package io.fusionauth.http.server;

import io.fusionauth.http.log.Logger;
import io.fusionauth.http.security.SecurityTools;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:io/fusionauth/http/server/HTTPS11Processor.class */
public class HTTPS11Processor implements HTTPProcessor {
    private static final AtomicInteger threadCount = new AtomicInteger(1);
    private static final ExecutorService executor = Executors.newCachedThreadPool(runnable -> {
        return new Thread(runnable, "TLS Handshake Thread " + threadCount.getAndIncrement());
    });
    private final SSLEngine engine;
    private final Logger logger;
    private final ByteBuffer[] myAppData;
    private final ByteBuffer[] myNetData;
    private final ByteBuffer peerAppData;
    private HTTP11Processor delegate;
    private volatile ProcessorState handshakeState;
    private ByteBuffer peerNetData;

    public HTTPS11Processor(HTTP11Processor hTTP11Processor, HTTPServerConfiguration hTTPServerConfiguration, HTTPListenerConfiguration hTTPListenerConfiguration) throws GeneralSecurityException, IOException {
        this.delegate = hTTP11Processor;
        this.logger = hTTPServerConfiguration.getLoggerFactory().getLogger(HTTPS11Processor.class);
        if (!hTTPListenerConfiguration.isTLS()) {
            this.engine = null;
            this.myAppData = null;
            this.myNetData = null;
            this.peerAppData = null;
            this.peerNetData = null;
            return;
        }
        this.engine = SecurityTools.serverContext(hTTPListenerConfiguration.getCertificate(), hTTPListenerConfiguration.getPrivateKey()).createSSLEngine();
        this.engine.setUseClientMode(false);
        SSLSession session = this.engine.getSession();
        this.myAppData = new ByteBuffer[]{ByteBuffer.allocate(session.getApplicationBufferSize())};
        this.myNetData = new ByteBuffer[]{ByteBuffer.allocate(session.getPacketBufferSize())};
        this.peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());
        this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
        this.myNetData[0].flip();
        this.engine.beginHandshake();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.engine.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            this.handshakeState = ProcessorState.Read;
        } else {
            if (handshakeStatus != SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                throw new IllegalStateException("The SSLEngine is not in a valid state. It should be in the handshake state, but it is in the state [" + handshakeStatus + "]");
            }
            this.handshakeState = ProcessorState.Write;
        }
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ProcessorState close(boolean z) {
        this.logger.trace("(HTTPS-C)");
        if (this.engine == null) {
            return this.delegate.close(z);
        }
        if (z) {
            try {
                this.engine.closeInbound();
            } catch (IOException e) {
            }
        }
        this.delegate.close(z);
        this.handshakeState = ProcessorState.Write;
        this.engine.closeOutbound();
        return this.handshakeState;
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public void failure(Throwable th) {
        this.logger.trace("(HTTPS-F)");
        this.delegate.failure(th);
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public int initialKeyOps() {
        this.logger.trace("(HTTPS-A)");
        return this.engine == null ? this.delegate.initialKeyOps() : this.handshakeState == ProcessorState.Read ? 1 : 4;
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public long lastUsed() {
        return this.delegate.lastUsed();
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ProcessorState read(ByteBuffer byteBuffer) throws IOException {
        ByteBuffer readBuffer;
        this.delegate.markUsed();
        if (this.engine == null) {
            return this.delegate.read(byteBuffer);
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = this.engine.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            this.logger.trace("(HTTPS-R-RQ)");
            this.handshakeState = null;
            readBuffer = this.delegate.readBuffer();
        } else {
            this.logger.trace("(HTTPS-R-HS)" + handshakeStatus);
            readBuffer = this.peerAppData.clear();
        }
        if (readBuffer == null) {
            this.logger.trace("(HTTPS-R-NULL)");
            return this.delegate.state();
        }
        SSLEngineResult unwrap = this.engine.unwrap(this.peerNetData, readBuffer);
        this.peerNetData.compact();
        if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
            this.logger.trace("(HTTPS-R-UF)");
            this.peerNetData = handleBufferUnderflow(this.peerNetData);
            return this.handshakeState != null ? this.handshakeState : this.delegate.state();
        }
        if (unwrap.getStatus() == SSLEngineResult.Status.CLOSED) {
            this.logger.trace("(HTTPS-R-C)");
            return close(false);
        }
        if (unwrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            throw new IllegalStateException("A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue.");
        }
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED) {
            this.logger.trace("(HTTPS-R-RQ-R)");
            this.handshakeState = null;
            readBuffer.flip();
            return this.delegate.read(readBuffer);
        }
        this.logger.trace("(HTTPS-HS-UW){}", this.peerNetData);
        ProcessorState handleHandshake = handleHandshake(unwrap.getHandshakeStatus());
        if (this.handshakeState != ProcessorState.Read || this.peerNetData.position() <= 0 || unwrap.bytesConsumed() <= 0) {
            return handleHandshake;
        }
        this.peerNetData.flip();
        return read(this.peerNetData);
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ByteBuffer readBuffer() {
        this.delegate.markUsed();
        return this.engine == null ? this.delegate.readBuffer() : this.peerNetData;
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ProcessorState state() {
        this.delegate.markUsed();
        if (this.engine != null && this.handshakeState != null) {
            return this.handshakeState;
        }
        return this.delegate.state();
    }

