package org.jruby.ext.openssl;

import ch.qos.logback.core.CoreConstants;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.Channel;
import java.nio.channels.ClosedChannelException;
import java.nio.channels.NotYetConnectedException;
import java.nio.channels.SelectionKey;
import java.nio.channels.Selector;
import java.nio.channels.SocketChannel;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.cert.X509Certificate;
import org.jruby.Ruby;
import org.jruby.RubyBoolean;
import org.jruby.RubyClass;
import org.jruby.RubyHash;
import org.jruby.RubyIO;
import org.jruby.RubyModule;
import org.jruby.RubyNumeric;
import org.jruby.RubyObject;
import org.jruby.RubyString;
import org.jruby.anno.JRubyMethod;
import org.jruby.exceptions.RaiseException;
import org.jruby.runtime.Arity;
import org.jruby.runtime.Block;
import org.jruby.runtime.CallSite;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.Visibility;
import org.jruby.runtime.builtin.IRubyObject;
import org.jruby.runtime.callsite.FunctionalCachingCallSite;
import org.jruby.runtime.callsite.RespondToCallSite;
import org.jruby.util.ByteList;

/* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/SSLSocket.class */
public class SSLSocket extends RubyObject {
    private static final long serialVersionUID = -2084816623554406237L;
    private static final ObjectAllocator ALLOCATOR = new ObjectAllocator() { // from class: org.jruby.ext.openssl.SSLSocket.1
        @Override // org.jruby.runtime.ObjectAllocator
        public IRubyObject allocate(Ruby ruby, RubyClass rubyClass) {
            return new SSLSocket(ruby, rubyClass);
        }
    };
    private SSLContext sslContext;
    private SSLEngine engine;
    private RubyIO io;
    private ByteBuffer peerAppData;
    private ByteBuffer peerNetData;
    private ByteBuffer netData;
    private ByteBuffer dummy;
    private boolean initialHandshake;
    private SSLEngineResult.HandshakeStatus handshakeStatus;
    private SSLEngineResult.Status status;
    int verifyResult;
    private static final int READ_WOULD_BLOCK_RESULT = -2147483647;
    private static final int WRITE_WOULD_BLOCK_RESULT = -2147483646;
    private transient SSLSession session;
    private transient SSLSession setSession;
    private transient SocketChannelImpl socketChannel;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.jruby.ext.openssl.SSLSocket$3, reason: invalid class name */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/SSLSocket$3.class */
    public static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.FINISHED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/SSLSocket$CallSiteIndex.class */
    public enum CallSiteIndex {
        _respond_to_nonblock_w("nonblock="),
        nonblock_w("nonblock="),
        sync("sync"),
        sync_w("sync="),
        flush("flush"),
        verify_mode("verify_mode");

        final String method;

        CallSiteIndex(String str) {
            this.method = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/SSLSocket$JavaSocketChannel.class */
    public static final class JavaSocketChannel implements SocketChannelImpl {
        private final SocketChannel channel;

        JavaSocketChannel(SocketChannel socketChannel) {
            this.channel = socketChannel;
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public boolean isOpen() {
            return this.channel.isOpen();
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public int read(ByteBuffer byteBuffer) throws IOException {
            return this.channel.read(byteBuffer);
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public int write(ByteBuffer byteBuffer) throws IOException {
            return this.channel.write(byteBuffer);
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public int getRemotePort() {
            return this.channel.socket().getPort();
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public boolean isSelectable() {
            return true;
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public boolean isBlocking() {
            return this.channel.isBlocking();
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public void configureBlocking(boolean z) throws IOException {
            this.channel.configureBlocking(z);
        }

        @Override // org.jruby.ext.openssl.SSLSocket.SocketChannelImpl
        public SelectionKey register(Selector selector, int i) throws ClosedChannelException {
            return this.channel.register(selector, i);
        }

        public boolean selectionOpsReadable(int i) {
            return (i & 1) != 0;
        }

        public boolean selectionOpsWritable(int i) {
            return (i & 4) != 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/jruby.home/lib/ruby/stdlib/jopenssl.jar:org/jruby/ext/openssl/SSLSocket$SocketChannelImpl.class */
    public interface SocketChannelImpl {
        boolean isOpen();

        int read(ByteBuffer byteBuffer) throws IOException;

        int write(ByteBuffer byteBuffer) throws IOException;

        int getRemotePort();

        boolean isSelectable();

        boolean isBlocking();

        void configureBlocking(boolean z) throws IOException;

