package com.liferay.sync.engine.lan;

import com.liferay.sync.engine.lan.util.LanClientUtil;
import com.liferay.sync.engine.lan.util.LanPEMUtil;
import com.liferay.sync.engine.model.SyncAccount;
import com.liferay.sync.engine.service.SyncAccountService;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SniHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.stream.ChunkedWriteHandler;
import io.netty.util.DomainNameMapping;
import io.netty.util.DomainNameMappingBuilder;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import org.apache.poi.hssf.usermodel.HSSFShape;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/liferay/sync/engine/lan/LanFileServerInitializer.class */
public class LanFileServerInitializer extends ChannelInitializer<SocketChannel> {
    private static final Logger _logger = LoggerFactory.getLogger((Class<?>) LanFileServerInitializer.class);
    private DomainNameMapping<SslContext> _domainNameMapping;

    public void initChannel(SocketChannel socketChannel) {
        ChannelPipeline pipeline = socketChannel.pipeline();
        try {
            DomainNameMapping<SslContext> _getDomainNameMapping = _getDomainNameMapping();
            if (_getDomainNameMapping != null) {
                pipeline.addLast(new ChannelHandler[]{new SniHandler(_getDomainNameMapping)});
            }
        } catch (Exception e) {
            _logger.error(e.getMessage(), (Throwable) e);
        }
        pipeline.addLast(new ChannelHandler[]{new HttpServerCodec()});
        pipeline.addLast(new ChannelHandler[]{new HttpObjectAggregator(HSSFShape.NO_FILLHITTEST_FALSE)});
        pipeline.addLast(new ChannelHandler[]{new ChunkedWriteHandler()});
        pipeline.addLast(new ChannelHandler[]{new LanFileServerHandler()});
    }

    public void reload() {
        this._domainNameMapping = null;
    }

    private DomainNameMapping<SslContext> _getDomainNameMapping() throws Exception {
        if (this._domainNameMapping != null) {
            return this._domainNameMapping;
        }
        DomainNameMappingBuilder domainNameMappingBuilder = null;
        for (SyncAccount syncAccount : SyncAccountService.findAll()) {
            if (syncAccount.isActive()) {
                PrivateKey privateKey = LanPEMUtil.getPrivateKey(syncAccount.getLanKey());
                X509Certificate x509Certificate = LanPEMUtil.getX509Certificate(syncAccount.getLanCertificate());
                SslContextBuilder forServer = SslContextBuilder.forServer(privateKey, new X509Certificate[]{x509Certificate});
                forServer.clientAuth(ClientAuth.REQUIRE);
                forServer.sslProvider(SslProvider.JDK);
                forServer.trustManager(new X509Certificate[]{x509Certificate});
                SslContext build = forServer.build();
                if (domainNameMappingBuilder == null) {
                    domainNameMappingBuilder = new DomainNameMappingBuilder(build);
                }
                domainNameMappingBuilder.add(LanClientUtil.getSNICompliantLanServerId(syncAccount.getLanServerId()), build);
            }
        }
        if (domainNameMappingBuilder == null) {
            return null;
        }
        this._domainNameMapping = domainNameMappingBuilder.build();
        return this._domainNameMapping;
    }
}
