package com.amazon.communication.socket.ssl;

import com.amazon.communication.socket.IncompleteIoListener;
import com.amazon.dp.logger.DPLogger;
import com.dp.utils.FailFast;
import java.io.IOException;
import java.net.Socket;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.SocketChannel;
import java.nio.channels.spi.SelectorProvider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLSession;

/* loaded from: classes2.dex */
public final class SslSocketChannel extends SocketChannel {
    private final String mHost;
    public final AtomicBoolean mIsSslHandshakeComplete;
    private final IncompleteIoListener mListener;
    private final ByteBuffer mMyNetData;
    private final ByteBuffer mPeerAppData;
    private final ByteBuffer mPeerNetData;
    private final Object mReadLock;
    public final SocketChannel mSocketChannel;
    private final SSLEngine mSslEngine;
    private final SSLSession mSslSession;
    private final HostnameVerifier mVerifier;
    private final Object mWriteLock;
    public static final DPLogger log = new DPLogger("TComm.SslSocketChannel");
    private static final ByteBuffer EMPTY_BUFFER = ByteBuffer.allocate(0);
    private static final String[] PREFERED_CIPHER_SUITES = {"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA"};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.amazon.communication.socket.ssl.SslSocketChannel$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 2;
            } catch (NoSuchFieldError unused7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError unused8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 4;
            } catch (NoSuchFieldError unused9) {
            }
        }
    }

    private SslSocketChannel(SelectorProvider selectorProvider, SSLContext sSLContext, SocketChannel socketChannel, String str, int i, IncompleteIoListener incompleteIoListener, HostnameVerifier hostnameVerifier) {
        super(selectorProvider);
        this.mWriteLock = new Object();
        this.mReadLock = new Object();
        this.mIsSslHandshakeComplete = new AtomicBoolean(false);
        this.mHost = str;
        this.mSslEngine = sSLContext.createSSLEngine(str, i);
        this.mSslEngine.setUseClientMode(true);
        HashSet hashSet = new HashSet(Arrays.asList(this.mSslEngine.getSupportedCipherSuites()));
        ArrayList arrayList = new ArrayList();
        for (String str2 : PREFERED_CIPHER_SUITES) {
            if (hashSet.contains(str2)) {
                log.debug("SslSocketChannel", "Enabled cipher suit", "name", str2);
                arrayList.add(str2);
            }
        }
        this.mSslEngine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
        this.mSocketChannel = socketChannel;
        this.mListener = incompleteIoListener;
        this.mSslSession = this.mSslEngine.getSession();
        this.mMyNetData = ByteBuffer.allocate(this.mSslSession.getPacketBufferSize() * 2);
        this.mPeerAppData = ByteBuffer.allocate(this.mSslSession.getApplicationBufferSize() * 2);
        this.mPeerNetData = ByteBuffer.allocate(this.mSslSession.getPacketBufferSize() * 2);
        ByteBuffer byteBuffer = this.mPeerAppData;
        byteBuffer.position(byteBuffer.limit());
        ByteBuffer byteBuffer2 = this.mMyNetData;
        byteBuffer2.position(byteBuffer2.limit());
        this.mVerifier = hostnameVerifier;
        log.verbose("SslSocketChannel.constructor", "SslSocketChannel created", "SslSocketChannel", this);
    }

    private void doBlockingHandshakeTasks() {
        while (true) {
            Runnable delegatedTask = this.mSslEngine.getDelegatedTask();
            if (delegatedTask == null) {
                return;
            } else {
                delegatedTask.run();
            }
        }
    }

    private int flushData() throws IOException {
        try {
            int write = this.mMyNetData.hasRemaining() ? this.mSocketChannel.write(this.mMyNetData) : 0;
            if (this.mMyNetData.hasRemaining()) {
                this.mListener.onIncompleteWrite();
            }
            return write;
        } catch (IOException e) {
            ByteBuffer byteBuffer = this.mMyNetData;
            byteBuffer.position(byteBuffer.limit());
            throw e;
        }
    }

    private static String getCompactByteBufferState(ByteBuffer byteBuffer) {
        return "[" + byteBuffer.position() + "," + byteBuffer.limit() + "," + byteBuffer.capacity() + "](" + byteBuffer.remaining() + ")";
    }

    private void logState(String str, String str2, Object... objArr) {
        if (log.isDebugEnabled()) {
            System.arraycopy(objArr, 0, r1, 4, 0);
            Object[] objArr2 = {"peerApp", getCompactByteBufferState(this.mPeerAppData), "peerNet", getCompactByteBufferState(this.mPeerNetData)};
            log.debug(str, str2, objArr2);
        }
    }

    public static SocketChannel open(SSLContext sSLContext, SocketChannel socketChannel, String str, int i, IncompleteIoListener incompleteIoListener, HostnameVerifier hostnameVerifier) {
        log.verbose("open", "opening a new secure socket channel", "host", str, "securePort", Integer.valueOf(i));
        return new SslSocketChannel(SelectorProvider.provider(), sSLContext, socketChannel, str, i, incompleteIoListener, hostnameVerifier);
    }