        SelectionKey register(Selector selector, int i) throws IOException;
    }

    public static void createSSLSocket(Ruby ruby, RubyModule rubyModule) {
        CallSiteIndex[] values = CallSiteIndex.values();
        CallSite[] callSiteArr = new CallSite[values.length];
        for (int i = 0; i < values.length; i++) {
            if (values[i].name().startsWith("_respond_to")) {
                callSiteArr[i] = new RespondToCallSite();
            } else {
                callSiteArr[i] = new FunctionalCachingCallSite(values[i].method);
            }
        }
        RubyClass defineClassUnder = ruby.defineClassUnder("SSLSocket", ruby.getObject(), ALLOCATOR, rubyModule, callSiteArr);
        ThreadContext currentContext = ruby.getCurrentContext();
        defineClassUnder.addReadWriteAttribute(currentContext, "sync_close");
        defineClassUnder.addReadWriteAttribute(currentContext, "hostname");
        defineClassUnder.defineAnnotatedMethods(SSLSocket.class);
        defineClassUnder.undefineMethod("dup");
    }

    public SSLSocket(Ruby ruby, RubyClass rubyClass) {
        super(ruby, rubyClass);
        this.initialHandshake = false;
        this.verifyResult = 0;
        this.setSession = null;
    }

    private static RaiseException newSSLError(Ruby ruby, Exception exc) {
        return SSL.newSSLError(ruby, exc);
    }

    private static RaiseException newSSLError(Ruby ruby, String str) {
        return SSL.newSSLError(ruby, str);
    }

    private static RaiseException newSSLErrorFromHandshake(Ruby ruby, SSLHandshakeException sSLHandshakeException) {
        Exception exc;
        Exception exc2 = sSLHandshakeException;
        while (true) {
            exc = exc2;
            if (exc.getCause() == null || !(exc instanceof SSLHandshakeException)) {
                break;
            }
            exc2 = (Exception) exc.getCause();
        }
        return SSL.newSSLError(ruby, exc);
    }

    private static CallSite callSite(CallSite[] callSiteArr, CallSiteIndex callSiteIndex) {
        return callSiteArr[callSiteIndex.ordinal()];
    }

    @JRubyMethod(name = {"initialize"}, rest = true, frame = true, visibility = Visibility.PRIVATE)
    public IRubyObject initialize(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        Ruby ruby = threadContext.runtime;
        if (Arity.checkArgumentCount(ruby, iRubyObjectArr, 1, 2) == 1) {
            this.sslContext = new SSLContext(ruby).initializeImpl();
        } else {
            this.sslContext = (SSLContext) iRubyObjectArr[1];
        }
        if (!(iRubyObjectArr[0] instanceof RubyIO)) {
            throw ruby.newTypeError("IO expected but got " + iRubyObjectArr[0].getMetaClass().getName());
        }
        setInstanceVariable("@context", this.sslContext);
        RubyIO rubyIO = (RubyIO) iRubyObjectArr[0];
        this.io = rubyIO;
        setInstanceVariable("@io", rubyIO);
        set_io_nonblock_checked(threadContext, ruby.getTrue());
        set_sync(threadContext, ruby.getTrue());
        setInstanceVariable("@sync_close", ruby.getFalse());
        this.sslContext.setup(threadContext);
        return Utils.invokeSuper(threadContext, this, iRubyObjectArr, Block.NULL_BLOCK);
    }

    private IRubyObject set_io_nonblock_checked(ThreadContext threadContext, RubyBoolean rubyBoolean) {
        CallSite[] extraCallSites = getMetaClass().getExtraCallSites();
        return extraCallSites == null ? fallback_set_io_nonblock_checked(threadContext, rubyBoolean) : callSite(extraCallSites, CallSiteIndex._respond_to_nonblock_w).call(threadContext, this.io, this.io, threadContext.runtime.newSymbol("nonblock=")).isTrue() ? callSite(extraCallSites, CallSiteIndex.nonblock_w).call(threadContext, this.io, this.io, rubyBoolean) : threadContext.nil;
    }

    private IRubyObject fallback_set_io_nonblock_checked(ThreadContext threadContext, RubyBoolean rubyBoolean) {
        return this.io.respondsTo("nonblock=") ? this.io.callMethod(threadContext, "nonblock=", rubyBoolean) : threadContext.nil;
    }

    private SSLEngine ossl_ssl_setup(ThreadContext threadContext) {
        SSLEngine sSLEngine = this.engine;
        if (sSLEngine != null) {
            return sSLEngine;
        }
        IRubyObject instanceVariable = getInstanceVariable("@hostname");
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine(instanceVariable == null ? null : instanceVariable.toString(), socketChannelImpl().getRemotePort());
        javax.net.ssl.SSLSession session = createSSLEngine.getSession();
        this.peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
        this.peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());
        this.netData = ByteBuffer.allocate(session.getPacketBufferSize());
        this.peerNetData.limit(0);
        this.peerAppData.limit(0);
        this.netData.limit(0);
        this.dummy = ByteBuffer.allocate(0);
        this.engine = createSSLEngine;
        copySessionSetupIfSet(threadContext);
        return createSSLEngine;
    }

