package net.jini.jeri.ssl;

import com.sun.jini.action.GetLongAction;
import com.sun.jini.logging.Levels;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketException;
import java.nio.channels.SocketChannel;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.x500.X500Principal;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.io.UnsupportedConstraintException;
import net.jini.jeri.connection.Connection;
import net.jini.jeri.connection.OutboundRequestHandle;
import net.jini.jeri.ssl.Utilities;
import net.jini.security.Security;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jini/jeri/ssl/SslConnection.class */
public class SslConnection extends Utilities implements Connection {
    private static long maxClientSessionDuration;
    private static final Logger logger;
    final String serverHost;
    final int port;
    final SocketFactory socketFactory;
    final CallContext callContext;
    private final SSLContext sslContext;
    final SSLSocketFactory sslSocketFactory;
    private final ClientAuthManager authManager;
    SSLSocket sslSocket;
    private String activeCipherSuite;
    private SSLSession session;
    boolean closed;
    static Class class$net$jini$jeri$ssl$SslConnection;
    static final boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslConnection(CallContext callContext, String str, int i, SocketFactory socketFactory) {
        this.serverHost = str;
        this.port = i;
        this.socketFactory = socketFactory;
        if (callContext == null) {
            throw new NullPointerException("Call context cannot be null");
        }
        this.callContext = callContext;
        Utilities.SSLContextInfo clientSSLContextInfo = Utilities.getClientSSLContextInfo(callContext);
        this.sslContext = clientSSLContextInfo.sslContext;
        this.sslSocketFactory = this.sslContext.getSocketFactory();
        this.authManager = (ClientAuthManager) clientSSLContextInfo.authManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void establishCallContext() throws IOException {
        Throwable th;
        Class cls;
        try {
            establishNewSocket();
        } catch (SecurityException e) {
            th = e;
        } catch (SSLProtocolException e2) {
            th = e2;
        } catch (SSLException e3) {
            th = new UnsupportedConstraintException(e3.getMessage(), e3);
        } catch (IOException e4) {
            th = e4;
        }
        if (!this.callContext.clientAuthRequired || this.authManager.getClientAuthenticated()) {
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "new connection for {0}\ncreates {1}", new Object[]{this.callContext, this});
                return;
            }
            return;
        }
        Throwable clientCredentialException = this.authManager.getClientCredentialException();
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            try {
                securityManager.checkPermission(Utilities.getSubjectPermission);
            } catch (SecurityException e5) {
                clientCredentialException = null;
            }
        }
        th = clientCredentialException instanceof SecurityException ? (SecurityException) clientCredentialException : new UnsupportedConstraintException("Client not authenticated", clientCredentialException);
        if (logger.isLoggable(Levels.FAILED)) {
            Logger logger2 = logger;
            Level level = Levels.FAILED;
            if (class$net$jini$jeri$ssl$SslConnection == null) {
                cls = class$("net.jini.jeri.ssl.SslConnection");
                class$net$jini$jeri$ssl$SslConnection = cls;
            } else {
                cls = class$net$jini$jeri$ssl$SslConnection;
            }
            Utilities.logThrow(logger2, level, cls, "establishCallContext", "new connection for {0}\nthrows", new Object[]{this.callContext}, th);
        }
        closeSocket();
        if (!(th instanceof IOException)) {
            throw ((SecurityException) th);
        }
        throw ((IOException) th);
    }

    private void closeSocket() {
        if (this.sslSocket != null) {
            try {
                this.sslSocket.close();
            } catch (IOException e) {
            }
            this.sslSocket = null;
            this.session = null;
            this.activeCipherSuite = null;
        }
    }

