package io.netty.handler.ssl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.http.multipart.HttpPostBodyUtil;
import io.netty.handler.codec.spdy.SpdySettingsFrame;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ObjectUtil;
import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.StringUtil;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicIntegerFieldUpdater;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.SSL;

/* loaded from: input_file:io/netty/handler/ssl/OpenSslEngine.class */
public final class OpenSslEngine extends SSLEngine {
    private static final InternalLogger logger;
    private static final Certificate[] EMPTY_CERTIFICATES;
    private static final X509Certificate[] EMPTY_X509_CERTIFICATES;
    private static final SSLException ENGINE_CLOSED;
    private static final SSLException RENEGOTIATION_UNSUPPORTED;
    private static final SSLException ENCRYPTED_PACKET_OVERSIZED;
    private static final int MAX_PLAINTEXT_LENGTH = 16384;
    private static final int MAX_COMPRESSED_LENGTH = 17408;
    private static final int MAX_CIPHERTEXT_LENGTH = 18432;
    private static final String PROTOCOL_SSL_V2_HELLO = "SSLv2Hello";
    private static final String PROTOCOL_SSL_V2 = "SSLv2";
    private static final String PROTOCOL_SSL_V3 = "SSLv3";
    private static final String PROTOCOL_TLS_V1 = "TLSv1";
    private static final String PROTOCOL_TLS_V1_1 = "TLSv1.1";
    private static final String PROTOCOL_TLS_V1_2 = "TLSv1.2";
    private static final String[] SUPPORTED_PROTOCOLS;
    private static final Set<String> SUPPORTED_PROTOCOLS_SET;
    static final int MAX_ENCRYPTED_PACKET_LENGTH = 18713;
    static final int MAX_ENCRYPTION_OVERHEAD_LENGTH = 2329;
    private static final AtomicIntegerFieldUpdater<OpenSslEngine> DESTROYED_UPDATER;
    private static final String INVALID_CIPHER = "SSL_NULL_WITH_NULL_NULL";
    private static final long EMPTY_ADDR;
    private static final SSLEngineResult NEED_UNWRAP_OK;
    private static final SSLEngineResult NEED_UNWRAP_CLOSED;
    private static final SSLEngineResult NEED_WRAP_OK;
    private static final SSLEngineResult NEED_WRAP_CLOSED;
    private static final SSLEngineResult CLOSED_NOT_HANDSHAKING;
    private long ssl;
    private long networkBIO;
    private HandshakeState handshakeState;
    private boolean receivedShutdown;
    private volatile int destroyed;
    private volatile String cipher;
    private volatile String applicationProtocol;
    private volatile Certificate[] peerCerts;
    private volatile ClientAuthMode clientAuth;
    private volatile String endPointIdentificationAlgorithm;
    private volatile Object algorithmConstraints;
    private boolean isInboundDone;
    private boolean isOutboundDone;
    private boolean engineClosed;
    private final boolean clientMode;
    private final ByteBufAllocator alloc;
    private final OpenSslSessionContext sessionContext;
    private final OpenSslEngineMap engineMap;
    private final OpenSslApplicationProtocolNegotiator apn;
    private final boolean rejectRemoteInitiatedRenegation;
    private final SSLSession session;
    SSLHandshakeException handshakeException;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.netty.handler.ssl.OpenSslEngine$1, reason: invalid class name */
    /* loaded from: input_file:io/netty/handler/ssl/OpenSslEngine$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState;
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol;
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$ssl$OpenSslEngine$ClientAuthMode = new int[ClientAuthMode.values().length];

        static {
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$ClientAuthMode[ClientAuthMode.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$ClientAuthMode[ClientAuthMode.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$ClientAuthMode[ClientAuthMode.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol = new int[ApplicationProtocolConfig.Protocol.values().length];
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.ALPN.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.NPN.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[ApplicationProtocolConfig.Protocol.NPN_AND_ALPN.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            $SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState = new int[HandshakeState.values().length];
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState[HandshakeState.NOT_STARTED.ordinal()] = 1;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState[HandshakeState.STARTED_IMPLICITLY.ordinal()] = 2;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState[HandshakeState.STARTED_EXPLICITLY.ordinal()] = 3;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/netty/handler/ssl/OpenSslEngine$ClientAuthMode.class */
    public enum ClientAuthMode {
        NONE,
        OPTIONAL,
        REQUIRE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/netty/handler/ssl/OpenSslEngine$HandshakeState.class */
    public enum HandshakeState {
        NOT_STARTED,
        STARTED_IMPLICITLY,
        STARTED_EXPLICITLY,
        FINISHED
    }

