package com.mongodb.internal.connection.tlschannel;

import com.mongodb.internal.connection.tlschannel.impl.BufferHolder;
import com.mongodb.internal.connection.tlschannel.impl.ByteBufferSet;
import com.mongodb.internal.connection.tlschannel.impl.TlsChannelImpl;
import com.mongodb.internal.connection.tlschannel.impl.TlsExplorer;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ByteChannel;
import java.nio.channels.ClosedChannelException;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel.class */
public class ServerTlsChannel implements TlsChannel {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ServerTlsChannel.class);
    private final ByteChannel underlying;
    private final SslContextStrategy sslContextStrategy;
    private final Function<SSLContext, SSLEngine> engineFactory;
    private final Consumer<SSLSession> sessionInitCallback;
    private final boolean runTasks;
    private final TrackingAllocator plainBufAllocator;
    private final TrackingAllocator encryptedBufAllocator;
    private final boolean releaseBuffers;
    private final boolean waitForCloseConfirmation;
    private final Lock initLock;
    private BufferHolder inEncrypted;
    private volatile boolean sniRead;
    private SSLContext sslContext;
    private TlsChannelImpl impl;

    /* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel$Builder.class */
    public static class Builder extends TlsChannelBuilder<Builder> {
        private final SslContextStrategy internalSslContextFactory;
        private Function<SSLContext, SSLEngine> sslEngineFactory;

        private Builder(ByteChannel byteChannel, SSLContext sSLContext) {
            super(byteChannel);
            this.sslEngineFactory = sSLContext2 -> {
                return ServerTlsChannel.defaultSSLEngineFactory(sSLContext2);
            };
            this.internalSslContextFactory = new FixedSslContextStrategy(sSLContext);
        }

        private Builder(ByteChannel byteChannel, SniSslContextFactory sniSslContextFactory) {
            super(byteChannel);
            this.sslEngineFactory = sSLContext2 -> {
                return ServerTlsChannel.defaultSSLEngineFactory(sSLContext2);
            };
            this.internalSslContextFactory = new SniSslContextStrategy(sniSslContextFactory);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // com.mongodb.internal.connection.tlschannel.TlsChannelBuilder
        public Builder getThis() {
            return this;
        }

        public Builder withEngineFactory(Function<SSLContext, SSLEngine> function) {
            this.sslEngineFactory = function;
            return this;
        }

        public ServerTlsChannel build() {
            return new ServerTlsChannel(this.underlying, this.internalSslContextFactory, this.sslEngineFactory, this.sessionInitCallback, this.runTasks, this.plainBufferAllocator, this.encryptedBufferAllocator, this.releaseBuffers, this.waitForCloseConfirmation);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel$FixedSslContextStrategy.class */
    private static class FixedSslContextStrategy implements SslContextStrategy {
        private final SSLContext sslContext;

        public FixedSslContextStrategy(SSLContext sSLContext) {
            this.sslContext = sSLContext;
        }

        @Override // com.mongodb.internal.connection.tlschannel.ServerTlsChannel.SslContextStrategy
        public SSLContext getSslContext(SslContextStrategy.SniReader sniReader) {
            return this.sslContext;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel$SniSslContextStrategy.class */
    private static class SniSslContextStrategy implements SslContextStrategy {
        private SniSslContextFactory sniSslContextFactory;

        public SniSslContextStrategy(SniSslContextFactory sniSslContextFactory) {
            this.sniSslContextFactory = sniSslContextFactory;
        }

        @Override // com.mongodb.internal.connection.tlschannel.ServerTlsChannel.SslContextStrategy
        public SSLContext getSslContext(SslContextStrategy.SniReader sniReader) throws IOException, TlsChannelImpl.EofException {
            Optional<SNIServerName> readSni = sniReader.readSni();
            try {
                return this.sniSslContextFactory.getSslContext(readSni).orElseThrow(() -> {
                    return new SSLHandshakeException("No ssl context available for received SNI: " + readSni);
                });
            } catch (Exception e) {
                ServerTlsChannel.logger.trace("client code threw exception during evaluation of server name indication", (Throwable) e);
                throw new TlsChannelCallbackException("SNI callback failed", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel$SslContextStrategy.class */
    public interface SslContextStrategy {

