package org.openeuler.sun.security.ssl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSocket;
import org.openeuler.sun.security.ssl.SSLExtension;
import org.openeuler.sun.security.ssl.SSLHandshake;

/* loaded from: classes6.dex */
final class AlpnExtension {
    static final Charset alpnCharset;
    static final SSLStringizer alpnStringizer;
    static final HandshakeProducer chNetworkProducer;
    static final HandshakeAbsence chOnLoadAbsence;
    static final SSLExtension.ExtensionConsumer chOnLoadConsumer;
    static final HandshakeProducer eeNetworkProducer;
    static final HandshakeAbsence eeOnLoadAbsence;
    static final SSLExtension.ExtensionConsumer eeOnLoadConsumer;
    static final HandshakeProducer shNetworkProducer;
    static final HandshakeAbsence shOnLoadAbsence;
    static final SSLExtension.ExtensionConsumer shOnLoadConsumer;

    /* loaded from: classes6.dex */
    static final class AlpnSpec implements SSLExtension.SSLExtensionSpec {
        final List<String> applicationProtocols;

        private AlpnSpec(ByteBuffer byteBuffer) throws IOException {
            if (byteBuffer.remaining() < 2) {
                throw new SSLProtocolException("Invalid application_layer_protocol_negotiation: insufficient data (length=" + byteBuffer.remaining() + ")");
            }
            int m80849 = C10343.m80849(byteBuffer);
            if (m80849 < 2 || m80849 != byteBuffer.remaining()) {
                throw new SSLProtocolException("Invalid application_layer_protocol_negotiation: incorrect list length (length=" + m80849 + ")");
            }
            LinkedList linkedList = new LinkedList();
            while (byteBuffer.hasRemaining()) {
                byte[] m80851 = C10343.m80851(byteBuffer);
                if (m80851.length == 0) {
                    throw new SSLProtocolException("Invalid application_layer_protocol_negotiation extension: empty application protocol name");
                }
                linkedList.add(new String(m80851, AlpnExtension.alpnCharset));
            }
            this.applicationProtocols = Collections.unmodifiableList(linkedList);
        }

        private AlpnSpec(String[] strArr) {
            this.applicationProtocols = Collections.unmodifiableList(Arrays.asList(strArr));
        }

        public String toString() {
            return this.applicationProtocols.toString();
        }
    }

    /* loaded from: classes6.dex */
    private static final class AlpnStringizer implements SSLStringizer {
        private AlpnStringizer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLStringizer
        public String toString(ByteBuffer byteBuffer) {
            try {
                return new AlpnSpec(byteBuffer).toString();
            } catch (IOException e) {
                return e.getMessage();
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class CHAlpnAbsence implements HandshakeAbsence {
        private CHAlpnAbsence() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeAbsence
        public void absent(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            serverHandshakeContext.applicationProtocol = "";
            serverHandshakeContext.conContext.applicationProtocol = "";
        }
    }

    /* loaded from: classes6.dex */
    private static final class CHAlpnConsumer implements SSLExtension.ExtensionConsumer {
        private CHAlpnConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            SSLConfiguration sSLConfiguration = serverHandshakeContext.sslConfig;
            SSLExtension sSLExtension = SSLExtension.CH_ALPN;
            boolean z = false;
            if (!sSLConfiguration.isAvailable(sSLExtension)) {
                serverHandshakeContext.applicationProtocol = "";
                serverHandshakeContext.conContext.applicationProtocol = "";
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.info("Ignore server unavailable extension: " + sSLExtension.name, new Object[0]);
                    return;
                }
                return;
            }
            TransportContext transportContext = serverHandshakeContext.conContext;
            boolean z2 = !(transportContext.transport instanceof SSLEngine) ? serverHandshakeContext.sslConfig.socketAPSelector != null : serverHandshakeContext.sslConfig.engineAPSelector != null;
            String[] strArr = serverHandshakeContext.sslConfig.applicationProtocols;
            boolean z3 = strArr == null || strArr.length == 0;
            if (z2 && z3) {
                serverHandshakeContext.applicationProtocol = "";
                transportContext.applicationProtocol = "";
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Ignore server unenabled extension: " + sSLExtension.name, new Object[0]);
                    return;
                }
                return;
            }
            try {
                AlpnSpec alpnSpec = new AlpnSpec(byteBuffer);
                if (z2) {
                    List<String> list = alpnSpec.applicationProtocols;
                    String[] strArr2 = serverHandshakeContext.sslConfig.applicationProtocols;
                    int length = strArr2.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String str = strArr2[i];
                        if (list.contains(str)) {
                            serverHandshakeContext.applicationProtocol = str;
                            serverHandshakeContext.conContext.applicationProtocol = str;
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z) {
                        throw serverHandshakeContext.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL, "No matching application layer protocol values");
                    }
                }
                serverHandshakeContext.handshakeExtensions.put(SSLExtension.CH_ALPN, alpnSpec);
            } catch (IOException e) {
                throw serverHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, e);
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class CHAlpnProducer implements HandshakeProducer {
        static final int MAX_AP_LENGTH = 255;
        static final int MAX_AP_LIST_LENGTH = 65535;