    /* loaded from: input_file:io/netty/handler/ssl/OpenSslEngine$OpenSslSession.class */
    private final class OpenSslSession implements SSLSession, ApplicationProtocolAccessor {
        private X509Certificate[] x509PeerCerts;
        private Map<String, Object> values;

        private OpenSslSession() {
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            byte[] sessionId;
            synchronized (OpenSslEngine.this) {
                sessionId = OpenSslEngine.this.destroyed == 0 ? SSL.getSessionId(OpenSslEngine.this.ssl) : EmptyArrays.EMPTY_BYTES;
            }
            if (sessionId == null) {
                throw new IllegalStateException("SSL session ID not available");
            }
            return sessionId;
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            return OpenSslEngine.this.sessionContext;
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            synchronized (OpenSslEngine.this) {
                if (OpenSslEngine.this.destroyed != 0) {
                    return 0L;
                }
                return SSL.getTime(OpenSslEngine.this.ssl) * 1000;
            }
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            return getCreationTime();
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            return false;
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            if (str == null) {
                throw new NullPointerException(HttpPostBodyUtil.NAME);
            }
            if (obj == null) {
                throw new NullPointerException("value");
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                HashMap hashMap = new HashMap(2);
                this.values = hashMap;
                map = hashMap;
            }
            Object put = map.put(str, obj);
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueBound(new SSLSessionBindingEvent(this, str));
            }
            notifyUnbound(put, str);
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            if (str == null) {
                throw new NullPointerException(HttpPostBodyUtil.NAME);
            }
            if (this.values == null) {
                return null;
            }
            return this.values.get(str);
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            if (str == null) {
                throw new NullPointerException(HttpPostBodyUtil.NAME);
            }
            Map<String, Object> map = this.values;
            if (map == null) {
                return;
            }
            notifyUnbound(map.remove(str), str);
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            Map<String, Object> map = this.values;
            return (map == null || map.isEmpty()) ? EmptyArrays.EMPTY_STRINGS : (String[]) map.keySet().toArray(new String[map.size()]);
        }

        private void notifyUnbound(Object obj, String str) {
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueUnbound(new SSLSessionBindingEvent(this, str));
            }
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr = OpenSslEngine.this.peerCerts;
            if (certificateArr == null) {
                synchronized (OpenSslEngine.this) {
                    if (OpenSslEngine.this.destroyed != 0) {
                        certificateArr = OpenSslEngine.this.peerCerts = OpenSslEngine.EMPTY_CERTIFICATES;
                    } else {
                        if (SSL.isInInit(OpenSslEngine.this.ssl) != 0) {
                            throw new SSLPeerUnverifiedException("peer not verified");
                        }
                        certificateArr = OpenSslEngine.this.peerCerts = initPeerCertChain();
                    }
                }
            }
            return certificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            return OpenSslEngine.EMPTY_CERTIFICATES;
        }

        @Override // javax.net.ssl.SSLSession
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            X509Certificate[] x509CertificateArr = this.x509PeerCerts;
            if (x509CertificateArr == null) {
                synchronized (OpenSslEngine.this) {
                    if (OpenSslEngine.this.destroyed != 0) {
                        X509Certificate[] x509CertificateArr2 = OpenSslEngine.EMPTY_X509_CERTIFICATES;
                        this.x509PeerCerts = x509CertificateArr2;
                        return x509CertificateArr2;
                    }
                    if (SSL.isInInit(OpenSslEngine.this.ssl) != 0) {
                        throw new SSLPeerUnverifiedException("peer not verified");
                    }
                    byte[][] peerCertChain = SSL.getPeerCertChain(OpenSslEngine.this.ssl);
                    if (peerCertChain == null) {
                        throw new SSLPeerUnverifiedException("peer not verified");
                    }
                    X509Certificate[] x509CertificateArr3 = new X509Certificate[peerCertChain.length];
                    for (int i = 0; i < x509CertificateArr3.length; i++) {
                        try {
                            x509CertificateArr3[i] = X509Certificate.getInstance(peerCertChain[i]);
                        } catch (CertificateException e) {
                            throw new IllegalStateException(e);
                        }
                    }
                    this.x509PeerCerts = x509CertificateArr3;
                    x509CertificateArr = x509CertificateArr3;
                }
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            Certificate[] peerCertificates = getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0) {
                return null;
            }
            return ((java.security.cert.X509Certificate) peerCertificates[0]).getSubjectX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            Certificate[] localCertificates = getLocalCertificates();
            if (localCertificates == null || localCertificates.length == 0) {
                return null;
            }
            return ((java.security.cert.X509Certificate) localCertificates[0]).getIssuerX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            String javaCipherSuite;
            if (OpenSslEngine.this.handshakeState != HandshakeState.FINISHED) {
                return OpenSslEngine.INVALID_CIPHER;
            }
            if (OpenSslEngine.this.cipher == null) {
                synchronized (OpenSslEngine.this) {
                    javaCipherSuite = OpenSslEngine.this.destroyed == 0 ? OpenSslEngine.this.toJavaCipherSuite(SSL.getCipherForSSL(OpenSslEngine.this.ssl)) : OpenSslEngine.INVALID_CIPHER;
                }
                if (javaCipherSuite != null) {
                    OpenSslEngine.this.cipher = javaCipherSuite;
                }
            }
            return OpenSslEngine.this.cipher;
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            synchronized (OpenSslEngine.this) {
                if (OpenSslEngine.this.destroyed != 0) {
                    return StringUtil.EMPTY_STRING;
                }
                return SSL.getVersion(OpenSslEngine.this.ssl);
            }
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolAccessor
        public String getApplicationProtocol() {
            return OpenSslEngine.this.applicationProtocol;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return OpenSslEngine.this.getPeerHost();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            return OpenSslEngine.this.getPeerPort();
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            return OpenSslEngine.MAX_ENCRYPTED_PACKET_LENGTH;
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            return OpenSslEngine.MAX_PLAINTEXT_LENGTH;
        }

