package io.vertx.core.net.impl;

import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslProvider;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.VertxException;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.impl.ContextInternal;
import io.vertx.core.net.ClientOptionsBase;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.NetClientOptions;
import io.vertx.core.net.NetServerOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.SSLEngineOptions;
import io.vertx.core.net.SSLOptions;
import io.vertx.core.net.TCPSSLOptions;
import io.vertx.core.net.TrustOptions;
import io.vertx.core.net.impl.SSLHelper;
import io.vertx.core.spi.tls.DefaultSslContextFactory;
import io.vertx.core.spi.tls.SslContextFactory;
import java.io.ByteArrayInputStream;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public class SSLHelper {
    static final EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth> CLIENT_AUTH_MAPPING;
    private final List<String> applicationProtocols;
    private Future<CachedProvider> cachedProvider;
    private final boolean client;
    private final ClientAuth clientAuth;
    private List<CRL> crls;
    private final String endpointIdentificationAlgorithm;
    private KeyManagerFactory keyManagerFactory;
    private Function<String, KeyManagerFactory> keyManagerFactoryMapper;
    private final boolean sni;
    private final boolean ssl;
    private final SSLEngineOptions sslEngineOptions;
    private final boolean trustAll;
    private TrustManagerFactory trustManagerFactory;
    private Function<String, TrustManager[]> trustManagerMapper;
    private final boolean useAlpn;

    /* loaded from: classes2.dex */
    public static class CachedProvider {
        final Throwable failure;
        final SSLOptions options;
        final SslChannelProvider sslChannelProvider;

        public CachedProvider(SSLOptions sSLOptions, SslChannelProvider sslChannelProvider, Throwable th) {
            this.options = sSLOptions;
            this.sslChannelProvider = sslChannelProvider;
            this.failure = th;
        }
    }

    /* loaded from: classes2.dex */
    public class EngineConfig {
        private final SSLOptions sslOptions;
        private final Supplier<SslContextFactory> supplier;
        private final boolean useWorkerPool;

        public EngineConfig(SSLOptions sSLOptions, Supplier<SslContextFactory> supplier, boolean z8) {
            this.sslOptions = sSLOptions;
            this.supplier = supplier;
            this.useWorkerPool = z8;
        }

        public SslContextProvider sslContextProvider() {
            return new SslContextProvider(SSLHelper.this.clientAuth, SSLHelper.this.endpointIdentificationAlgorithm, SSLHelper.this.applicationProtocols, this.sslOptions.getEnabledCipherSuites(), this.sslOptions.getEnabledSecureTransportProtocols(), SSLHelper.this.keyManagerFactory, SSLHelper.this.keyManagerFactoryMapper, SSLHelper.this.trustManagerFactory, SSLHelper.this.trustManagerMapper, SSLHelper.this.crls, this.supplier);
        }
    }

    static {
        EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth> enumMap = new EnumMap<>((Class<ClientAuth>) ClientAuth.class);
        CLIENT_AUTH_MAPPING = enumMap;
        enumMap.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.REQUIRED, (ClientAuth) io.netty.handler.ssl.ClientAuth.REQUIRE);
        enumMap.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.REQUEST, (ClientAuth) io.netty.handler.ssl.ClientAuth.OPTIONAL);
        enumMap.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.NONE, (ClientAuth) io.netty.handler.ssl.ClientAuth.NONE);
    }

    public SSLHelper(TCPSSLOptions tCPSSLOptions, List<String> list) {
        this.sslEngineOptions = tCPSSLOptions.getSslEngineOptions();
        this.ssl = tCPSSLOptions.isSsl();
        this.useAlpn = tCPSSLOptions.isUseAlpn();
        boolean z8 = tCPSSLOptions instanceof ClientOptionsBase;
        this.client = z8;
        this.trustAll = z8 && ((ClientOptionsBase) tCPSSLOptions).isTrustAll();
        boolean z9 = tCPSSLOptions instanceof NetServerOptions;
        this.clientAuth = z9 ? ((NetServerOptions) tCPSSLOptions).getClientAuth() : ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = tCPSSLOptions instanceof NetClientOptions ? ((NetClientOptions) tCPSSLOptions).getHostnameVerificationAlgorithm() : "";
        this.sni = z9 && ((NetServerOptions) tCPSSLOptions).isSni();
        this.applicationProtocols = list;
    }

