package com.eatthepath.pushy.apns.server;

import com.eatthepath.pushy.apns.server.BaseHttp2Server;
import io.netty.channel.EventLoopGroup;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.util.ReferenceCounted;
import java.io.File;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/pushy-0.14.2.jar:com/eatthepath/pushy/apns/server/BaseHttp2ServerBuilder.class */
abstract class BaseHttp2ServerBuilder<T extends BaseHttp2Server> {
    protected X509Certificate[] certificateChain;
    protected PrivateKey privateKey;
    protected File certificateChainPemFile;
    protected File privateKeyPkcs8File;
    protected InputStream certificateChainInputStream;
    protected InputStream privateKeyPkcs8InputStream;
    protected String privateKeyPassword;
    protected File trustedClientCertificatePemFile;
    protected InputStream trustedClientCertificateInputStream;
    protected X509Certificate[] trustedClientCertificates;
    protected EventLoopGroup eventLoopGroup;
    protected int maxConcurrentStreams = DEFAULT_MAX_CONCURRENT_STREAMS;
    protected boolean useAlpn;
    public static final int DEFAULT_MAX_CONCURRENT_STREAMS = 1500;
    private static final Logger log = LoggerFactory.getLogger(BaseHttp2ServerBuilder.class);

    public BaseHttp2ServerBuilder<T> setServerCredentials(File file, File file2, String str) {
        this.certificateChain = null;
        this.privateKey = null;
        this.certificateChainPemFile = file;
        this.privateKeyPkcs8File = file2;
        this.certificateChainInputStream = null;
        this.privateKeyPkcs8InputStream = null;
        this.privateKeyPassword = str;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setServerCredentials(InputStream inputStream, InputStream inputStream2, String str) {
        this.certificateChain = null;
        this.privateKey = null;
        this.certificateChainPemFile = null;
        this.privateKeyPkcs8File = null;
        this.certificateChainInputStream = inputStream;
        this.privateKeyPkcs8InputStream = inputStream2;
        this.privateKeyPassword = str;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setServerCredentials(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str) {
        this.certificateChain = x509CertificateArr;
        this.privateKey = privateKey;
        this.certificateChainPemFile = null;
        this.privateKeyPkcs8File = null;
        this.certificateChainInputStream = null;
        this.privateKeyPkcs8InputStream = null;
        this.privateKeyPassword = str;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setTrustedClientCertificateChain(File file) {
        this.trustedClientCertificatePemFile = file;
        this.trustedClientCertificateInputStream = null;
        this.trustedClientCertificates = null;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setTrustedClientCertificateChain(InputStream inputStream) {
        this.trustedClientCertificatePemFile = null;
        this.trustedClientCertificateInputStream = inputStream;
        this.trustedClientCertificates = null;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setTrustedServerCertificateChain(X509Certificate... x509CertificateArr) {
        this.trustedClientCertificatePemFile = null;
        this.trustedClientCertificateInputStream = null;
        this.trustedClientCertificates = x509CertificateArr;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setEventLoopGroup(EventLoopGroup eventLoopGroup) {
        this.eventLoopGroup = eventLoopGroup;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setMaxConcurrentStreams(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException("Maximum number of concurrent streams must be positive.");
        }
        this.maxConcurrentStreams = i;
        return this;
    }

    public BaseHttp2ServerBuilder<T> setUseAlpn(boolean z) {
        this.useAlpn = z;
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public T build() throws SSLException {
        SslProvider sslProvider;
        SslContextBuilder forServer;
        if (OpenSsl.isAvailable()) {
            log.info("Native SSL provider is available; will use native provider.");
            sslProvider = SslProvider.OPENSSL;
        } else {
            log.info("Native SSL provider not available; will use JDK SSL provider.");
            sslProvider = SslProvider.JDK;
        }
        if (this.certificateChain != null && this.privateKey != null) {
            forServer = SslContextBuilder.forServer(this.privateKey, this.privateKeyPassword, this.certificateChain);
        } else if (this.certificateChainPemFile != null && this.privateKeyPkcs8File != null) {
            forServer = SslContextBuilder.forServer(this.certificateChainPemFile, this.privateKeyPkcs8File, this.privateKeyPassword);
        } else {
            if (this.certificateChainInputStream == null || this.privateKeyPkcs8InputStream == null) {
                throw new IllegalStateException("Must specify server credentials before building a mock server.");
            }
            forServer = SslContextBuilder.forServer(this.certificateChainInputStream, this.privateKeyPkcs8InputStream, this.privateKeyPassword);
        }
        forServer.sslProvider(sslProvider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).clientAuth(ClientAuth.OPTIONAL);
        if (this.trustedClientCertificatePemFile != null) {
            forServer.trustManager(this.trustedClientCertificatePemFile);
        } else if (this.trustedClientCertificateInputStream != null) {
            forServer.trustManager(this.trustedClientCertificateInputStream);
        } else if (this.trustedClientCertificates != null) {
            forServer.trustManager(this.trustedClientCertificates);
        }
        if (this.useAlpn) {
            forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2));
        }
        SslContext build = forServer.build();
        try {
            T constructServer = constructServer(build);
            if (build instanceof ReferenceCounted) {
                ((ReferenceCounted) build).release();
            }
            return constructServer;
        } catch (Throwable th) {
            if (build instanceof ReferenceCounted) {
                ((ReferenceCounted) build).release();
            }
            throw th;
        }
    }

    protected abstract T constructServer(SslContext sslContext);
}