    void establishNewSocket() throws IOException {
        this.sslSocket = (SSLSocket) this.sslSocketFactory.createSocket(createPlainSocket(this.serverHost, this.port), this.serverHost, this.port, true);
        establishSuites();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void establishSuites() throws IOException {
        this.sslSocket.setEnabledCipherSuites(this.callContext.cipherSuites);
        this.sslSocket.startHandshake();
        this.session = this.sslSocket.getSession();
        this.activeCipherSuite = this.session.getCipherSuite();
        this.sslSocket.setEnableSessionCreation(false);
        Utilities.releaseClientSSLContextInfo(this.callContext, this.sslContext, this.authManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Socket createPlainSocket(String str, int i) throws IOException {
        int i2;
        Socket createSocket = this.socketFactory != null ? this.socketFactory.createSocket() : new Socket();
        try {
            createSocket.setTcpNoDelay(true);
        } catch (SocketException e) {
        }
        try {
            createSocket.setKeepAlive(true);
        } catch (SocketException e2) {
        }
        long j = this.callContext.connectionTime;
        long currentTimeMillis = System.currentTimeMillis();
        if (j == -1) {
            i2 = 0;
        } else {
            if (j < currentTimeMillis) {
                throw new IOException("Connection not made within specified time");
            }
            i2 = j - currentTimeMillis > 2147483647L ? 0 : (int) (j - currentTimeMillis);
        }
        if (!this.callContext.endpointImpl.disableSocketConnect) {
            createSocket.connect(new InetSocketAddress(str, i), i2);
        }
        return createSocket;
    }

    public String toString() {
        return new StringBuffer().append(Utilities.getClassName(this)).append("[").append(this.session == null ? "" : new StringBuffer().append(this.session).append(", ").toString()).append(this.sslSocket == null ? "???" : Integer.toString(this.sslSocket.getLocalPort())).append("=>").append(this.serverHost).append(":").append(this.port).append("]").toString();
    }

    @Override // net.jini.jeri.connection.Connection
    public InputStream getInputStream() throws IOException {
        if (this.sslSocket != null) {
            return this.sslSocket.getInputStream();
        }
        throw new IOException("No socket established");
    }

    @Override // net.jini.jeri.connection.Connection
    public OutputStream getOutputStream() throws IOException {
        if (this.sslSocket != null) {
            return this.sslSocket.getOutputStream();
        }
        throw new IOException("No socket established");
    }

    @Override // net.jini.jeri.connection.Connection
    public SocketChannel getChannel() {
        return null;
    }

    @Override // net.jini.jeri.connection.Connection
    public void populateContext(OutboundRequestHandle outboundRequestHandle, Collection collection) {
        CallContext.coerce(outboundRequestHandle, this.callContext.endpoint);
        if (collection == null) {
            throw new NullPointerException("Context cannot be null");
        }
    }

    @Override // net.jini.jeri.connection.Connection
    public InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle outboundRequestHandle) {
        return CallContext.coerce(outboundRequestHandle, this.callContext.endpoint).getUnfulfilledConstraints();
    }

    @Override // net.jini.jeri.connection.Connection
    public void writeRequestData(OutboundRequestHandle outboundRequestHandle, OutputStream outputStream) {
        CallContext.coerce(outboundRequestHandle, this.callContext.endpoint);
        if (outputStream == null) {
            throw new NullPointerException("Stream cannot be null");
        }
    }

    @Override // net.jini.jeri.connection.Connection
    public IOException readResponseData(OutboundRequestHandle outboundRequestHandle, InputStream inputStream) {
        CallContext.coerce(outboundRequestHandle, this.callContext.endpoint);
        if (inputStream == null) {
            throw new NullPointerException("Stream cannot be null");
        }
        return null;
    }