    @JRubyMethod(name = {"io"}, alias = {"to_io"})
    public final RubyIO io() {
        return this.io;
    }

    @JRubyMethod(name = {CoreConstants.CONTEXT_SCOPE_VALUE})
    public final SSLContext context() {
        return this.sslContext;
    }

    @JRubyMethod(name = {"sync"})
    public IRubyObject sync(ThreadContext threadContext) {
        CallSite[] extraCallSites = getMetaClass().getExtraCallSites();
        return extraCallSites == null ? fallback_sync(threadContext) : callSite(extraCallSites, CallSiteIndex.sync).call(threadContext, this.io, this.io);
    }

    private IRubyObject fallback_sync(ThreadContext threadContext) {
        return this.io.callMethod(threadContext, "sync");
    }

    @JRubyMethod(name = {"sync="})
    public IRubyObject set_sync(ThreadContext threadContext, IRubyObject iRubyObject) {
        CallSite[] extraCallSites = getMetaClass().getExtraCallSites();
        return extraCallSites == null ? fallback_set_sync(threadContext, iRubyObject) : callSite(extraCallSites, CallSiteIndex.sync_w).call(threadContext, this.io, this.io, iRubyObject);
    }

    private IRubyObject fallback_set_sync(ThreadContext threadContext, IRubyObject iRubyObject) {
        return this.io.callMethod(threadContext, "sync=", iRubyObject);
    }

    @JRubyMethod
    public IRubyObject connect(ThreadContext threadContext) {
        return connectImpl(threadContext, true, true);
    }

    @JRubyMethod
    public IRubyObject connect_nonblock(ThreadContext threadContext) {
        return connectImpl(threadContext, false, true);
    }

    @JRubyMethod
    public IRubyObject connect_nonblock(ThreadContext threadContext, IRubyObject iRubyObject) {
        return connectImpl(threadContext, false, getExceptionOpt(threadContext, iRubyObject));
    }

    private IRubyObject connectImpl(ThreadContext threadContext, boolean z, boolean z2) {
        if (!this.sslContext.isProtocolForClient()) {
            throw newSSLError(threadContext.runtime, "called a function you should not call");
        }
        try {
            if (!this.initialHandshake) {
                SSLEngine ossl_ssl_setup = ossl_ssl_setup(threadContext);
                ossl_ssl_setup.setUseClientMode(true);
                ossl_ssl_setup.beginHandshake();
                this.handshakeStatus = ossl_ssl_setup.getHandshakeStatus();
                this.initialHandshake = true;
            }
            callRenegotiationCallback(threadContext);
            IRubyObject doHandshake = doHandshake(z, z2);
            return doHandshake != null ? doHandshake : this;
        } catch (SSLHandshakeException e) {
            forceClose();
            throw newSSLErrorFromHandshake(threadContext.runtime, e);
        } catch (IOException e2) {
            forceClose();
            throw newSSLError(threadContext.runtime, e2);
        } catch (NotYetConnectedException e3) {
            throw newErrnoEPIPEError(threadContext.runtime, "SSL_connect");
        }
    }

    private static RaiseException newErrnoEPIPEError(Ruby ruby, String str) {
        return Utils.newError(ruby, ruby.getErrno().getClass("EPIPE"), str);
    }

    @JRubyMethod
    public IRubyObject accept(ThreadContext threadContext) {
        return acceptImpl(threadContext, true, true);
    }

    @JRubyMethod
    public IRubyObject accept_nonblock(ThreadContext threadContext) {
        return acceptImpl(threadContext, false, true);
    }

    @JRubyMethod
    public IRubyObject accept_nonblock(ThreadContext threadContext, IRubyObject iRubyObject) {
        return acceptImpl(threadContext, false, getExceptionOpt(threadContext, iRubyObject));
    }

    @Deprecated
    public SSLSocket acceptCommon(ThreadContext threadContext, boolean z) {
        return (SSLSocket) acceptImpl(threadContext, z, true);
    }

