package com.ibm.ws.xs.xio.transport.channel;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.security.ObjectGridSecurityException;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.io.XsByteBufferUtilsInternal;
import com.ibm.ws.objectgrid.resources.Messages;
import com.ibm.ws.objectgrid.transport.XsTransportProperties;
import com.ibm.ws.xs.NLSConstants;
import com.ibm.ws.xs.protobuf.ByteString;
import com.ibm.ws.xs.xio.protobuf.XIOMessage;
import com.ibm.ws.xs.xio.security.XIOAuthKeyServer;
import com.ibm.ws.xs.xio.security.XIOSecurityUtils;
import com.ibm.ws.xs.xio.transport.message.protobuf.XIOProtobufCommonMsgUtil;
import com.ibm.ws.xsspi.xio.actor.XIORegistry;
import com.ibm.ws.xsspi.xio.exception.NoMessageSuppliedException;
import com.ibm.ws.xsspi.xio.exception.ObjectGridXIOException;
import com.ibm.wsspi.channel.framework.VirtualConnection;
import com.ibm.wsspi.xs.tcp.channel.TCPReadCompletedCallback;
import com.ibm.wsspi.xs.tcp.channel.TCPReadRequestContext;
import com.ibm.wsspi.xs.tcp.channel.TCPWriteCompletedCallback;
import com.ibm.wsspi.xs.tcp.channel.TCPWriteRequestContext;
import java.io.IOException;
import java.security.InvalidKeyException;

/* loaded from: input_file:com/ibm/ws/xs/xio/transport/channel/XIOServerHandshake.class */
public class XIOServerHandshake implements TCPReadCompletedCallback, TCPWriteCompletedCallback {
    private static final TraceComponent tc = Tr.register(XIOServerHandshake.class, Constants.TR_XIO_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private XIOConnectionController conn;
    private TCPWriteRequestContext writer;
    private XIOAuthKeyServer auth = null;
    private byte[] clientSQN = null;
    private byte[] clientMAC = null;
    private boolean authSucceeded = true;
    private STATE hsState = STATE.READ_REQUEST;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/xs/xio/transport/channel/XIOServerHandshake$STATE.class */
    public enum STATE {
        READ_REQUEST,
        WRITE_REQUEST,
        READ_RESPONSE,
        WRITE_RESPONSE,
        READ_ENDPOINT,
        WRITE_ENDPOINT,
        WRITE_PROBE,
        DONE
    }

    public XIOServerHandshake(XIOConnectionController xIOConnectionController, VirtualConnection virtualConnection) {
        this.conn = null;
        this.writer = null;
        this.conn = xIOConnectionController;
        this.writer = xIOConnectionController.getTCPContext().getWriteInterface();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(32);
        sb.append(getClass().getName()).append('@').append(System.identityHashCode(this));
        sb.append(' ').append(this.hsState);
        sb.append(' ').append(this.auth);
        sb.append(' ').append(this.conn);
        return sb.toString();
    }

    public void begin() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "begin: " + this);
        }
        this.hsState = STATE.READ_REQUEST;
        try {
            this.auth = XsTransportProperties.getAuthSecret() != null ? new XIOAuthKeyServer() : null;
            runHandshake();
        } catch (Exception e) {
            this.conn.serverHandshakeFailed(e);
        }
    }

    private void runHandshake() {
        try {
            if (STATE.READ_REQUEST == this.hsState && readClientHelloRequest()) {
                return;
            }
            if (STATE.WRITE_REQUEST == this.hsState && writeServerHelloRequest()) {
                return;
            }
            if (STATE.READ_RESPONSE == this.hsState && readServerHelloResponse()) {
                return;
            }
            if (STATE.WRITE_RESPONSE == this.hsState && writeClientHelloResponse()) {
                return;
            }
            if (STATE.READ_ENDPOINT == this.hsState && readRemoteEndpoints()) {
                return;
            }
            if (STATE.WRITE_ENDPOINT == this.hsState && writeLocalEndpoints()) {
                return;
            }
            if (STATE.DONE == this.hsState) {
                this.conn.serverHandshakeComplete();
            }
        } catch (Exception e) {
            this.conn.serverHandshakeFailed(e);
        } catch (Throwable th) {
            this.conn.serverHandshakeFailed(new ObjectGridXIOException(th.getMessage(), th));
        }
    }

