package org.gridgain.grid.util.nio.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.gridgain.grid.GridException;
import org.gridgain.grid.logger.GridLogger;
import org.gridgain.grid.typedef.internal.U;
import org.gridgain.grid.util.nio.GridNioException;
import org.gridgain.grid.util.nio.GridNioFilterAdapter;
import org.gridgain.grid.util.nio.GridNioFuture;
import org.gridgain.grid.util.nio.GridNioSession;
import org.gridgain.grid.util.nio.GridNioSessionMetaKey;
import org.gridgain.grid.util.nio.impl.GridNioFinishedFuture;

/* loaded from: input_file:org/gridgain/grid/util/nio/ssl/GridNioSslFilter.class */
public class GridNioSslFilter extends GridNioFilterAdapter {
    private GridLogger log;
    private boolean wantClientAuth;
    private boolean needClientAuth;
    private String[] enabledCipherSuites;
    private String[] enabledProtos;
    private SSLContext sslCtx;

    public GridNioSslFilter(SSLContext sSLContext, GridLogger gridLogger) {
        super("SSL filter");
        this.log = gridLogger;
        this.sslCtx = sSLContext;
    }

    public void wantClientAuth(boolean z) {
        this.wantClientAuth = z;
    }

    public void needClientAuth(boolean z) {
        this.needClientAuth = z;
    }

    public void enabledCipherSuites(String... strArr) {
        this.enabledCipherSuites = strArr;
    }

    public void enabledProtocols(String... strArr) {
        this.enabledProtos = strArr;
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onSessionOpened(GridNioSession gridNioSession) throws GridException {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Remote client connected, creating SSL handler and performing initial handshake: " + gridNioSession);
        }
        SSLEngine createSSLEngine = this.sslCtx.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        createSSLEngine.setWantClientAuth(this.wantClientAuth);
        createSSLEngine.setNeedClientAuth(this.needClientAuth);
        if (this.enabledCipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.enabledCipherSuites);
        }
        if (this.enabledProtos != null) {
            createSSLEngine.setEnabledProtocols(this.enabledProtos);
        }
        try {
            GridNioSslHandler gridNioSslHandler = new GridNioSslHandler(this, gridNioSession, createSSLEngine, this.log);
            gridNioSession.addMeta(GridNioSessionMetaKey.SSL_HANDLER.ordinal(), gridNioSslHandler);
            gridNioSslHandler.handshake();
        } catch (SSLException e) {
            U.error(this.log, "Failed to start SSL handshake (will close inbound connection): " + gridNioSession, e);
            gridNioSession.close();
        }
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onSessionClosed(GridNioSession gridNioSession) throws GridException {
        try {
            sslHandler(gridNioSession).shutdown();
            proceedSessionClosed(gridNioSession);
        } catch (Throwable th) {
            proceedSessionClosed(gridNioSession);
            throw th;
        }
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onExceptionCaught(GridNioSession gridNioSession, GridException gridException) throws GridException {
        proceedExceptionCaught(gridNioSession, gridException);
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public GridNioFuture<?> onSessionWrite(GridNioSession gridNioSession, Object obj) throws GridException {
        ByteBuffer checkMessage = checkMessage(gridNioSession, obj);
        if (!checkMessage.hasRemaining()) {
            return new GridNioFinishedFuture((Throwable) null);
        }
        GridNioSslHandler sslHandler = sslHandler(gridNioSession);
        sslHandler.lock();
        try {
            try {
                if (sslHandler.isOutboundDone()) {
                    GridNioFinishedFuture gridNioFinishedFuture = new GridNioFinishedFuture((Throwable) new IOException("Failed to send data (secure session was already closed): " + gridNioSession));
                    sslHandler.unlock();
                    return gridNioFinishedFuture;
                }
                if (sslHandler.isHandshakeFinished()) {
                    sslHandler.encrypt(checkMessage);
                    GridNioFuture<?> writeNetBuffer = sslHandler.writeNetBuffer();
                    sslHandler.unlock();
                    return writeNetBuffer;
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Write request received during handshake, scheduling deferred write: " + gridNioSession);
                }
                GridNioFuture<?> deferredWrite = sslHandler.deferredWrite(checkMessage);
                sslHandler.unlock();
                return deferredWrite;
            } catch (SSLException e) {
                throw new GridNioException("Failed to encode SSL data: " + gridNioSession, e);
            }
        } catch (Throwable th) {
            sslHandler.unlock();
            throw th;
        }
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onMessageReceived(GridNioSession gridNioSession, Object obj) throws GridException {
        ByteBuffer checkMessage = checkMessage(gridNioSession, obj);
        GridNioSslHandler sslHandler = sslHandler(gridNioSession);
        sslHandler.lock();
        try {
            try {
                sslHandler.messageReceived(checkMessage);
                if (sslHandler.isHandshakeFinished()) {
                    sslHandler.flushDeferredWrites();
                }
                ByteBuffer applicationBuffer = sslHandler.getApplicationBuffer();
                applicationBuffer.flip();
                if (applicationBuffer.hasRemaining()) {
                    proceedMessageReceived(gridNioSession, applicationBuffer);
                }
                applicationBuffer.clear();
                if (sslHandler.isInboundDone() && !sslHandler.isOutboundDone()) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Remote peer closed secure session (will close connection): " + gridNioSession);
                    }
                    shutdownSession(gridNioSession, sslHandler);
                }
            } catch (SSLException e) {
                throw new GridNioException("Failed to decode SSL data: " + gridNioSession, e);
            }
        } finally {
            sslHandler.unlock();
        }
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public GridNioFuture<Boolean> onSessionClose(GridNioSession gridNioSession) throws GridException {
        GridNioSslHandler sslHandler = sslHandler(gridNioSession);
        sslHandler.lock();
        try {
            GridNioFuture<Boolean> shutdownSession = shutdownSession(gridNioSession, sslHandler);
            sslHandler.unlock();
            return shutdownSession;
        } catch (Throwable th) {
            sslHandler.unlock();
            throw th;
        }
    }

