package org.apache.hadoop.ipc;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.nio.channels.ReadableByteChannel;
import java.nio.channels.SocketChannel;
import java.nio.channels.WritableByteChannel;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.ipc.Server;
import org.apache.zookeeper.server.quorum.QuorumStats;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/ipc/RpcSSLEngineAbstr.class
  input_file:hadoop-common-2.8.2.10-RC2.jar:org/apache/hadoop/ipc/RpcSSLEngineAbstr.class
 */
/* loaded from: input_file:hadoop-common-2.8.2.10-RC2/share/hadoop/common/hadoop-common-2.8.2.10-RC2.jar:org/apache/hadoop/ipc/RpcSSLEngineAbstr.class */
public abstract class RpcSSLEngineAbstr implements RpcSSLEngine {
    private static final Log LOG = LogFactory.getLog(RpcSSLEngineAbstr.class);
    protected final SocketChannel socketChannel;
    protected final SSLEngine sslEngine;
    private final Configuration conf;
    private final long handshakeTimeoutMS;
    protected static final int KB = 1024;
    private final ExecutorService exec = Executors.newSingleThreadExecutor();
    protected ByteBuffer serverAppBuffer = ByteBuffer.allocate(102400);
    protected ByteBuffer clientAppBuffer = ByteBuffer.allocate(102400);
    protected ByteBuffer serverNetBuffer = ByteBuffer.allocate(102400);
    protected ByteBuffer clientNetBuffer = ByteBuffer.allocate(102400);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:classes/org/apache/hadoop/ipc/RpcSSLEngineAbstr$1.class
      input_file:hadoop-common-2.8.2.10-RC2.jar:org/apache/hadoop/ipc/RpcSSLEngineAbstr$1.class
     */
    /* renamed from: org.apache.hadoop.ipc.RpcSSLEngineAbstr$1, reason: invalid class name */
    /* loaded from: input_file:hadoop-common-2.8.2.10-RC2/share/hadoop/common/hadoop-common-2.8.2.10-RC2.jar:org/apache/hadoop/ipc/RpcSSLEngineAbstr$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$Status;
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$javax$net$ssl$SSLEngineResult$Status = new int[SSLEngineResult.Status.values().length];
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_OVERFLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.BUFFER_UNDERFLOW.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$Status[SSLEngineResult.Status.CLOSED.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
        }
    }

    public RpcSSLEngineAbstr(SocketChannel socketChannel, SSLEngine sSLEngine, Configuration configuration) {
        this.socketChannel = socketChannel;
        this.sslEngine = sSLEngine;
        this.conf = configuration;
        this.handshakeTimeoutMS = configuration.getLong(CommonConfigurationKeysPublic.IPC_SERVER_TLS_HANDSHAKE_TIMEOUT_MS, CommonConfigurationKeysPublic.IPC_SERVER_TLS_HANDSHAKE_TIMEOUT_MS_DEFAULT);
    }

    @Override // org.apache.hadoop.ipc.RpcSSLEngine
    public Configuration getConf() {
        return this.conf;
    }

    private String getRemoteHost() {
        try {
            SocketAddress remoteAddress = this.socketChannel.getRemoteAddress();
            if (remoteAddress == null || !(remoteAddress instanceof InetSocketAddress)) {
                return QuorumStats.Provider.UNKNOWN_STATE;
            }
            InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress;
            return inetSocketAddress.getHostString() + ":" + inetSocketAddress.getPort();
        } catch (IOException e) {
            return QuorumStats.Provider.UNKNOWN_STATE;
        }
    }