        private Certificate[] initPeerCertChain() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr;
            byte[][] peerCertChain = SSL.getPeerCertChain(OpenSslEngine.this.ssl);
            byte[] peerCertificate = !OpenSslEngine.this.clientMode ? SSL.getPeerCertificate(OpenSslEngine.this.ssl) : null;
            if (peerCertChain == null && peerCertificate == null) {
                throw new SSLPeerUnverifiedException("peer not verified");
            }
            int i = 0;
            if (peerCertChain != null) {
                i = 0 + peerCertChain.length;
            }
            int i2 = 0;
            if (peerCertificate != null) {
                certificateArr = new Certificate[i + 1];
                i2 = 0 + 1;
                certificateArr[0] = new OpenSslX509Certificate(peerCertificate);
            } else {
                certificateArr = new Certificate[i];
            }
            if (peerCertChain != null) {
                int i3 = 0;
                while (i2 < certificateArr.length) {
                    int i4 = i3;
                    i3++;
                    certificateArr[i2] = new OpenSslX509Certificate(peerCertChain[i4]);
                    i2++;
                }
            }
            return certificateArr;
        }

        /* synthetic */ OpenSslSession(OpenSslEngine openSslEngine, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    @Deprecated
    public OpenSslEngine(long j, ByteBufAllocator byteBufAllocator, String str) {
        this(j, byteBufAllocator, false, null, OpenSslContext.NONE_PROTOCOL_NEGOTIATOR, OpenSslEngineMap.EMPTY, false);
    }

    OpenSslEngine(long j, ByteBufAllocator byteBufAllocator, boolean z, OpenSslSessionContext openSslSessionContext, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, OpenSslEngineMap openSslEngineMap, boolean z2) {
        this(j, byteBufAllocator, z, openSslSessionContext, openSslApplicationProtocolNegotiator, openSslEngineMap, z2, null, -1);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSslEngine(long j, ByteBufAllocator byteBufAllocator, boolean z, OpenSslSessionContext openSslSessionContext, OpenSslApplicationProtocolNegotiator openSslApplicationProtocolNegotiator, OpenSslEngineMap openSslEngineMap, boolean z2, String str, int i) {
        super(str, i);
        this.handshakeState = HandshakeState.NOT_STARTED;
        this.clientAuth = ClientAuthMode.NONE;
        this.session = new OpenSslSession(this, null);
        OpenSsl.ensureAvailability();
        if (j == 0) {
            throw new NullPointerException("sslCtx");
        }
        this.alloc = (ByteBufAllocator) ObjectUtil.checkNotNull(byteBufAllocator, "alloc");
        this.apn = (OpenSslApplicationProtocolNegotiator) ObjectUtil.checkNotNull(openSslApplicationProtocolNegotiator, "apn");
        this.ssl = SSL.newSSL(j, !z);
        this.networkBIO = SSL.makeNetworkBIO(this.ssl);
        this.clientMode = z;
        this.sessionContext = openSslSessionContext;
        this.engineMap = openSslEngineMap;
        this.rejectRemoteInitiatedRenegation = z2;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        if (this.handshakeState != HandshakeState.NOT_STARTED) {
            return this.session;
        }
        return null;
    }

    public synchronized long sslPointer() {
        return this.ssl;
    }

    public synchronized void shutdown() {
        if (DESTROYED_UPDATER.compareAndSet(this, 0, 1)) {
            this.engineMap.remove(this.ssl);
            SSL.freeSSL(this.ssl);
            SSL.freeBIO(this.networkBIO);
            this.networkBIO = 0L;
            this.ssl = 0L;
            this.engineClosed = true;
            this.isOutboundDone = true;
            this.isInboundDone = true;
        }
        SSL.clearError();
    }

    private int writePlaintextData(ByteBuffer byteBuffer) {
        int writeToSSL;
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        int min = Math.min(limit - position, MAX_PLAINTEXT_LENGTH);
        if (byteBuffer.isDirect()) {
            writeToSSL = SSL.writeToSSL(this.ssl, Buffer.address(byteBuffer) + position, min);
            if (writeToSSL > 0) {
                byteBuffer.position(position + writeToSSL);
            }
        } else {
            ByteBuf directBuffer = this.alloc.directBuffer(min);
            try {
                long memoryAddress = memoryAddress(directBuffer);
                byteBuffer.limit(position + min);
                directBuffer.setBytes(0, byteBuffer);
                byteBuffer.limit(limit);
                writeToSSL = SSL.writeToSSL(this.ssl, memoryAddress, min);
                if (writeToSSL > 0) {
                    byteBuffer.position(position + writeToSSL);
                } else {
                    byteBuffer.position(position);
                }
            } finally {
                directBuffer.release();
            }
        }
        return writeToSSL;
    }

    private int writeEncryptedData(ByteBuffer byteBuffer) {
        int writeToBIO;
        int position = byteBuffer.position();
        int remaining = byteBuffer.remaining();
        if (byteBuffer.isDirect()) {
            writeToBIO = SSL.writeToBIO(this.networkBIO, Buffer.address(byteBuffer) + position, remaining);
            if (writeToBIO >= 0) {
                byteBuffer.position(position + writeToBIO);
            }
        } else {
            ByteBuf directBuffer = this.alloc.directBuffer(remaining);
            try {
                long memoryAddress = memoryAddress(directBuffer);
                directBuffer.setBytes(0, byteBuffer);
                writeToBIO = SSL.writeToBIO(this.networkBIO, memoryAddress, remaining);
                if (writeToBIO >= 0) {
                    byteBuffer.position(position + writeToBIO);
                } else {
                    byteBuffer.position(position);
                }
            } finally {
                directBuffer.release();
            }
        }
        return writeToBIO;
    }

