package sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AlgorithmConstraints;
import java.security.GeneralSecurityException;
import javax.crypto.BadPaddingException;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:assets/data1:openjdk/lib/jsse.jar:sun/security/ssl/SSLEngineImpl.class */
public final class SSLEngineImpl extends SSLEngine {
    private int connectionState;
    private static final int cs_START = 0;
    private static final int cs_HANDSHAKE = 1;
    private static final int cs_DATA = 2;
    private static final int cs_RENEGOTIATE = 3;
    private static final int cs_ERROR = 4;
    private static final int cs_CLOSED = 6;
    private boolean inboundDone;
    EngineWriter writer;
    private SSLContextImpl sslContext;
    private Handshaker handshaker;
    private SSLSessionImpl sess;
    private volatile SSLSessionImpl handshakeSession;
    static final byte clauth_none = 0;
    static final byte clauth_requested = 1;
    static final byte clauth_required = 2;
    private boolean expectingFinished;
    private boolean recvCN;
    private SSLException closeReason;
    private byte doClientAuth;
    private boolean enableSessionCreation;
    EngineInputRecord inputRecord;
    EngineOutputRecord outputRecord;
    private AccessControlContext acc;
    private CipherSuiteList enabledCipherSuites;
    private String identificationProtocol;
    private AlgorithmConstraints algorithmConstraints;
    private boolean serverModeSet;
    private boolean roleIsServer;
    private ProtocolList enabledProtocols;
    private ProtocolVersion protocolVersion;
    private MAC readMAC;
    private MAC writeMAC;
    private CipherBox readCipher;
    private CipherBox writeCipher;
    private boolean secureRenegotiation;
    private byte[] clientVerifyData;
    private byte[] serverVerifyData;
    private Object wrapLock;
    private Object unwrapLock;
    Object writeLock;
    private boolean isFirstAppOutputRecord;
    private static final Debug debug;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngineImpl(SSLContextImpl sSLContextImpl) {
        this.inboundDone = false;
        this.enableSessionCreation = true;
        this.identificationProtocol = null;
        this.algorithmConstraints = null;
        this.serverModeSet = false;
        this.protocolVersion = ProtocolVersion.DEFAULT;
        this.isFirstAppOutputRecord = true;
        init(sSLContextImpl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLEngineImpl(SSLContextImpl sSLContextImpl, String str, int i) {
        super(str, i);
        this.inboundDone = false;
        this.enableSessionCreation = true;
        this.identificationProtocol = null;
        this.algorithmConstraints = null;
        this.serverModeSet = false;
        this.protocolVersion = ProtocolVersion.DEFAULT;
        this.isFirstAppOutputRecord = true;
        init(sSLContextImpl);
    }

    private void init(SSLContextImpl sSLContextImpl) {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println("Using SSLEngineImpl.");
        }
        this.sslContext = sSLContextImpl;
        this.sess = SSLSessionImpl.nullSession;
        this.handshakeSession = null;
        this.roleIsServer = true;
        this.connectionState = 0;
        this.readCipher = CipherBox.NULL;
        this.readMAC = MAC.NULL;
        this.writeCipher = CipherBox.NULL;
        this.writeMAC = MAC.NULL;
        this.secureRenegotiation = false;
        this.clientVerifyData = new byte[0];
        this.serverVerifyData = new byte[0];
        this.enabledCipherSuites = this.sslContext.getDefaultCipherSuiteList(this.roleIsServer);
        this.enabledProtocols = this.sslContext.getDefaultProtocolList(this.roleIsServer);
        this.wrapLock = new Object();
        this.unwrapLock = new Object();
        this.writeLock = new Object();
        this.acc = AccessController.getContext();
        this.outputRecord = new EngineOutputRecord((byte) 23, this);
        this.inputRecord = new EngineInputRecord(this);
        this.inputRecord.enableFormatChecks();
        this.writer = new EngineWriter();
    }