    private void releaseWriteBuffers() {
        XsByteBufferUtilsInternal.releaseBufferArray(this.writer.getBuffers());
        this.writer.setBuffer(null);
    }

    @Override // com.ibm.wsspi.xs.tcp.channel.TCPWriteCompletedCallback
    public void complete(VirtualConnection virtualConnection, TCPWriteRequestContext tCPWriteRequestContext) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Write complete: " + this);
        }
        try {
            switch (this.hsState) {
                case WRITE_REQUEST:
                    finishServerHelloRequest();
                    break;
                case WRITE_RESPONSE:
                    finishClientHelloResponse();
                    break;
                case WRITE_ENDPOINT:
                    finishLocalEndpoints();
                    break;
                case WRITE_PROBE:
                    finishProbe();
                    break;
                case DONE:
                    break;
                default:
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                        Tr.event(tc, "Unexpected handshake state: " + this);
                    }
                    throw new IllegalStateException("Unexpected state: " + this);
            }
            runHandshake();
        } catch (Exception e) {
            this.conn.serverHandshakeFailed(e);
        } catch (Throwable th) {
            this.conn.serverHandshakeFailed(new ObjectGridXIOException(th.getMessage(), th));
        }
    }

    @Override // com.ibm.wsspi.xs.tcp.channel.TCPWriteCompletedCallback
    public void error(VirtualConnection virtualConnection, TCPWriteRequestContext tCPWriteRequestContext, IOException iOException) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Write failure: " + this + "; " + iOException);
        }
        releaseWriteBuffers();
        this.conn.serverHandshakeFailed(iOException);
    }

    @Override // com.ibm.wsspi.xs.tcp.channel.TCPReadCompletedCallback
    public void complete(VirtualConnection virtualConnection, TCPReadRequestContext tCPReadRequestContext) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Read complete: " + this);
        }
        try {
            switch (this.hsState) {
                case DONE:
                    break;
                case READ_REQUEST:
                    if (finishClientHelloRequest()) {
                        return;
                    }
                    break;
                case READ_RESPONSE:
                    finishServerHelloResponse();
                    break;
                case READ_ENDPOINT:
                    finishRemoteEndpoints();
                    break;
                default:
                    if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                        Tr.event(tc, "Unexpected handshake state: " + this);
                    }
                    throw new IllegalStateException("Unexpected state: " + this);
            }
            runHandshake();
        } catch (Exception e) {
            this.conn.serverHandshakeFailed(e);
        } catch (Throwable th) {
            this.conn.serverHandshakeFailed(new ObjectGridXIOException(th.getMessage(), th));
        }
    }

    @Override // com.ibm.wsspi.xs.tcp.channel.TCPReadCompletedCallback
    public void error(VirtualConnection virtualConnection, TCPReadRequestContext tCPReadRequestContext, IOException iOException) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Read failure: " + this + "; " + iOException);
        }
        this.conn.serverHandshakeFailed(iOException);
    }

    private boolean readClientHelloRequest() throws NoMessageSuppliedException {
        if (this.conn.getInputStream().preloadVarIntData(this)) {
            return true;
        }
        return finishClientHelloRequest();
    }

