package com.ca.codesv.protocols.ssl;

import com.ca.codesv.protocols.http.HttpConnection;
import com.ca.codesv.protocols.http.agent.ConsumableOutputStream;
import com.ca.codesv.protocols.http.agent.OutputStreamConsumer;
import com.ca.codesv.protocols.ssl.DataChannel;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PipedOutputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ca/codesv/protocols/ssl/SslServer.class */
public class SslServer {
    static final Logger logger = LoggerFactory.getLogger(SslServer.class);
    private static long waitForInputTimeout = 5000;
    private final DataChannel dataChannels = new DataChannel();
    private ByteBuffer serverIn;
    private ByteBuffer serverOut;
    private ByteBuffer clientToServer;
    private ByteBuffer serverToClient;
    private PipedOutputStream serverToClientStream;
    private OutputStreamConsumer serverInputConsumer;
    private SSLContext sslContext;
    private SSLEngine sslEngine;

    public SslServer(HttpConnection.HttpsConfiguration httpsConfiguration, PipedOutputStream pipedOutputStream, OutputStreamConsumer outputStreamConsumer) throws Exception {
        this.serverToClientStream = pipedOutputStream;
        this.serverInputConsumer = outputStreamConsumer;
        KeyManager[] createKeyManagerFactory = createKeyManagerFactory(httpsConfiguration);
        if (httpsConfiguration.getSecureProtocol() == null || httpsConfiguration.getSecureProtocol().isEmpty()) {
            this.sslContext = SSLContext.getDefault();
        } else {
            this.sslContext = SSLContext.getInstance(httpsConfiguration.getSecureProtocol());
        }
        this.sslContext.init(createKeyManagerFactory, null, new SecureRandom());
    }

    private static void log(String str, SSLEngineResult sSLEngineResult) {
        logger.info("{} : SSLEngine result: {}, Handshake status: {}. Bytes consumed/bytes produced: {}/{}", new Object[]{str, sSLEngineResult.getStatus(), sSLEngineResult.getHandshakeStatus(), Integer.valueOf(sSLEngineResult.bytesConsumed()), Integer.valueOf(sSLEngineResult.bytesProduced())});
    }

    public OutputStream getOutputStream() {
        return new ConsumableOutputStream(new OutputStreamConsumer() { // from class: com.ca.codesv.protocols.ssl.SslServer.1
            @Override // com.ca.codesv.protocols.http.agent.OutputStreamConsumer
            public void addInput(ByteBuffer byteBuffer) {
                SslServer.this.addServerOutput(byteBuffer);
            }

            @Override // com.ca.codesv.protocols.http.agent.OutputStreamConsumer
            public void addInputEof() {
                SslServer.this.addServerOutputEof();
            }
        });
    }

    public void start() throws Exception {
        new Thread(new Runnable() { // from class: com.ca.codesv.protocols.ssl.SslServer.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    SslServer.this.runSsl();
                } catch (Exception e) {
                    SslServer.logger.error("Error during running ssl.", e);
                }
            }
        }).start();
    }

    public void addClientInput(ByteBuffer byteBuffer) {
        synchronized (this.dataChannels) {
            this.dataChannels.writeFromClient(byteBuffer);
            this.dataChannels.notifyAll();
        }
    }

    public void addClientInputEof() {
    }

    public void addServerOutput(ByteBuffer byteBuffer) {
        synchronized (this.dataChannels) {
            this.dataChannels.writeFromServer(byteBuffer);
            this.dataChannels.notifyAll();
        }
    }