    private void initHandshaker() {
        switch (this.connectionState) {
            case 0:
            case 2:
                if (this.connectionState == 0) {
                    this.connectionState = 1;
                } else {
                    this.connectionState = 3;
                }
                if (this.roleIsServer) {
                    this.handshaker = new ServerHandshaker(this, this.sslContext, this.enabledProtocols, this.doClientAuth, this.protocolVersion, this.connectionState == 1, this.secureRenegotiation, this.clientVerifyData, this.serverVerifyData);
                } else {
                    this.handshaker = new ClientHandshaker(this, this.sslContext, this.enabledProtocols, this.protocolVersion, this.connectionState == 1, this.secureRenegotiation, this.clientVerifyData, this.serverVerifyData);
                }
                this.handshaker.setEnabledCipherSuites(this.enabledCipherSuites);
                this.handshaker.setEnableSessionCreation(this.enableSessionCreation);
                return;
            case 1:
            case 3:
                return;
            default:
                throw new IllegalStateException("Internal error");
        }
    }

    private SSLEngineResult.HandshakeStatus getHSStatus(SSLEngineResult.HandshakeStatus handshakeStatus) {
        if (handshakeStatus != null) {
            return handshakeStatus;
        }
        synchronized (this) {
            if (this.writer.hasOutboundData()) {
                return SSLEngineResult.HandshakeStatus.NEED_WRAP;
            }
            if (this.handshaker != null) {
                if (this.handshaker.taskOutstanding()) {
                    return SSLEngineResult.HandshakeStatus.NEED_TASK;
                }
                return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
            }
            if (this.connectionState != 6 || isInboundDone()) {
                return SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING;
            }
            return SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
        }
    }

    private synchronized void checkTaskThrown() throws SSLException {
        if (this.handshaker != null) {
            this.handshaker.checkThrown();
        }
        this.isFirstAppOutputRecord = true;
    }

    private synchronized int getConnectionState() {
        return this.connectionState;
    }

    private synchronized void setConnectionState(int i) {
        this.connectionState = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlContext getAcc() {
        return this.acc;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return getHSStatus(null);
    }

    private void changeReadCiphers() throws SSLException {
        if (this.connectionState != 1 && this.connectionState != 3) {
            throw new SSLProtocolException("State error, change cipher specs");
        }
        CipherBox cipherBox = this.readCipher;
        try {
            this.readCipher = this.handshaker.newReadCipher();
            this.readMAC = this.handshaker.newReadMAC();
            cipherBox.dispose();
        } catch (GeneralSecurityException e) {
            throw ((SSLException) new SSLException("Algorithm missing:  ").initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void changeWriteCiphers() throws SSLException {
        if (this.connectionState != 1 && this.connectionState != 3) {
            throw new SSLProtocolException("State error, change cipher specs");
        }
        CipherBox cipherBox = this.writeCipher;
        try {
            this.writeCipher = this.handshaker.newWriteCipher();
            this.writeMAC = this.handshaker.newWriteMAC();
            cipherBox.dispose();
            this.isFirstAppOutputRecord = true;
        } catch (GeneralSecurityException e) {
            throw ((SSLException) new SSLException("Algorithm missing:  ").initCause(e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setVersion(ProtocolVersion protocolVersion) {
        this.protocolVersion = protocolVersion;
        this.outputRecord.setVersion(protocolVersion);
    }

