package io.undertow.protocols.ssl;

import io.undertow.UndertowLogger;
import java.io.ByteArrayOutputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.apache.http.cookie.ClientCookie;

/* loaded from: input_file:BOOT-INF/lib/undertow-core-2.2.4.Final.jar:io/undertow/protocols/ssl/ALPNHackSSLEngine.class */
public class ALPNHackSSLEngine extends SSLEngine {
    public static final boolean ENABLED;
    private static final Field HANDSHAKER;
    private static final Field HANDSHAKER_PROTOCOL_VERSION;
    private static final Field HANDSHAKE_HASH;
    private static final Field HANDSHAKE_HASH_VERSION;
    private static final Method HANDSHAKE_HASH_UPDATE;
    private static final Method HANDSHAKE_HASH_PROTOCOL_DETERMINED;
    private static final Field HANDSHAKE_HASH_DATA;
    private static final Field HANDSHAKE_HASH_FIN_MD;
    private static final Class<?> SSL_ENGINE_IMPL_CLASS;
    private final SSLEngine delegate;
    private boolean unwrapHelloSeen = false;
    private boolean ourHelloSent = false;
    private ALPNHackServerByteArrayOutputStream alpnHackServerByteArrayOutputStream;
    private ALPNHackClientByteArrayOutputStream ALPNHackClientByteArrayOutputStream;
    private List<String> applicationProtocols;
    private String selectedApplicationProtocol;
    private ByteBuffer bufferedWrapData;

    public ALPNHackSSLEngine(SSLEngine sSLEngine) {
        this.delegate = sSLEngine;
    }

