package com.ibm.ws.ssl.channel.impl;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.channel.framework.FlowType;
import com.ibm.websphere.ssl.JSSEHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ssl.JSSEProvider;
import com.ibm.ws.ssl.JSSEProviderFactory;
import com.ibm.ws.ssl.config.SSLConfig;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.tcp.channel.impl.TCPProxyResponse;
import com.ibm.ws.util.PlatformHelper;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.buffermgmt.WsByteBuffer;
import com.ibm.wsspi.channel.Channel;
import com.ibm.wsspi.channel.ConnectionLink;
import com.ibm.wsspi.channel.Discriminator;
import com.ibm.wsspi.channel.InboundChannel;
import com.ibm.wsspi.channel.OutboundChannel;
import com.ibm.wsspi.channel.OutboundProtocol;
import com.ibm.wsspi.channel.framework.ChannelData;
import com.ibm.wsspi.channel.framework.ChannelFramework;
import com.ibm.wsspi.channel.framework.DiscriminationProcess;
import com.ibm.wsspi.channel.framework.OutboundVirtualConnection;
import com.ibm.wsspi.channel.framework.VirtualConnection;
import com.ibm.wsspi.channel.framework.exception.ChannelException;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import com.ibm.wsspi.tcp.channel.TCPConnectRequestContext;
import com.ibm.wsspi.tcp.channel.TCPConnectionContext;
import java.net.InetSocketAddress;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;

/* loaded from: input_file:lib/ecc_v2r3m0f010/com.ibm.ws.webservices.thinclient_8.5.0.jar:com/ibm/ws/ssl/channel/impl/SSLChannel.class */
public class SSLChannel implements InboundChannel, OutboundChannel, Discriminator {
    private static final TraceComponent tc = Tr.register(SSLChannel.class, SSLChannelConstants.SSL_TRACE_NAME, SSLChannelConstants.SSL_BUNDLE);
    private static final String CLASS_NAME = "com.ibm.ws.ssl.channel.impl.SSLChannel";
    public static final String SSL_DISCRIMINATOR_STATE = "SSLDiscState";
    protected SSLChannelData sslConfig;
    protected SSLHandshakeErrorTracker handshakeErrorTracker;
    protected JSSEProvider jsseProvider;
    protected ChannelFramework channelFramework;
    protected boolean isZOS;
    protected boolean isZOSCR;
    private SSLChannelFactory myFactory;
    protected DiscriminationProcess discProcess = null;
    private boolean isInitialized = false;
    protected boolean XD = false;
    protected String alias = null;
    protected String endPointName = null;
    protected String inboundHost = null;
    protected String inboundPort = null;
    private SSLSessionContext sessionContext = null;
    private boolean useStrictSSLConnectTimeout = false;
    private boolean shouldHandleDataInLastHandshakePacket = false;

    public SSLChannel(ChannelData channelData, SSLChannelFactory sSLChannelFactory) throws ChannelException {
        this.sslConfig = null;
        this.handshakeErrorTracker = null;
        this.channelFramework = null;
        this.isZOS = false;
        this.isZOSCR = false;
        this.myFactory = null;
        this.sslConfig = new SSLChannelData(channelData);
        this.myFactory = sSLChannelFactory;
        this.handshakeErrorTracker = new SSLHandshakeErrorTracker();
        this.channelFramework = channelData.getChannelFramework();
        PlatformHelper platformHelper = PlatformHelperFactory.getPlatformHelper();
        if (platformHelper != null) {
            this.isZOS = platformHelper.isZOS();
            this.isZOSCR = platformHelper.isControlJvm();
        }
    }

    public SSLHandshakeErrorTracker getHandshakeErrorTracker() {
        return this.handshakeErrorTracker;
    }

    public void setXD(boolean z) {
        this.XD = z;
    }

    @Override // com.ibm.wsspi.channel.InboundChannel
    public Discriminator getDiscriminator() {
        return this;
    }

    @Override // com.ibm.wsspi.channel.InboundChannel
    public DiscriminationProcess getDiscriminationProcess() {
        return this.discProcess;
    }

    @Override // com.ibm.wsspi.channel.InboundChannel
    public void setDiscriminationProcess(DiscriminationProcess discriminationProcess) {
        this.discProcess = discriminationProcess;
    }

    @Override // com.ibm.wsspi.channel.InboundChannel
    public Class<?> getDiscriminatoryType() {
        return WsByteBuffer.class;
    }