    public void updateDelegate(HTTP11Processor hTTP11Processor) {
        this.delegate = hTTP11Processor;
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ByteBuffer[] writeBuffers() throws IOException {
        ByteBuffer[] writeBuffers;
        this.delegate.markUsed();
        if (this.engine == null) {
            return this.delegate.writeBuffers();
        }
        if (this.myNetData[0].hasRemaining()) {
            return this.myNetData;
        }
        SSLEngineResult.HandshakeStatus handshakeStatus = this.engine.getHandshakeStatus();
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            this.handshakeState = ProcessorState.Read;
            return null;
        }
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            this.logger.trace("(HTTPS-W-HS)");
            this.myAppData[0].clear();
            writeBuffers = this.myAppData;
        } else {
            this.handshakeState = null;
            writeBuffers = this.delegate.writeBuffers();
        }
        if (writeBuffers == null) {
            return null;
        }
        this.myNetData[0].clear();
        SSLEngineResult wrap = this.engine.wrap(writeBuffers, this.myNetData[0]);
        if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_OVERFLOW) {
            this.logger.trace("(HTTPS-W-OF)");
            this.myNetData[0] = handleBufferOverflow(this.myNetData[0]);
        } else {
            if (wrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                this.logger.trace("(HTTPS-W-C)");
                close(false);
                return null;
            }
            if (wrap.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                throw new IllegalStateException("A buffer underflow is not expected during a wrap operation according to the Javadoc. Maybe this is something we need to fix.");
            }
            this.logger.trace("(HTTPS-W-RQ)");
            this.myNetData[0].flip();
        }
        return this.myNetData;
    }

    @Override // io.fusionauth.http.server.HTTPProcessor
    public ProcessorState wrote(long j) throws IOException {
        this.delegate.markUsed();
        return this.handshakeState == null ? this.delegate.wrote(j) : handleHandshake(this.engine.getHandshakeStatus());
    }

    private ByteBuffer handleBufferOverflow(ByteBuffer byteBuffer) {
        ByteBuffer allocate = ByteBuffer.allocate(this.engine.getSession().getApplicationBufferSize() + byteBuffer.position());
        byteBuffer.flip();
        allocate.put(byteBuffer);
        return allocate;
    }

    private ByteBuffer handleBufferUnderflow(ByteBuffer byteBuffer) {
        int packetBufferSize = this.engine.getSession().getPacketBufferSize();
        if (packetBufferSize > byteBuffer.capacity()) {
            ByteBuffer allocate = ByteBuffer.allocate(packetBufferSize);
            byteBuffer.flip();
            allocate.put(byteBuffer);
            byteBuffer = allocate;
        }
        return byteBuffer;
    }

    private ProcessorState handleHandshake(SSLEngineResult.HandshakeStatus handshakeStatus) throws IOException {
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) {
            throw new IllegalStateException("The NEED_UNWRAP_AGAIN state should not happen in HTTPS");
        }
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            this.logger.trace("(HTTPS-HS-T)");
            do {
                handshakeStatus = this.engine.getHandshakeStatus();
                while (true) {
                    Runnable delegatedTask = this.engine.getDelegatedTask();
                    if (delegatedTask == null) {
                        break;
                    }
                    executor.submit(delegatedTask);
                }
            } while (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK);
        }
        if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
            this.logger.trace("(HTTPS-HS-R)");
            this.handshakeState = ProcessorState.Read;
        } else if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
            this.logger.trace("(HTTPS-HS-W)");
            this.handshakeState = ProcessorState.Write;
        } else {
            this.logger.trace("(HTTPS-HS-DONE)" + handshakeStatus.name());
            if (!this.myNetData[0].hasRemaining()) {
                this.logger.trace("(HTTPS-HS-DONE)" + handshakeStatus.name() + "-" + this.delegate.state());
                this.handshakeState = null;
                if (this.peerNetData.position() <= 0) {
                    return this.delegate.state();
                }
                this.peerNetData.flip();
                return read(this.peerNetData);
            }
        }
        return this.handshakeState;
    }
}
