package net.cnri.servletcontainer;

import java.nio.ByteBuffer;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import org.eclipse.jetty.io.ssl.SslConnection;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnection;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.Callback;

/* loaded from: input_file:net/cnri/servletcontainer/TlsRenegotiationRequestorImpl.class */
public class TlsRenegotiationRequestorImpl implements TlsRenegotiationRequestor {
    private final SslConnection sslConnection;
    private final Request request;
    private final SecureRequestCustomizer secureRequestCustomizer;
    private final Connector connector;
    private final HttpConfiguration config;

    public TlsRenegotiationRequestorImpl(SslConnection sslConnection, Request request, SecureRequestCustomizer secureRequestCustomizer, Connector connector, HttpConfiguration httpConfiguration) {
        this.sslConnection = sslConnection;
        this.request = request;
        this.secureRequestCustomizer = secureRequestCustomizer;
        this.connector = connector;
        this.config = httpConfiguration;
    }

    public boolean isNeedClientAuth() {
        return this.sslConnection.getSSLEngine().getNeedClientAuth();
    }

    public boolean isRequestSupportsTlsRenegotiation() {
        return this.sslConnection.getSSLEngine().getSession().getProtocol().compareTo("TLSv1.3") < 0 && (this.sslConnection.getDecryptedEndPoint().getConnection() instanceof HttpConnection);
    }

    public void requestTlsRenegotiation(Boolean bool, long j, TimeUnit timeUnit) throws SSLException, TimeoutException {
        Throwable th;
        if (!isRequestSupportsTlsRenegotiation()) {
            throw new SSLException("Renegotiation requires using HTTP/1.1 over TLS 1.2");
        }
        SSLEngine sSLEngine = this.sslConnection.getSSLEngine();
        sSLEngine.getSession().invalidate();
        if (bool != null && !sSLEngine.getNeedClientAuth()) {
            sSLEngine.setWantClientAuth(bool.booleanValue());
        }
        sSLEngine.beginHandshake();
        try {
            waitForHandshake(null).get(j, timeUnit);
            this.request.removeAttribute("javax.servlet.request.X509Certificate");
            this.secureRequestCustomizer.customize(this.connector, this.config, this.request);
        } catch (InterruptedException e) {
            throw new SSLException("TLS renegotiation interrupted", e);
        } catch (CompletionException | ExecutionException e2) {
            Throwable th2 = e2;
            while (true) {
                th = th2;
                if (!(th instanceof CompletionException) && !(th instanceof ExecutionException)) {
                    break;
                } else {
                    th2 = th.getCause();
                }
            }
            if (th instanceof RuntimeException) {
                throw ((RuntimeException) th);
            }
            if (th instanceof Error) {
                throw ((Error) th);
            }
            if (th instanceof TimeoutException) {
                throw ((TimeoutException) th);
            }
            if (!(th instanceof SSLException)) {
                throw new SSLException("Unexpected exception in renegotiation handshake", th);
            }
            throw ((SSLException) th);
        }
    }

    private CompletableFuture<Void> waitForHandshake(Void r8) {
        if (this.sslConnection.getSSLEngine().getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) {
            return CompletableFuture.completedFuture(null);
        }
        Callback.Completable completable = new Callback.Completable();
        this.sslConnection.getDecryptedEndPoint().write(completable, new ByteBuffer[]{BufferUtil.EMPTY_BUFFER});
        return completable.thenCompose(this::waitForHandshake);
    }
}