    private IRubyObject acceptImpl(ThreadContext threadContext, boolean z, boolean z2) {
        if (!this.sslContext.isProtocolForServer()) {
            throw newSSLError(threadContext.runtime, "called a function you should not call");
        }
        try {
            if (!this.initialHandshake) {
                SSLEngine ossl_ssl_setup = ossl_ssl_setup(threadContext);
                ossl_ssl_setup.setUseClientMode(false);
                IRubyObject verify_mode = verify_mode(threadContext);
                if (verify_mode != threadContext.nil) {
                    int fix2int = RubyNumeric.fix2int(verify_mode);
                    if (fix2int == 0) {
                        ossl_ssl_setup.setNeedClientAuth(false);
                        ossl_ssl_setup.setWantClientAuth(false);
                    }
                    if ((fix2int & 1) != 0) {
                        ossl_ssl_setup.setWantClientAuth(true);
                    }
                    if ((fix2int & 2) != 0) {
                        ossl_ssl_setup.setNeedClientAuth(true);
                    }
                }
                ossl_ssl_setup.beginHandshake();
                this.handshakeStatus = ossl_ssl_setup.getHandshakeStatus();
                this.initialHandshake = true;
            }
            callRenegotiationCallback(threadContext);
            IRubyObject doHandshake = doHandshake(z, z2);
            return doHandshake != null ? doHandshake : this;
        } catch (RuntimeException e) {
            OpenSSL.debugStackTrace(threadContext.runtime, e);
            if ("Could not generate DH keypair".equals(e.getMessage())) {
                throw SSL.handleCouldNotGenerateDHKeyPairError(threadContext.runtime, e);
            }
            throw newSSLError(threadContext.runtime, e);
        } catch (SSLHandshakeException e2) {
            String message = e2.getMessage();
            if (e2.getCause() == null && message != null && message.contains("(protocol is disabled or cipher suites are inappropriate)")) {
                OpenSSL.debug(threadContext.runtime, this.sslContext.getProtocol() + " protocol has been deactivated and is not available by default\n see the java.security.Security property jdk.tls.disabledAlgorithms in <JRE_HOME>/lib/security/java.security file");
            } else {
                OpenSSL.debugStackTrace(threadContext.runtime, e2);
            }
            throw newSSLErrorFromHandshake(threadContext.runtime, e2);
        } catch (IOException e3) {
            OpenSSL.debugStackTrace(threadContext.runtime, e3);
            throw newSSLError(threadContext.runtime, e3);
        } catch (RaiseException e4) {
            throw e4;
        }
    }

    final IRubyObject verify_mode(ThreadContext threadContext) {
        CallSite[] extraCallSites = getMetaClass().getExtraCallSites();
        return extraCallSites == null ? fallback_verify_mode(threadContext) : callSite(extraCallSites, CallSiteIndex.verify_mode).call(threadContext, this.sslContext, this.sslContext);
    }

    private IRubyObject fallback_verify_mode(ThreadContext threadContext) {
        return this.sslContext.callMethod(threadContext, "verify_mode");
    }

    @JRubyMethod
    public IRubyObject verify_result(ThreadContext threadContext) {
        if (this.engine != null) {
            return threadContext.runtime.newFixnum(this.verifyResult);
        }
        threadContext.runtime.getWarnings().warn("SSL session is not started yet.");
        return threadContext.nil;
    }

    /* JADX WARN: Removed duplicated region for block: B:152:0x0317  */
    /* JADX WARN: Removed duplicated region for block: B:155:0x02fd A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:178:0x02c4  */
    /* JADX WARN: Removed duplicated region for block: B:181:0x02aa A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.Object waitSelect(int r9, boolean r10, boolean r11) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 808
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jruby.ext.openssl.SSLSocket.waitSelect(int, boolean, boolean):java.lang.Object");
    }

    private static void readWouldBlock(Ruby ruby, boolean z, int[] iArr) {
        if (z) {
            throw SSL.newSSLErrorWaitReadable(ruby, "read would block");
        }
        iArr[0] = READ_WOULD_BLOCK_RESULT;
    }

    private static void writeWouldBlock(Ruby ruby, boolean z, int[] iArr) {
        if (z) {
            throw SSL.newSSLErrorWaitWritable(ruby, "write would block");
        }
        iArr[0] = WRITE_WOULD_BLOCK_RESULT;
    }

    private void doHandshake(boolean z) throws IOException {
        doHandshake(z, true);
    }

    /* JADX WARN: Code restructure failed: missing block: B:44:0x00b5, code lost:
    
        if (r5.netData.hasRemaining() != false) goto L36;
     */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x00bd, code lost:
    
        if (flushData(r6) == false) goto L60;
     */
    /* JADX WARN: Code restructure failed: missing block: B:49:0x00c3, code lost:
    
        r5.netData.clear();
        r5.handshakeStatus = r5.engine.wrap(r5.dummy, r5.netData).getHandshakeStatus();
        r5.netData.flip();
        flushData(r6);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.jruby.runtime.builtin.IRubyObject doHandshake(boolean r6, boolean r7) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 279
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jruby.ext.openssl.SSLSocket.doHandshake(boolean, boolean):org.jruby.runtime.builtin.IRubyObject");
    }