        @FunctionalInterface
        /* loaded from: input_file:BOOT-INF/lib/mongodb-driver-core-4.2.3.jar:com/mongodb/internal/connection/tlschannel/ServerTlsChannel$SslContextStrategy$SniReader.class */
        public interface SniReader {
            Optional<SNIServerName> readSni() throws IOException, TlsChannelImpl.EofException;
        }

        SSLContext getSslContext(SniReader sniReader) throws IOException, TlsChannelImpl.EofException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SSLEngine defaultSSLEngineFactory(SSLContext sSLContext) {
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        return createSSLEngine;
    }

    public static Builder newBuilder(ByteChannel byteChannel, SSLContext sSLContext) {
        return new Builder(byteChannel, sSLContext);
    }

    public static Builder newBuilder(ByteChannel byteChannel, SniSslContextFactory sniSslContextFactory) {
        return new Builder(byteChannel, sniSslContextFactory);
    }

    private ServerTlsChannel(ByteChannel byteChannel, SslContextStrategy sslContextStrategy, Function<SSLContext, SSLEngine> function, Consumer<SSLSession> consumer, boolean z, BufferAllocator bufferAllocator, BufferAllocator bufferAllocator2, boolean z2, boolean z3) {
        this.initLock = new ReentrantLock();
        this.sniRead = false;
        this.sslContext = null;
        this.impl = null;
        this.underlying = byteChannel;
        this.sslContextStrategy = sslContextStrategy;
        this.engineFactory = function;
        this.sessionInitCallback = consumer;
        this.runTasks = z;
        this.plainBufAllocator = new TrackingAllocator(bufferAllocator);
        this.encryptedBufAllocator = new TrackingAllocator(bufferAllocator2);
        this.releaseBuffers = z2;
        this.waitForCloseConfirmation = z3;
        this.inEncrypted = new BufferHolder("inEncrypted", Optional.empty(), bufferAllocator2, 4096, TlsChannelImpl.maxTlsPacketSize, false, z2);
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public ByteChannel getUnderlying() {
        return this.underlying;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public SSLEngine getSslEngine() {
        if (this.impl == null) {
            return null;
        }
        return this.impl.engine();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public Consumer<SSLSession> getSessionInitCallback() {
        return this.sessionInitCallback;
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public boolean getRunTasks() {
        return this.impl.getRunTasks();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public TrackingAllocator getPlainBufferAllocator() {
        return this.plainBufAllocator;
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public TrackingAllocator getEncryptedBufferAllocator() {
        return this.encryptedBufAllocator;
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.ScatteringByteChannel
    public long read(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        ByteBufferSet byteBufferSet = new ByteBufferSet(byteBufferArr, i, i2);
        TlsChannelImpl.checkReadBuffer(byteBufferSet);
        if (!this.sniRead) {
            try {
                initEngine();
            } catch (TlsChannelImpl.EofException e) {
                return -1L;
            }
        }
        return this.impl.read(byteBufferSet);
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.ScatteringByteChannel
    public long read(ByteBuffer[] byteBufferArr) throws IOException {
        return read(byteBufferArr, 0, byteBufferArr.length);
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.ReadableByteChannel
    public int read(ByteBuffer byteBuffer) throws IOException {
        return (int) read(new ByteBuffer[]{byteBuffer});
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.GatheringByteChannel
    public long write(ByteBuffer[] byteBufferArr, int i, int i2) throws IOException {
        ByteBufferSet byteBufferSet = new ByteBufferSet(byteBufferArr, i, i2);
        if (!this.sniRead) {
            try {
                initEngine();
            } catch (TlsChannelImpl.EofException e) {
                throw new ClosedChannelException();
            }
        }
        return this.impl.write(byteBufferSet);
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.GatheringByteChannel
    public long write(ByteBuffer[] byteBufferArr) throws IOException {
        return write(byteBufferArr, 0, byteBufferArr.length);
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.WritableByteChannel
    public int write(ByteBuffer byteBuffer) throws IOException {
        return (int) write(new ByteBuffer[]{byteBuffer});
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public void renegotiate() throws IOException {
        if (!this.sniRead) {
            try {
                initEngine();
            } catch (TlsChannelImpl.EofException e) {
                throw new ClosedChannelException();
            }
        }
        this.impl.renegotiate();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public void handshake() throws IOException {
        if (!this.sniRead) {
            try {
                initEngine();
            } catch (TlsChannelImpl.EofException e) {
                throw new ClosedChannelException();
            }
        }
        this.impl.handshake();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel, java.nio.channels.Channel, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.impl != null) {
            this.impl.close();
        }
        if (this.inEncrypted != null) {
            this.inEncrypted.dispose();
        }
        this.underlying.close();
    }