    private int readPlaintextData(ByteBuffer byteBuffer) {
        int readFromSSL;
        if (byteBuffer.isDirect()) {
            int position = byteBuffer.position();
            readFromSSL = SSL.readFromSSL(this.ssl, Buffer.address(byteBuffer) + position, byteBuffer.limit() - position);
            if (readFromSSL > 0) {
                byteBuffer.position(position + readFromSSL);
            }
        } else {
            int position2 = byteBuffer.position();
            int limit = byteBuffer.limit();
            int min = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - position2);
            ByteBuf directBuffer = this.alloc.directBuffer(min);
            try {
                readFromSSL = SSL.readFromSSL(this.ssl, memoryAddress(directBuffer), min);
                if (readFromSSL > 0) {
                    byteBuffer.limit(position2 + readFromSSL);
                    directBuffer.getBytes(0, byteBuffer);
                    byteBuffer.limit(limit);
                }
            } finally {
                directBuffer.release();
            }
        }
        return readFromSSL;
    }

    private int readEncryptedData(ByteBuffer byteBuffer, int i) {
        int readFromBIO;
        if (!byteBuffer.isDirect() || byteBuffer.remaining() < i) {
            ByteBuf directBuffer = this.alloc.directBuffer(i);
            try {
                readFromBIO = SSL.readFromBIO(this.networkBIO, memoryAddress(directBuffer), i);
                if (readFromBIO > 0) {
                    int limit = byteBuffer.limit();
                    byteBuffer.limit(byteBuffer.position() + readFromBIO);
                    directBuffer.getBytes(0, byteBuffer);
                    byteBuffer.limit(limit);
                    directBuffer.release();
                    return readFromBIO;
                }
                directBuffer.release();
            } catch (Throwable th) {
                directBuffer.release();
                throw th;
            }
        } else {
            int position = byteBuffer.position();
            readFromBIO = SSL.readFromBIO(this.networkBIO, Buffer.address(byteBuffer) + position, i);
            if (readFromBIO > 0) {
                byteBuffer.position(position + readFromBIO);
                return readFromBIO;
            }
        }
        return readFromBIO;
    }

    private SSLEngineResult readPendingBytesFromBIO(ByteBuffer byteBuffer, int i, int i2) throws SSLException {
        int pendingWrittenBytesInBIO = SSL.pendingWrittenBytesInBIO(this.networkBIO);
        if (pendingWrittenBytesInBIO <= 0) {
            return null;
        }
        if (byteBuffer.remaining() < pendingWrittenBytesInBIO) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, mayFinishHandshake(getHandshakeStatus(pendingWrittenBytesInBIO)), i, i2);
        }
        int readEncryptedData = readEncryptedData(byteBuffer, pendingWrittenBytesInBIO);
        if (readEncryptedData <= 0) {
            SSL.clearError();
        } else {
            i2 += readEncryptedData;
            pendingWrittenBytesInBIO -= readEncryptedData;
        }
        if (this.isOutboundDone) {
            shutdown();
        }
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(getHandshakeStatus(pendingWrittenBytesInBIO)), i, i2);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00fa  */
    @Override // javax.net.ssl.SSLEngine
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized javax.net.ssl.SSLEngineResult wrap(java.nio.ByteBuffer[] r6, int r7, int r8, java.nio.ByteBuffer r9) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 402
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.OpenSslEngine.wrap(java.nio.ByteBuffer[], int, int, java.nio.ByteBuffer):javax.net.ssl.SSLEngineResult");
    }

    private void checkPendingHandshakeException() throws SSLHandshakeException {
        if (this.handshakeException != null) {
            SSLHandshakeException sSLHandshakeException = this.handshakeException;
            this.handshakeException = null;
            shutdown();
            throw sSLHandshakeException;
        }
    }

    private void shutdownWithError(String str) throws SSLException {
        shutdownWithError(str, SSL.getLastError());
    }

    private void shutdownWithError(String str, String str2) throws SSLException {
        if (logger.isDebugEnabled()) {
            logger.debug("{} failed: OpenSSL error: {}", str, str2);
        }
        shutdown();
        if (this.handshakeState != HandshakeState.FINISHED) {
            throw new SSLHandshakeException(str2);
        }
        throw new SSLException(str2);
    }

    /* JADX WARN: Code restructure failed: missing block: B:102:0x02d5, code lost:
    
        if (r19 > 0) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:103:0x02db, code lost:
    
        r0 = readPlaintextData(r0);
        rejectRemoteInitiatedRenegation();
     */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x02e9, code lost:
    
        if (r0 <= 0) goto L134;
     */
    /* JADX WARN: Code restructure failed: missing block: B:107:0x0315, code lost:
    
        switch(org.apache.tomcat.jni.SSL.getError(r7.ssl, r0)) {
            case 2: goto L139;
            case 3: goto L139;
            case 4: goto L114;
            case 5: goto L114;
            case 6: goto L138;
            default: goto L114;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:108:0x034c, code lost:
    
        shutdownWithError("SSL_read");
     */
    /* JADX WARN: Code restructure failed: missing block: B:113:0x033c, code lost:
    