    private synchronized void kickstartHandshake() throws IOException {
        switch (this.connectionState) {
            case 0:
                if (!this.serverModeSet) {
                    throw new IllegalStateException("Client/Server mode not yet set.");
                }
                initHandshaker();
                break;
            case 1:
                break;
            case 2:
                if (!this.secureRenegotiation && !Handshaker.allowUnsafeRenegotiation) {
                    throw new SSLHandshakeException("Insecure renegotiation is not allowed");
                }
                if (!this.secureRenegotiation && debug != null && Debug.isOn("handshake")) {
                    System.out.println("Warning: Using insecure renegotiation");
                }
                initHandshaker();
                break;
                break;
            case 3:
                return;
            default:
                throw new SSLException("SSLEngine is closing/closed");
        }
        if (this.handshaker.activated()) {
            return;
        }
        if (this.connectionState == 3) {
            this.handshaker.activate(this.protocolVersion);
        } else {
            this.handshaker.activate(null);
        }
        if (this.handshaker instanceof ClientHandshaker) {
            this.handshaker.kickstart();
        } else {
            if (this.connectionState == 1) {
                return;
            }
            this.handshaker.kickstart();
            this.handshaker.handshakeHash.reset();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        try {
            kickstartHandshake();
        } catch (Exception e) {
            fatal((byte) 40, "Couldn't kickstart handshaking", e);
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        SSLEngineResult readNetRecord;
        EngineArgs engineArgs = new EngineArgs(byteBuffer, byteBufferArr, i, i2);
        try {
            try {
                synchronized (this.unwrapLock) {
                    readNetRecord = readNetRecord(engineArgs);
                }
                engineArgs.resetLim();
                return readNetRecord;
            } catch (Exception e) {
                fatal((byte) 80, "problem unwrapping net record", e);
                engineArgs.resetLim();
                return null;
            }
        } catch (Throwable th) {
            engineArgs.resetLim();
            throw th;
        }
    }

    private SSLEngineResult readNetRecord(EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        checkTaskThrown();
        if (isInboundDone()) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHSStatus(null), 0, 0);
        }
        synchronized (this) {
            if (this.connectionState == 1 || this.connectionState == 0) {
                kickstartHandshake();
                handshakeStatus = getHSStatus(null);
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
                }
            }
            if (handshakeStatus == null) {
                handshakeStatus = getHSStatus(null);
            }
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
            }
            int bytesInCompletePacket = this.inputRecord.bytesInCompletePacket(engineArgs.netData);
            if (bytesInCompletePacket > this.sess.getPacketBufferSize()) {
                if (bytesInCompletePacket > 33305) {
                    throw new SSLProtocolException("Input SSL/TLS record too big: max = 33305 len = " + bytesInCompletePacket);
                }
                this.sess.expandBufferSizes();
            }
            if (bytesInCompletePacket - 5 > engineArgs.getAppRemaining()) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus, 0, 0);
            }
            if (bytesInCompletePacket == -1 || engineArgs.netData.remaining() < bytesInCompletePacket) {
                return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, handshakeStatus, 0, 0);
            }
            try {
                return new SSLEngineResult(isInboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, getHSStatus(readRecord(engineArgs)), engineArgs.deltaNet(), engineArgs.deltaApp());
            } catch (SSLException e) {
                throw e;
            } catch (IOException e2) {
                SSLException sSLException = new SSLException("readRecord");
                sSLException.initCause(e2);
                throw sSLException;
            }
        }
    }