    private void doTasks() {
        while (true) {
            Runnable delegatedTask = this.engine.getDelegatedTask();
            if (delegatedTask == null) {
                this.handshakeStatus = this.engine.getHandshakeStatus();
                this.verifyResult = this.sslContext.getLastVerifyResult();
                return;
            }
            delegatedTask.run();
        }
    }

    private boolean flushData(boolean z) throws IOException {
        try {
            writeToChannel(this.netData, z);
            return this.netData.hasRemaining();
        } catch (IOException e) {
            this.netData.position(this.netData.limit());
            throw e;
        }
    }

    private int writeToChannel(ByteBuffer byteBuffer, boolean z) throws IOException {
        int i = 0;
        while (byteBuffer.hasRemaining()) {
            i += socketChannelImpl().write(byteBuffer);
            if (!z) {
                break;
            }
        }
        return i;
    }

    private void finishInitialHandshake() {
        this.initialHandshake = false;
    }

    private void callRenegotiationCallback(ThreadContext threadContext) throws RaiseException {
        IRubyObject instanceVariable = this.sslContext.getInstanceVariable("@renegotiation_cb");
        if (instanceVariable == null || instanceVariable.isNil()) {
            return;
        }
        instanceVariable.callMethod(threadContext, "call", this);
    }

    public int write(ByteBuffer byteBuffer, boolean z) throws SSLException, IOException {
        if (this.initialHandshake) {
            throw new IOException("Writing not possible during handshake");
        }
        SocketChannelImpl socketChannelImpl = socketChannelImpl();
        boolean isBlocking = socketChannelImpl.isBlocking();
        if (!z) {
            socketChannelImpl.configureBlocking(false);
        }
        try {
            if (this.netData.hasRemaining()) {
                flushData(z);
            }
            this.netData.clear();
            SSLEngineResult wrap = this.engine.wrap(byteBuffer, this.netData);
            if (wrap.getStatus() == SSLEngineResult.Status.CLOSED) {
                throw getRuntime().newIOError("closed SSL engine");
            }
            this.netData.flip();
            flushData(z);
            int bytesConsumed = wrap.bytesConsumed();
            if (!z) {
                socketChannelImpl.configureBlocking(isBlocking);
            }
            return bytesConsumed;
        } catch (Throwable th) {
            if (!z) {
                socketChannelImpl.configureBlocking(isBlocking);
            }
            throw th;
        }
    }

    public int read(ByteBuffer byteBuffer, boolean z) throws IOException {
        int readAndUnwrap;
        if (this.initialHandshake) {
            return 0;
        }
        if (this.engine.isInboundDone()) {
            return -1;
        }
        if (!this.peerAppData.hasRemaining() && ((readAndUnwrap = readAndUnwrap(z)) == -1 || readAndUnwrap == 0)) {
            return readAndUnwrap;
        }
        int min = Math.min(this.peerAppData.remaining(), byteBuffer.remaining());
        this.peerAppData.get(byteBuffer.array(), byteBuffer.arrayOffset(), min);
        byteBuffer.position(byteBuffer.arrayOffset() + min);
        return min;
    }

    private int readAndUnwrap(boolean z) throws IOException {
        SSLEngineResult unwrap;
        int read = socketChannelImpl().read(this.peerNetData);
        if (read == -1 && (!this.peerNetData.hasRemaining() || this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW)) {
            closeInbound();
            return -1;
        }
        this.peerAppData.clear();
        this.peerNetData.flip();
        do {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
            if (unwrap.getStatus() != SSLEngineResult.Status.OK || unwrap.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.NEED_UNWRAP) {
                break;
            }
        } while (unwrap.bytesProduced() == 0);
        if (unwrap.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.FINISHED) {
            finishInitialHandshake();
        }
        if (this.peerAppData.position() == 0 && unwrap.getStatus() == SSLEngineResult.Status.OK && this.peerNetData.hasRemaining()) {
            unwrap = this.engine.unwrap(this.peerNetData, this.peerAppData);
        }
        this.status = unwrap.getStatus();
        this.handshakeStatus = unwrap.getHandshakeStatus();
        if (read == -1 && !this.peerNetData.hasRemaining()) {
            closeInbound();
        }
        if (this.status == SSLEngineResult.Status.CLOSED) {
            doShutdown();
            return -1;
        }
        this.peerNetData.compact();
        this.peerAppData.flip();
        if (!this.initialHandshake && (this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_TASK || this.handshakeStatus == SSLEngineResult.HandshakeStatus.NEED_WRAP || this.handshakeStatus == SSLEngineResult.HandshakeStatus.FINISHED)) {
            doHandshake(z);
        }
        return this.peerAppData.remaining();
    }

    private void closeInbound() {
        try {
            this.engine.closeInbound();
        } catch (SSLException e) {
            OpenSSL.debug(getRuntime(), "SSLSocket.closeInbound", e);
        }
    }

