package io.netty.incubator.codec.quic;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolNegotiator;
import io.netty.handler.ssl.Ciphers;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.AbstractReferenceCounted;
import io.netty.util.Mapping;
import io.netty.util.ReferenceCounted;
import io.netty.util.internal.ObjectUtil;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.concurrent.Executor;
import java.util.function.BiConsumer;
import java.util.function.LongFunction;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:essential-83ef81ca7bf2938503beab10786f57cd.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslContext.class */
public final class QuicheQuicSslContext extends QuicSslContext {
    final ClientAuth clientAuth;
    private final boolean server;
    private final ApplicationProtocolNegotiator apn;
    private long sessionCacheSize;
    private long sessionTimeout;
    private final QuicheQuicSslSessionContext sessionCtx;
    private final QuicheQuicSslEngineMap engineMap = new QuicheQuicSslEngineMap();
    private final QuicClientSessionCache sessionCache;
    final NativeSslContext nativeSslContext;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:essential-83ef81ca7bf2938503beab10786f57cd.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslContext$BoringSSLAsyncPrivateKeyMethodAdapter.class */
    private static final class BoringSSLAsyncPrivateKeyMethodAdapter implements BoringSSLPrivateKeyMethod {
        private final QuicheQuicSslEngineMap engineMap;
        private final BoringSSLAsyncPrivateKeyMethod privateKeyMethod;

        BoringSSLAsyncPrivateKeyMethodAdapter(QuicheQuicSslEngineMap quicheQuicSslEngineMap, BoringSSLAsyncPrivateKeyMethod boringSSLAsyncPrivateKeyMethod) {
            this.engineMap = quicheQuicSslEngineMap;
            this.privateKeyMethod = boringSSLAsyncPrivateKeyMethod;
        }

        @Override // io.netty.incubator.codec.quic.BoringSSLPrivateKeyMethod
        public void sign(long j, int i, byte[] bArr, BiConsumer<byte[], Throwable> biConsumer) {
            QuicheQuicSslEngine quicheQuicSslEngine = this.engineMap.get(j);
            if (quicheQuicSslEngine == null) {
                biConsumer.accept(null, null);
            } else {
                this.privateKeyMethod.sign(quicheQuicSslEngine, i, bArr).addListener2(future -> {
                    Throwable cause = future.cause();
                    if (cause != null) {
                        biConsumer.accept(null, cause);
                    } else {
                        biConsumer.accept((byte[]) future.getNow(), null);
                    }
                });
            }
        }

        @Override // io.netty.incubator.codec.quic.BoringSSLPrivateKeyMethod
        public void decrypt(long j, byte[] bArr, BiConsumer<byte[], Throwable> biConsumer) {
            QuicheQuicSslEngine quicheQuicSslEngine = this.engineMap.get(j);
            if (quicheQuicSslEngine == null) {
                biConsumer.accept(null, null);
            } else {
                this.privateKeyMethod.decrypt(quicheQuicSslEngine, bArr).addListener2(future -> {
                    Throwable cause = future.cause();
                    if (cause != null) {
                        biConsumer.accept(null, cause);
                    } else {
                        biConsumer.accept((byte[]) future.getNow(), null);
                    }
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:essential-83ef81ca7bf2938503beab10786f57cd.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslContext$NativeSslContext.class */
    public static final class NativeSslContext extends AbstractReferenceCounted {
        private final long ctx;

        NativeSslContext(long j) {
            this.ctx = j;
        }

        long address() {
            return this.ctx;
        }

        @Override // io.netty.util.AbstractReferenceCounted
        protected void deallocate() {
            BoringSSL.SSLContext_free(this.ctx);
        }

        @Override // io.netty.util.ReferenceCounted
        public ReferenceCounted touch(Object obj) {
            return this;
        }

        public String toString() {
            return "NativeSslContext{ctx=" + this.ctx + '}';
        }
    }

    /* loaded from: input_file:essential-83ef81ca7bf2938503beab10786f57cd.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslContext$QuicheQuicApplicationProtocolNegotiator.class */
    private static final class QuicheQuicApplicationProtocolNegotiator implements ApplicationProtocolNegotiator {
        private final List<String> protocols;

        QuicheQuicApplicationProtocolNegotiator(String... strArr) {
            if (strArr == null) {
                this.protocols = Collections.emptyList();
            } else {
                this.protocols = Collections.unmodifiableList(Arrays.asList(strArr));
            }
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiator
        public List<String> protocols() {
            return this.protocols;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:essential-83ef81ca7bf2938503beab10786f57cd.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslContext$QuicheQuicSslSessionContext.class */
    public static final class QuicheQuicSslSessionContext implements SSLSessionContext {
        private final QuicheQuicSslContext context;

        QuicheQuicSslSessionContext(QuicheQuicSslContext quicheQuicSslContext) {
            this.context = quicheQuicSslContext;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public SSLSession getSession(byte[] bArr) {
            return null;
        }