        if (r7.receivedShutdown != false) goto L112;
     */
    /* JADX WARN: Code restructure failed: missing block: B:114:0x033f, code lost:
    
        closeAll();
     */
    /* JADX WARN: Code restructure failed: missing block: B:116:0x034b, code lost:
    
        return newResult(r18, r20);
     */
    /* JADX WARN: Code restructure failed: missing block: B:119:0x02ec, code lost:
    
        r20 = r20 + r0;
        r19 = r19 - r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:120:0x02ff, code lost:
    
        if (r0.hasRemaining() != false) goto L142;
     */
    /* JADX WARN: Code restructure failed: missing block: B:122:0x0302, code lost:
    
        r21 = r21 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:127:0x02cd, code lost:
    
        r21 = r21 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:131:0x0359, code lost:
    
        if (r7.receivedShutdown != false) goto L121;
     */
    /* JADX WARN: Code restructure failed: missing block: B:133:0x0366, code lost:
    
        if ((org.apache.tomcat.jni.SSL.getShutdown(r7.ssl) & 2) != 2) goto L121;
     */
    /* JADX WARN: Code restructure failed: missing block: B:134:0x0369, code lost:
    
        closeAll();
     */
    /* JADX WARN: Code restructure failed: missing block: B:136:0x0375, code lost:
    
        return newResult(r18, r20);
     */
    /* JADX WARN: Code restructure failed: missing block: B:137:0x028b, code lost:
    
        r0 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:65:0x01bf, code lost:
    
        if (r9 < r0) goto L65;
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x01c2, code lost:
    
        r0 = r8[r9];
        r0 = r0.remaining();
        r0 = writeEncryptedData(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x01d8, code lost:
    
        if (r0 <= 0) goto L129;
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x01db, code lost:
    
        r18 = r18 + r0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x01e6, code lost:
    
        if (r0 != r0) goto L71;
     */
    /* JADX WARN: Code restructure failed: missing block: B:70:0x01e9, code lost:
    
        r9 = r9 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:72:0x01f8, code lost:
    
        if (r9 < r0) goto L130;
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x01fb, code lost:
    
        r0 = org.apache.tomcat.jni.SSL.readFromSSL(r7.ssl, io.netty.handler.ssl.OpenSslEngine.EMPTY_ADDR, 0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x020a, code lost:
    
        if (r0 > 0) goto L82;
     */
    /* JADX WARN: Code restructure failed: missing block: B:77:0x021a, code lost:
    
        switch(org.apache.tomcat.jni.SSL.getError(r7.ssl, r0)) {
            case 0: goto L82;
            case 1: goto L78;
            case 2: goto L82;
            case 3: goto L82;
            case 4: goto L82;
            case 5: goto L78;
            case 6: goto L82;
            case 7: goto L82;
            case 8: goto L82;
            default: goto L81;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x024f, code lost:
    
        r0 = org.apache.tomcat.jni.SSL.getLastErrorNumber();
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x025a, code lost:
    
        if (io.netty.handler.ssl.OpenSsl.isError(r0) == false) goto L81;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x025d, code lost:
    
        shutdownWithError("SSL_read", org.apache.tomcat.jni.SSL.getErrorString(r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:81:0x026c, code lost:
    
        org.apache.tomcat.jni.SSL.clearError();
        checkPendingHandshakeException();
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x0273, code lost:
    
        rejectRemoteInitiatedRenegation();
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x01ef, code lost:
    
        org.apache.tomcat.jni.SSL.clearError();
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x027e, code lost:
    
        if (r7.handshakeState != io.netty.handler.ssl.OpenSslEngine.HandshakeState.FINISHED) goto L86;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0281, code lost:
    
        r0 = org.apache.tomcat.jni.SSL.pendingReadableBytesInSSL(r7.ssl);
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x028c, code lost:
    
        r19 = r0;
        r20 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x0293, code lost:
    
        if (r19 <= 0) goto L116;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x029a, code lost:
    
        if (r14 >= r19) goto L93;
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x02b2, code lost:
    
        return new javax.net.ssl.SSLEngineResult(javax.net.ssl.SSLEngineResult.Status.BUFFER_OVERFLOW, mayFinishHandshake(getHandshakeStatus()), r18, 0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x02b3, code lost:
    
        r21 = r12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x02bb, code lost:
    
        if (r21 >= r0) goto L132;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x02be, code lost:
    
        r0 = r11[r21];
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x02ca, code lost:
    
        if (r0.hasRemaining() != false) goto L131;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized javax.net.ssl.SSLEngineResult unwrap(java.nio.ByteBuffer[] r8, int r9, int r10, java.nio.ByteBuffer[] r11, int r12, int r13) throws javax.net.ssl.SSLException {
        /*
            Method dump skipped, instructions count: 886
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.netty.handler.ssl.OpenSslEngine.unwrap(java.nio.ByteBuffer[], int, int, java.nio.ByteBuffer[], int, int):javax.net.ssl.SSLEngineResult");
    }

    private SSLEngineResult newResult(int i, int i2) throws SSLException {
        return new SSLEngineResult(getEngineStatus(), mayFinishHandshake(getHandshakeStatus()), i, i2);
    }

    private void closeAll() throws SSLException {
        this.receivedShutdown = true;
        closeOutbound();
        closeInbound();
    }

