package org.aoju.bus.socket.secure;

import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.CompletionHandler;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.aoju.bus.core.io.PageBuffer;
import org.aoju.bus.core.lang.Http;
import org.aoju.bus.crypto.Builder;
import org.aoju.bus.logger.Logger;

/* loaded from: input_file:org/aoju/bus/socket/secure/SslService.class */
public final class SslService {
    private final boolean isClient;
    private final ClientAuth clientAuth;
    private final CompletionHandler<Integer, HandshakeModel> handshakeCompletionHandler = new CompletionHandler<Integer, HandshakeModel>() { // from class: org.aoju.bus.socket.secure.SslService.1
        @Override // java.nio.channels.CompletionHandler
        public void completed(Integer num, HandshakeModel handshakeModel) {
            if (num.intValue() == -1) {
                handshakeModel.setEof(true);
            }
            synchronized (handshakeModel) {
                SslService.this.doHandshake(handshakeModel);
            }
        }

        @Override // java.nio.channels.CompletionHandler
        public void failed(Throwable th, HandshakeModel handshakeModel) {
            handshakeModel.setEof(true);
            handshakeModel.getHandshakeCallback().callback();
        }
    };
    private SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.aoju.bus.socket.secure.SslService$3, reason: invalid class name */
    /* loaded from: input_file:org/aoju/bus/socket/secure/SslService$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            $SwitchMap$org$aoju$bus$socket$secure$ClientAuth = new int[ClientAuth.values().length];
            try {
                $SwitchMap$org$aoju$bus$socket$secure$ClientAuth[ClientAuth.OPTIONAL.ordinal()] = 1;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$aoju$bus$socket$secure$ClientAuth[ClientAuth.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$aoju$bus$socket$secure$ClientAuth[ClientAuth.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e12) {
            }
        }
    }

    public SslService(boolean z, ClientAuth clientAuth) {
        this.isClient = z;
        this.clientAuth = clientAuth;
    }