    @Override // com.ibm.wsspi.channel.OutboundChannel
    public Class<?> getDeviceAddress() {
        return TCPConnectRequestContext.class;
    }

    @Override // com.ibm.wsspi.channel.OutboundChannel
    public Class<?>[] getApplicationAddress() {
        return new Class[]{TCPConnectRequestContext.class};
    }

    @Override // com.ibm.wsspi.channel.Channel
    public ConnectionLink getConnectionLink(VirtualConnection virtualConnection) {
        if (!this.isInitialized) {
            try {
                init();
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught while getting SSL connection link: " + e);
                }
                FFDCFilter.processException(e, CLASS_NAME, "221", this, new Object[]{virtualConnection});
                throw new RuntimeException(e);
            }
        }
        SSLConnectionLink sSLConnectionLink = new SSLConnectionLink(this);
        sSLConnectionLink.init(virtualConnection);
        return sSLConnectionLink;
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x006c, code lost:
    
        r12 = java.lang.Boolean.TRUE;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x0073, code lost:
    
        if (com.ibm.ejs.ras.TraceComponent.isAnyTracingEnabled() == false) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x007c, code lost:
    
        if (com.ibm.ws.ssl.channel.impl.SSLChannel.tc.isDebugEnabled() == false) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x007f, code lost:
    
        com.ibm.ejs.ras.Tr.debug(com.ibm.ws.ssl.channel.impl.SSLChannel.tc, "Found web container channel in chain " + r0[r16].getName());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.net.ssl.SSLContext getSSLContextForInboundLink(com.ibm.ws.ssl.channel.impl.SSLConnectionLink r10, com.ibm.wsspi.channel.framework.VirtualConnection r11) throws com.ibm.wsspi.channel.framework.exception.ChannelException {
        /*
            Method dump skipped, instructions count: 318
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.ssl.channel.impl.SSLChannel.getSSLContextForInboundLink(com.ibm.ws.ssl.channel.impl.SSLConnectionLink, com.ibm.wsspi.channel.framework.VirtualConnection):javax.net.ssl.SSLContext");
    }

    public SSLContext getSSLContextForOutboundLink(SSLConnectionLink sSLConnectionLink, VirtualConnection virtualConnection, Object obj) throws ChannelException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "getSSLContextForOutboundLink");
        }
        InetSocketAddress remoteAddress = ((TCPConnectRequestContext) obj).getRemoteAddress();
        String str = "HTTP";
        String str2 = (String) virtualConnection.getStateMap().get(OutboundProtocol.PROTOCOL);
        if (str2 != null) {
            str = str2;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "OutboundProtocol=" + str + " specified by in VC");
            }
        } else {
            Object channelAccessor = ((OutboundVirtualConnection) virtualConnection).getChannelAccessor();
            if (channelAccessor instanceof OutboundProtocol) {
                str = ((OutboundProtocol) channelAccessor).getProtocol();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "OutboundProtocol=" + str + " specified by " + channelAccessor.getClass().getName());
                }
            }
        }
        SSLContext sSLContextForLink = getSSLContextForLink(virtualConnection, remoteAddress.getHostName(), Integer.toString(remoteAddress.getPort()), str, Boolean.FALSE, sSLConnectionLink);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "getSSLContextForOutboundLink");
        }
        return sSLContextForLink;
    }

