package org.jruby.ext.openssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Iterator;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.cert.X509Certificate;
import org.jruby.Ruby;
import org.jruby.RubyArray;
import org.jruby.RubyClass;
import org.jruby.RubyIO;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyObjectAdapter;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.javasupport.JavaEmbedUtils;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.util.ByteList;

/* loaded from: input_file:org/jruby/ext/openssl/SSLSocket.class */
public class SSLSocket extends RubyObject {
    private static ObjectAllocator SSLSOCKET_ALLOCATOR;
    private static RubyObjectAdapter api;
    private RubyClass cSSLError;
    private SSLContext rubyCtx;
    private SSLEngine engine;
    private SocketChannel c;
    private ByteBuffer peerAppData;
    private ByteBuffer peerNetData;
    private ByteBuffer netData;
    private ByteBuffer dummy;
    private boolean initialHandshake;
    private SSLEngineResult.HandshakeStatus hsStatus;
    private SSLEngineResult.Status status;
    private Selector rsel;
    private Selector wsel;
    private Selector asel;
    int verifyResult;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static void createSSLSocket(Ruby ruby, RubyModule rubyModule) {
        RubyClass defineClassUnder = rubyModule.defineClassUnder("SSLSocket", ruby.getObject(), SSLSOCKET_ALLOCATOR);
        defineClassUnder.attr_accessor(ruby.getCurrentContext(), new IRubyObject[]{ruby.newSymbol("io")});
        defineClassUnder.attr_accessor(ruby.getCurrentContext(), new IRubyObject[]{ruby.newSymbol("context")});
        defineClassUnder.attr_accessor(ruby.getCurrentContext(), new IRubyObject[]{ruby.newSymbol("sync_close")});
        defineClassUnder.defineAlias("to_io", "io");
        defineClassUnder.defineAnnotatedMethods(SSLSocket.class);
    }

    public SSLSocket(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.c = null;
        this.initialHandshake = false;
        this.status = null;
        this.cSSLError = getRuntime().getModule("OpenSSL").getConstant("SSL").getConstant("SSLError");
        this.verifyResult = 0;
    }

    @JRubyMethod(name = {"initialize"}, rest = true, frame = true)
    public IRubyObject _initialize(IRubyObject[] iRubyObjectArr, Block block) {
        if (Arity.checkArgumentCount(getRuntime(), iRubyObjectArr, 1, 2) == 1) {
            this.rubyCtx = api.callMethod(getRuntime().getModule("OpenSSL").getConstant("SSL").getClass("SSLContext"), "new");
        } else {
            this.rubyCtx = (SSLContext) iRubyObjectArr[1];
        }
        IRubyObject iRubyObject = iRubyObjectArr[0];
        api.callMethod(this, "io=", iRubyObject);
        api.callMethod(iRubyObject, "sync=", getRuntime().getTrue());
        this.c = (SocketChannel) ((RubyIO) iRubyObject).getChannel();
        api.callMethod(this, "context=", this.rubyCtx);
        api.callMethod(this, "sync_close=", getRuntime().getFalse());
        this.rubyCtx.setup();
        return api.callSuper(this, iRubyObjectArr);
    }

    private void ossl_ssl_setup() throws NoSuchAlgorithmException, KeyManagementException, IOException {
        if (null == this.engine) {
            this.engine = this.rubyCtx.createSSLEngine(this.c.socket().getInetAddress().getHostName(), this.c.socket().getPort());
            SSLSession session = this.engine.getSession();
            this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
            this.peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());
            this.netData = ByteBuffer.allocate(session.getPacketBufferSize());
            this.peerNetData.limit(0);
            this.peerAppData.limit(0);
            this.netData.limit(0);
            this.dummy = ByteBuffer.allocate(0);
            this.rsel = Selector.open();
            this.wsel = Selector.open();
            this.asel = Selector.open();
            this.c.register(this.rsel, 1);
            this.c.register(this.wsel, 4);
            this.c.register(this.asel, 5);
        }
    }