    private SSLEngineResult.HandshakeStatus readRecord(EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        ByteBuffer byteBuffer = null;
        ByteBuffer byteBuffer2 = null;
        if (getConnectionState() != 4) {
            try {
                byteBuffer = this.inputRecord.read(engineArgs.netData);
            } catch (IOException e) {
                fatal((byte) 10, e);
            }
            try {
                byteBuffer2 = this.inputRecord.decrypt(this.readMAC, this.readCipher, byteBuffer);
            } catch (BadPaddingException e2) {
                fatal(this.inputRecord.contentType() == 22 ? (byte) 40 : (byte) 20, e2.getMessage(), e2);
            }
            synchronized (this) {
                switch (this.inputRecord.contentType()) {
                    case 20:
                        if ((this.connectionState != 1 && this.connectionState != 3) || this.inputRecord.available() != 1 || this.inputRecord.read() != 1) {
                            fatal((byte) 10, "illegal change cipher spec msg, state = " + this.connectionState);
                        }
                        changeReadCiphers();
                        this.expectingFinished = true;
                        break;
                    case 21:
                        recvAlert();
                        break;
                    case 22:
                        initHandshaker();
                        if (!this.handshaker.activated()) {
                            if (this.connectionState == 3) {
                                this.handshaker.activate(this.protocolVersion);
                            } else {
                                this.handshaker.activate(null);
                            }
                        }
                        this.handshaker.process_record(this.inputRecord, this.expectingFinished);
                        this.expectingFinished = false;
                        if (!this.handshaker.invalidated) {
                            if (!this.handshaker.isDone()) {
                                if (this.handshaker.taskOutstanding()) {
                                    handshakeStatus = SSLEngineResult.HandshakeStatus.NEED_TASK;
                                    break;
                                }
                            } else {
                                this.secureRenegotiation = this.handshaker.isSecureRenegotiation();
                                this.clientVerifyData = this.handshaker.getClientVerifyData();
                                this.serverVerifyData = this.handshaker.getServerVerifyData();
                                this.sess = this.handshaker.getSession();
                                this.handshakeSession = null;
                                if (!this.writer.hasOutboundData()) {
                                    handshakeStatus = SSLEngineResult.HandshakeStatus.FINISHED;
                                }
                                this.handshaker = null;
                                this.connectionState = 2;
                                break;
                            }
                        } else {
                            this.handshaker = null;
                            if (this.connectionState == 3) {
                                this.connectionState = 2;
                                break;
                            }
                        }
                        break;
                    case 23:
                        if (this.connectionState != 2 && this.connectionState != 3 && this.connectionState != 6) {
                            throw new SSLProtocolException("Data received in non-data state: " + this.connectionState);
                        }
                        if (!this.expectingFinished) {
                            if (!this.inboundDone) {
                                engineArgs.scatter(byteBuffer2.slice());
                                break;
                            }
                        } else {
                            throw new SSLProtocolException("Expecting finished message, received data");
                        }
                        break;
                    default:
                        if (debug != null && Debug.isOn("ssl")) {
                            System.out.println(threadName() + ", Received record type: " + ((int) this.inputRecord.contentType()));
                            break;
                        }
                        break;
                }
                if (this.connectionState < 4 && !isInboundDone() && handshakeStatus == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && checkSequenceNumber(this.readMAC, this.inputRecord.contentType())) {
                    handshakeStatus = getHSStatus(null);
                }
            }
        }
        return handshakeStatus;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        SSLEngineResult writeAppRecord;
        EngineArgs engineArgs = new EngineArgs(byteBufferArr, i, i2, byteBuffer);
        int remaining = byteBuffer.remaining();
        EngineOutputRecord engineOutputRecord = this.outputRecord;
        if (remaining < 16921) {
            return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0);
        }
        try {
            try {
                synchronized (this.wrapLock) {
                    writeAppRecord = writeAppRecord(engineArgs);
                }
                return writeAppRecord;
            } catch (Exception e) {
                engineArgs.resetPos();
                fatal((byte) 80, "problem wrapping app data", e);
                engineArgs.resetLim();
                return null;
            }
        } finally {
            engineArgs.resetLim();
        }
    }

    private SSLEngineResult writeAppRecord(EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus writeRecord;
        SSLEngineResult.HandshakeStatus handshakeStatus = null;
        checkTaskThrown();
        if (this.writer.isOutboundDone()) {
            return new SSLEngineResult(SSLEngineResult.Status.CLOSED, getHSStatus(null), 0, 0);
        }
        synchronized (this) {
            if (this.connectionState == 1 || this.connectionState == 0) {
                kickstartHandshake();
                handshakeStatus = getHSStatus(null);
                if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                    return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
                }
            }
            if (handshakeStatus == null) {
                handshakeStatus = getHSStatus(null);
            }
            if (handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
                return new SSLEngineResult(SSLEngineResult.Status.OK, handshakeStatus, 0, 0);
            }
            try {
                synchronized (this.writeLock) {
                    writeRecord = writeRecord(this.outputRecord, engineArgs);
                }
                return new SSLEngineResult(isOutboundDone() ? SSLEngineResult.Status.CLOSED : SSLEngineResult.Status.OK, getHSStatus(writeRecord), engineArgs.deltaApp(), engineArgs.deltaNet());
            } catch (SSLException e) {
                throw e;
            } catch (IOException e2) {
                SSLException sSLException = new SSLException("Write problems");
                sSLException.initCause(e2);
                throw sSLException;
            }
        }
    }