    private void rejectRemoteInitiatedRenegation() throws SSLHandshakeException {
        if (!this.rejectRemoteInitiatedRenegation || SSL.getHandshakeCount(this.ssl) <= 1) {
            return;
        }
        shutdown();
        throw new SSLHandshakeException("remote-initiated renegotation not allowed");
    }

    public SSLEngineResult unwrap(ByteBuffer[] byteBufferArr, ByteBuffer[] byteBufferArr2) throws SSLException {
        return unwrap(byteBufferArr, 0, byteBufferArr.length, byteBufferArr2, 0, byteBufferArr2.length);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        return unwrap(new ByteBuffer[]{byteBuffer}, 0, 1, byteBufferArr, i, i2);
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (this.isInboundDone) {
            return;
        }
        this.isInboundDone = true;
        this.engineClosed = true;
        shutdown();
        if (this.handshakeState != HandshakeState.NOT_STARTED && !this.receivedShutdown) {
            throw new SSLException("Inbound closed before receiving peer's close_notify: possible truncation attack?");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.isInboundDone || this.engineClosed;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        int shutdownSSL;
        if (this.isOutboundDone) {
            return;
        }
        this.isOutboundDone = true;
        this.engineClosed = true;
        if (this.handshakeState == HandshakeState.NOT_STARTED || this.destroyed != 0) {
            shutdown();
            return;
        }
        if ((SSL.getShutdown(this.ssl) & 1) == 1 || (shutdownSSL = SSL.shutdownSSL(this.ssl)) >= 0) {
            return;
        }
        switch (SSL.getError(this.ssl, shutdownSSL)) {
            case 0:
            case 2:
            case SpdySettingsFrame.SETTINGS_ROUND_TRIP_TIME /* 3 */:
            case SpdySettingsFrame.SETTINGS_MAX_CONCURRENT_STREAMS /* 4 */:
            case SpdySettingsFrame.SETTINGS_DOWNLOAD_RETRANS_RATE /* 6 */:
            case SpdySettingsFrame.SETTINGS_INITIAL_WINDOW_SIZE /* 7 */:
            case SpdySettingsFrame.SETTINGS_CLIENT_CERTIFICATE_VECTOR_SIZE /* 8 */:
                return;
            case 1:
            case SpdySettingsFrame.SETTINGS_CURRENT_CWND /* 5 */:
                if (logger.isDebugEnabled()) {
                    logger.debug("SSL_shutdown failed: OpenSSL error: {}", SSL.getLastError());
                }
                shutdown();
                return;
            default:
                SSL.clearError();
                return;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isOutboundDone() {
        return this.isOutboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        Set<String> availableCipherSuites = OpenSsl.availableCipherSuites();
        return (String[]) availableCipherSuites.toArray(new String[availableCipherSuites.size()]);
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        synchronized (this) {
            if (this.destroyed != 0) {
                return EmptyArrays.EMPTY_STRINGS;
            }
            String[] ciphers = SSL.getCiphers(this.ssl);
            if (ciphers == null) {
                return EmptyArrays.EMPTY_STRINGS;
            }
            for (int i = 0; i < ciphers.length; i++) {
                String javaCipherSuite = toJavaCipherSuite(ciphers[i]);
                if (javaCipherSuite != null) {
                    ciphers[i] = javaCipherSuite;
                }
            }
            return ciphers;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        String str;
        ObjectUtil.checkNotNull(strArr, "cipherSuites");
        StringBuilder sb = new StringBuilder();
        int length = strArr.length;
        for (int i = 0; i < length && (str = strArr[i]) != null; i++) {
            String openSsl = CipherSuiteConverter.toOpenSsl(str);
            if (openSsl == null) {
                openSsl = str;
            }
            if (!OpenSsl.isCipherSuiteAvailable(openSsl)) {
                throw new IllegalArgumentException("unsupported cipher suite: " + str + '(' + openSsl + ')');
            }
            sb.append(openSsl);
            sb.append(':');
        }
        if (sb.length() == 0) {
            throw new IllegalArgumentException("empty cipher suites");
        }
        sb.setLength(sb.length() - 1);
        String sb2 = sb.toString();
        synchronized (this) {
            if (this.destroyed != 0) {
                throw new IllegalStateException("failed to enable cipher suites: " + sb2);
            }
            try {
                SSL.setCipherSuites(this.ssl, sb2);
            } catch (Exception e) {
                throw new IllegalStateException("failed to enable cipher suites: " + sb2, e);
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return (String[]) SUPPORTED_PROTOCOLS.clone();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(PROTOCOL_SSL_V2_HELLO);
        synchronized (this) {
            if (this.destroyed != 0) {
                return (String[]) arrayList.toArray(new String[1]);
            }
            int options = SSL.getOptions(this.ssl);
            if ((options & 67108864) == 0) {
                arrayList.add(PROTOCOL_TLS_V1);
            }
            if ((options & 268435456) == 0) {
                arrayList.add(PROTOCOL_TLS_V1_1);
            }
            if ((options & 134217728) == 0) {
                arrayList.add(PROTOCOL_TLS_V1_2);
            }
            if ((options & 16777216) == 0) {
                arrayList.add(PROTOCOL_SSL_V2);
            }
            if ((options & 33554432) == 0) {
                arrayList.add(PROTOCOL_SSL_V3);
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        if (strArr == null) {
            throw new IllegalArgumentException();
        }
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        for (String str : strArr) {
            if (!SUPPORTED_PROTOCOLS_SET.contains(str)) {
                throw new IllegalArgumentException("Protocol " + str + " is not supported.");
            }
            if (str.equals(PROTOCOL_SSL_V2)) {
                z = true;
            } else if (str.equals(PROTOCOL_SSL_V3)) {
                z2 = true;
            } else if (str.equals(PROTOCOL_TLS_V1)) {
                z3 = true;
            } else if (str.equals(PROTOCOL_TLS_V1_1)) {
                z4 = true;
            } else if (str.equals(PROTOCOL_TLS_V1_2)) {
                z5 = true;
            }
        }
        synchronized (this) {
            if (this.destroyed != 0) {
                throw new IllegalStateException("failed to enable protocols: " + Arrays.asList(strArr));
            }
            SSL.setOptions(this.ssl, 4095);
            if (!z) {
                SSL.setOptions(this.ssl, 16777216);
            }
            if (!z2) {
                SSL.setOptions(this.ssl, 33554432);
            }
            if (!z3) {
                SSL.setOptions(this.ssl, 67108864);
            }
            if (!z4) {
                SSL.setOptions(this.ssl, 268435456);
            }
            if (!z5) {
                SSL.setOptions(this.ssl, 134217728);
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void beginHandshake() throws SSLException {
        switch (AnonymousClass1.$SwitchMap$io$netty$handler$ssl$OpenSslEngine$HandshakeState[this.handshakeState.ordinal()]) {
            case 1:
                handshake();
                this.handshakeState = HandshakeState.STARTED_EXPLICITLY;
                return;
            case 2:
                checkEngineClosed();
                this.handshakeState = HandshakeState.STARTED_EXPLICITLY;
                return;
            case SpdySettingsFrame.SETTINGS_ROUND_TRIP_TIME /* 3 */:
                throw RENEGOTIATION_UNSUPPORTED;
            default:
                throw new Error();
        }
    }

