package org.glassfish.grizzly.sni;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import org.glassfish.grizzly.Buffer;
import org.glassfish.grizzly.Connection;
import org.glassfish.grizzly.Grizzly;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.NextAction;
import org.glassfish.grizzly.filterchain.TransportFilter;
import org.glassfish.grizzly.ssl.SSLBaseFilter;
import org.glassfish.grizzly.ssl.SSLConnectionContext;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.grizzly.ssl.SSLFilter;
import org.glassfish.grizzly.ssl.SSLUtils;
import org.glassfish.grizzly.utils.Charsets;
import org.glassfish.grizzly.utils.JdkVersion;

/* loaded from: input_file:org/glassfish/grizzly/sni/SNIFilter.class */
public class SNIFilter extends SSLFilter {
    private static final Logger LOGGER = Grizzly.logger(SNIFilter.class);
    private static final boolean JDK7_OR_HIGHER;
    private static final byte HANDSHAKE_TYPE = 22;
    private static final int MIN_TLS_VERSION = 769;
    private static final int SSLV3_RECORD_HEADER_SIZE = 5;
    private static final int CLIENT_HELLO_HST = 1;
    private SNIServerConfigResolver serverResolver;
    private SNIClientConfigResolver clientResolver;

    /* loaded from: input_file:org/glassfish/grizzly/sni/SNIFilter$SNIAwareTransportFilterWrapper.class */
    private static final class SNIAwareTransportFilterWrapper extends SSLBaseFilter.SSLTransportFilterWrapper {
        public SNIAwareTransportFilterWrapper(TransportFilter transportFilter, SSLBaseFilter sSLBaseFilter) {
            super(transportFilter, sSLBaseFilter);
        }

        public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
            SSLConnectionContext sslConnectionContext = SSLUtils.getSslConnectionContext(filterChainContext.getConnection());
            if (sslConnectionContext != null && sslConnectionContext.getSslEngine() != null) {
                filterChainContext.setMessage(SSLUtils.allowDispose(SSLUtils.allocateInputBuffer(sslConnectionContext)));
            }
            return this.wrappedFilter.handleRead(filterChainContext);
        }
    }

    public SNIFilter() {
    }

    public SNIFilter(SSLEngineConfigurator sSLEngineConfigurator, SSLEngineConfigurator sSLEngineConfigurator2) {
        super(sSLEngineConfigurator, sSLEngineConfigurator2);
    }

    public SNIFilter(SSLEngineConfigurator sSLEngineConfigurator, SSLEngineConfigurator sSLEngineConfigurator2, boolean z) {
        super(sSLEngineConfigurator, sSLEngineConfigurator2, z);
    }

    public SNIServerConfigResolver getServerSSLConfigResolver() {
        return this.serverResolver;
    }

    public void setServerSSLConfigResolver(SNIServerConfigResolver sNIServerConfigResolver) {
        this.serverResolver = sNIServerConfigResolver;
    }

    public SNIClientConfigResolver getClientSSLConfigResolver() {
        return this.clientResolver;
    }

    public void setClientSSLConfigResolver(SNIClientConfigResolver sNIClientConfigResolver) {
        if (!JDK7_OR_HIGHER) {
            LOGGER.warning("Client side SNI support requires JDK 1.7+");
        }
        this.clientResolver = sNIClientConfigResolver;
    }

    protected SSLBaseFilter.SSLTransportFilterWrapper createOptimizedTransportFilter(TransportFilter transportFilter) {
        return new SNIAwareTransportFilterWrapper(transportFilter, this);
    }

    public NextAction handleConnect(FilterChainContext filterChainContext) throws IOException {
        SSLEngineConfigurator clientSSLEngineConfigurator;
        String hostString;
        if (!JDK7_OR_HIGHER) {
            return super.handleConnect(filterChainContext);
        }
        Connection connection = filterChainContext.getConnection();
        SNIClientConfigResolver sNIClientConfigResolver = this.clientResolver;
        if (sNIClientConfigResolver != null) {
            SNIConfig resolve = sNIClientConfigResolver.resolve(connection);
            if (resolve != null && !resolve.isClientConfig) {
                throw new IllegalStateException("SNIConfig has to represent client config, not a server one");
            }
            hostString = resolve != null ? resolve.host : null;
            clientSSLEngineConfigurator = (resolve == null || resolve.sslEngineConfigurator == null) ? getClientSSLEngineConfigurator() : resolve.sslEngineConfigurator;
        } else {
            clientSSLEngineConfigurator = getClientSSLEngineConfigurator();
            Object peerAddress = connection.getPeerAddress();
            hostString = peerAddress instanceof InetSocketAddress ? ((InetSocketAddress) peerAddress).getHostString() : null;
        }
        SSLConnectionContext obtainSslConnectionContext = obtainSslConnectionContext(filterChainContext.getConnection());
        SSLEngine createSSLEngine = hostString != null ? clientSSLEngineConfigurator.createSSLEngine(hostString, -1) : clientSSLEngineConfigurator.createSSLEngine();
        obtainSslConnectionContext.configure(createSSLEngine);
        createSSLEngine.beginHandshake();
        notifyHandshakeStart(connection);
        return filterChainContext.getInvokeAction();
    }