    private SSLEngineResult.HandshakeStatus writeRecord(EngineOutputRecord engineOutputRecord, EngineArgs engineArgs) throws IOException {
        SSLEngineResult.HandshakeStatus writeRecord = this.writer.writeRecord(engineOutputRecord, engineArgs, this.writeMAC, this.writeCipher);
        if (this.isFirstAppOutputRecord && engineArgs.deltaApp() > 0) {
            this.isFirstAppOutputRecord = false;
        }
        if (this.connectionState < 4 && !isOutboundDone() && writeRecord == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING && checkSequenceNumber(this.writeMAC, engineOutputRecord.contentType())) {
            writeRecord = getHSStatus(null);
        }
        if (this.isFirstAppOutputRecord && engineArgs.deltaApp() > 0) {
            this.isFirstAppOutputRecord = false;
        }
        return writeRecord;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean needToSplitPayload(CipherBox cipherBox, ProtocolVersion protocolVersion) {
        return protocolVersion.v <= ProtocolVersion.TLS10.v && cipherBox.isCBCMode() && !this.isFirstAppOutputRecord && Record.enableCBCProtection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeRecord(EngineOutputRecord engineOutputRecord) throws IOException {
        this.writer.writeRecord(engineOutputRecord, this.writeMAC, this.writeCipher);
        if (this.connectionState >= 4 || isOutboundDone()) {
            return;
        }
        checkSequenceNumber(this.writeMAC, engineOutputRecord.contentType());
    }

    private boolean checkSequenceNumber(MAC mac, byte b) throws IOException {
        if (this.connectionState >= 4 || mac == MAC.NULL) {
            return false;
        }
        if (mac.seqNumOverflow()) {
            if (debug != null && Debug.isOn("ssl")) {
                System.out.println(threadName() + ", sequence number extremely close to overflow (2^64-1 packets). Closing connection.");
            }
            fatal((byte) 40, "sequence number overflow");
            return true;
        }
        if (b == 22 || !mac.seqNumIsHuge()) {
            return false;
        }
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", request renegotiation to avoid sequence number overflow");
        }
        beginHandshake();
        return true;
    }

    private void closeOutboundInternal() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", closeOutboundInternal()");
        }
        if (this.writer.isOutboundDone()) {
            return;
        }
        switch (this.connectionState) {
            case 0:
                this.writer.closeOutbound();
                this.inboundDone = true;
                break;
            case 4:
            case 6:
                break;
            default:
                warning((byte) 0);
                this.writer.closeOutbound();
                break;
        }
        this.writeCipher.dispose();
        this.connectionState = 6;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeOutbound() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", called closeOutbound()");
        }
        closeOutboundInternal();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        return this.writer.isOutboundDone();
    }

    private void closeInboundInternal() {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", closeInboundInternal()");
        }
        if (this.inboundDone) {
            return;
        }
        closeOutboundInternal();
        this.inboundDone = true;
        this.readCipher.dispose();
        this.connectionState = 6;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void closeInbound() throws SSLException {
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", called closeInbound()");
        }
        if (this.connectionState == 0 || this.recvCN) {
            closeInboundInternal();
        } else {
            this.recvCN = true;
            fatal((byte) 80, "Inbound closed before receiving peer's close_notify: possible truncation attack?");
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean isInboundDone() {
        return this.inboundDone;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getSession() {
        return this.sess;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLSession getHandshakeSession() {
        return this.handshakeSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setHandshakeSession(SSLSessionImpl sSLSessionImpl) {
        this.handshakeSession = sSLSessionImpl;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized Runnable getDelegatedTask() {
        if (this.handshaker != null) {
            return this.handshaker.getTask();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void warning(byte b) {
        sendAlert((byte) 1, b);
    }

    synchronized void fatal(byte b, String str) throws SSLException {
        fatal(b, str, null);
    }