    private void doShutdown() throws IOException {
        if (this.engine.isOutboundDone()) {
            return;
        }
        this.netData.clear();
        try {
            this.engine.wrap(this.dummy, this.netData);
            this.netData.flip();
            flushData(true);
        } catch (RuntimeException e) {
            OpenSSL.debugStackTrace(getRuntime(), e);
        } catch (SSLException e2) {
            OpenSSL.debug(getRuntime(), "SSLSocket.doShutdown", e2);
        }
    }

    private IRubyObject sysreadImpl(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2, boolean z, boolean z2) {
        Ruby ruby = threadContext.runtime;
        int fix2int = RubyNumeric.fix2int(iRubyObject);
        RubyString newEmptyString = (iRubyObject2 == null || iRubyObject2.isNil()) ? RubyString.newEmptyString(ruby) : iRubyObject2.asString();
        if (fix2int == 0) {
            newEmptyString.clear();
            return newEmptyString;
        }
        if (fix2int < 0) {
            throw ruby.newArgumentError("negative string size (or size too big)");
        }
        try {
            if (this.engine == null || (!this.peerAppData.hasRemaining() && this.peerNetData.position() <= 0)) {
                Object waitSelect = waitSelect(1, z, z2);
                if (waitSelect instanceof IRubyObject) {
                    return (IRubyObject) waitSelect;
                }
            }
            ByteBuffer allocate = ByteBuffer.allocate(fix2int);
            int i = -1;
            while (i <= 0) {
                i = this.engine == null ? socketChannelImpl().read(allocate) : read(allocate, z);
                if (i == -1) {
                    if (z2) {
                        throw ruby.newEOFError();
                    }
                    return ruby.getNil();
                }
                if (i == 0 && this.status == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                    Object waitSelect2 = waitSelect(1, z, z2);
                    if (waitSelect2 instanceof IRubyObject) {
                        return (IRubyObject) waitSelect2;
                    }
                }
            }
            newEmptyString.setValue(new ByteList(allocate.array(), allocate.position() - i, i, false));
            return newEmptyString;
        } catch (IOException e) {
            throw ruby.newIOError(e.getMessage());
        }
    }

    @JRubyMethod
    public IRubyObject sysread(ThreadContext threadContext, IRubyObject iRubyObject) {
        return sysreadImpl(threadContext, iRubyObject, null, true, true);
    }

    @JRubyMethod
    public IRubyObject sysread(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        return sysreadImpl(threadContext, iRubyObject, iRubyObject2, true, true);
    }

    @Deprecated
    public IRubyObject sysread(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        switch (iRubyObjectArr.length) {
            case 1:
                return sysread(threadContext, iRubyObjectArr[0]);
            case 2:
                return sysread(threadContext, iRubyObjectArr[0], iRubyObjectArr[1]);
            default:
                Arity.checkArgumentCount(threadContext.runtime, iRubyObjectArr.length, 1, 2);
                return null;
        }
    }

    @JRubyMethod
    public IRubyObject sysread_nonblock(ThreadContext threadContext, IRubyObject iRubyObject) {
        return sysreadImpl(threadContext, iRubyObject, null, false, true);
    }

    @JRubyMethod
    public IRubyObject sysread_nonblock(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        return iRubyObject2 instanceof RubyHash ? sysreadImpl(threadContext, iRubyObject, null, false, getExceptionOpt(threadContext, iRubyObject2)) : sysreadImpl(threadContext, iRubyObject, iRubyObject2, false, true);
    }

    @JRubyMethod
    public IRubyObject sysread_nonblock(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2, IRubyObject iRubyObject3) {
        return sysreadImpl(threadContext, iRubyObject, iRubyObject2, false, getExceptionOpt(threadContext, iRubyObject3));
    }

    @Deprecated
    public IRubyObject sysread_nonblock(ThreadContext threadContext, IRubyObject[] iRubyObjectArr) {
        switch (iRubyObjectArr.length) {
            case 1:
                return sysread_nonblock(threadContext, iRubyObjectArr[0]);
            case 2:
                return sysread_nonblock(threadContext, iRubyObjectArr[0], iRubyObjectArr[1]);
            case 3:
                return sysread_nonblock(threadContext, iRubyObjectArr[0], iRubyObjectArr[1], iRubyObjectArr[2]);
            default:
                Arity.checkArgumentCount(threadContext.runtime, iRubyObjectArr.length, 1, 3);
                return null;
        }
    }