        @Override // javax.net.ssl.SSLSessionContext
        public Enumeration<byte[]> getIds() {
            return new Enumeration<byte[]>() { // from class: io.netty.incubator.codec.quic.QuicheQuicSslContext.QuicheQuicSslSessionContext.1
                @Override // java.util.Enumeration
                public boolean hasMoreElements() {
                    return false;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Enumeration
                public byte[] nextElement() {
                    throw new NoSuchElementException();
                }
            };
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionTimeout(int i) throws IllegalArgumentException {
            this.context.setSessionTimeout(i);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionTimeout() {
            return (int) this.context.sessionTimeout();
        }

        @Override // javax.net.ssl.SSLSessionContext
        public void setSessionCacheSize(int i) throws IllegalArgumentException {
            this.context.setSessionCacheSize(i);
        }

        @Override // javax.net.ssl.SSLSessionContext
        public int getSessionCacheSize() {
            return (int) this.context.sessionCacheSize();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuicheQuicSslContext(boolean z, long j, long j2, ClientAuth clientAuth, TrustManagerFactory trustManagerFactory, KeyManagerFactory keyManagerFactory, String str, Mapping<? super String, ? extends QuicSslContext> mapping, Boolean bool, BoringSSLKeylog boringSSLKeylog, String... strArr) {
        X509TrustManager chooseTrustManager;
        X509ExtendedKeyManager chooseKeyManager;
        Quic.ensureAvailability();
        this.server = z;
        this.clientAuth = z ? (ClientAuth) ObjectUtil.checkNotNull(clientAuth, "clientAuth") : ClientAuth.NONE;
        if (trustManagerFactory == null) {
            try {
                TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory2.init((KeyStore) null);
                chooseTrustManager = chooseTrustManager(trustManagerFactory2);
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        } else {
            chooseTrustManager = chooseTrustManager(trustManagerFactory);
        }
        if (keyManagerFactory != null) {
            chooseKeyManager = chooseKeyManager(keyManagerFactory);
        } else {
            if (z) {
                throw new IllegalArgumentException("No KeyManagerFactory");
            }
            chooseKeyManager = null;
        }
        BoringSSLAsyncPrivateKeyMethodAdapter boringSSLAsyncPrivateKeyMethodAdapter = keyManagerFactory instanceof BoringSSLKeylessManagerFactory ? new BoringSSLAsyncPrivateKeyMethodAdapter(this.engineMap, ((BoringSSLKeylessManagerFactory) keyManagerFactory).privateKeyMethod) : null;
        this.sessionCache = z ? null : new QuicClientSessionCache();
        this.nativeSslContext = new NativeSslContext(BoringSSL.SSLContext_new(z, strArr, new BoringSSLHandshakeCompleteCallback(this.engineMap), new BoringSSLCertificateCallback(this.engineMap, chooseKeyManager, str), new BoringSSLCertificateVerifyCallback(this.engineMap, chooseTrustManager), mapping == null ? null : new BoringSSLTlsextServernameCallback(this.engineMap, mapping), boringSSLKeylog == null ? null : new BoringSSLKeylogCallback(this.engineMap, boringSSLKeylog), z ? null : new BoringSSLSessionCallback(this.engineMap, this.sessionCache), boringSSLAsyncPrivateKeyMethodAdapter, z ? boringSSLVerifyModeForServer(this.clientAuth) : BoringSSL.SSL_VERIFY_PEER, BoringSSL.subjectNames(chooseTrustManager.getAcceptedIssuers())));
        this.apn = new QuicheQuicApplicationProtocolNegotiator(strArr);
        if (this.sessionCache != null) {
            this.sessionCache.setSessionCacheSize((int) j2);
            this.sessionCache.setSessionTimeout((int) j);
        } else {
            BoringSSL.SSLContext_setSessionCacheSize(this.nativeSslContext.address(), j2);
            this.sessionCacheSize = j2;
            BoringSSL.SSLContext_setSessionCacheTimeout(this.nativeSslContext.address(), j);
            this.sessionTimeout = j;
        }
        if (bool != null) {
            BoringSSL.SSLContext_set_early_data_enabled(this.nativeSslContext.address(), bool.booleanValue());
        }
        this.sessionCtx = new QuicheQuicSslSessionContext(this);
    }

    private X509ExtendedKeyManager chooseKeyManager(KeyManagerFactory keyManagerFactory) {
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509ExtendedKeyManager) {
                return (X509ExtendedKeyManager) keyManager;
            }
        }
        throw new IllegalArgumentException("No X509ExtendedKeyManager included");
    }

    private static X509TrustManager chooseTrustManager(TrustManagerFactory trustManagerFactory) {
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalArgumentException("No X509TrustManager included");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] toX509Certificates0(File file) throws CertificateException {
        return toX509Certificates(file);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey toPrivateKey0(File file, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        return toPrivateKey(file, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManagerFactory buildTrustManagerFactory0(X509Certificate[] x509CertificateArr) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        return buildTrustManagerFactory(x509CertificateArr, (TrustManagerFactory) null, (String) null);
    }