    protected SSLContext getSSLContextForLink(VirtualConnection virtualConnection, String str, String str2, String str3, Boolean bool, SSLConnectionLink sSLConnectionLink) throws ChannelException {
        byte[] bArr;
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "host=" + str + " port=" + str2 + " endPoint=" + str3);
        }
        String str4 = getConfig().isInbound() ? "inbound" : "outbound";
        final HashMap hashMap = new HashMap();
        hashMap.put("com.ibm.ssl.direction", str4);
        hashMap.put("com.ibm.ssl.remoteHost", str);
        hashMap.put("com.ibm.ssl.remotePort", str2);
        if (getConfig().getUseProxyEndpointInformation()) {
            Object obj = virtualConnection.getStateMap().get(TCPConnectionContext.FORWARD_PROXY_CONNECT);
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "getUseProxyEndpointInformation : true , " + obj);
            }
            if (null != obj && (bArr = (byte[]) ((Map) obj).get(TCPProxyResponse.PROXY_TARGET_HOST_PORT)) != null) {
                String str5 = new String(bArr);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "target, " + str5);
                }
                int indexOf = str5.indexOf(":");
                if (indexOf >= 0) {
                    String substring = str5.substring(0, indexOf);
                    String substring2 = str5.substring(indexOf + 1, str5.length());
                    hashMap.put("com.ibm.ssl.remoteHost", substring);
                    hashMap.put("com.ibm.ssl.remotePort", substring2);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "endpointHost : " + substring + ", endpointPort : " + substring2);
                    }
                }
            }
        }
        hashMap.put("com.ibm.ssl.endPointName", str3);
        if (this.isZOS && getConfig().isInbound()) {
            Properties properties = new Properties();
            Object obj2 = virtualConnection.getStateMap().get("REMOTE_ADDRESS");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "REMOTE_ADDRESS = " + obj2 + " isZWebContainerChain = " + bool);
            }
            if (obj2 != null) {
                properties.put(JSSEHelper.CONNECTION_INFO_CERT_MAPPING_HOST, obj2);
            } else {
                FFDCFilter.processException(new Exception("REMOTE_ADDRESS was not found in the VC state map.  Z channel should put it there."), CLASS_NAME, "384", this, new Object[]{virtualConnection});
            }
            properties.put(JSSEHelper.CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND, bool);
            if (str3 != null) {
                properties.put("com.ibm.ssl.endPointName", str3);
            }
            JSSEHelper.getInstance().setInboundConnectionInfo(properties);
            hashMap.put(JSSEHelper.CONNECTION_INFO_IS_WEB_CONTAINER_INBOUND, bool);
        }
        Properties properties2 = null;
        boolean z = null != this.alias;
        if (!z) {
            try {
                properties2 = (Properties) AccessController.doPrivileged(new PrivilegedExceptionAction<Properties>() { // from class: com.ibm.ws.ssl.channel.impl.SSLChannel.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Properties run() throws Exception {
                        return JSSEHelper.getInstance().getSSLPropertiesOnThread();
                    }
                });
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Caught exception looking for on-thread props; e=" + e);
                }
            }
            if (null == properties2 || 0 == properties2.size()) {
                properties2 = null;
                z = (getConfig().getProperties().containsKey("com.ibm.ssl.keyStore") && getConfig().getProperties().containsKey("com.ibm.ssl.trustStore")) ? false : true;
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Found on-thread ssl properties");
            }
        }
        if (z) {
            try {
                final String str6 = this.alias;
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Querying security service for alias=[" + str6 + "]");
                }
                properties2 = (Properties) AccessController.doPrivileged(new PrivilegedExceptionAction<Properties>() { // from class: com.ibm.ws.ssl.channel.impl.SSLChannel.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Properties run() throws Exception {
                        return JSSEHelper.getInstance().getProperties(str6, hashMap, null);
                    }
                });
            } catch (Exception e2) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception getting SSL properties from alias: " + this.alias);
                }
                throw new ChannelException(e2);
            }
        }
        if (null != properties2) {
            Enumeration<?> propertyNames = getConfig().getProperties().propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str7 = (String) propertyNames.nextElement();
                String stringProperty = getConfig().getStringProperty(str7);
                if (null != stringProperty && !properties2.containsKey(str7)) {
                    properties2.put(str7, stringProperty);
                }
            }
        } else {
            properties2 = getConfig().getProperties();
        }
        String str8 = (String) properties2.get("com.ibm.ssl.sslType");
        if (null != str8) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "SSLConfig type: " + str8);
            }
            if (str8.equals(Constants.SSLTYPE_SSSL)) {
                throw new ChannelException("Invalid SSLConfig type: " + str8);
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "SSL configuration <null value means non-string>:");
            Enumeration<?> propertyNames2 = properties2.propertyNames();
            while (propertyNames2.hasMoreElements()) {
                String str9 = (String) propertyNames2.nextElement();
                String property = properties2.getProperty(str9);
                if (-1 == str9.toLowerCase().indexOf("password")) {
                    Tr.debug(tc, "\t" + str9 + " = " + property);
                } else {
                    StringBuilder sb = new StringBuilder(4 + str9.length() + property.length());
                    sb.append("\t").append(str9).append(" = ");
                    for (int i = 0; i < property.length(); i++) {
                        sb.append("*");
                    }
                    Tr.debug(tc, sb.toString());
                }
            }
        }
        try {
            SSLContext sSLContext = this.jsseProvider.getSSLContext(hashMap, new SSLConfig(properties2));
            SSLLinkConfig sSLLinkConfig = new SSLLinkConfig(properties2);
            if (null == sSLConnectionLink) {
                virtualConnection.getStateMap().put(SSLConnectionLink.LINKCONFIG, sSLLinkConfig);
            } else {
                sSLConnectionLink.setLinkConfig(sSLLinkConfig);
            }
            return sSLContext;
        } catch (Exception e3) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting SSLContext from properties.", new Object[]{e3});
            }
            throw new ChannelException(e3);
        }
    }