        private CHAlpnProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            SSLConfiguration sSLConfiguration = clientHandshakeContext.sslConfig;
            SSLExtension sSLExtension = SSLExtension.CH_ALPN;
            if (!sSLConfiguration.isAvailable(sSLExtension)) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.info("Ignore client unavailable extension: " + sSLExtension.name, new Object[0]);
                }
                clientHandshakeContext.applicationProtocol = "";
                clientHandshakeContext.conContext.applicationProtocol = "";
                return null;
            }
            String[] strArr = clientHandshakeContext.sslConfig.applicationProtocols;
            if (strArr == null || strArr.length == 0) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.info("No available application protocols", new Object[0]);
                }
                return null;
            }
            int i = 0;
            for (String str : strArr) {
                int length = str.getBytes(AlpnExtension.alpnCharset).length;
                if (length == 0) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.severe("Application protocol name cannot be empty", new Object[0]);
                    }
                    throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Application protocol name cannot be empty");
                }
                if (length > 255) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.severe("Application protocol name (" + str + ") exceeds the size limit (255 bytes)", new Object[0]);
                    }
                    throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Application protocol name (" + str + ") exceeds the size limit (255 bytes)");
                }
                i += length + 1;
                if (i > 65535) {
                    if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                        SSLLogger.severe("The configured application protocols (" + Arrays.toString(strArr) + ") exceed the size limit (65535 bytes)", new Object[0]);
                    }
                    throw clientHandshakeContext.conContext.fatal(Alert.ILLEGAL_PARAMETER, "The configured application protocols (" + Arrays.toString(strArr) + ") exceed the size limit (65535 bytes)");
                }
            }
            byte[] bArr = new byte[i + 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            C10343.m80852(wrap, i);
            for (String str2 : strArr) {
                C10343.m80846(wrap, str2.getBytes(AlpnExtension.alpnCharset));
            }
            clientHandshakeContext.handshakeExtensions.put(SSLExtension.CH_ALPN, new AlpnSpec(clientHandshakeContext.sslConfig.applicationProtocols));
            return bArr;
        }
    }

    /* loaded from: classes6.dex */
    private static final class SHAlpnAbsence implements HandshakeAbsence {
        private SHAlpnAbsence() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeAbsence
        public void absent(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            clientHandshakeContext.applicationProtocol = "";
            clientHandshakeContext.conContext.applicationProtocol = "";
        }
    }

    /* loaded from: classes6.dex */
    private static final class SHAlpnConsumer implements SSLExtension.ExtensionConsumer {
        private SHAlpnConsumer() {
        }

        @Override // org.openeuler.sun.security.ssl.SSLExtension.ExtensionConsumer
        public void consume(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage, ByteBuffer byteBuffer) throws IOException {
            List<String> list;
            ClientHandshakeContext clientHandshakeContext = (ClientHandshakeContext) connectionContext;
            Map<SSLExtension, SSLExtension.SSLExtensionSpec> map = clientHandshakeContext.handshakeExtensions;
            SSLExtension sSLExtension = SSLExtension.CH_ALPN;
            AlpnSpec alpnSpec = (AlpnSpec) map.get(sSLExtension);
            if (alpnSpec == null || (list = alpnSpec.applicationProtocols) == null || list.isEmpty()) {
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Unexpected " + sSLExtension.name + " extension");
            }
            try {
                AlpnSpec alpnSpec2 = new AlpnSpec(byteBuffer);
                if (alpnSpec2.applicationProtocols.size() != 1) {
                    throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Invalid " + sSLExtension.name + " extension: Only one application protocol name is allowed in ServerHello message");
                }
                if (alpnSpec.applicationProtocols.containsAll(alpnSpec2.applicationProtocols)) {
                    String str = alpnSpec2.applicationProtocols.get(0);
                    clientHandshakeContext.applicationProtocol = str;
                    clientHandshakeContext.conContext.applicationProtocol = str;
                    clientHandshakeContext.handshakeExtensions.remove(sSLExtension);
                    return;
                }
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Invalid " + sSLExtension.name + " extension: Only client specified application protocol is allowed in ServerHello message");
            } catch (IOException e) {
                throw clientHandshakeContext.conContext.fatal(Alert.UNEXPECTED_MESSAGE, e);
            }
        }
    }