    public synchronized void close() throws IOException {
        if (this.closed) {
            return;
        }
        logger.log(Level.FINE, "closing {0}", this);
        this.closed = true;
        closeSocket();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean useFor(CallContext callContext) {
        Throwable th;
        Class cls;
        int position;
        if (!$assertionsDisabled && !this.callContext.endpoint.equals(callContext.endpoint)) {
            throw new AssertionError();
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "try {0}\nwith {1}\nfor {2}", new Object[]{this, this.callContext, callContext});
        }
        if (this.session == null) {
            logger.log(Level.FINEST, "connection {0} is not established", this);
            return false;
        }
        if (checkSessionExpired()) {
            logger.log(Level.FINE, "connection {0} session is expired", this);
            return false;
        }
        if (this.callContext.clientSubject != callContext.clientSubject) {
            logger.log(Level.FINEST, "connection has wrong subject");
            return false;
        }
        X500Principal clientPrincipal = this.authManager.getClientPrincipal();
        if (clientPrincipal == null) {
            if (callContext.clientAuthRequired) {
                logger.log(Level.FINEST, "connection has no client authentication");
                return false;
            }
        } else if (callContext.clientPrincipals != null && !callContext.clientPrincipals.contains(clientPrincipal)) {
            logger.log(Level.FINEST, "connection has wrong client principal");
            return false;
        }
        X500Principal serverPrincipal = this.authManager.getServerPrincipal();
        if (serverPrincipal != null && callContext.serverPrincipals != null && !callContext.serverPrincipals.contains(serverPrincipal)) {
            logger.log(Level.FINEST, "connection has wrong server principal");
            return false;
        }
        String[] strArr = callContext.cipherSuites;
        int position2 = Utilities.position(this.activeCipherSuite, strArr);
        if (position2 < 0) {
            logger.log(Level.FINEST, "connection has wrong suite");
            return false;
        }
        String[] strArr2 = this.callContext.cipherSuites;
        int position3 = Utilities.position(this.activeCipherSuite, strArr2);
        if (!$assertionsDisabled && position3 < 0) {
            throw new AssertionError("Couldn't find connection suite");
        }
        int i = position2;
        do {
            i--;
            if (i >= 0) {
                position = Utilities.position(strArr[i], strArr2);
                if (position < 0) {
                    break;
                }
            } else {
                if (clientPrincipal != null) {
                    try {
                        this.authManager.checkAuthentication();
                        th = null;
                    } catch (SecurityException e) {
                        th = e;
                    } catch (UnsupportedConstraintException e2) {
                        th = e2;
                    }
                    if (th != null) {
                        if (!logger.isLoggable(Level.FINEST)) {
                            return false;
                        }
                        Logger logger2 = logger;
                        Level level = Level.FINEST;
                        if (class$net$jini$jeri$ssl$SslConnection == null) {
                            cls = class$("net.jini.jeri.ssl.SslConnection");
                            class$net$jini$jeri$ssl$SslConnection = cls;
                        } else {
                            cls = class$net$jini$jeri$ssl$SslConnection;
                        }
                        Utilities.logThrow(logger2, level, cls, "useFor", "connection {0} has missing subject credentials", new Object[]{this}, th);
                        return false;
                    }
                }
                logger.log(Level.FINEST, "connection OK");
                return true;
            }
        } while (position < position3);
        logger.log(Level.FINEST, "connection did not try all better suites");
        return false;
    }

    private boolean checkSessionExpired() {
        long creationTime = this.session.getCreationTime();
        long j = creationTime + maxClientSessionDuration;
        if (j < creationTime) {
            j = Long.MAX_VALUE;
        }
        if (j > System.currentTimeMillis()) {
            return false;
        }
        this.session.invalidate();
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$jini$jeri$ssl$SslConnection == null) {
            cls = class$("net.jini.jeri.ssl.SslConnection");
            class$net$jini$jeri$ssl$SslConnection = cls;
        } else {
            cls = class$net$jini$jeri$ssl$SslConnection;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        maxClientSessionDuration = ((Long) Security.doPrivileged(new GetLongAction("com.sun.jini.jeri.ssl.maxClientSessionDuration", 84600000L))).longValue();
        logger = Utilities.clientLogger;
    }
}