    synchronized void fatal(byte b, Throwable th) throws SSLException {
        fatal(b, null, th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void fatal(byte b, String str, Throwable th) throws SSLException {
        if (str == null) {
            str = "General SSLEngine problem";
        }
        if (th == null) {
            th = Alerts.getSSLException(b, th, str);
        }
        if (this.closeReason != null) {
            if (debug != null && Debug.isOn("ssl")) {
                System.out.println(threadName() + ", fatal: engine already closed.  Rethrowing " + th.toString());
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (th instanceof SSLException) {
                throw ((SSLException) th);
            }
            if (th instanceof Exception) {
                SSLException sSLException = new SSLException("fatal SSLEngine condition");
                sSLException.initCause(th);
                throw sSLException;
            }
        }
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", fatal error: " + ((int) b) + ": " + str + "\n" + th.toString());
        }
        int i = this.connectionState;
        this.connectionState = 4;
        this.inboundDone = true;
        this.sess.invalidate();
        if (this.handshakeSession != null) {
            this.handshakeSession.invalidate();
        }
        if (i != 0) {
            sendAlert((byte) 2, b);
        }
        if (th instanceof SSLException) {
            this.closeReason = (SSLException) th;
        } else {
            this.closeReason = Alerts.getSSLException(b, th, str);
        }
        this.writer.closeOutbound();
        this.connectionState = 6;
        this.readCipher.dispose();
        this.writeCipher.dispose();
        if (!(th instanceof RuntimeException)) {
            throw this.closeReason;
        }
        throw ((RuntimeException) th);
    }

    private void recvAlert() throws IOException {
        byte read = (byte) this.inputRecord.read();
        byte read2 = (byte) this.inputRecord.read();
        if (read2 == -1) {
            fatal((byte) 47, "Short alert message");
        }
        if (debug != null && (Debug.isOn("record") || Debug.isOn("handshake"))) {
            synchronized (System.out) {
                System.out.print(threadName());
                System.out.print(", RECV " + ((Object) this.protocolVersion) + " ALERT:  ");
                if (read == 2) {
                    System.out.print("fatal, ");
                } else if (read == 1) {
                    System.out.print("warning, ");
                } else {
                    System.out.print("<level " + (255 & read) + ">, ");
                }
                System.out.println(Alerts.alertDescription(read2));
            }
        }
        if (read != 1) {
            String str = "Received fatal alert: " + Alerts.alertDescription(read2);
            if (this.closeReason == null) {
                this.closeReason = Alerts.getSSLException(read2, str);
            }
            fatal((byte) 10, str);
            return;
        }
        if (read2 != 0) {
            if (this.handshaker != null) {
                this.handshaker.handshakeAlert(read2);
            }
        } else if (this.connectionState == 1) {
            fatal((byte) 10, "Received close_notify during handshake");
        } else {
            this.recvCN = true;
            closeInboundInternal();
        }
    }