    public void addServerOutputEof() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void runSsl() throws Exception {
        SSLEngineResult sSLEngineResult = null;
        boolean z = true;
        boolean z2 = true;
        boolean z3 = false;
        setUpEngine();
        createBuffers();
        while (true) {
            if (!z && !z2) {
                return;
            }
            if (sSLEngineResult != null && sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                resizeBufferUnderflow(this.serverToClient);
            }
            processDataChannel(z3);
            z3 = true;
            sSLEngineResult = this.sslEngine.wrap(this.serverOut, this.serverToClient);
            log("Wrap ", sSLEngineResult);
            z = checkServerResult(sSLEngineResult);
            handleTasks();
            if (sSLEngineResult.bytesProduced() > 0 || sSLEngineResult.bytesConsumed() > 0) {
                z3 = false;
            }
            this.serverToClient.flip();
            if (sSLEngineResult.bytesProduced() > 0 && this.serverToClient.remaining() > 0) {
                ByteBuffer allocate = ByteBuffer.allocate(this.serverToClient.remaining());
                allocate.put(this.serverToClient);
                this.serverToClientStream.write(allocate.array());
                logger.debug("Waiting for serverToClient write...");
            }
            this.serverToClient.clear();
            if (this.clientToServer.hasRemaining()) {
                sSLEngineResult = this.sslEngine.unwrap(this.clientToServer, this.serverIn);
                if (sSLEngineResult.bytesProduced() > 0 || sSLEngineResult.bytesConsumed() > 0) {
                    z3 = false;
                }
                this.serverIn.flip();
                if (sSLEngineResult.bytesProduced() > 0 && this.serverIn.remaining() > 0) {
                    ByteBuffer allocate2 = ByteBuffer.allocate(this.serverIn.remaining());
                    allocate2.put(this.serverIn);
                    allocate2.flip();
                    this.serverInputConsumer.addInput(allocate2);
                    logger.debug("Waiting for serverInput addInput...");
                }
                this.serverIn.clear();
                log("Unwrap", sSLEngineResult);
                z2 = checkServerResult(sSLEngineResult);
                handleTasks();
            }
        }
    }

    private KeyManager[] createKeyManagerFactory(HttpConnection.HttpsConfiguration httpsConfiguration) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        FileInputStream fileInputStream = new FileInputStream(httpsConfiguration.getKeystorePath());
        try {
            keyStore.load(fileInputStream, httpsConfiguration.getKeystorePassword().toCharArray());
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, httpsConfiguration.getKeyPassword().toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void processDataChannel(boolean z) throws InterruptedException {
        do {
            synchronized (this.dataChannels) {
                ByteBuffer poll = this.dataChannels.poll();
                if (poll != null) {
                    if (this.dataChannels.getStatus() == DataChannel.Status.FROM_SERVER) {
                        this.serverOut = ByteBuffer.allocate(poll.capacity());
                        this.serverOut.put(poll);
                        this.serverOut.flip();
                    } else if (this.dataChannels.getStatus() == DataChannel.Status.FROM_CLIENT) {
                        this.clientToServer = ByteBuffer.allocate(poll.capacity());
                        this.clientToServer.put(poll);
                        this.clientToServer.flip();
                    }
                    z = false;
                } else if (z) {
                    logger.debug("Waiting for data.");
                    this.dataChannels.wait(waitForInputTimeout);
                    z = false;
                }
            }
        } while (z);
    }

    private void setUpEngine() throws SSLException {
        this.sslEngine = this.sslContext.createSSLEngine();
        this.sslEngine.setUseClientMode(false);
        this.sslEngine.setNeedClientAuth(false);
        this.sslEngine.beginHandshake();
    }

    private void createBuffers() {
        SSLSession session = this.sslEngine.getSession();
        this.serverIn = ByteBuffer.allocate(session.getApplicationBufferSize() * 1024);
        this.serverOut = ByteBuffer.allocate(0);
        this.clientToServer = ByteBuffer.allocateDirect(0);
        this.serverToClient = ByteBuffer.allocateDirect(session.getPacketBufferSize() * 1024);
    }

    private ByteBuffer resizeNetworkBuffer(ByteBuffer byteBuffer) {
        return resizeBuffer(byteBuffer, this.sslEngine.getSession().getPacketBufferSize());
    }

    private ByteBuffer resizeBuffer(ByteBuffer byteBuffer, int i) {
        return i > byteBuffer.capacity() ? ByteBuffer.allocate(i) : ByteBuffer.allocate(byteBuffer.capacity() * 2);
    }

    private ByteBuffer resizeBufferUnderflow(ByteBuffer byteBuffer) {
        if (this.sslEngine.getSession().getPacketBufferSize() < byteBuffer.limit()) {
            return byteBuffer;
        }
        ByteBuffer resizeNetworkBuffer = resizeNetworkBuffer(byteBuffer);
        byteBuffer.flip();
        resizeNetworkBuffer.put(byteBuffer);
        return resizeNetworkBuffer;
    }

    private boolean checkServerResult(SSLEngineResult sSLEngineResult) {
        return (sSLEngineResult.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && sSLEngineResult.bytesProduced() == 0 && sSLEngineResult.bytesConsumed() == 0) ? false : true;
    }

    private void handleTasks() throws Exception {
        if (this.sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
            while (true) {
                Runnable delegatedTask = this.sslEngine.getDelegatedTask();
                if (delegatedTask == null) {
                    break;
                } else {
                    delegatedTask.run();
                }
            }
            if (this.sslEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                throw new Exception("Handshake shouldn't need additional tasks");
            }
        }
    }
}