    @JRubyMethod
    public IRubyObject connect(ThreadContext threadContext) {
        Throwable th;
        Ruby runtime = threadContext.getRuntime();
        if (!this.rubyCtx.isProtocolForClient()) {
            throw new RaiseException(runtime, this.cSSLError, "called a function you should not call", false);
        }
        try {
            ossl_ssl_setup();
            this.engine.setUseClientMode(true);
            this.engine.beginHandshake();
            this.hsStatus = this.engine.getHandshakeStatus();
            this.initialHandshake = true;
            doHandshake();
            return this;
        } catch (IOException e) {
            forceClose();
            throw SSL.newSSLError(runtime, e);
        } catch (KeyManagementException e2) {
            forceClose();
            throw SSL.newSSLError(runtime, e2);
        } catch (NoSuchAlgorithmException e3) {
            forceClose();
            throw SSL.newSSLError(runtime, e3);
        } catch (SSLHandshakeException e4) {
            forceClose();
            Throwable th2 = e4;
            while (true) {
                th = th2;
                if (th.getCause() == null || !(th instanceof SSLHandshakeException)) {
                    break;
                }
                th2 = th.getCause();
            }
            throw SSL.newSSLError(runtime, th);
        }
    }

    @JRubyMethod
    public IRubyObject accept(ThreadContext threadContext) {
        Ruby runtime = threadContext.getRuntime();
        if (!this.rubyCtx.isProtocolForServer()) {
            throw new RaiseException(runtime, this.cSSLError, "called a function you should not call", false);
        }
        try {
            ossl_ssl_setup();
            this.engine.setUseClientMode(false);
            if (!this.rubyCtx.isNil() && !this.rubyCtx.callMethod(threadContext, "verify_mode").isNil()) {
                int fix2int = RubyNumeric.fix2int(this.rubyCtx.callMethod(threadContext, "verify_mode"));
                if (fix2int == 0) {
                    this.engine.setNeedClientAuth(false);
                    this.engine.setWantClientAuth(false);
                }
                if ((fix2int & 1) != 0) {
                    this.engine.setWantClientAuth(true);
                }
                if ((fix2int & 2) != 0) {
                    this.engine.setNeedClientAuth(true);
                }
            }
            this.engine.beginHandshake();
            this.hsStatus = this.engine.getHandshakeStatus();
            this.initialHandshake = true;
            doHandshake();
            return this;
        } catch (IOException e) {
            throw SSL.newSSLError(runtime, e);
        } catch (KeyManagementException e2) {
            throw SSL.newSSLError(runtime, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw SSL.newSSLError(runtime, e3);
        } catch (SSLHandshakeException e4) {
            throw SSL.newSSLError(runtime, e4);
        }
    }

    @JRubyMethod
    public IRubyObject verify_result() {
        if (this.engine != null) {
            return getRuntime().newFixnum(this.verifyResult);
        }
        getRuntime().getWarnings().warn("SSL session is not started yet.");
        return getRuntime().getNil();
    }

    private void waitSelect(Selector selector) {
        try {
            selector.select();
            Iterator<SelectionKey> it = selector.selectedKeys().iterator();
            while (it.hasNext()) {
                it.next();
                it.remove();
            }
        } catch (Exception e) {
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0082, code lost:
    
        if (r4.netData.hasRemaining() != false) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0089, code lost:
    
        if (flushData() == false) goto L52;
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x008f, code lost:
    