    private IRubyObject syswriteImpl(ThreadContext threadContext, IRubyObject iRubyObject, boolean z, boolean z2) {
        Ruby ruby = threadContext.runtime;
        try {
            checkClosed();
            Object waitSelect = waitSelect(4, z, z2);
            if (waitSelect instanceof IRubyObject) {
                return (IRubyObject) waitSelect;
            }
            ByteList byteList = iRubyObject.asString().getByteList();
            ByteBuffer wrap = ByteBuffer.wrap(byteList.getUnsafeBytes(), byteList.getBegin(), byteList.getRealSize());
            int writeToChannel = this.engine == null ? writeToChannel(wrap, z) : write(wrap, z);
            io_flush(threadContext);
            return ruby.newFixnum(writeToChannel);
        } catch (IOException e) {
            throw ruby.newIOError(e.getMessage());
        }
    }

    private IRubyObject io_flush(ThreadContext threadContext) {
        CallSite[] extraCallSites = getMetaClass().getExtraCallSites();
        return extraCallSites == null ? fallback_io_flush(threadContext) : callSite(extraCallSites, CallSiteIndex.flush).call(threadContext, this.io, this.io);
    }

    private IRubyObject fallback_io_flush(ThreadContext threadContext) {
        return this.io.callMethod(threadContext, "flush");
    }

    @JRubyMethod
    public IRubyObject syswrite(ThreadContext threadContext, IRubyObject iRubyObject) {
        return syswriteImpl(threadContext, iRubyObject, true, true);
    }

    @JRubyMethod
    public IRubyObject syswrite_nonblock(ThreadContext threadContext, IRubyObject iRubyObject) {
        return syswriteImpl(threadContext, iRubyObject, false, true);
    }

    @JRubyMethod
    public IRubyObject syswrite_nonblock(ThreadContext threadContext, IRubyObject iRubyObject, IRubyObject iRubyObject2) {
        return syswriteImpl(threadContext, iRubyObject, false, getExceptionOpt(threadContext, iRubyObject2));
    }

    private static boolean getExceptionOpt(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (!(iRubyObject instanceof RubyHash)) {
            return true;
        }
        Ruby ruby = threadContext.runtime;
        return ((RubyHash) iRubyObject).op_aref(threadContext, ruby.newSymbol("exception")) != ruby.getFalse();
    }

    private void checkClosed() {
        if (!socketChannelImpl().isOpen()) {
            throw getRuntime().newIOError(RubyIO.CLOSED_STREAM_MSG);
        }
    }

    private void forceClose() {
        close(true);
    }

    private void close(boolean z) {
        if (this.engine == null) {
            return;
        }
        this.engine.closeOutbound();
        if (z || !this.netData.hasRemaining()) {
            try {
                doShutdown();
            } catch (IOException e) {
                OpenSSL.debug(getRuntime(), "SSLSocket.close doShutdown failed", e);
            } catch (NotYetConnectedException e2) {
                OpenSSL.debug(getRuntime(), "SSLSocket.close doShutdown failed", e2);
            }
        }
    }

    @JRubyMethod
    public IRubyObject stop(ThreadContext threadContext) {
        close(this.sslContext.isProtocolForClient());
        return threadContext.nil;
    }

    @JRubyMethod
    public IRubyObject cert(ThreadContext threadContext) {
        if (this.engine == null) {
            return threadContext.nil;
        }
        try {
            Certificate[] localCertificates = this.engine.getSession().getLocalCertificates();
            return (localCertificates == null || localCertificates.length <= 0) ? threadContext.nil : X509Cert.wrap(threadContext, localCertificates[0]);
        } catch (CertificateEncodingException e) {
            throw X509Cert.newCertificateError(threadContext.runtime, e);
        }
    }

    @Deprecated
    public final IRubyObject cert() {
        return cert(getRuntime().getCurrentContext());
    }

    @JRubyMethod
    public IRubyObject peer_cert(ThreadContext threadContext) {
        if (this.engine == null) {
            return threadContext.nil;
        }
        try {
            Certificate[] peerCertificates = this.engine.getSession().getPeerCertificates();
            if (peerCertificates.length > 0) {
                return X509Cert.wrap(threadContext, peerCertificates[0]);
            }
        } catch (CertificateEncodingException e) {
            throw X509Cert.newCertificateError(threadContext.runtime, e);
        } catch (SSLPeerUnverifiedException e2) {
            if (OpenSSL.isDebug(threadContext.runtime)) {
                threadContext.runtime.getWarnings().warning(String.format("%s: %s", e2.getClass().getName(), e2.getMessage()));
            }
        }
        return threadContext.nil;
    }

    @Deprecated
    public final IRubyObject peer_cert() {
        return peer_cert(getRuntime().getCurrentContext());
    }

