package com.hazelcast.internal.nio.ssl;

import com.hazelcast.internal.networking.HandlerStatus;
import com.hazelcast.internal.networking.InboundHandler;
import com.hazelcast.internal.nio.IOUtil;
import com.hazelcast.internal.util.JVMUtil;
import com.hazelcast.logging.Logger;
import java.io.EOFException;
import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: input_file:com/hazelcast/internal/nio/ssl/TLSHandshakeDecoder.class */
public class TLSHandshakeDecoder extends InboundHandler<ByteBuffer, Void> {
    private final SSLEngine sslEngine;
    private final TLSExecutor tlsExecutor;
    private final ByteBuffer appBuffer;
    private final ConcurrentMap attributeMap;
    private volatile boolean isHandshakeFailed;

    /* renamed from: com.hazelcast.internal.nio.ssl.TLSHandshakeDecoder$1, reason: invalid class name */
    /* loaded from: input_file:com/hazelcast/internal/nio/ssl/TLSHandshakeDecoder$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public TLSHandshakeDecoder(SSLEngine sSLEngine, TLSExecutor tLSExecutor, ConcurrentMap concurrentMap) {
        this.sslEngine = sSLEngine;
        this.tlsExecutor = tLSExecutor;
        this.appBuffer = IOUtil.newByteBuffer(sSLEngine.getSession().getApplicationBufferSize(), false);
        this.attributeMap = concurrentMap;
    }

    @Override // com.hazelcast.internal.networking.ChannelHandler
    public void handlerAdded() {
        initSrcBuffer(this.sslEngine.getSession().getPacketBufferSize());
    }

    @Override // com.hazelcast.internal.networking.ChannelHandler
    public void interceptError(Throwable th) throws Throwable {
        if (th instanceof EOFException) {
            throw newSSLException(th);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLException newSSLException(Throwable th) {
        return new SSLException("Remote socket closed during SSL/TLS handshake.  This is probably caused by a SSL/TLS authentication problem resulting in the remote side closing the socket.", th);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.hazelcast.internal.networking.InboundHandler
    public HandlerStatus onRead() throws Exception {
        JVMUtil.upcast((Buffer) this.src).flip();
        while (true) {
            try {
                try {
                    switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[this.sslEngine.getHandshakeStatus().ordinal()]) {
                        case 1:
                            break;
                        case 2:
                            this.tlsExecutor.executeHandshakeTasks(this.sslEngine, this.channel);
                            HandlerStatus handlerStatus = HandlerStatus.BLOCKED;
                            IOUtil.compactOrClear((ByteBuffer) this.src);
                            return handlerStatus;
                        case 3:
                            this.channel.outboundPipeline().wakeup();
                            HandlerStatus handlerStatus2 = HandlerStatus.BLOCKED;
                            IOUtil.compactOrClear((ByteBuffer) this.src);
                            return handlerStatus2;
                        case 4:
                            SSLEngineResult unwrap = this.sslEngine.unwrap((ByteBuffer) this.src, this.appBuffer);
                            SSLEngineResult.Status status = unwrap.getStatus();
                            if (status == SSLEngineResult.Status.OK) {
                                break;
                            } else {
                                if (status == SSLEngineResult.Status.CLOSED) {
                                    HandlerStatus handlerStatus3 = HandlerStatus.CLEAN;
                                    IOUtil.compactOrClear((ByteBuffer) this.src);
                                    return handlerStatus3;
                                }
                                if (status != SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                                    throw new IllegalStateException("Unexpected " + unwrap);
                                }
                                if (this.sslEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                                    HandlerStatus handlerStatus4 = HandlerStatus.CLEAN;
                                    IOUtil.compactOrClear((ByteBuffer) this.src);
                                    return handlerStatus4;
                                }
                                break;
                            }
                        case 5:
                            if (this.isHandshakeFailed) {
                                throw new SSLHandshakeException("TLS handshake failed.");
                            }
                            TLSUtil.publishRemoteCertificates(this.sslEngine, this.attributeMap);
                            TLSDecoder tLSDecoder = new TLSDecoder(this.sslEngine);
                            this.channel.inboundPipeline().replace(this, tLSDecoder);
                            if (this.appBuffer.position() != 0) {
                                JVMUtil.upcast(this.appBuffer).flip();
                                tLSDecoder.dst().put(this.appBuffer);
                            }
                            if (((ByteBuffer) this.src).hasRemaining()) {
                                tLSDecoder.src().put((ByteBuffer) this.src);
                            }
                            this.channel.outboundPipeline().wakeup();
                            HandlerStatus handlerStatus5 = HandlerStatus.DIRTY;
                            IOUtil.compactOrClear((ByteBuffer) this.src);
                            return handlerStatus5;
                        default:
                            throw new IllegalStateException();
                    }
                } catch (SSLHandshakeException e) {
                    if (this.isHandshakeFailed) {
                        throw e;
                    }
                    this.isHandshakeFailed = true;
                    Logger.getLogger(getClass()).fine("TLS handshake failed. The SSLEngine.closeInbound() will be called.", e);
                    this.sslEngine.closeInbound();
                    this.channel.outboundPipeline().wakeup();
                    HandlerStatus handlerStatus6 = HandlerStatus.DIRTY;
                    IOUtil.compactOrClear((ByteBuffer) this.src);
                    return handlerStatus6;
                }
            } catch (Throwable th) {
                IOUtil.compactOrClear((ByteBuffer) this.src);
                throw th;
            }
        }
    }
}