    public boolean isUseStrictSSLConnectTimeout() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "isUseStrictSSLConnectTimeout : " + this.useStrictSSLConnectTimeout);
        }
        return this.useStrictSSLConnectTimeout;
    }

    public boolean shouldHandleDataInLastHandshakePacket() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "shouldHandleDataInLastHandshakePacket : " + this.shouldHandleDataInLastHandshakePacket);
        }
        return this.shouldHandleDataInLastHandshakePacket;
    }

    @Override // com.ibm.wsspi.channel.Channel
    public void start() throws ChannelException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, AdminSubsystemExtensionHandler.START);
        }
        try {
            if (getConfig().isInbound()) {
                Map propertyBag = ((ChannelData) this.channelFramework.getInternalRunningChains(getConfig().getName())[0].getChannelList()[0]).getPropertyBag();
                this.inboundHost = (String) propertyBag.get("hostname");
                this.inboundPort = (String) propertyBag.get("port");
                this.endPointName = (String) propertyBag.get("endPointName");
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "inboundHost = " + this.inboundHost + " inboundPort = " + this.inboundPort + " endPointName = " + this.endPointName);
                }
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, AdminSubsystemExtensionHandler.START);
            }
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught exception during start, throwing up stack.  " + e);
            }
            throw new ChannelException(e);
        }
    }

    @Override // com.ibm.wsspi.channel.Channel
    public void stop(long j) throws ChannelException {
    }

    @Override // com.ibm.wsspi.channel.Channel
    public void init() throws ChannelException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "init");
        }
        if (this.isInitialized) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "init");
                return;
            }
            return;
        }
        try {
            Properties properties = getConfig().getProperties();
            if (properties != null) {
                this.alias = properties.getProperty(SSLChannelData.ALIAS_KEY);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    if (this.alias != null) {
                        Tr.debug(tc, "Found alias in SSL properties, " + this.alias);
                    } else {
                        Tr.debug(tc, "No alias found in SSL properties");
                    }
                }
                String property = properties.getProperty(SSLChannelConstants.STRICT_SSL_CONNECT_TIMEOUT);
                if (property != null) {
                    this.useStrictSSLConnectTimeout = Boolean.parseBoolean(property);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found useStrictSSLConnectTimeout in SSL properties, " + this.useStrictSSLConnectTimeout);
                    }
                }
                String property2 = properties.getProperty(SSLChannelConstants.HANDLE_DATA_IN_LAST_HANDSHAKE_PACKET);
                if (property2 != null) {
                    this.shouldHandleDataInLastHandshakePacket = Boolean.parseBoolean(property2);
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found shouldHandleDataInLastHandshakePacket in SSL properties, " + this.shouldHandleDataInLastHandshakePacket);
                    }
                }
            }
            this.jsseProvider = JSSEProviderFactory.getInstance(Constants.IBMJSSE_NAME);
            if (this.jsseProvider == null) {
                this.jsseProvider = JSSEProviderFactory.getInstance(Constants.SUNJSSE_NAME);
                if (null == this.jsseProvider) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unable to get an instance of the JSSEProvider");
                    }
                    throw new ChannelException("Unable to get an instance of the JSSEProvider");
                }
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Have a valid jsseProvider; " + this.jsseProvider);
            }
            this.isInitialized = true;
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                Tr.exit(tc, "init");
            }
        } catch (Exception e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "init received exception handling properties; " + e);
            }
            throw new ChannelException(e);
        }
    }

    @Override // com.ibm.wsspi.channel.Channel
    public void destroy() throws ChannelException {
        if (null != this.myFactory && null != getConfig()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Removing channel from factory; " + getConfig().getName());
            }
            this.myFactory.destroyChannel(getConfig().getName());
            this.myFactory = null;
        }
        this.discProcess = null;
        this.sslConfig = null;
        this.sessionContext = null;
    }

    @Override // com.ibm.wsspi.channel.Channel
    public String getName() {
        return this.sslConfig.getName();
    }

    @Override // com.ibm.wsspi.channel.Channel
    public Class<?> getApplicationInterface() {
        return TCPConnectionContext.class;
    }

    @Override // com.ibm.wsspi.channel.Channel
    public Class<?> getDeviceInterface() {
        return TCPConnectionContext.class;
    }