    private int readAndUnwrap() throws IOException {
        SSLEngineResult unwrap;
        synchronized (this.mReadLock) {
            if (this.mPeerAppData.hasRemaining()) {
                throw new IllegalStateException("Existing unencrypted data still available for consumption: position: " + this.mPeerAppData.position() + ", remaining: " + this.mPeerAppData.remaining());
            }
            this.mPeerAppData.clear();
            int read = this.mSocketChannel.read(this.mPeerNetData);
            this.mPeerNetData.flip();
            int remaining = this.mPeerNetData.remaining();
            if (read == -1 && !this.mPeerNetData.hasRemaining()) {
                return -1;
            }
            do {
                unwrap = this.mSslEngine.unwrap(this.mPeerNetData, this.mPeerAppData);
                if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP || unwrap.bytesProduced() != 0) {
                    break;
                }
            } while (this.mPeerNetData.remaining() > 0);
            if (this.mPeerAppData.position() == 0 && unwrap.getStatus() == SSLEngineResult.Status.OK && this.mPeerNetData.hasRemaining()) {
                log.verbose("readAndUnwrap", "no data was produced, unwrapping once more", new Object[0]);
                unwrap = this.mSslEngine.unwrap(this.mPeerNetData, this.mPeerAppData);
                log.debug("readAndUnwrap", "finished re-unwrap", "result", unwrap);
            }
            SSLEngineResult.Status status = unwrap.getStatus();
            FailFast.expectFalse(status == SSLEngineResult.Status.BUFFER_OVERFLOW, "Unable to finish unwrap since we ran overflowed peerAppData. peerAppData Size: " + this.mPeerAppData.limit() + ", Encrypted contents size: " + remaining);
            if (status != SSLEngineResult.Status.CLOSED && (read != -1 || this.mPeerAppData.position() != 0)) {
                SSLEngineResult.HandshakeStatus handshakeStatus = unwrap.getHandshakeStatus();
                if (this.mIsSslHandshakeComplete.get() && handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
                    log.error("readAndUnwrap", "SSL Hanshake renegotiation requested", "mHost", this.mHost);
                    throw new IOException("Received request for SSL Handshake renegotiation from: " + this.mHost);
                }
                this.mPeerNetData.compact();
                this.mPeerAppData.flip();
                return this.mPeerAppData.remaining();
            }
            logState("readAndUnwrap", "Connection is being closed by peer", new Object[0]);
            close();
            return -1;
        }
    }

    @Override // java.nio.channels.SocketChannel
    public final boolean connect(SocketAddress socketAddress) throws IOException {
        return this.mSocketChannel.connect(socketAddress);
    }

    /* JADX WARN: Code restructure failed: missing block: B:51:0x00e5, code lost:
    
        if (r9.mIsSslHandshakeComplete.compareAndSet(false, true) != false) goto L42;
     */
    /* JADX WARN: Code restructure failed: missing block: B:52:0x00e7, code lost:
    
        com.amazon.communication.socket.ssl.SslSocketChannel.log.warn("continueHandshake", "handshake finished again", new java.lang.Object[0]);
     */
    /* JADX WARN: Code restructure failed: missing block: B:53:0x010e, code lost:
    
        return true;
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x00ff, code lost:
    
        if (r9.mVerifier.verify(r9.mHost, r9.mSslEngine.getSession()) == false) goto L46;
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x0101, code lost:
    
        com.amazon.communication.socket.ssl.SslSocketChannel.log.debug("continueHandshake", "handshake finished", "handshakeStatus", r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x0124, code lost:
    
        throw new javax.net.ssl.SSLPeerUnverifiedException(com.amazon.dp.logger.DPFormattedMessage.toDPFormat("continueHandshake", "Hostname could not be verified by certificate", "hostname", r9.mHost));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean continueHandshake() throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 293
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.communication.socket.ssl.SslSocketChannel.continueHandshake():boolean");
    }

    @Override // java.nio.channels.SocketChannel
    public final boolean finishConnect() throws IOException {
        boolean finishConnect = this.mSocketChannel.finishConnect();
        if (!finishConnect) {
            throw new IOException("Unable to finish connection to peer");
        }
        log.verbose("finishConnect", "beginning SSL handshake.", new Object[0]);
        this.mSslEngine.beginHandshake();
        continueHandshake();
        return finishConnect;
    }

    public final void flushIntermediateWriteBuffer() throws IOException {
        synchronized (this.mWriteLock) {
            flushData();
        }
    }