    @Override // java.nio.channels.Channel
    public boolean isOpen() {
        return this.underlying.isOpen();
    }

    private void initEngine() throws IOException, TlsChannelImpl.EofException {
        this.initLock.lock();
        try {
            if (!this.sniRead) {
                this.sslContext = this.sslContextStrategy.getSslContext(this::getServerNameIndication);
                try {
                    this.impl = new TlsChannelImpl(this.underlying, this.underlying, this.engineFactory.apply(this.sslContext), Optional.of(this.inEncrypted), this.sessionInitCallback, this.runTasks, this.plainBufAllocator, this.encryptedBufAllocator, this.releaseBuffers, this.waitForCloseConfirmation);
                    this.inEncrypted = null;
                    this.sniRead = true;
                } catch (Exception e) {
                    logger.trace("client threw exception in SSLEngine factory", (Throwable) e);
                    throw new TlsChannelCallbackException("SSLEngine creation callback failed", e);
                }
            }
        } finally {
            this.initLock.unlock();
        }
    }

    private Optional<SNIServerName> getServerNameIndication() throws IOException, TlsChannelImpl.EofException {
        this.inEncrypted.prepare();
        try {
            int readRecordHeaderSize = readRecordHeaderSize();
            while (this.inEncrypted.buffer.position() < readRecordHeaderSize) {
                if (!this.inEncrypted.buffer.hasRemaining()) {
                    this.inEncrypted.enlarge();
                }
                TlsChannelImpl.readFromChannel(this.underlying, this.inEncrypted.buffer);
            }
            this.inEncrypted.buffer.flip();
            Map<Integer, SNIServerName> explore = TlsExplorer.explore(this.inEncrypted.buffer);
            this.inEncrypted.buffer.compact();
            SNIServerName sNIServerName = explore.get(0);
            if (sNIServerName == null || !(sNIServerName instanceof SNIHostName)) {
                Optional<SNIServerName> empty = Optional.empty();
                this.inEncrypted.release();
                return empty;
            }
            Optional<SNIServerName> of = Optional.of((SNIHostName) sNIServerName);
            this.inEncrypted.release();
            return of;
        } catch (Throwable th) {
            this.inEncrypted.release();
            throw th;
        }
    }

    private int readRecordHeaderSize() throws IOException, TlsChannelImpl.EofException {
        while (this.inEncrypted.buffer.position() < 5) {
            if (!this.inEncrypted.buffer.hasRemaining()) {
                throw new IllegalStateException("inEncrypted too small");
            }
            TlsChannelImpl.readFromChannel(this.underlying, this.inEncrypted.buffer);
        }
        this.inEncrypted.buffer.flip();
        int requiredSize = TlsExplorer.getRequiredSize(this.inEncrypted.buffer);
        this.inEncrypted.buffer.compact();
        return requiredSize;
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public boolean shutdown() throws IOException {
        return this.impl != null && this.impl.shutdown();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public boolean shutdownReceived() {
        return this.impl != null && this.impl.shutdownReceived();
    }

    @Override // com.mongodb.internal.connection.tlschannel.TlsChannel
    public boolean shutdownSent() {
        return this.impl != null && this.impl.shutdownSent();
    }
}
