "Session Client");
        sb.append('[');
        sb.append(ioSession.getId());
        sb.append(']');
        org.apache.mina.filter.ssl.a aVar = (org.apache.mina.filter.ssl.a) ioSession.getAttribute(SSL_HANDLER);
        if (aVar != null) {
            str = isSslStarted(ioSession) ? aVar.o() ? "(SSL)" : "(ssl...)" : "(no sslEngine)";
            return sb.toString();
        }
        sb.append(str);
        return sb.toString();
    }

    public SSLSession getSslSession(IoSession ioSession) {
        return (SSLSession) ioSession.getAttribute(SSL_SESSION);
    }

    public void initiateHandshake(IoSession ioSession) throws SSLException {
        IoFilterChain filterChain = ioSession.getFilterChain();
        if (filterChain == null) {
            throw new SSLException("No filter chain");
        }
        IoFilter.NextFilter nextFilter = filterChain.getNextFilter(SslFilter.class);
        if (nextFilter == null) {
            throw new SSLException("No SSL next filter in the chain");
        }
        initiateHandshake(nextFilter, ioSession);
    }

    public boolean isNeedClientAuth() {
        return this.needClientAuth;
    }

    public boolean isSslStarted(IoSession ioSession) {
        boolean z5;
        org.apache.mina.filter.ssl.a aVar = (org.apache.mina.filter.ssl.a) ioSession.getAttribute(SSL_HANDLER);
        if (aVar == null) {
            return false;
        }
        synchronized (aVar) {
            z5 = aVar.q() ? false : START_HANDSHAKE;
        }
        return z5;
    }

    public boolean isUseClientMode() {
        return this.client;
    }

    public boolean isWantClientAuth() {
        return this.wantClientAuth;
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws SSLException {
        h5.a aVar = LOGGER;
        if (aVar.c()) {
            aVar.b("{}: Message received : {}", getSessionInfo(ioSession), obj);
        }
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        synchronized (sslSessionHandler) {
            if (isSslStarted(ioSession) || !sslSessionHandler.p()) {
                IoBuffer ioBuffer = (IoBuffer) obj;
                try {
                    sslSessionHandler.s(nextFilter, ioBuffer.buf());
                    handleSslData(nextFilter, sslSessionHandler);
                    if (sslSessionHandler.p()) {
                        if (sslSessionHandler.q()) {
                            sslSessionHandler.d();
                        } else {
                            initiateClosure(nextFilter, ioSession);
                        }
                        if (ioBuffer.hasRemaining()) {
                            sslSessionHandler.x(nextFilter, ioBuffer);
                        }
                    }
                } catch (SSLException e6) {
                    if (sslSessionHandler.o()) {
                        sslSessionHandler.u();
                        throw e6;
                    }
                    SSLHandshakeException sSLHandshakeException = new SSLHandshakeException("SSL handshake failed.");
                    sSLHandshakeException.initCause(e6);
                    ioSession.closeNow();
                    throw sSLHandshakeException;
                }
            } else {
                sslSessionHandler.x(nextFilter, obj);
            }
        }
        sslSessionHandler.j();
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void messageSent(IoFilter.NextFilter nextFilter, IoSession ioSession, WriteRequest writeRequest) {
        if (writeRequest instanceof b) {
            nextFilter.messageSent(ioSession, ((b) writeRequest).getParentRequest());
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPostAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        if (this.autoStart) {
            initiateHandshake(nextFilter, ioFilterChain.getSession());
        }
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreAdd(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        if (ioFilterChain.contains(SslFilter.class)) {
            LOGGER.d("Only one SSL filter is permitted in a chain.");
            throw new IllegalStateException("Only one SSL filter is permitted in a chain.");
        }
        LOGGER.p("Adding the SSL Filter {} to the chain", str);
        IoSession session = ioFilterChain.getSession();
        session.setAttribute(NEXT_FILTER, nextFilter);
        org.apache.mina.filter.ssl.a aVar = new org.apache.mina.filter.ssl.a(this, session);
        String[] strArr = this.enabledCipherSuites;
        if (strArr == null || strArr.length == 0) {
            this.enabledCipherSuites = this.sslContext.getServerSocketFactory().getSupportedCipherSuites();
        }
        aVar.n();
        session.setAttribute(SSL_HANDLER, aVar);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void onPreRemove(IoFilterChain ioFilterChain, String str, IoFilter.NextFilter nextFilter) throws SSLException {
        IoSession session = ioFilterChain.getSession();
        stopSsl(session);
        session.removeAttribute(NEXT_FILTER);
        session.removeAttribute(SSL_HANDLER);
    }

    @Override // org.apache.mina.core.filterchain.IoFilterAdapter, org.apache.mina.core.filterchain.IoFilter
    public void sessionClosed(IoFilter.NextFilter nextFilter, IoSession ioSession) throws SSLException {
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                sslSessionHandler.d();
            }
        } finally {
            nextFilter.sessionClosed(ioSession);
        }
    }

    public void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = strArr;
    }

    public void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
    }

    public void setNeedClientAuth(boolean z5) {
        this.needClientAuth = z5;
    }

    public void setUseClientMode(boolean z5) {
        this.client = z5;
    }

    public void setWantClientAuth(boolean z5) {
        this.wantClientAuth = z5;
    }

    public boolean startSsl(IoSession ioSession) throws SSLException {
        boolean z5;
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        try {
            synchronized (sslSessionHandler) {
                if (sslSessionHandler.q()) {
                    IoFilter.NextFilter nextFilter = (IoFilter.NextFilter) ioSession.getAttribute(NEXT_FILTER);
                    sslSessionHandler.d();
                    sslSessionHandler.n();
                    sslSessionHandler.m(nextFilter);
                    z5 = START_HANDSHAKE;
                } else {
                    z5 = false;
                }
            }
            sslSessionHandler.j();
            return z5;
        } catch (SSLException e6) {
            sslSessionHandler.u();
            throw e6;
        }
    }

    public WriteFuture stopSsl(IoSession ioSession) throws SSLException {
        WriteFuture initiateClosure;
        org.apache.mina.filter.ssl.a sslSessionHandler = getSslSessionHandler(ioSession);
        IoFilter.NextFilter nextFilter = (IoFilter.NextFilter) ioSession.getAttribute(NEXT_FILTER);
        try {
            synchronized (sslSessionHandler) {
                initiateClosure = initiateClosure(nextFilter, ioSession);
            }
            sslSessionHandler.j();
            return initiateClosure;
        } catch (SSLException e6) {
            sslSessionHandler.u();
            throw e6;
        }
    }
}