    private boolean finishClientHelloRequest() throws NoMessageSuppliedException {
        try {
            XIOMessage.ClientHelloRequest clientHelloRequest = (XIOMessage.ClientHelloRequest) this.conn.getInputStream().parseLoadedMessage(XIOMessage.ClientHelloRequest.getDefaultInstance());
            int version = clientHelloRequest.getVersion();
            if (0 == version) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                    Tr.event(tc, "Received probe message, sending response and closing");
                }
                return writeProbeResponse();
            }
            this.conn.setRemoteVersion(version);
            this.conn.setRemoteServer(clientHelloRequest.getIsServer());
            ByteString byteString = null;
            if (clientHelloRequest.hasRandomSequenceNumber()) {
                byteString = clientHelloRequest.getRandomSequenceNumber();
                this.clientSQN = byteString.toByteArray();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "readClientHelloRequest randomSequenceNumber=" + XIOProtobufCommonMsgUtil.hexString(byteString) + ", clientVersion=" + version);
            }
            this.hsState = STATE.WRITE_REQUEST;
            return false;
        } catch (IOException e) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(tc, "Invalid ClientHello message, sending probe response and closing");
            }
            return writeProbeResponse();
        }
    }

    private boolean writeServerHelloRequest() throws InvalidKeyException, ObjectGridSecurityException {
        XIOMessage.ServerHelloRequest.Builder newBuilder = XIOMessage.ServerHelloRequest.newBuilder();
        newBuilder.setVersion(70);
        if (!this.conn.isRemoteClient()) {
            boolean z = this.auth != null;
            boolean z2 = this.clientSQN != null;
            boolean z3 = z2 && this.clientSQN.length != 6;
            if (z) {
                newBuilder.setRandomChallenge(ByteString.copyFrom(this.auth.setRandom()));
                if (z2 && !z3) {
                    newBuilder.setMac(ByteString.copyFrom(this.auth.doMac(this.clientSQN)));
                }
            }
            if (z3) {
                throw new ObjectGridSecurityException(Messages.getString(NLSConstants.CLIENT_INVALID_SEQ_LENGTH));
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "writeServerHelloRequest mac=" + XIOProtobufCommonMsgUtil.hexString(newBuilder.getMac()) + ", randomChallenge=" + XIOProtobufCommonMsgUtil.hexString(newBuilder.getRandomChallenge()) + ", serverVersion=" + newBuilder.getVersion() + ", number of clientSQN bytes=" + (null != this.clientSQN ? Integer.valueOf(this.clientSQN.length) : null));
        }
        this.writer.setBuffer(XIOProtobufCommonMsgUtil.writeDelimitedToBufferFromMessage(newBuilder.build()));
        if (null != this.writer.write(-1L, this, false, this.conn.getWriteTimeout())) {
            finishServerHelloRequest();
            return false;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Write of ServerHelloRequest went async");
        return true;
    }

    private void finishServerHelloRequest() throws ObjectGridSecurityException {
        releaseWriteBuffers();
        boolean z = false;
        boolean z2 = false;
        if (!this.conn.isRemoteClient()) {
            z = null != this.clientSQN;
            z2 = null != this.auth;
            XIOSecurityUtils.checkTrustMismatch(z, z2);
        }
        if (z && z2) {
            this.hsState = STATE.READ_RESPONSE;
        } else {
            this.hsState = STATE.READ_ENDPOINT;
        }
    }

    private boolean writeProbeResponse() {
        this.hsState = STATE.WRITE_PROBE;
        XIOMessage.ServerHelloRequest.Builder newBuilder = XIOMessage.ServerHelloRequest.newBuilder();
        newBuilder.setVersion(XsTransportProperties.getTransportType() - 20);
        this.writer.setBuffer(XIOProtobufCommonMsgUtil.writeDelimitedToBufferFromMessage(newBuilder.build()));
        if (null != this.writer.write(-1L, this, false, this.conn.getWriteTimeout())) {
            finishProbe();
            return false;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Write of probe response went async");
        return true;
    }

    private void finishProbe() throws NoMessageSuppliedException {
        releaseWriteBuffers();
        this.hsState = STATE.DONE;
        throw new NoMessageSuppliedException("Client probe");
    }