        r4.netData.clear();
        r4.hsStatus = r4.engine.wrap(r4.dummy, r4.netData).getHandshakeStatus();
        r4.netData.flip();
        flushData();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void doHandshake() throws java.io.IOException {
        /*
            r4 = this;
        L0:
            r0 = r4
            r1 = r4
            java.nio.channels.Selector r1 = r1.asel
            r0.waitSelect(r1)
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED
            if (r0 != r1) goto L1e
            r0 = r4
            boolean r0 = r0.initialHandshake
            if (r0 == 0) goto L1d
            r0 = r4
            r0.finishInitialHandshake()
        L1d:
            return
        L1e:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_TASK
            if (r0 != r1) goto L2f
            r0 = r4
            r0.doTasks()
            goto L0
        L2f:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_UNWRAP
            if (r0 != r1) goto L71
            r0 = r4
            int r0 = r0.readAndUnwrap()
            r1 = -1
            if (r0 != r1) goto L55
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.FINISHED
            if (r0 == r1) goto L55
            javax.net.ssl.SSLHandshakeException r0 = new javax.net.ssl.SSLHandshakeException
            r1 = r0
            java.lang.String r2 = "Socket closed"
            r1.<init>(r2)
            throw r0
        L55:
            r0 = r4
            boolean r0 = r0.initialHandshake
            if (r0 == 0) goto L0
            r0 = r4
            javax.net.ssl.SSLEngineResult$Status r0 = r0.status
            javax.net.ssl.SSLEngineResult$Status r1 = javax.net.ssl.SSLEngineResult.Status.BUFFER_UNDERFLOW
            if (r0 != r1) goto L0
            r0 = r4
            r1 = r4
            java.nio.channels.Selector r1 = r1.rsel
            r0.waitSelect(r1)
            goto L0
        L71:
            r0 = r4
            javax.net.ssl.SSLEngineResult$HandshakeStatus r0 = r0.hsStatus
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = javax.net.ssl.SSLEngineResult.HandshakeStatus.NEED_WRAP
            if (r0 != r1) goto Lbf
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            boolean r0 = r0.hasRemaining()
            if (r0 == 0) goto L8f
        L85:
            r0 = r4
            boolean r0 = r0.flushData()
            if (r0 == 0) goto L8f
            goto L85
        L8f:
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            java.nio.Buffer r0 = r0.clear()
            r0 = r4
            javax.net.ssl.SSLEngine r0 = r0.engine
            r1 = r4
            java.nio.ByteBuffer r1 = r1.dummy
            r2 = r4
            java.nio.ByteBuffer r2 = r2.netData
            javax.net.ssl.SSLEngineResult r0 = r0.wrap(r1, r2)
            r5 = r0
            r0 = r4
            r1 = r5
            javax.net.ssl.SSLEngineResult$HandshakeStatus r1 = r1.getHandshakeStatus()
            r0.hsStatus = r1
            r0 = r4
            java.nio.ByteBuffer r0 = r0.netData
            java.nio.Buffer r0 = r0.flip()
            r0 = r4
            boolean r0 = r0.flushData()
            goto L0
        Lbf:
            boolean r0 = org.jruby.ext.openssl.SSLSocket.$assertionsDisabled
            if (r0 != 0) goto Lcf
            java.lang.AssertionError r0 = new java.lang.AssertionError
            r1 = r0
            java.lang.String r2 = "doHandshake() should never reach the NOT_HANDSHAKING state"
            r1.<init>(r2)
            throw r0
        Lcf:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jruby.ext.openssl.SSLSocket.doHandshake():void");
    }

    private void doTasks() {
        while (true) {
            Runnable delegatedTask = this.engine.getDelegatedTask();
            if (delegatedTask == null) {
                this.hsStatus = this.engine.getHandshakeStatus();
                this.verifyResult = this.rubyCtx.getLastVerifyResult();
                return;
            }
            delegatedTask.run();
        }
    }

    private boolean flushData() throws IOException {
        try {
            writeToChannel(this.c, this.netData);
            return !this.netData.hasRemaining();
        } catch (IOException e) {
            this.netData.position(this.netData.limit());
            throw e;
        }
    }

    private int writeToChannel(SocketChannel socketChannel, ByteBuffer byteBuffer) throws IOException {
        int i = 0;
        while (true) {
            int i2 = i;
            if (!byteBuffer.hasRemaining()) {
                return i2;
            }
            i = i2 + socketChannel.write(byteBuffer);
        }
    }