    public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
        SNIServerConfigResolver sNIServerConfigResolver = this.serverResolver;
        if (sNIServerConfigResolver == null) {
            return super.handleRead(filterChainContext);
        }
        Connection connection = filterChainContext.getConnection();
        if (SSLUtils.getSslConnectionContext(connection) == null) {
            Buffer buffer = (Buffer) filterChainContext.getMessage();
            if (buffer.remaining() < SSLV3_RECORD_HEADER_SIZE) {
                return filterChainContext.getStopAction(buffer);
            }
            int position = buffer.position();
            int i = position + CLIENT_HELLO_HST;
            byte b = buffer.get(position);
            int i2 = i + CLIENT_HELLO_HST;
            byte b2 = buffer.get(i);
            int i3 = i2 + CLIENT_HELLO_HST;
            if (checkTlsVersion(b, b2, buffer.get(i2))) {
                int i4 = ((buffer.get(i3) & 255) << 8) + (buffer.get(i3 + CLIENT_HELLO_HST) & 255) + SSLV3_RECORD_HEADER_SIZE;
                if (buffer.remaining() < i4) {
                    return filterChainContext.getStopAction(buffer);
                }
                SNIConfig resolve = sNIServerConfigResolver.resolve(connection, getHostName(buffer, i4));
                if (resolve != null && resolve.isClientConfig) {
                    throw new IllegalStateException("SNIConfig has to represent server config, not a client one");
                }
                SSLEngineConfigurator serverSSLEngineConfigurator = (resolve == null || resolve.sslEngineConfigurator == null) ? getServerSSLEngineConfigurator() : resolve.sslEngineConfigurator;
                SSLConnectionContext obtainSslConnectionContext = obtainSslConnectionContext(connection);
                SSLEngine createSSLEngine = serverSSLEngineConfigurator.createSSLEngine();
                obtainSslConnectionContext.configure(createSSLEngine);
                createSSLEngine.beginHandshake();
                notifyHandshakeStart(connection);
            }
        }
        return super.handleRead(filterChainContext);
    }

    private String getHostName(Buffer buffer, int i) {
        int i2 = SSLV3_RECORD_HEADER_SIZE + CLIENT_HELLO_HST;
        if (buffer.get(SSLV3_RECORD_HEADER_SIZE) != CLIENT_HELLO_HST) {
            return null;
        }
        int i3 = i2 + 3 + 2 + 32;
        int i4 = i3 + CLIENT_HELLO_HST + (buffer.get(i3) & 255);
        int i5 = i4 + 2 + (buffer.getShort(i4) & 65535);
        int i6 = i5 + CLIENT_HELLO_HST + (buffer.get(i5) & 255);
        int position = buffer.position() + i;
        if (i6 >= position) {
            return null;
        }
        int i7 = i6 + 2;
        while (i7 < position) {
            int i8 = buffer.getShort(i7) & 65535;
            int i9 = i7 + 2;
            int i10 = buffer.getShort(i9) & 65535;
            int i11 = i9 + 2;
            if (i8 == 0) {
                int i12 = buffer.getShort(i11) & 65535;
                i11 += 2;
                for (int i13 = 0; i13 < i12; i13 += CLIENT_HELLO_HST) {
                    int i14 = i11;
                    int i15 = i11 + CLIENT_HELLO_HST;
                    int i16 = buffer.get(i14) & 255;
                    int i17 = buffer.getShort(i15) & 65535;
                    int i18 = i15 + 2;
                    if (i16 == 0) {
                        return buffer.toStringContent(Charsets.ASCII_CHARSET, i18, i18 + i17);
                    }
                    i11 = i18 + i17;
                }
            }
            i7 = i11 + i10;
        }
        return null;
    }

    static boolean checkTlsVersion(byte b, byte b2, byte b3) {
        return b == HANDSHAKE_TYPE && ((b2 << 8) | (b3 & 255)) >= MIN_TLS_VERSION;
    }

    static {
        JDK7_OR_HIGHER = JdkVersion.getJdkVersion().compareTo(JdkVersion.parseVersion("1.7")) >= 0;
    }
}