    public static boolean isEnabled(SSLEngine sSLEngine) {
        if (ENABLED) {
            return SSL_ENGINE_IMPL_CLASS.isAssignableFrom(sSLEngine.getClass());
        }
        return false;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) throws SSLException {
        byte[] serverHello;
        if (this.bufferedWrapData != null) {
            int remaining = this.bufferedWrapData.remaining();
            byteBuffer.put(this.bufferedWrapData);
            this.bufferedWrapData = null;
            return new SSLEngineResult(SSLEngineResult.Status.OK, SSLEngineResult.HandshakeStatus.NEED_WRAP, 0, remaining);
        }
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        SSLEngineResult wrap = this.delegate.wrap(byteBufferArr, i, i2, byteBuffer);
        if (!this.ourHelloSent && wrap.bytesProduced() > 0) {
            if (this.delegate.getUseClientMode() && this.applicationProtocols != null && !this.applicationProtocols.isEmpty()) {
                this.ourHelloSent = true;
                this.ALPNHackClientByteArrayOutputStream = replaceClientByteOutput(this.delegate);
                ByteBuffer duplicate = byteBuffer.duplicate();
                duplicate.flip();
                byte[] bArr = new byte[duplicate.remaining()];
                duplicate.get(bArr);
                byte[] rewriteClientHello = ALPNHackClientHelloExplorer.rewriteClientHello(bArr, this.applicationProtocols);
                if (rewriteClientHello != null) {
                    byte[] bArr2 = new byte[rewriteClientHello.length - 5];
                    System.arraycopy(rewriteClientHello, 5, bArr2, 0, bArr2.length);
                    this.ALPNHackClientByteArrayOutputStream.setSentClientHello(bArr2);
                    byteBuffer.clear();
                    byteBuffer.put(rewriteClientHello);
                }
            } else if (!getUseClientMode() && this.selectedApplicationProtocol != null && this.alpnHackServerByteArrayOutputStream != null && (serverHello = this.alpnHackServerByteArrayOutputStream.getServerHello()) != null) {
                byteBuffer.flip();
                ByteBuffer createNewOutputRecords = ALPNHackServerHelloExplorer.createNewOutputRecords(serverHello, ALPNHackServerHelloExplorer.extractRecords(byteBuffer));
                byteBuffer.position(position);
                byteBuffer.limit(limit);
                if (createNewOutputRecords.remaining() > byteBuffer.remaining()) {
                    int limit2 = createNewOutputRecords.limit();
                    createNewOutputRecords.limit(createNewOutputRecords.position() + byteBuffer.remaining());
                    wrap = new SSLEngineResult(wrap.getStatus(), wrap.getHandshakeStatus(), wrap.bytesConsumed(), createNewOutputRecords.remaining());
                    byteBuffer.put(createNewOutputRecords);
                    createNewOutputRecords.limit(limit2);
                    this.bufferedWrapData = createNewOutputRecords;
                } else {
                    wrap = new SSLEngineResult(wrap.getStatus(), wrap.getHandshakeStatus(), wrap.bytesConsumed(), createNewOutputRecords.remaining());
                    byteBuffer.put(createNewOutputRecords);
                }
            }
        }
        if (wrap.bytesProduced() > 0) {
            this.ourHelloSent = true;
        }
        return wrap;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) throws SSLException {
        if (!this.unwrapHelloSeen) {
            if (!this.delegate.getUseClientMode() && this.applicationProtocols != null) {
                try {
                    List<String> exploreClientHello = ALPNHackClientHelloExplorer.exploreClientHello(byteBuffer.duplicate());
                    if (exploreClientHello != null) {
                        Iterator<String> it = this.applicationProtocols.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            String next = it.next();
                            if (exploreClientHello.contains(next)) {
                                this.selectedApplicationProtocol = next;
                                break;
                            }
                        }
                    }
                    this.unwrapHelloSeen = true;
                } catch (BufferUnderflowException e) {
                    return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
                }
            } else if (this.delegate.getUseClientMode() && this.ALPNHackClientByteArrayOutputStream != null) {
                if (!byteBuffer.hasRemaining()) {
                    return this.delegate.unwrap(byteBuffer, byteBufferArr, i, i2);
                }
                try {
                    ByteBuffer duplicate = byteBuffer.duplicate();
                    byte b = duplicate.get();
                    byte b2 = duplicate.get();
                    byte b3 = duplicate.get();
                    if (b == 22 && b2 == 3 && b3 == 3) {
                        List<ByteBuffer> extractRecords = ALPNHackServerHelloExplorer.extractRecords(byteBuffer.duplicate());
                        ByteBuffer byteBuffer2 = extractRecords.get(0);
                        AtomicReference atomicReference = new AtomicReference();
                        ByteBuffer duplicate2 = byteBuffer2.duplicate();
                        duplicate2.position(byteBuffer2.position() + 5);
                        ByteBuffer duplicate3 = duplicate2.duplicate();
                        byte[] removeAlpnExtensionsFromServerHello = ALPNHackServerHelloExplorer.removeAlpnExtensionsFromServerHello(duplicate2, atomicReference);
                        duplicate3.limit(duplicate2.position());
                        this.unwrapHelloSeen = true;
                        if (removeAlpnExtensionsFromServerHello != null) {
                            this.selectedApplicationProtocol = (String) atomicReference.get();
                            byte[] bArr = new byte[removeAlpnExtensionsFromServerHello.length + duplicate2.remaining()];
                            System.arraycopy(removeAlpnExtensionsFromServerHello, 0, bArr, 0, removeAlpnExtensionsFromServerHello.length);
                            duplicate2.get(bArr, removeAlpnExtensionsFromServerHello.length, duplicate2.remaining());
                            byteBuffer.position(byteBuffer.limit());
                            byte[] bArr2 = new byte[duplicate3.remaining()];
                            duplicate3.get(bArr2);
                            ByteBuffer createNewOutputRecords = ALPNHackServerHelloExplorer.createNewOutputRecords(bArr, extractRecords);
                            byteBuffer.clear();
                            byteBuffer.put(createNewOutputRecords);
                            byteBuffer.flip();
                            this.ALPNHackClientByteArrayOutputStream.setReceivedServerHello(bArr2);
                        }
                    }
                } catch (BufferUnderflowException e2) {
                    return new SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, SSLEngineResult.HandshakeStatus.NEED_UNWRAP, 0, 0);
                }
            }
        }
        SSLEngineResult unwrap = this.delegate.unwrap(byteBuffer, byteBufferArr, i, i2);
        if (!this.delegate.getUseClientMode() && this.selectedApplicationProtocol != null && this.alpnHackServerByteArrayOutputStream == null) {
            this.alpnHackServerByteArrayOutputStream = replaceServerByteOutput(this.delegate, this.selectedApplicationProtocol);
        }
        return unwrap;
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return this.delegate.getDelegatedTask();
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeInbound() throws SSLException {
        this.delegate.closeInbound();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isInboundDone() {
        return this.delegate.isInboundDone();
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeOutbound() {
        this.delegate.closeOutbound();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        return this.delegate.isOutboundDone();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return this.delegate.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        return this.delegate.getEnabledCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        this.delegate.setEnabledCipherSuites(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return this.delegate.getSupportedProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        return this.delegate.getEnabledProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        this.delegate.setEnabledProtocols(strArr);
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.delegate.getSession();
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() throws SSLException {
        this.delegate.beginHandshake();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return this.delegate.getHandshakeStatus();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        this.delegate.setUseClientMode(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.delegate.getUseClientMode();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        this.delegate.setNeedClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.delegate.getNeedClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        this.delegate.setWantClientAuth(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.delegate.getWantClientAuth();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        this.delegate.setEnableSessionCreation(z);
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return this.delegate.getEnableSessionCreation();
    }