    @JRubyMethod
    public IRubyObject peer_cert_chain(ThreadContext threadContext) {
        Ruby ruby = threadContext.runtime;
        if (this.engine == null) {
            return ruby.getNil();
        }
        try {
            X509Certificate[] peerCertificateChain = this.engine.getSession().getPeerCertificateChain();
            IRubyObject[] iRubyObjectArr = new IRubyObject[peerCertificateChain.length];
            for (int i = 0; i < peerCertificateChain.length; i++) {
                iRubyObjectArr[i] = X509Cert.wrap(threadContext, peerCertificateChain[i]);
            }
            return ruby.newArrayNoCopy(iRubyObjectArr);
        } catch (SSLPeerUnverifiedException e) {
            if (ruby.isVerbose() || OpenSSL.isDebug(ruby)) {
                ruby.getWarnings().warning(String.format("%s: %s", e.getClass().getName(), e.getMessage()));
            }
            return ruby.getNil();
        } catch (javax.security.cert.CertificateEncodingException e2) {
            throw X509Cert.newCertificateError(getRuntime(), e2);
        }
    }

    @Deprecated
    public final IRubyObject peer_cert_chain() {
        return peer_cert_chain(getRuntime().getCurrentContext());
    }

    @JRubyMethod
    public IRubyObject cipher() {
        return this.engine == null ? getRuntime().getNil() : getRuntime().newString(this.engine.getSession().getCipherSuite());
    }

    @JRubyMethod
    public IRubyObject npn_protocol() {
        if (this.engine == null) {
            return getRuntime().getNil();
        }
        OpenSSL.warn(getRuntime().getCurrentContext(), "OpenSSL::SSL::SSLSocket#npn_protocol is not supported");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject state() {
        OpenSSL.warn(getRuntime().getCurrentContext(), "WARNING: unimplemented method called: OpenSSL::SSL::SSLSocket#state");
        return getRuntime().getNil();
    }

    @JRubyMethod
    public IRubyObject pending() {
        OpenSSL.warn(getRuntime().getCurrentContext(), "WARNING: unimplemented method called: OpenSSL::SSL::SSLSocket#pending");
        return getRuntime().getNil();
    }

    private boolean reusableSSLEngine() {
        String peerHost;
        return (this.engine == null || (peerHost = this.engine.getPeerHost()) == null || peerHost.length() <= 0) ? false : true;
    }

    @JRubyMethod(name = {"session_reused?"})
    public IRubyObject session_reused_p() {
        return (!reusableSSLEngine() || this.engine.getEnableSessionCreation()) ? getRuntime().getNil() : getRuntime().getTrue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final javax.net.ssl.SSLSession sslSession() {
        if (this.engine == null) {
            return null;
        }
        return this.engine.getSession();
    }

    @JRubyMethod(name = {"session"})
    public IRubyObject session(ThreadContext threadContext) {
        return sslSession() == null ? threadContext.nil : getSession(threadContext.runtime);
    }

    private SSLSession getSession(Ruby ruby) {
        if (this.session != null) {
            return this.session;
        }
        SSLSession initializeImpl = new SSLSession(ruby).initializeImpl(this);
        this.session = initializeImpl;
        return initializeImpl;
    }

    @JRubyMethod(name = {"session="})
    public IRubyObject set_session(ThreadContext threadContext, IRubyObject iRubyObject) {
        if (iRubyObject instanceof SSLSession) {
            this.setSession = (SSLSession) iRubyObject;
            if (this.engine != null) {
                copySessionSetupIfSet(threadContext);
            }
        }
        return threadContext.nil;
    }

    @Deprecated
    public IRubyObject set_session(IRubyObject iRubyObject) {
        return set_session(getRuntime().getCurrentContext(), iRubyObject);
    }

    private void copySessionSetupIfSet(ThreadContext threadContext) {
        if (this.setSession == null || !reusableSSLEngine()) {
            return;
        }
        this.engine.setEnableSessionCreation(false);
        if (this.setSession.equals(getSession(threadContext.runtime))) {
            return;
        }
        getSession(threadContext.runtime).set_timeout(threadContext, this.setSession.timeout(threadContext));
    }

    @JRubyMethod
    public IRubyObject ssl_version(ThreadContext threadContext) {
        return this.engine == null ? threadContext.nil : threadContext.runtime.newString(this.engine.getSession().getProtocol());
    }

    private SocketChannelImpl socketChannelImpl() {
        if (this.socketChannel != null) {
            return this.socketChannel;
        }
        Channel channel = this.io.getChannel();
        if (!(channel instanceof SocketChannel)) {
            throw new IllegalStateException("unknow channel impl: " + channel + " of type " + channel.getClass().getName());
        }
        JavaSocketChannel javaSocketChannel = new JavaSocketChannel((SocketChannel) channel);
        this.socketChannel = javaSocketChannel;
        return javaSocketChannel;
    }

    private static boolean jnrChannel(Channel channel) {
        return channel.getClass().getName().startsWith("jnr.");
    }
}