    @Override // java.nio.channels.spi.AbstractSelectableChannel
    protected final synchronized void implCloseSelectableChannel() throws IOException {
        log.debug("implCloseSelectableChannel", "implCloseSelectableChannel started (stack trace will be printed)", "remote host", this.mHost, new Throwable());
        try {
            this.mSslEngine.closeOutbound();
            this.mMyNetData.compact();
            int i = 0;
            while (!this.mSslEngine.isOutboundDone()) {
                i++;
                SSLEngineResult wrap = this.mSslEngine.wrap(EMPTY_BUFFER, this.mMyNetData);
                log.debug("implCloseSelectableChannel", "outbound is not done", "status", wrap.getStatus(), "outbound attempt", Integer.valueOf(i));
                if (wrap.getStatus() != SSLEngineResult.Status.OK) {
                    break;
                }
                this.mMyNetData.flip();
                int i2 = 0;
                while (this.mMyNetData.hasRemaining() && (i2 = i2 + 1) <= 100) {
                    int write = this.mSocketChannel.write(this.mMyNetData);
                    log.debug("implCloseSelectableChannel", "wrote to socket channel", "remaining", Integer.valueOf(this.mMyNetData.remaining()), "bytes written", Integer.valueOf(write), "outbound attempt", Integer.valueOf(i), "write attempt", Integer.valueOf(i2));
                    if (write == -1) {
                        throw new IOException("Underlying socket channel was closed before shutting down ssl engine");
                    }
                }
            }
        } finally {
            this.mSocketChannel.close();
        }
    }

    @Override // java.nio.channels.spi.AbstractSelectableChannel
    protected final void implConfigureBlocking(boolean z) throws IOException {
        this.mSocketChannel.configureBlocking(z);
    }

    @Override // java.nio.channels.SocketChannel
    public final boolean isConnected() {
        return this.mSocketChannel.isConnected();
    }

    @Override // java.nio.channels.SocketChannel
    public final boolean isConnectionPending() {
        return this.mSocketChannel.isConnectionPending();
    }

    @Override // java.nio.channels.SocketChannel, java.nio.channels.ReadableByteChannel
    public final int read(ByteBuffer byteBuffer) throws IOException {
        int readAndUnwrap;
        synchronized (this.mReadLock) {
            int i = 0;
            if (this.mSslEngine.isInboundDone()) {
                log.debug("read", "EOF reached", new Object[0]);
                return -1;
            }
            while (byteBuffer.hasRemaining()) {
                if (!this.mPeerAppData.hasRemaining() && ((readAndUnwrap = readAndUnwrap()) == -1 || readAndUnwrap == 0)) {
                    return i > 0 ? i : readAndUnwrap;
                }
                int min = Math.min(this.mPeerAppData.remaining(), byteBuffer.remaining());
                while (min > 0) {
                    byteBuffer.put(this.mPeerAppData.get());
                    min--;
                    i++;
                }
            }
            return i;
        }
    }

    @Override // java.nio.channels.SocketChannel, java.nio.channels.ScatteringByteChannel
    public final long read(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        throw new UnsupportedOperationException();
    }

    @Override // java.nio.channels.SocketChannel
    public final Socket socket() {
        return this.mSocketChannel.socket();
    }

    public final String toString() {
        return "SslSocketChannel netData size: " + this.mMyNetData.capacity() + ", peerAppData size: " + this.mPeerAppData.capacity() + ", peerNetData size: " + this.mPeerNetData.capacity();
    }

    @Override // java.nio.channels.SocketChannel, java.nio.channels.WritableByteChannel
    public final int write(ByteBuffer byteBuffer) throws IOException {
        synchronized (this.mWriteLock) {
            if (byteBuffer.remaining() == 0) {
                log.info("write", "0-byte write attempted", new Object[0]);
                return 0;
            }
            if (this.mMyNetData.hasRemaining()) {
                log.warn("write", "There is still encrypted data waiting to be flushed. Attempting to flush it now.", "mMyNetData", this.mMyNetData);
                flushData();
                return 0;
            }
            this.mMyNetData.clear();
            SSLEngineResult wrap = this.mSslEngine.wrap(byteBuffer, this.mMyNetData);
            this.mMyNetData.flip();
            flushData();
            return wrap.bytesConsumed();
        }
    }

    @Override // java.nio.channels.SocketChannel, java.nio.channels.GatheringByteChannel
    public final long write(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        if (i < 0 || i2 < 0 || i + i2 > byteBufferArr.length) {
            throw new IllegalArgumentException("Invalid offset: " + i + " and/or length: " + i2 + ". Sources length: " + byteBufferArr.length);
        }
        synchronized (this.mWriteLock) {
            if (this.mMyNetData.hasRemaining()) {
                log.warn("write(ByteBuffer[])", "There is still encrypted data waiting to be flushed. Attempting to flush it now.", "mMyNetData", this.mMyNetData);
                flushData();
                return 0L;
            }
            this.mMyNetData.clear();
            SSLEngineResult wrap = this.mSslEngine.wrap(byteBufferArr, i, i2, this.mMyNetData);
            this.mMyNetData.flip();
            flushData();
            return wrap.bytesConsumed();
        }
    }
}