    private void finishInitialHandshake() {
        this.initialHandshake = false;
    }

    public int write(ByteBuffer byteBuffer) throws SSLException, IOException {
        if (this.initialHandshake || this.netData.hasRemaining()) {
            return 0;
        }
        this.netData.clear();
        SSLEngineResult wrap = this.engine.wrap(byteBuffer, this.netData);
        this.netData.flip();
        flushData();
        return wrap.bytesConsumed();
    }

    public int read(ByteBuffer byteBuffer) throws IOException {
        int readAndUnwrap;
        if (this.initialHandshake) {
            return 0;
        }
        if (this.engine.isInboundDone()) {
            return -1;
        }
        if (!this.peerAppData.hasRemaining() && ((readAndUnwrap = readAndUnwrap()) == -1 || readAndUnwrap == 0)) {
            return readAndUnwrap;
        }
        int min = Math.min(this.peerAppData.remaining(), byteBuffer.remaining());
        this.peerAppData.get(byteBuffer.array(), byteBuffer.arrayOffset(), min);
        byteBuffer.position(byteBuffer.arrayOffset() + min);
        return min;
    }

    private int readAndUnwrap() throws IOException {
        SSLEngineResult unwrap;
        int read = this.c.read(this.peerNetData);
        if (read == -1 && (this.peerNetData.position() == 0 || this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW)) {
            closeInbound();
            return -1;
        }
        this.peerAppData.clear();
        this.peerNetData.flip();
        do {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                break;
            }
        } while (unwrap.bytesProduced() == 0);
        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
            finishInitialHandshake();
        }
        if (this.peerAppData.position() == 0 && unwrap.getStatus() == SSLEngineResult.Status.OK && this.peerNetData.hasRemaining()) {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
        }
        this.status = unwrap.getStatus();
        this.hsStatus = unwrap.getHandshakeStatus();
        if (read == -1) {
            closeInbound();
        }
        if (this.status == SSLEngineResult.Status.CLOSED) {
            doShutdown();
            return -1;
        }
        this.peerNetData.compact();
        this.peerAppData.flip();
        if (!this.initialHandshake && (this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || this.hsStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || this.hsStatus == SSLEngineResult.HandshakeStatus.FINISHED)) {
            doHandshake();
        }
        return this.peerAppData.remaining();
    }

    private void closeInbound() {
        try {
            this.engine.closeInbound();
        } catch (SSLException e) {
        }
    }

    private void doShutdown() throws IOException {
        if (this.engine.isOutboundDone()) {
            return;
        }
        this.netData.clear();
        try {
            this.engine.wrap(this.dummy, this.netData);
            this.netData.flip();
            flushData();
            this.rsel.close();
            this.wsel.close();
            this.asel.close();
        } catch (Exception e) {
        }
    }

    @JRubyMethod(rest = true, required = 1, optional = 1)
    public IRubyObject sysread(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby runtime = threadContext.getRuntime();
        int fix2int = RubyNumeric.fix2int(iRubyObjectArr[0]);
        RubyString newString = (iRubyObjectArr.length != 2 || iRubyObjectArr[1].isNil()) ? getRuntime().newString("") : iRubyObjectArr[1].convertToString();
        if (fix2int == 0) {
            newString.clear();
            return newString;
        }
        if (fix2int < 0) {
            throw runtime.newArgumentError("negative string size (or size too big)");
        }
        if (this.engine == null || (!this.peerAppData.hasRemaining() && this.peerNetData.position() <= 0)) {
            waitSelect(this.rsel);
        }
        try {
            ByteBuffer allocate = ByteBuffer.allocate(fix2int);
            int i = -1;
            while (i <= 0) {
                i = this.engine == null ? this.c.read(allocate) : read(allocate);
                if (i == -1) {
                    throw getRuntime().newEOFError();
                }
            }
            byte[] bArr = new byte[i];
            allocate.position(allocate.position() - i);
            allocate.get(bArr);
            newString.setValue(new ByteList(bArr));
            return newString;
        } catch (IOException e) {
            throw getRuntime().newIOError(e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject syswrite(ThreadContext threadContext, IRubyObject iRubyObject) {
        Ruby runtime = threadContext.getRuntime();
        waitSelect(this.wsel);
        ByteBuffer wrap = ByteBuffer.wrap(iRubyObject.convertToString().getBytes());
        try {
            int writeToChannel = this.engine == null ? writeToChannel(this.c, wrap) : write(wrap);
            api.callMethod(this, "io").flush();
            return getRuntime().newFixnum(writeToChannel);
        } catch (IOException e) {
            throw runtime.newIOError(e.getMessage());
        }
    }

