package org.zowe.apiml.product.web;

import java.io.FileDescriptor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.channels.AsynchronousSocketChannel;
import java.nio.channels.SocketChannel;
import java.util.Set;
import javax.annotation.PostConstruct;
import lombok.Generated;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.AbstractProtocol;
import org.apache.coyote.http11.Http11NioProtocol;
import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.Nio2Channel;
import org.apache.tomcat.util.net.NioChannel;
import org.apache.tomcat.util.net.SocketEvent;
import org.apache.tomcat.util.net.SocketWrapperBase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer;
import org.springframework.stereotype.Component;
import org.zowe.apiml.exception.AttlsHandlerException;
import org.zowe.commons.attls.ContextIsNotInitializedException;
import org.zowe.commons.attls.InboundAttls;

@ConditionalOnProperty(name = {"server.attls.enabled"}, havingValue = "true")
@Component
/* loaded from: input_file:BOOT-INF/lib/apiml-tomcat-common-2.17.1.jar:org/zowe/apiml/product/web/ApimlTomcatCustomizer.class */
public class ApimlTomcatCustomizer implements TomcatConnectorCustomizer {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ApimlTomcatCustomizer.class);
    private static final String INCOMPATIBLE_VERSION_MESSAGE = "AT-TLS-Incompatible configuration. Verify AT-TLS requirements: Java version, Tomcat version. Exception message: ";

    /* loaded from: input_file:BOOT-INF/lib/apiml-tomcat-common-2.17.1.jar:org/zowe/apiml/product/web/ApimlTomcatCustomizer$ApimlAttlsHandler.class */
    public static class ApimlAttlsHandler<S> implements AbstractEndpoint.Handler<S> {
        private final AbstractEndpoint.Handler<S> handler;
        private static Field ASYNCHRONOUS_SOCKET_CHANNEL_FD;
        private static Field FILE_DESCRIPTOR_FD;
        private static Method SOCKET_CHANNEL_GET_FDVAL_METHOD;

        /* loaded from: input_file:BOOT-INF/lib/apiml-tomcat-common-2.17.1.jar:org/zowe/apiml/product/web/ApimlTomcatCustomizer$ApimlAttlsHandler$Overridden.class */
        interface Overridden {
            <S> AbstractEndpoint.Handler.SocketState process(SocketWrapperBase<S> socketWrapperBase, SocketEvent socketEvent);
        }

        public ApimlAttlsHandler(AbstractEndpoint.Handler<S> handler) {
            this.handler = handler;
            try {
                SOCKET_CHANNEL_GET_FDVAL_METHOD = Class.forName("sun.nio.ch.SocketChannelImpl").getMethod("getFDVal", new Class[0]);
                SOCKET_CHANNEL_GET_FDVAL_METHOD.setAccessible(true);
                ASYNCHRONOUS_SOCKET_CHANNEL_FD = Class.forName("sun.nio.ch.AsynchronousSocketChannelImpl").getDeclaredField("fd");
                ASYNCHRONOUS_SOCKET_CHANNEL_FD.setAccessible(true);
                FILE_DESCRIPTOR_FD = FileDescriptor.class.getDeclaredField("fd");
                FILE_DESCRIPTOR_FD.setAccessible(true);
            } catch (ClassNotFoundException | NoSuchFieldException | NoSuchMethodException | SecurityException e) {
                throw new IllegalStateException(ApimlTomcatCustomizer.INCOMPATIBLE_VERSION_MESSAGE + e.getMessage(), e);
            }
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        public AbstractEndpoint.Handler.SocketState process(SocketWrapperBase socketWrapperBase, SocketEvent socketEvent) {
            InboundAttls.init(getFd(socketWrapperBase.getSocket()));
            try {
                AbstractEndpoint.Handler.SocketState process = this.handler.process(socketWrapperBase, socketEvent);
                try {
                    InboundAttls.clean();
                } catch (ContextIsNotInitializedException e) {
                    ApimlTomcatCustomizer.log.debug("Cannot clean AT-TLS context");
                }
                InboundAttls.dispose();
                return process;
            } catch (Throwable th) {
                try {
                    InboundAttls.clean();
                } catch (ContextIsNotInitializedException e2) {
                    ApimlTomcatCustomizer.log.debug("Cannot clean AT-TLS context");
                }
                InboundAttls.dispose();
                throw th;
            }
        }