    private GridNioFuture<Boolean> shutdownSession(GridNioSession gridNioSession, GridNioSslHandler gridNioSslHandler) throws GridException {
        try {
            gridNioSslHandler.closeOutbound();
            gridNioSslHandler.writeNetBuffer();
        } catch (SSLException e) {
            U.warn(this.log, "Failed to shutdown SSL session gracefully (will force close) [ex=" + e + ", ses=" + gridNioSession + ']');
        }
        return proceedSessionClose(gridNioSession);
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onSessionIdleTimeout(GridNioSession gridNioSession) throws GridException {
        proceedSessionIdleTimeout(gridNioSession);
    }

    @Override // org.gridgain.grid.util.nio.GridNioFilter
    public void onSessionWriteTimeout(GridNioSession gridNioSession) throws GridException {
        proceedSessionWriteTimeout(gridNioSession);
    }

    private GridNioSslHandler sslHandler(GridNioSession gridNioSession) throws GridNioException {
        GridNioSslHandler gridNioSslHandler = (GridNioSslHandler) gridNioSession.meta(GridNioSessionMetaKey.SSL_HANDLER.ordinal());
        if (gridNioSslHandler == null) {
            throw new GridNioException("Failed to process incoming message (received message before SSL handler was created): " + gridNioSession);
        }
        return gridNioSslHandler;
    }

    private ByteBuffer checkMessage(GridNioSession gridNioSession, Object obj) throws GridNioException {
        if (obj instanceof ByteBuffer) {
            return (ByteBuffer) obj;
        }
        throw new GridNioException("Invalid object type received (is SSL filter correctly placed in filter chain?) [ses=" + gridNioSession + ", msgClass=" + obj.getClass().getName() + ']');
    }

    public static ByteBuffer expandBuffer(ByteBuffer byteBuffer, int i) {
        ByteBuffer allocate = ByteBuffer.allocate(i);
        byteBuffer.flip();
        allocate.put(byteBuffer);
        return allocate;
    }

    public static ByteBuffer copy(ByteBuffer byteBuffer) {
        ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.remaining());
        allocate.put(byteBuffer);
        allocate.flip();
        return allocate;
    }
}