    public void initKeyStore(InputStream inputStream, String str, String str2) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            KeyStore keyStore = KeyStore.getInstance(Builder.KEY_TYPE_JKS);
            keyStore.load(inputStream, str.toCharArray());
            keyManagerFactory.init(keyStore, str2.toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            this.sslContext = SSLContext.getInstance(Http.TLS);
            this.sslContext.init(keyManagers, null, new SecureRandom());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public void initTrust(InputStream inputStream, String str) {
        TrustManager[] trustManagerArr;
        try {
            if (inputStream != null) {
                KeyStore keyStore = KeyStore.getInstance(Builder.KEY_TYPE_JKS);
                keyStore.load(inputStream, str.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: org.aoju.bus.socket.secure.SslService.2
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[0];
                    }
                }};
            }
            this.sslContext = SSLContext.getInstance(Http.TLS);
            this.sslContext.init(null, trustManagerArr, new SecureRandom());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HandshakeModel createSSLEngine(AsynchronousSocketChannel asynchronousSocketChannel, PageBuffer pageBuffer) {
        try {
            HandshakeModel handshakeModel = new HandshakeModel();
            SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
            SSLSession session = createSSLEngine.getSession();
            createSSLEngine.setUseClientMode(this.isClient);
            if (this.clientAuth != null) {
                switch (this.clientAuth) {
                    case OPTIONAL:
                        createSSLEngine.setWantClientAuth(true);
                        break;
                    case REQUIRE:
                        createSSLEngine.setNeedClientAuth(true);
                        break;
                    case NONE:
                        break;
                    default:
                        throw new Error("Unknown auth " + this.clientAuth);
                }
            }
            handshakeModel.setSslEngine(createSSLEngine);
            handshakeModel.setAppWriteBuffer(pageBuffer.allocate(session.getApplicationBufferSize()));
            handshakeModel.setNetWriteBuffer(pageBuffer.allocate(session.getPacketBufferSize()));
            handshakeModel.getNetWriteBuffer().buffer().flip();
            handshakeModel.setAppReadBuffer(pageBuffer.allocate(session.getApplicationBufferSize()));
            handshakeModel.setNetReadBuffer(pageBuffer.allocate(session.getPacketBufferSize()));
            createSSLEngine.beginHandshake();
            handshakeModel.setSocketChannel(asynchronousSocketChannel);
            return handshakeModel;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:13:0x007e. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:18:0x0182. Please report as an issue. */
    public void doHandshake(HandshakeModel handshakeModel) {
        try {
            ByteBuffer buffer = handshakeModel.getNetReadBuffer().buffer();
            ByteBuffer buffer2 = handshakeModel.getAppReadBuffer().buffer();
            ByteBuffer buffer3 = handshakeModel.getNetWriteBuffer().buffer();
            ByteBuffer buffer4 = handshakeModel.getAppWriteBuffer().buffer();
            SSLEngine sslEngine = handshakeModel.getSslEngine();
            if (handshakeModel.isEof()) {
                Logger.info("the ssl handshake is terminated", new Object[0]);
                handshakeModel.getHandshakeCallback().callback();
                return;
            }
            while (!handshakeModel.isFinished()) {
                SSLEngineResult.HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus();
                if (Logger.get().isDebug()) {
                    Logger.info("握手状态:" + handshakeStatus, new Object[0]);
                }
                switch (AnonymousClass3.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                    case 1:
                        buffer.flip();
                        if (!buffer.hasRemaining()) {
                            buffer.clear();
                            handshakeModel.getSocketChannel().read(buffer, handshakeModel, this.handshakeCompletionHandler);
                            return;
                        }
                        SSLEngineResult unwrap = sslEngine.unwrap(buffer, buffer2);
                        buffer.compact();
                        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                            handshakeModel.setFinished(true);
                            buffer.clear();
                        }
                        switch (AnonymousClass3.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                            case 1:
                                break;
                            case 2:
                                Logger.warn("doHandshake BUFFER_OVERFLOW", new Object[0]);
                                break;
                            case 3:
                                Logger.warn("doHandshake BUFFER_UNDERFLOW", new Object[0]);
                                return;
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + unwrap.getStatus());
                        }
                    case 2:
                        if (buffer3.hasRemaining()) {
                            Logger.info("数据未输出完毕...", new Object[0]);
                            handshakeModel.getSocketChannel().write(buffer3, handshakeModel, this.handshakeCompletionHandler);
                            return;
                        }
                        buffer3.clear();
                        SSLEngineResult wrap = sslEngine.wrap(buffer4, buffer3);
                        switch (AnonymousClass3.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                            case 1:
                                buffer4.clear();
                                buffer3.flip();
                                if (wrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
                                    handshakeModel.setFinished(true);
                                }
                                handshakeModel.getSocketChannel().write(buffer3, handshakeModel, this.handshakeCompletionHandler);
                                return;
                            case 2:
                                Logger.warn("NEED_WRAP BUFFER_OVERFLOW", new Object[0]);
                            case 3:
                                throw new SSLException("Buffer underflow occured after a wrap. I don't think we should ever get here.");
                            case 4:
                                Logger.warn("closed", new Object[0]);
                                try {
                                    buffer3.flip();
                                    buffer.clear();
                                } catch (Exception e) {
                                    Logger.warn("Failed to send server's CLOSE message due to socket channel's failure.", new Object[0]);
                                }
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + wrap.getStatus());
                        }
                    case 3:
                        while (true) {
                            Runnable delegatedTask = sslEngine.getDelegatedTask();
                            if (delegatedTask != null) {
                                delegatedTask.run();
                            }
                        }
                        break;
                    case 4:
                        Logger.info("HandshakeFinished", new Object[0]);
                    case 5:
                        Logger.error("NOT_HANDSHAKING", new Object[0]);
                    default:
                        throw new IllegalStateException("Invalid SSL status: " + handshakeStatus);
                }
            }
            handshakeModel.getHandshakeCallback().callback();
        } catch (Exception e2) {
            Logger.warn("ignore doHandshake exception: {}", e2.getMessage());
            handshakeModel.setEof(true);
            handshakeModel.getHandshakeCallback().callback();
        }
    }
}