    public void setApplicationProtocols(List<String> list) {
        this.applicationProtocols = list;
    }

    public List<String> getApplicationProtocols() {
        return this.applicationProtocols;
    }

    public String getSelectedApplicationProtocol() {
        return this.selectedApplicationProtocol;
    }

    static ALPNHackServerByteArrayOutputStream replaceServerByteOutput(SSLEngine sSLEngine, String str) {
        try {
            Object obj = HANDSHAKE_HASH.get(HANDSHAKER.get(sSLEngine));
            ALPNHackServerByteArrayOutputStream aLPNHackServerByteArrayOutputStream = new ALPNHackServerByteArrayOutputStream(sSLEngine, ((ByteArrayOutputStream) HANDSHAKE_HASH_DATA.get(obj)).toByteArray(), str);
            HANDSHAKE_HASH_DATA.set(obj, aLPNHackServerByteArrayOutputStream);
            return aLPNHackServerByteArrayOutputStream;
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.debug("Failed to replace hash output stream ", e);
            return null;
        }
    }

    static ALPNHackClientByteArrayOutputStream replaceClientByteOutput(SSLEngine sSLEngine) {
        try {
            Object obj = HANDSHAKE_HASH.get(HANDSHAKER.get(sSLEngine));
            ALPNHackClientByteArrayOutputStream aLPNHackClientByteArrayOutputStream = new ALPNHackClientByteArrayOutputStream(sSLEngine);
            HANDSHAKE_HASH_DATA.set(obj, aLPNHackClientByteArrayOutputStream);
            return aLPNHackClientByteArrayOutputStream;
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.debug("Failed to replace hash output stream ", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void regenerateHashes(SSLEngine sSLEngine, ByteArrayOutputStream byteArrayOutputStream, byte[]... bArr) {
        try {
            Object obj = HANDSHAKER.get(sSLEngine);
            Object obj2 = HANDSHAKE_HASH.get(obj);
            byteArrayOutputStream.reset();
            Object obj3 = HANDSHAKER_PROTOCOL_VERSION.get(obj);
            HANDSHAKE_HASH_VERSION.set(obj2, -1);
            HANDSHAKE_HASH_PROTOCOL_DETERMINED.invoke(obj2, obj3);
            ((MessageDigest) HANDSHAKE_HASH_FIN_MD.get(obj2)).reset();
            for (byte[] bArr2 : bArr) {
                HANDSHAKE_HASH_UPDATE.invoke(obj2, bArr2, 0, Integer.valueOf(bArr2.length));
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    static {
        Field field;
        Field field2;
        Field field3;
        Method method;
        Method method2;
        Field field4;
        Field field5;
        Field field6;
        Class<?> cls;
        boolean z = true;
        try {
            Class<?> cls2 = Class.forName("sun.security.ssl.ProtocolVersion", true, ClassLoader.getSystemClassLoader());
            cls = Class.forName("sun.security.ssl.SSLEngineImpl", true, ClassLoader.getSystemClassLoader());
            field = cls.getDeclaredField("handshaker");
            field.setAccessible(true);
            field2 = field.getType().getDeclaredField("handshakeHash");
            field2.setAccessible(true);
            field6 = field.getType().getDeclaredField("protocolVersion");
            field6.setAccessible(true);
            field3 = field2.getType().getDeclaredField(ClientCookie.VERSION_ATTR);
            field3.setAccessible(true);
            method = field2.getType().getDeclaredMethod("update", byte[].class, Integer.TYPE, Integer.TYPE);
            method.setAccessible(true);
            method2 = field2.getType().getDeclaredMethod("protocolDetermined", cls2);
            method2.setAccessible(true);
            field4 = field2.getType().getDeclaredField("data");
            field4.setAccessible(true);
            field5 = field2.getType().getDeclaredField("finMD");
            field5.setAccessible(true);
        } catch (Exception e) {
            UndertowLogger.ROOT_LOGGER.debug("JDK8 ALPN Hack failed ", e);
            z = false;
            field = null;
            field2 = null;
            field3 = null;
            method = null;
            method2 = null;
            field4 = null;
            field5 = null;
            field6 = null;
            cls = null;
        }
        ENABLED = z && !Boolean.getBoolean("io.undertow.disable-jdk8-alpn");
        HANDSHAKER = field;
        HANDSHAKE_HASH = field2;
        HANDSHAKE_HASH_PROTOCOL_DETERMINED = method2;
        HANDSHAKE_HASH_VERSION = field3;
        HANDSHAKE_HASH_UPDATE = method;
        HANDSHAKE_HASH_DATA = field4;
        HANDSHAKE_HASH_FIN_MD = field5;
        HANDSHAKER_PROTOCOL_VERSION = field6;
        SSL_ENGINE_IMPL_CLASS = cls;
    }
}