    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Object, java.util.function.Supplier] */
    private Future<EngineConfig> build(SSLOptions sSLOptions, ContextInternal contextInternal) {
        KeyCertOptions keyCertOptions = sSLOptions.getKeyCertOptions();
        TrustOptions trustOptions = sSLOptions.getTrustOptions();
        if (keyCertOptions == null && trustOptions == null && !this.trustAll && !this.ssl) {
            return Future.succeededFuture(new EngineConfig(sSLOptions, new Object(), false));
        }
        Promise promise = Promise.promise();
        Future<EngineConfig> future = promise.future();
        contextInternal.executeBlockingInternal(new C3946b(this, sSLOptions, contextInternal, 1)).compose(new z(this, contextInternal, sSLOptions)).onComplete2(promise);
        return future;
    }

    public /* synthetic */ void lambda$build$6(SSLOptions sSLOptions, ContextInternal contextInternal, Promise promise) {
        try {
            if (sSLOptions.getKeyCertOptions() != null) {
                this.keyManagerFactory = sSLOptions.getKeyCertOptions().getKeyManagerFactory(contextInternal.owner());
                this.keyManagerFactoryMapper = sSLOptions.getKeyCertOptions().keyManagerFactoryMapper(contextInternal.owner());
            }
            if (sSLOptions.getTrustOptions() != null) {
                this.trustManagerFactory = sSLOptions.getTrustOptions().getTrustManagerFactory(contextInternal.owner());
                this.trustManagerMapper = sSLOptions.getTrustOptions().trustManagerMapper(contextInternal.owner());
            }
            this.crls = new ArrayList();
            ArrayList arrayList = new ArrayList();
            if (sSLOptions.getCrlPaths() != null) {
                Stream<R> map = sSLOptions.getCrlPaths().stream().map(new q(contextInternal, 1));
                FileSystem fileSystem = contextInternal.owner().fileSystem();
                fileSystem.getClass();
                arrayList.addAll((Collection) map.map(new io.ktor.util.collections.a(fileSystem, 9)).collect(Collectors.toList()));
            }
            if (sSLOptions.getCrlValues() != null) {
                arrayList.addAll(sSLOptions.getCrlValues());
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                this.crls.addAll(certificateFactory.generateCRLs(new ByteArrayInputStream(((Buffer) it.next()).getBytes())));
            }
            if (this.client || sSLOptions.getKeyCertOptions() != null) {
                promise.complete();
            } else {
                promise.fail("Key/certificate is mandatory for SSL");
            }
        } catch (Exception e9) {
            promise.fail(e9);
        }
    }

    public /* synthetic */ Future lambda$build$8(ContextInternal contextInternal, SSLOptions sSLOptions, Void r42) {
        return contextInternal.executeBlockingInternal(new t(6, this, sSLOptions));
    }

    public static /* synthetic */ SslContextFactory lambda$build$9() {
        return new DefaultSslContextFactory(SslProvider.JDK, false);
    }

    public /* synthetic */ SslChannelProvider lambda$buildChannelProvider$4(ContextInternal contextInternal, EngineConfig engineConfig) {
        return new SslChannelProvider(engineConfig.sslContextProvider(), engineConfig.sslOptions.getSslHandshakeTimeout(), engineConfig.sslOptions.getSslHandshakeTimeoutUnit(), this.sni, this.trustAll, this.useAlpn, contextInternal.owner().getInternalWorkerPool().executor(), engineConfig.useWorkerPool);
    }

    public static /* synthetic */ Future lambda$null$1(ContextInternal contextInternal, SSLOptions sSLOptions, AsyncResult asyncResult, AsyncResult asyncResult2) {
        return asyncResult2.succeeded() ? contextInternal.succeededFuture(new CachedProvider(sSLOptions, (SslChannelProvider) asyncResult2.result(), null)) : asyncResult.succeeded() ? contextInternal.succeededFuture(new CachedProvider(((CachedProvider) asyncResult.result()).options, ((CachedProvider) asyncResult.result()).sslChannelProvider, asyncResult2.cause())) : contextInternal.failedFuture(asyncResult.cause());
    }

    public static /* synthetic */ String lambda$null$5(ContextInternal contextInternal, String str) {
        return contextInternal.owner().resolveFile(str).getAbsolutePath();
    }