    private void checkEngineClosed() throws SSLException {
        if (this.engineClosed || this.destroyed != 0) {
            throw ENGINE_CLOSED;
        }
    }

    private static SSLEngineResult.HandshakeStatus pendingStatus(int i) {
        return i > 0 ? SSLEngineResult.HandshakeStatus.NEED_WRAP : SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
    }

    private SSLEngineResult.HandshakeStatus handshake() throws SSLException {
        checkEngineClosed();
        int doHandshake = SSL.doHandshake(this.ssl);
        if (doHandshake <= 0) {
            checkPendingHandshakeException();
            switch (SSL.getError(this.ssl, doHandshake)) {
                case 2:
                case SpdySettingsFrame.SETTINGS_ROUND_TRIP_TIME /* 3 */:
                    return pendingStatus(SSL.pendingWrittenBytesInBIO(this.networkBIO));
                default:
                    shutdownWithError("SSL_do_handshake");
                    break;
            }
        }
        handshakeFinished();
        return SSLEngineResult.HandshakeStatus.FINISHED;
    }

    private static long memoryAddress(ByteBuf byteBuf) {
        return byteBuf.hasMemoryAddress() ? byteBuf.memoryAddress() : Buffer.address(byteBuf.nioBuffer());
    }

    private void handshakeFinished() throws SSLException {
        ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior = this.apn.selectedListenerFailureBehavior();
        List<String> protocols = this.apn.protocols();
        switch (AnonymousClass1.$SwitchMap$io$netty$handler$ssl$ApplicationProtocolConfig$Protocol[this.apn.protocol().ordinal()]) {
            case 1:
                break;
            case 2:
                String alpnSelected = SSL.getAlpnSelected(this.ssl);
                if (alpnSelected != null) {
                    this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, alpnSelected);
                    break;
                }
                break;
            case SpdySettingsFrame.SETTINGS_ROUND_TRIP_TIME /* 3 */:
                String nextProtoNegotiated = SSL.getNextProtoNegotiated(this.ssl);
                if (nextProtoNegotiated != null) {
                    this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, nextProtoNegotiated);
                    break;
                }
                break;
            case SpdySettingsFrame.SETTINGS_MAX_CONCURRENT_STREAMS /* 4 */:
                String alpnSelected2 = SSL.getAlpnSelected(this.ssl);
                if (alpnSelected2 == null) {
                    alpnSelected2 = SSL.getNextProtoNegotiated(this.ssl);
                }
                if (alpnSelected2 != null) {
                    this.applicationProtocol = selectApplicationProtocol(protocols, selectedListenerFailureBehavior, alpnSelected2);
                    break;
                }
                break;
            default:
                throw new Error();
        }
        this.handshakeState = HandshakeState.FINISHED;
    }

    private static String selectApplicationProtocol(List<String> list, ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior, String str) throws SSLException {
        if (selectedListenerFailureBehavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT) {
            return str;
        }
        int size = list.size();
        if (!$assertionsDisabled && size <= 0) {
            throw new AssertionError();
        }
        if (list.contains(str)) {
            return str;
        }
        if (selectedListenerFailureBehavior == ApplicationProtocolConfig.SelectedListenerFailureBehavior.CHOOSE_MY_LAST_PROTOCOL) {
            return list.get(size - 1);
        }
        throw new SSLException("unknown protocol " + str);
    }