    private boolean readServerHelloResponse() throws IOException, ObjectGridSecurityException {
        if (this.conn.getInputStream().preloadVarIntData(this)) {
            return true;
        }
        finishServerHelloResponse();
        return false;
    }

    private void finishServerHelloResponse() throws IOException, ObjectGridSecurityException {
        XIOMessage.ServerHelloResponse serverHelloResponse = (XIOMessage.ServerHelloResponse) this.conn.getInputStream().parseLoadedMessage(XIOMessage.ServerHelloResponse.getDefaultInstance());
        boolean authSucceeded = serverHelloResponse.getAuthSucceeded();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "readServerHelloResponse, authSucceeded=" + authSucceeded + ", mac=" + XIOProtobufCommonMsgUtil.hexString(serverHelloResponse.getMac()));
        }
        if (!authSucceeded) {
            throw new ObjectGridSecurityException("Client indicated to server that it's MAC is invalid");
        }
        if (serverHelloResponse.hasMac()) {
            this.clientMAC = serverHelloResponse.getMac().toByteArray();
        }
        this.hsState = STATE.WRITE_RESPONSE;
    }

    private boolean writeClientHelloResponse() throws ObjectGridSecurityException, InvalidKeyException {
        XIOMessage.ClientHelloResponse.Builder newBuilder = XIOMessage.ClientHelloResponse.newBuilder();
        this.authSucceeded = this.clientMAC == null ? false : this.auth.validate_client_response(this.clientMAC);
        newBuilder.setAuthSucceeded(this.authSucceeded);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "writeClientHelloResponse authSucceeded=" + this.authSucceeded);
        }
        this.writer.setBuffer(XIOProtobufCommonMsgUtil.writeDelimitedToBufferFromMessage(newBuilder.build()));
        if (null != this.writer.write(-1L, this, false, this.conn.getWriteTimeout())) {
            finishClientHelloResponse();
            return false;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Write of ClientHelloResponse went async");
        return true;
    }

    private void finishClientHelloResponse() throws ObjectGridSecurityException {
        releaseWriteBuffers();
        if (!this.authSucceeded) {
            throw new ObjectGridSecurityException("Server cannot validate client's MAC");
        }
        this.hsState = STATE.READ_ENDPOINT;
    }

    private boolean readRemoteEndpoints() throws IOException {
        if (this.conn.getInputStream().preloadVarIntData(this)) {
            return true;
        }
        finishRemoteEndpoints();
        return false;
    }

    private void finishRemoteEndpoints() throws IOException {
        XIOMessage.EndpointHelloRequest endpointHelloRequest = (XIOMessage.EndpointHelloRequest) this.conn.getInputStream().parseLoadedMessage(XIOMessage.EndpointHelloRequest.getDefaultInstance());
        this.conn.setRemoteEndpoint(endpointHelloRequest.getEndpointId(), endpointHelloRequest.getEndpointsList());
        this.hsState = STATE.WRITE_ENDPOINT;
    }

    private boolean writeLocalEndpoints() {
        XIOMessage.EndpointHelloResponse.Builder newBuilder = XIOMessage.EndpointHelloResponse.newBuilder();
        ByteString localEndPointID = XIORegistry.getLocalEndPointID();
        newBuilder.addAllEndpoints(XIORegistry.getEndpointsForEndpointID(localEndPointID));
        newBuilder.setEndpointId(localEndPointID);
        this.writer.setBuffer(XIOProtobufCommonMsgUtil.writeDelimitedToBufferFromMessage(newBuilder.build()));
        if (null != this.writer.write(-1L, this, false, this.conn.getWriteTimeout())) {
            finishLocalEndpoints();
            return false;
        }
        if (!TraceComponent.isAnyTracingEnabled() || !tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Write of EndpointHelloResponse went async");
        return true;
    }

    private void finishLocalEndpoints() {
        releaseWriteBuffers();
        this.hsState = STATE.DONE;
    }
}