    public /* synthetic */ void lambda$null$7(SSLOptions sSLOptions, Promise promise) {
        try {
            SSLEngineOptions resolveEngineOptions = resolveEngineOptions(this.sslEngineOptions, this.useAlpn);
            resolveEngineOptions.getClass();
            promise.complete(new EngineConfig(sSLOptions, new C(resolveEngineOptions, 0), resolveEngineOptions.getUseWorkerThread()));
        } catch (Exception e9) {
            promise.fail(e9);
        }
    }

    public static /* synthetic */ CachedProvider lambda$updateSslContext$0(SSLOptions sSLOptions, SslChannelProvider sslChannelProvider) {
        return new CachedProvider(sSLOptions, sslChannelProvider, null);
    }

    public /* synthetic */ Future lambda$updateSslContext$2(SSLOptions sSLOptions, ContextInternal contextInternal, AsyncResult asyncResult) {
        return (asyncResult.succeeded() && ((CachedProvider) asyncResult.result()).options.equals(sSLOptions)) ? Future.succeededFuture(asyncResult.result()) : buildChannelProvider(sSLOptions, contextInternal).transform(new u(contextInternal, sSLOptions, asyncResult, 1));
    }

    public static /* synthetic */ SslContextUpdate lambda$updateSslContext$3(CachedProvider cachedProvider) {
        return new SslContextUpdate(cachedProvider.sslChannelProvider, cachedProvider.failure);
    }

    public static SSLEngineOptions resolveEngineOptions(SSLEngineOptions sSLEngineOptions, boolean z8) {
        if (sSLEngineOptions == null && z8) {
            if (JdkSSLEngineOptions.isAlpnAvailable()) {
                sSLEngineOptions = new JdkSSLEngineOptions();
            } else if (OpenSSLEngineOptions.isAlpnAvailable()) {
                sSLEngineOptions = new OpenSSLEngineOptions();
            }
        }
        if (sSLEngineOptions == null) {
            sSLEngineOptions = new JdkSSLEngineOptions();
        } else if ((sSLEngineOptions instanceof OpenSSLEngineOptions) && !OpenSsl.isAvailable()) {
            VertxException vertxException = new VertxException("OpenSSL is not available");
            Throwable unavailabilityCause = OpenSsl.unavailabilityCause();
            if (unavailabilityCause == null) {
                throw vertxException;
            }
            vertxException.initCause(unavailabilityCause);
            throw vertxException;
        }
        if (z8) {
            if ((sSLEngineOptions instanceof JdkSSLEngineOptions) && !JdkSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN not available for JDK SSL/TLS engine");
            }
            if ((sSLEngineOptions instanceof OpenSSLEngineOptions) && !OpenSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN is not available for OpenSSL SSL/TLS engine");
            }
        }
        return sSLEngineOptions;
    }

    public Future<SslChannelProvider> buildChannelProvider(SSLOptions sSLOptions, final ContextInternal contextInternal) {
        return build(new SSLOptions(sSLOptions), contextInternal).map(new Function() { // from class: io.vertx.core.net.impl.D
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                SslChannelProvider lambda$buildChannelProvider$4;
                lambda$buildChannelProvider$4 = SSLHelper.this.lambda$buildChannelProvider$4(contextInternal, (SSLHelper.EngineConfig) obj);
                return lambda$buildChannelProvider$4;
            }
        });
    }

    public Future<SslContextProvider> buildContextProvider(SSLOptions sSLOptions, ContextInternal contextInternal) {
        return build(new SSLOptions(sSLOptions), contextInternal).map((Function<EngineConfig, U>) new A(1));
    }

    public Future<SslContextUpdate> updateSslContext(SSLOptions sSLOptions, ContextInternal contextInternal) {
        Future map;
        synchronized (this) {
            try {
                Future<CachedProvider> future = this.cachedProvider;
                if (future == null) {
                    this.cachedProvider = buildChannelProvider(sSLOptions, contextInternal).map((Function<SslChannelProvider, U>) new io.ktor.util.collections.a(sSLOptions, 8));
                } else {
                    this.cachedProvider = future.transform(new z(this, sSLOptions, contextInternal));
                }
                map = this.cachedProvider.map((Function<CachedProvider, U>) new A(0));
            } catch (Throwable th) {
                throw th;
            }
        }
        return map;
    }
}