    private SSLEngineResult.Status getEngineStatus() {
        return this.engineClosed ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK;
    }

    private SSLEngineResult.HandshakeStatus mayFinishHandshake(SSLEngineResult.HandshakeStatus handshakeStatus) throws SSLException {
        return (handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING || this.handshakeState == HandshakeState.FINISHED) ? handshakeStatus : handshake();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return needPendingStatus() ? pendingStatus(SSL.pendingWrittenBytesInBIO(this.networkBIO)) : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    private SSLEngineResult.HandshakeStatus getHandshakeStatus(int i) {
        return needPendingStatus() ? pendingStatus(i) : SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
    }

    private boolean needPendingStatus() {
        return this.handshakeState != HandshakeState.NOT_STARTED && this.destroyed == 0 && (this.handshakeState != HandshakeState.FINISHED || this.engineClosed);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String toJavaCipherSuite(String str) {
        if (str == null) {
            return null;
        }
        return CipherSuiteConverter.toJava(str, toJavaCipherSuitePrefix(SSL.getVersion(this.ssl)));
    }

    private static String toJavaCipherSuitePrefix(String str) {
        switch ((str == null || str.length() == 0) ? (char) 0 : str.charAt(0)) {
            case 'S':
                return "SSL";
            case 'T':
                return "TLS";
            default:
                return "UNKNOWN";
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        if (z != this.clientMode) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.clientMode;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.REQUIRE : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.clientAuth == ClientAuthMode.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        setClientAuth(z ? ClientAuthMode.OPTIONAL : ClientAuthMode.NONE);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.clientAuth == ClientAuthMode.OPTIONAL;
    }

    private void setClientAuth(ClientAuthMode clientAuthMode) {
        if (this.clientMode) {
            return;
        }
        synchronized (this) {
            if (this.clientAuth == clientAuthMode) {
                return;
            }
            switch (AnonymousClass1.$SwitchMap$io$netty$handler$ssl$OpenSslEngine$ClientAuthMode[clientAuthMode.ordinal()]) {
                case 1:
                    SSL.setVerify(this.ssl, 0, 10);
                    break;
                case 2:
                    SSL.setVerify(this.ssl, 2, 10);
                    break;
                case SpdySettingsFrame.SETTINGS_ROUND_TRIP_TIME /* 3 */:
                    SSL.setVerify(this.ssl, 1, 10);
                    break;
            }
            this.clientAuth = clientAuthMode;
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        if (z) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return false;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = super.getSSLParameters();
        if (PlatformDependent.javaVersion() >= 7) {
            sSLParameters.setEndpointIdentificationAlgorithm(this.endPointIdentificationAlgorithm);
            SslParametersUtils.setAlgorithmConstraints(sSLParameters, this.algorithmConstraints);
        }
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setSSLParameters(SSLParameters sSLParameters) {
        super.setSSLParameters(sSLParameters);
        if (PlatformDependent.javaVersion() >= 7) {
            this.endPointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm();
            this.algorithmConstraints = sSLParameters.getAlgorithmConstraints();
        }
    }

    protected void finalize() throws Throwable {
        super.finalize();
        shutdown();
    }

    static {
        $assertionsDisabled = !OpenSslEngine.class.desiredAssertionStatus();
        logger = InternalLoggerFactory.getInstance((Class<?>) OpenSslEngine.class);
        EMPTY_CERTIFICATES = EmptyArrays.EMPTY_CERTIFICATES;
        EMPTY_X509_CERTIFICATES = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
        ENGINE_CLOSED = new SSLException("engine closed");
        RENEGOTIATION_UNSUPPORTED = new SSLException("renegotiation unsupported");
        ENCRYPTED_PACKET_OVERSIZED = new SSLException("encrypted packet oversized");
        ENGINE_CLOSED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        RENEGOTIATION_UNSUPPORTED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        ENCRYPTED_PACKET_OVERSIZED.setStackTrace(EmptyArrays.EMPTY_STACK_TRACE);
        AtomicIntegerFieldUpdater<OpenSslEngine> newAtomicIntegerFieldUpdater = PlatformDependent.newAtomicIntegerFieldUpdater(OpenSslEngine.class, "destroyed");
        if (newAtomicIntegerFieldUpdater == null) {
            newAtomicIntegerFieldUpdater = AtomicIntegerFieldUpdater.newUpdater(OpenSslEngine.class, "destroyed");
        }
        DESTROYED_UPDATER = newAtomicIntegerFieldUpdater;
        SUPPORTED_PROTOCOLS = new String[]{PROTOCOL_SSL_V2_HELLO, PROTOCOL_SSL_V2, PROTOCOL_SSL_V3, PROTOCOL_TLS_V1, PROTOCOL_TLS_V1_1, PROTOCOL_TLS_V1_2};
        SUPPORTED_PROTOCOLS_SET = new HashSet(Arrays.asList(SUPPORTED_PROTOCOLS));
        EMPTY_ADDR = Buffer.address(Unpooled.EMPTY_BUFFER.nioBuffer());
        NEED_UNWRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        NEED_UNWRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
        NEED_WRAP_OK = new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        NEED_WRAP_CLOSED = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, 0);
        CLOSED_NOT_HANDSHAKING = new SSLEngineResult(SSLEngineResult.Status.CLOSED, SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING, 0, 0);
    }
}