    private void forceClose() {
        close(true);
    }

    private void close(boolean z) {
        if (this.engine == null) {
            throw getRuntime().newEOFError();
        }
        this.engine.closeOutbound();
        if (z || !this.netData.hasRemaining()) {
            try {
                doShutdown();
            } catch (IOException e) {
            }
        }
    }

    @JRubyMethod
    public IRubyObject sysclose() {
        close(false);
        ThreadContext currentContext = getRuntime().getCurrentContext();
        if (callMethod(currentContext, "sync_close").isTrue()) {
            callMethod(currentContext, "io").callMethod(currentContext, "close");
        }
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject cert() {
        try {
            Certificate[] localCertificates = this.engine.getSession().getLocalCertificates();
            return localCertificates.length > 0 ? X509Cert.wrap(getRuntime(), localCertificates[0]) : getRuntime().getNil();
        } catch (CertificateEncodingException e) {
            throw X509Cert.newCertificateError(getRuntime(), e);
        }
    }

    @JRubyMethod
    public IRubyObject peer_cert() {
        try {
            Certificate[] peerCertificates = this.engine.getSession().getPeerCertificates();
            if (peerCertificates.length > 0) {
                return X509Cert.wrap(getRuntime(), peerCertificates[0]);
            }
        } catch (CertificateEncodingException e) {
            throw X509Cert.newCertificateError(getRuntime(), e);
        } catch (SSLPeerUnverifiedException e2) {
            if (getRuntime().isVerbose()) {
                getRuntime().getWarnings().warning(String.format("%s: %s", e2.getClass().getName(), e2.getMessage()), new Object[0]);
            }
        }
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject peer_cert_chain() {
        try {
            X509Certificate[] peerCertificateChain = this.engine.getSession().getPeerCertificateChain();
            RubyArray newArray = getRuntime().newArray(peerCertificateChain.length);
            for (X509Certificate x509Certificate : peerCertificateChain) {
                newArray.add(X509Cert.wrap(getRuntime(), x509Certificate));
            }
            return newArray;
        } catch (SSLPeerUnverifiedException e) {
            if (getRuntime().isVerbose()) {
                getRuntime().getWarnings().warning(String.format("%s: %s", e.getClass().getName(), e.getMessage()), new Object[0]);
            }
            return getRuntime().getNil();
        } catch (javax.security.cert.CertificateEncodingException e2) {
            throw X509Cert.newCertificateError(getRuntime(), e2);
        }
    }

    @JRubyMethod
    public IRubyObject cipher() {
        return getRuntime().newString(this.engine.getSession().getCipherSuite());
    }

    @JRubyMethod
    public IRubyObject state() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#state");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject pending() {
        System.err.println("WARNING: unimplemented method called: SSLSocket#pending");
        return getRuntime().getNil();
    }

    static {
        $assertionsDisabled = !SSLSocket.class.desiredAssertionStatus();
        SSLSOCKET_ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.SSLSocket.1
            public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
                return new SSLSocket(ruby, rubyClass);
            }
        };
        api = JavaEmbedUtils.newObjectAdapter();
    }
}