    @Override // com.ibm.wsspi.channel.Channel
    public void update(ChannelData channelData) {
        this.sslConfig.updateChannelData(channelData);
    }

    @Override // com.ibm.wsspi.channel.Discriminator
    public int discriminate(VirtualConnection virtualConnection, Object obj) {
        int i;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "discriminate");
        }
        if (obj == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Received null discrim data.  Returning NO from discriminator.");
            }
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return 0;
            }
            Tr.exit(tc, "discriminate");
            return 0;
        }
        WsByteBuffer wsByteBuffer = ((WsByteBuffer[]) obj)[0];
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "netBuffer: " + SSLUtils.getBufferTraceInfo(wsByteBuffer));
        }
        if (0 == wsByteBuffer.position()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Received empty discrim data.  Returning MAYBE from discriminator.");
            }
            if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                return -1;
            }
            Tr.exit(tc, "discriminate");
            return -1;
        }
        if (!this.isInitialized) {
            try {
                init();
            } catch (Exception e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception caught while getting SSL connection link: " + e);
                }
                FFDCFilter.processException(e, CLASS_NAME, "745", this, new Object[]{virtualConnection});
                if (!TraceComponent.isAnyTracingEnabled() || !tc.isEntryEnabled()) {
                    return 0;
                }
                Tr.exit(tc, "discriminate");
                return 0;
            }
        }
        int position = wsByteBuffer.position();
        int limit = wsByteBuffer.limit();
        WsByteBuffer wsByteBuffer2 = null;
        Map stateMap = virtualConnection.getStateMap();
        SSLEngine sSLEngine = null;
        SSLContext sSLContext = null;
        SSLEngineResult sSLEngineResult = null;
        SSLDiscriminatorState sSLDiscriminatorState = null;
        try {
            wsByteBuffer.flip();
            sSLDiscriminatorState = (SSLDiscriminatorState) stateMap.get(SSL_DISCRIMINATOR_STATE);
            if (sSLDiscriminatorState == null) {
                sSLContext = getSSLContextForInboundLink(null, virtualConnection);
                sSLEngine = SSLUtils.getSSLEngine(sSLContext, FlowType.INBOUND, (SSLLinkConfig) virtualConnection.getStateMap().get(SSLConnectionLink.LINKCONFIG));
                int sSLCustomAppBufferSize = this.sslConfig.getSSLCustomAppBufferSize();
                if (sSLCustomAppBufferSize == -1) {
                    sSLCustomAppBufferSize = sSLEngine.getSession().getApplicationBufferSize();
                }
                wsByteBuffer2 = SSLUtils.allocateByteBuffer(sSLCustomAppBufferSize, getConfig().getDecryptBuffersDirect());
            } else {
                sSLEngine = sSLDiscriminatorState.getEngine();
                sSLContext = sSLDiscriminatorState.getSSLContext();
                wsByteBuffer2 = sSLDiscriminatorState.getDecryptedNetBuffer();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "before unwrap: \r\n\tnetBuf: " + SSLUtils.getBufferTraceInfo(wsByteBuffer) + "\r\n\tdecNetBuf: " + SSLUtils.getBufferTraceInfo(wsByteBuffer2));
            }
            int adjustBufferForJSSE = SSLUtils.adjustBufferForJSSE(wsByteBuffer, sSLEngine.getSession().getPacketBufferSize());
            sSLEngineResult = sSLEngine.unwrap(wsByteBuffer.getWrappedByteBuffer(), wsByteBuffer2.getWrappedByteBuffer());
            if (0 < sSLEngineResult.bytesProduced()) {
                wsByteBuffer2.flip();
            }
            if (-1 != adjustBufferForJSSE) {
                wsByteBuffer.limit(adjustBufferForJSSE);
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "after unwrap: \r\n\tnetBuf: " + SSLUtils.getBufferTraceInfo(wsByteBuffer) + "\r\n\tdecNetBuf: " + SSLUtils.getBufferTraceInfo(wsByteBuffer2) + "\r\n\tstatus=" + sSLEngineResult.getStatus() + " HSstatus=" + sSLEngineResult.getHandshakeStatus() + " consumed=" + sSLEngineResult.bytesConsumed() + " produced=" + sSLEngineResult.bytesProduced());
            }
            if (sSLEngineResult.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
                i = -1;
            } else {
                i = 1;
                if (wsByteBuffer.remaining() == 0) {
                    wsByteBuffer.clear();
                }
            }
        } catch (Exception e2) {
            i = 0;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Caught Exception during discriminate: " + e2);
            }
        }
        switch (i) {
            case 0:
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Discriminator returning NO");
                }
                if (sSLDiscriminatorState != null) {
                    stateMap.remove(SSL_DISCRIMINATOR_STATE);
                }
                if (null != sSLEngine) {
                    closeEngine(sSLEngine);
                }
                if (null != wsByteBuffer2) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                        Tr.event(tc, "Releasing decryptedNetworkBuffer");
                    }
                    wsByteBuffer2.release();
                    break;
                }
                break;
            case 1:
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Discriminator returning YES");
                }
                if (sSLDiscriminatorState == null) {
                    sSLDiscriminatorState = new SSLDiscriminatorState();
                }
                sSLDiscriminatorState.updateState(sSLContext, sSLEngine, sSLEngineResult, wsByteBuffer2, wsByteBuffer.position(), wsByteBuffer.limit());
                stateMap.put(SSL_DISCRIMINATOR_STATE, sSLDiscriminatorState);
                break;
            default:
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Discriminator returning MAYBE");
                }
                if (sSLDiscriminatorState == null) {
                    SSLDiscriminatorState sSLDiscriminatorState2 = new SSLDiscriminatorState();
                    sSLDiscriminatorState2.updateState(sSLContext, sSLEngine, sSLEngineResult, wsByteBuffer2, wsByteBuffer.position(), wsByteBuffer.limit());
                    stateMap.put(SSL_DISCRIMINATOR_STATE, sSLDiscriminatorState2);
                    break;
                }
                break;
        }
        wsByteBuffer.limit(limit);
        wsByteBuffer.position(position);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "discriminate");
        }
        return i;
    }