    private static int boringSSLVerifyModeForServer(ClientAuth clientAuth) {
        switch (clientAuth) {
            case NONE:
                return BoringSSL.SSL_VERIFY_NONE;
            case REQUIRE:
                return BoringSSL.SSL_VERIFY_PEER | BoringSSL.SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
            case OPTIONAL:
                return BoringSSL.SSL_VERIFY_PEER;
            default:
                throw new Error(clientAuth.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuicheQuicConnection createConnection(LongFunction<Long> longFunction, QuicheQuicSslEngine quicheQuicSslEngine) {
        this.nativeSslContext.retain();
        long SSL_new = BoringSSL.SSL_new(this.nativeSslContext.address(), isServer(), quicheQuicSslEngine.tlsHostName);
        this.engineMap.put(SSL_new, quicheQuicSslEngine);
        long longValue = longFunction.apply(SSL_new).longValue();
        if (longValue != -1) {
            return new QuicheQuicConnection(longValue, SSL_new, quicheQuicSslEngine, this.nativeSslContext);
        }
        this.engineMap.remove(SSL_new);
        this.nativeSslContext.release();
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long add(QuicheQuicSslEngine quicheQuicSslEngine) {
        this.nativeSslContext.retain();
        quicheQuicSslEngine.connection.reattach(this.nativeSslContext);
        this.engineMap.put(quicheQuicSslEngine.connection.ssl, quicheQuicSslEngine);
        return this.nativeSslContext.address();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void remove(QuicheQuicSslEngine quicheQuicSslEngine) {
        QuicheQuicSslEngine remove = this.engineMap.remove(quicheQuicSslEngine.connection.ssl);
        if (!$assertionsDisabled && remove != null && remove != quicheQuicSslEngine) {
            throw new AssertionError();
        }
        quicheQuicSslEngine.removeSessionFromCacheIfInvalid();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuicClientSessionCache getSessionCache() {
        return this.sessionCache;
    }

    @Override // io.netty.handler.ssl.SslContext
    public boolean isClient() {
        return !this.server;
    }

    @Override // io.netty.handler.ssl.SslContext
    public List<String> cipherSuites() {
        return Arrays.asList(Ciphers.TLS_AES_128_GCM_SHA256, Ciphers.TLS_AES_256_GCM_SHA384);
    }

    @Override // io.netty.handler.ssl.SslContext
    public long sessionCacheSize() {
        long j;
        if (this.sessionCache != null) {
            return this.sessionCache.getSessionCacheSize();
        }
        synchronized (this) {
            j = this.sessionCacheSize;
        }
        return j;
    }

    @Override // io.netty.handler.ssl.SslContext
    public long sessionTimeout() {
        long j;
        if (this.sessionCache != null) {
            return this.sessionCache.getSessionTimeout();
        }
        synchronized (this) {
            j = this.sessionTimeout;
        }
        return j;
    }

    @Override // io.netty.handler.ssl.SslContext
    public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.apn;
    }

    @Override // io.netty.incubator.codec.quic.QuicSslContext, io.netty.handler.ssl.SslContext
    public QuicSslEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return new QuicheQuicSslEngine(this, null, -1);
    }

    @Override // io.netty.incubator.codec.quic.QuicSslContext, io.netty.handler.ssl.SslContext
    public QuicSslEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        return new QuicheQuicSslEngine(this, str, i);
    }

    @Override // io.netty.handler.ssl.SslContext
    public SSLSessionContext sessionContext() {
        return this.sessionCtx;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, boolean z) {
        throw new UnsupportedOperationException();
    }

    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, Executor executor) {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, boolean z, Executor executor) {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, String str, int i, boolean z) {
        throw new UnsupportedOperationException();
    }

    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, String str, int i, Executor executor) {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.netty.handler.ssl.SslContext
    public SslHandler newHandler(ByteBufAllocator byteBufAllocator, String str, int i, boolean z, Executor executor) {
        throw new UnsupportedOperationException();
    }

    protected void finalize() throws Throwable {
        try {
            this.nativeSslContext.release();
        } finally {
            super.finalize();
        }
    }

    void setSessionTimeout(int i) throws IllegalArgumentException {
        if (this.sessionCache != null) {
            this.sessionCache.setSessionTimeout(i);
        } else {
            BoringSSL.SSLContext_setSessionCacheTimeout(this.nativeSslContext.address(), i);
            this.sessionTimeout = i;
        }
    }

    void setSessionCacheSize(int i) throws IllegalArgumentException {
        if (this.sessionCache != null) {
            this.sessionCache.setSessionCacheSize(i);
        } else {
            BoringSSL.SSLContext_setSessionCacheSize(this.nativeSslContext.address(), i);
            this.sessionCacheSize = i;
        }
    }

    static {
        $assertionsDisabled = !QuicheQuicSslContext.class.desiredAssertionStatus();
    }
}