    private void sendAlert(byte b, byte b2) {
        if (this.connectionState >= 6) {
            return;
        }
        if (this.connectionState != 1 || (this.handshaker != null && this.handshaker.started())) {
            EngineOutputRecord engineOutputRecord = new EngineOutputRecord((byte) 21, this);
            engineOutputRecord.setVersion(this.protocolVersion);
            boolean z = debug != null && Debug.isOn("ssl");
            if (z) {
                synchronized (System.out) {
                    System.out.print(threadName());
                    System.out.print(", SEND " + ((Object) this.protocolVersion) + " ALERT:  ");
                    if (b == 2) {
                        System.out.print("fatal, ");
                    } else if (b == 1) {
                        System.out.print("warning, ");
                    } else {
                        System.out.print("<level = " + (255 & b) + ">, ");
                    }
                    System.out.println("description = " + Alerts.alertDescription(b2));
                }
            }
            engineOutputRecord.write(b);
            engineOutputRecord.write(b2);
            try {
                writeRecord(engineOutputRecord);
            } catch (IOException e) {
                if (z) {
                    System.out.println(threadName() + ", Exception sending alert: " + ((Object) e));
                }
            }
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnableSessionCreation(boolean z) {
        this.enableSessionCreation = z;
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnableSessionCreation(this.enableSessionCreation);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getEnableSessionCreation() {
        return this.enableSessionCreation;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setNeedClientAuth(boolean z) {
        this.doClientAuth = z ? (byte) 2 : (byte) 0;
        if (this.handshaker == null || !(this.handshaker instanceof ServerHandshaker) || this.handshaker.activated()) {
            return;
        }
        ((ServerHandshaker) this.handshaker).setClientAuth(this.doClientAuth);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getNeedClientAuth() {
        return this.doClientAuth == 2;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setWantClientAuth(boolean z) {
        this.doClientAuth = z ? (byte) 1 : (byte) 0;
        if (this.handshaker == null || !(this.handshaker instanceof ServerHandshaker) || this.handshaker.activated()) {
            return;
        }
        ((ServerHandshaker) this.handshaker).setClientAuth(this.doClientAuth);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getWantClientAuth() {
        return this.doClientAuth == 1;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setUseClientMode(boolean z) {
        switch (this.connectionState) {
            case 0:
                if (this.roleIsServer != (!z) && this.sslContext.isDefaultProtocolList(this.enabledProtocols)) {
                    this.enabledProtocols = this.sslContext.getDefaultProtocolList(!z);
                }
                this.roleIsServer = !z;
                this.serverModeSet = true;
                return;
            case 1:
                if (!$assertionsDisabled && this.handshaker == null) {
                    throw new AssertionError();
                }
                if (!this.handshaker.activated()) {
                    if (this.roleIsServer != (!z) && this.sslContext.isDefaultProtocolList(this.enabledProtocols)) {
                        this.enabledProtocols = this.sslContext.getDefaultProtocolList(!z);
                    }
                    this.roleIsServer = !z;
                    this.connectionState = 0;
                    initHandshaker();
                    return;
                }
                break;
        }
        if (debug != null && Debug.isOn("ssl")) {
            System.out.println(threadName() + ", setUseClientMode() invoked in state = " + this.connectionState);
        }
        throw new IllegalArgumentException("Cannot change mode after SSL traffic has started");
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized boolean getUseClientMode() {
        return !this.roleIsServer;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return this.sslContext.getSupportedCipherSuiteList().toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledCipherSuites(String[] strArr) {
        this.enabledCipherSuites = new CipherSuiteList(strArr);
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnabledCipherSuites(this.enabledCipherSuites);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledCipherSuites() {
        return this.enabledCipherSuites.toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return this.sslContext.getSuportedProtocolList().toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = new ProtocolList(strArr);
        if (this.handshaker == null || this.handshaker.activated()) {
            return;
        }
        this.handshaker.setEnabledProtocols(this.enabledProtocols);
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String[] getEnabledProtocols() {
        return this.enabledProtocols.toStringArray();
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = super.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm(this.identificationProtocol);
        sSLParameters.setAlgorithmConstraints(this.algorithmConstraints);
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized void setSSLParameters(SSLParameters sSLParameters) {
        super.setSSLParameters(sSLParameters);
        this.identificationProtocol = sSLParameters.getEndpointIdentificationAlgorithm();
        this.algorithmConstraints = sSLParameters.getAlgorithmConstraints();
        if (this.handshaker == null || this.handshaker.started()) {
            return;
        }
        this.handshaker.setIdentificationProtocol(this.identificationProtocol);
        this.handshaker.setAlgorithmConstraints(this.algorithmConstraints);
    }

    private static String threadName() {
        return Thread.currentThread().getName();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(80);
        sb.append(Integer.toHexString(hashCode()));
        sb.append("[");
        sb.append("SSLEngine[hostname=");
        String peerHost = getPeerHost();
        sb.append(peerHost == null ? "null" : peerHost);
        sb.append(" port=");
        sb.append(Integer.toString(getPeerPort()));
        sb.append("] ");
        sb.append(getSession().getCipherSuite());
        sb.append("]");
        return sb.toString();
    }

    static {
        $assertionsDisabled = !SSLEngineImpl.class.desiredAssertionStatus();
        debug = Debug.getInstance("ssl");
    }
}