    @Override // org.apache.hadoop.ipc.RpcSSLEngine
    public boolean doHandshake() throws IOException {
        LOG.debug("Starting TLS handshake with peer " + getRemoteHost());
        ByteBuffer allocate = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
        ByteBuffer allocate2 = ByteBuffer.allocate(this.sslEngine.getSession().getApplicationBufferSize());
        this.serverNetBuffer.clear();
        this.clientNetBuffer.clear();
        TimeWatch start = TimeWatch.start();
        SSLEngineResult.HandshakeStatus handshakeStatus = this.sslEngine.getHandshakeStatus();
        while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            if (start.elapsedIn(TimeUnit.MILLISECONDS) > this.handshakeTimeoutMS) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("Connection with " + getRemoteHost() + " has been handshaking for too long. Closing the connection!");
                }
                throw new SSLException("TLS handshake time-out. Handshaking for more than " + this.handshakeTimeoutMS + " milliseconds!");
            }
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[handshakeStatus.ordinal()]) {
                case 1:
                    int read = this.socketChannel.read(this.clientNetBuffer);
                    if (read > 0) {
                        start.reset();
                    } else if (read < 0) {
                        if (this.sslEngine.isInboundDone() && this.sslEngine.isOutboundDone()) {
                            return false;
                        }
                        try {
                            this.sslEngine.closeInbound();
                            this.sslEngine.closeOutbound();
                            handshakeStatus = this.sslEngine.getHandshakeStatus();
                            break;
                        } catch (SSLException e) {
                            LOG.warn(e, e);
                            throw e;
                        }
                    }
                    this.clientNetBuffer.flip();
                    try {
                        SSLEngineResult unwrap = this.sslEngine.unwrap(this.clientNetBuffer, allocate2);
                        this.clientNetBuffer.compact();
                        handshakeStatus = unwrap.getHandshakeStatus();
                        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[unwrap.getStatus().ordinal()]) {
                            case 1:
                                break;
                            case 2:
                                allocate2 = enlargeApplicationBuffer(allocate2);
                                break;
                            case 3:
                                this.clientNetBuffer = handleBufferUnderflow(this.clientNetBuffer);
                                break;
                            case 4:
                                if (!this.sslEngine.isOutboundDone()) {
                                    this.sslEngine.closeOutbound();
                                    handshakeStatus = this.sslEngine.getHandshakeStatus();
                                    break;
                                } else {
                                    return false;
                                }
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + unwrap.getStatus());
                        }
                    } catch (SSLException e2) {
                        LOG.warn(e2, e2);
                        this.sslEngine.closeOutbound();
                        throw e2;
                    }
                case 2:
                    this.serverNetBuffer.clear();
                    try {
                        SSLEngineResult wrap = this.sslEngine.wrap(allocate, this.serverNetBuffer);
                        handshakeStatus = wrap.getHandshakeStatus();
                        switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$Status[wrap.getStatus().ordinal()]) {
                            case 1:
                                this.serverNetBuffer.flip();
                                while (this.serverNetBuffer.hasRemaining()) {
                                    this.socketChannel.write(this.serverNetBuffer);
                                }
                                start.reset();
                                break;
                            case 2:
                                this.serverNetBuffer = enlargePacketBuffer(this.serverNetBuffer);
                                break;
                            case 3:
                                throw new SSLException("Buffer overflow occurred after a wrap.");
                            case 4:
                                try {
                                    this.serverNetBuffer.flip();
                                    while (this.serverNetBuffer.hasRemaining()) {
                                        this.socketChannel.write(this.serverNetBuffer);
                                    }
                                    start.reset();
                                    this.clientNetBuffer.clear();
                                    break;
                                } catch (Exception e3) {
                                    LOG.warn(e3, e3);
                                    throw e3;
                                }
                            default:
                                throw new IllegalStateException("Invalid SSL status: " + wrap.getStatus());
                        }
                    } catch (SSLException e4) {
                        LOG.warn(e4, e4);
                        this.sslEngine.closeOutbound();
                        throw e4;
                    }
                case 3:
                    while (true) {
                        Runnable delegatedTask = this.sslEngine.getDelegatedTask();
                        if (delegatedTask == null) {
                            handshakeStatus = this.sslEngine.getHandshakeStatus();
                            break;
                        } else {
                            this.exec.execute(delegatedTask);
                        }
                    }
                case 4:
                case 5:
                    break;
                default:
                    throw new IllegalStateException("Invalid SSL status: " + handshakeStatus);
            }
        }
        return true;
    }

    @Override // org.apache.hadoop.ipc.RpcSSLEngine
    public void close() throws IOException {
        doHandshake();
        if (this.exec != null) {
            try {
                this.exec.shutdown();
                if (!this.exec.awaitTermination(20L, TimeUnit.MILLISECONDS)) {
                    this.exec.shutdownNow();
                }
            } catch (InterruptedException e) {
                this.exec.shutdownNow();
            }
        }
    }

    @Override // org.apache.hadoop.ipc.RpcSSLEngine
    public abstract int write(WritableByteChannel writableByteChannel, ByteBuffer byteBuffer) throws IOException;

    @Override // org.apache.hadoop.ipc.RpcSSLEngine
    public abstract int read(ReadableByteChannel readableByteChannel, ByteBuffer byteBuffer, Server.Connection connection) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public ByteBuffer enlargeApplicationBuffer(ByteBuffer byteBuffer) {
        return enlargeBuffer(byteBuffer, this.sslEngine.getSession().getApplicationBufferSize());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ByteBuffer enlargePacketBuffer(ByteBuffer byteBuffer) {
        return enlargeBuffer(byteBuffer, this.sslEngine.getSession().getPacketBufferSize());
    }

    protected ByteBuffer handleBufferUnderflow(ByteBuffer byteBuffer) {
        if (this.sslEngine.getSession().getPacketBufferSize() < byteBuffer.limit()) {
            return byteBuffer;
        }
        ByteBuffer enlargePacketBuffer = enlargePacketBuffer(byteBuffer);
        byteBuffer.flip();
        enlargePacketBuffer.put(byteBuffer);
        return enlargePacketBuffer;
    }

    private ByteBuffer enlargeBuffer(ByteBuffer byteBuffer, int i) {
        return i > byteBuffer.capacity() ? ByteBuffer.allocate(i) : ByteBuffer.allocate(byteBuffer.capacity() * 2);
    }
}