    @Override // com.ibm.wsspi.channel.Discriminator
    public void cleanUpState(VirtualConnection virtualConnection) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.entry(tc, "cleanUpState");
        }
        SSLDiscriminatorState sSLDiscriminatorState = (SSLDiscriminatorState) virtualConnection.getStateMap().remove(SSL_DISCRIMINATOR_STATE);
        closeEngine(sSLDiscriminatorState.getEngine());
        WsByteBuffer decryptedNetBuffer = sSLDiscriminatorState.getDecryptedNetBuffer();
        if (decryptedNetBuffer != null) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "Releasing decryptedNetworkBuffer");
            }
            decryptedNetBuffer.release();
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            Tr.exit(tc, "cleanUpState");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onHandshakeFinish(final SSLEngine sSLEngine) {
        try {
            SSLSessionContext sSLSessionContext = (SSLSessionContext) AccessController.doPrivileged(new PrivilegedExceptionAction<SSLSessionContext>() { // from class: com.ibm.ws.ssl.channel.impl.SSLChannel.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SSLSessionContext run() throws Exception {
                    return sSLEngine.getSession().getSessionContext();
                }
            });
            if (null == sSLSessionContext || sSLSessionContext.equals(this.sessionContext)) {
                return;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Channel [" + this + "] saving context: " + sSLSessionContext);
            }
            this.sessionContext = sSLSessionContext;
            sSLSessionContext.setSessionCacheSize(getConfig().getSSLSessionCacheSize());
            sSLSessionContext.setSessionTimeout(getConfig().getSSLSessionTimeout());
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Session cache size set to " + sSLSessionContext.getSessionCacheSize());
                Tr.debug(tc, "Session timeout set to " + sSLSessionContext.getSessionTimeout());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.ssl.channel.impl.SSLChannel.onHandshakeFinish", "980");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception querying sessioncontext; " + e);
            }
        }
    }

    private void closeEngine(SSLEngine sSLEngine) {
        if (null != sSLEngine) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Closing discrimination engine");
            }
            sSLEngine.closeOutbound();
            if (sSLEngine.isInboundDone()) {
                return;
            }
            try {
                sSLEngine.closeInbound();
            } catch (SSLException e) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                    Tr.event(tc, "Error closing inbound engine side; " + e);
                }
            }
        }
    }

    @Override // com.ibm.wsspi.channel.Discriminator
    public Class<?> getDiscriminatoryDataType() {
        return WsByteBuffer.class;
    }

    @Override // com.ibm.wsspi.channel.Discriminator
    public Channel getChannel() {
        return this;
    }

    @Override // com.ibm.wsspi.channel.Discriminator
    public int getWeight() {
        return this.sslConfig.getWeight();
    }

    public SSLChannelData getConfig() {
        return this.sslConfig;
    }
}