        private int getFd(Object obj) {
            try {
                if (obj instanceof NioChannel) {
                    return getFd((NioChannel) obj);
                }
                if (obj instanceof Nio2Channel) {
                    return getFdAsync((Nio2Channel) obj);
                }
                if (obj instanceof Long) {
                    return ((Long) obj).intValue();
                }
                throw new IllegalStateException("Socket " + obj.getClass() + " is not supported for AT-TLS");
            } catch (IllegalAccessException | IllegalArgumentException | IllegalStateException | InvocationTargetException e) {
                throw new IllegalStateException(ApimlTomcatCustomizer.INCOMPATIBLE_VERSION_MESSAGE + e.getMessage(), e);
            }
        }

        int getFd(NioChannel nioChannel) throws InvocationTargetException, IllegalAccessException {
            SocketChannel iOChannel = nioChannel.getIOChannel();
            if (iOChannel == null) {
                throw new IllegalStateException("Socket channel is not initialized");
            }
            return ((Integer) SOCKET_CHANNEL_GET_FDVAL_METHOD.invoke(iOChannel, new Object[0])).intValue();
        }

        int getFdAsync(Nio2Channel nio2Channel) throws IllegalAccessException {
            AsynchronousSocketChannel iOChannel = nio2Channel.getIOChannel();
            if (iOChannel == null) {
                throw new IllegalStateException("Asynchronous socket channel is not initialized");
            }
            FileDescriptor fileDescriptor = (FileDescriptor) ASYNCHRONOUS_SOCKET_CHANNEL_FD.get(iOChannel);
            if (fileDescriptor == null) {
                throw new IllegalStateException("File descriptor is not set in the asynchronous socket channel");
            }
            return FILE_DESCRIPTOR_FD.getInt(fileDescriptor);
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        @Generated
        public Object getGlobal() {
            return this.handler.getGlobal();
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        @Generated
        @Deprecated
        public Set<S> getOpenSockets() {
            return this.handler.getOpenSockets();
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        @Generated
        public void release(SocketWrapperBase<S> socketWrapperBase) {
            this.handler.release(socketWrapperBase);
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        @Generated
        public void pause() {
            this.handler.pause();
        }

        @Override // org.apache.tomcat.util.net.AbstractEndpoint.Handler
        @Generated
        public void recycle() {
            this.handler.recycle();
        }
    }

    @PostConstruct
    public void afterPropertiesSet() {
        log.debug("AT-TLS mode is enabled");
        InboundAttls.setAlwaysLoadCertificate(true);
    }

    @Override // org.springframework.boot.web.embedded.tomcat.TomcatConnectorCustomizer
    public void customize(Connector connector) {
        Http11NioProtocol http11NioProtocol = (Http11NioProtocol) connector.getProtocolHandler();
        try {
            Field declaredField = AbstractProtocol.class.getDeclaredField("handler");
            declaredField.setAccessible(true);
            ApimlAttlsHandler apimlAttlsHandler = new ApimlAttlsHandler((AbstractEndpoint.Handler) declaredField.get(http11NioProtocol));
            Method declaredMethod = AbstractProtocol.class.getDeclaredMethod("getEndpoint", new Class[0]);
            declaredMethod.setAccessible(true);
            ((AbstractEndpoint) declaredMethod.invoke(http11NioProtocol, new Object[0])).setHandler(apimlAttlsHandler);
        } catch (Exception e) {
            throw new AttlsHandlerException("Not able to add handler.", e);
        }
    }
}