    /* loaded from: classes6.dex */
    private static final class SHAlpnProducer implements HandshakeProducer {
        private SHAlpnProducer() {
        }

        @Override // org.openeuler.sun.security.ssl.HandshakeProducer
        public byte[] produce(ConnectionContext connectionContext, SSLHandshake.HandshakeMessage handshakeMessage) throws IOException {
            ServerHandshakeContext serverHandshakeContext = (ServerHandshakeContext) connectionContext;
            Map<SSLExtension, SSLExtension.SSLExtensionSpec> map = serverHandshakeContext.handshakeExtensions;
            SSLExtension sSLExtension = SSLExtension.CH_ALPN;
            AlpnSpec alpnSpec = (AlpnSpec) map.get(sSLExtension);
            if (alpnSpec == null) {
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.fine("Ignore unavailable extension: " + SSLExtension.SH_ALPN.name, new Object[0]);
                }
                serverHandshakeContext.applicationProtocol = "";
                serverHandshakeContext.conContext.applicationProtocol = "";
                return null;
            }
            List<String> list = alpnSpec.applicationProtocols;
            Object obj = serverHandshakeContext.conContext.transport;
            if (obj instanceof SSLEngine) {
                BiFunction<SSLEngine, List<String>, String> biFunction = serverHandshakeContext.sslConfig.engineAPSelector;
                if (biFunction != null) {
                    String apply = biFunction.apply((SSLEngine) obj, list);
                    serverHandshakeContext.applicationProtocol = apply;
                    if (apply == null || (!apply.isEmpty() && !list.contains(serverHandshakeContext.applicationProtocol))) {
                        throw serverHandshakeContext.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL, "No matching application layer protocol values");
                    }
                }
            } else {
                BiFunction<SSLSocket, List<String>, String> biFunction2 = serverHandshakeContext.sslConfig.socketAPSelector;
                if (biFunction2 != null) {
                    String apply2 = biFunction2.apply((SSLSocket) obj, list);
                    serverHandshakeContext.applicationProtocol = apply2;
                    if (apply2 == null || (!apply2.isEmpty() && !list.contains(serverHandshakeContext.applicationProtocol))) {
                        throw serverHandshakeContext.conContext.fatal(Alert.NO_APPLICATION_PROTOCOL, "No matching application layer protocol values");
                    }
                }
            }
            String str = serverHandshakeContext.applicationProtocol;
            if (str == null || str.isEmpty()) {
                serverHandshakeContext.applicationProtocol = "";
                serverHandshakeContext.conContext.applicationProtocol = "";
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
                    SSLLogger.warning("Ignore, no negotiated application layer protocol", new Object[0]);
                }
                return null;
            }
            byte[] bytes = serverHandshakeContext.applicationProtocol.getBytes(AlpnExtension.alpnCharset);
            int length = bytes.length + 1;
            byte[] bArr = new byte[length + 2];
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            C10343.m80852(wrap, length);
            C10343.m80846(wrap, bytes);
            serverHandshakeContext.conContext.applicationProtocol = serverHandshakeContext.applicationProtocol;
            serverHandshakeContext.handshakeExtensions.remove(sSLExtension);
            return bArr;
        }
    }

    static {
        chNetworkProducer = new CHAlpnProducer();
        chOnLoadConsumer = new CHAlpnConsumer();
        chOnLoadAbsence = new CHAlpnAbsence();
        shNetworkProducer = new SHAlpnProducer();
        shOnLoadConsumer = new SHAlpnConsumer();
        shOnLoadAbsence = new SHAlpnAbsence();
        eeNetworkProducer = new SHAlpnProducer();
        eeOnLoadConsumer = new SHAlpnConsumer();
        eeOnLoadAbsence = new SHAlpnAbsence();
        alpnStringizer = new AlpnStringizer();
        String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: org.openeuler.sun.security.ssl.鼾觛项塘灅荩钭蘸烞愯堣
            @Override // java.security.PrivilegedAction
            public final Object run() {
                String property;
                property = Security.getProperty("jdk.tls.alpnCharset");
                return property;
            }
        });
        if (str == null || str.length() == 0) {
            str = "ISO_8859_1";
        }
        alpnCharset = Charset.forName(str);
    }

    AlpnExtension() {
    }
}
