package reactor.netty.tcp;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelPipeline;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.time.Duration;
import java.util.Objects;
import java.util.function.Consumer;
import javax.net.ssl.SSLException;
import reactor.core.Exceptions;
import reactor.netty.Metrics;
import reactor.netty.NettyPipeline;
import reactor.netty.ReactorNetty;
import reactor.netty.channel.ChannelMetricsHandler;
import reactor.netty.channel.ChannelMetricsRecorder;
import reactor.netty.http.HttpDecoderSpec;
import reactor.util.Logger;
import reactor.util.Loggers;
import reactor.util.annotation.Nullable;

/* loaded from: input_file:reactor/netty/tcp/SslProvider.class */
public final class SslProvider {
    final SslContext sslContext;
    final SslContextBuilder sslContextBuilder;
    final DefaultConfigurationType type;
    final long handshakeTimeoutMillis;
    final long closeNotifyFlushTimeoutMillis;
    final long closeNotifyReadTimeoutMillis;
    final Consumer<? super SslHandler> handlerConfigurator;
    final int builderHashCode;
    static final Logger log = Loggers.getLogger(SslProvider.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: reactor.netty.tcp.SslProvider$1, reason: invalid class name */
    /* loaded from: input_file:reactor/netty/tcp/SslProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$reactor$netty$tcp$SslProvider$DefaultConfigurationType = new int[DefaultConfigurationType.values().length];

        static {
            try {
                $SwitchMap$reactor$netty$tcp$SslProvider$DefaultConfigurationType[DefaultConfigurationType.H2.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$reactor$netty$tcp$SslProvider$DefaultConfigurationType[DefaultConfigurationType.TCP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$reactor$netty$tcp$SslProvider$DefaultConfigurationType[DefaultConfigurationType.NONE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:reactor/netty/tcp/SslProvider$Build.class */
    public static final class Build implements SslContextSpec, DefaultConfigurationSpec, Builder {
        static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT = Long.parseLong(System.getProperty(ReactorNetty.SSL_HANDSHAKE_TIMEOUT, "10000"));
        SslContextBuilder sslCtxBuilder;
        DefaultConfigurationType type;
        SslContext sslContext;
        Consumer<? super SslHandler> handlerConfigurator;
        long handshakeTimeoutMillis = DEFAULT_SSL_HANDSHAKE_TIMEOUT;
        long closeNotifyFlushTimeoutMillis = 3000;
        long closeNotifyReadTimeoutMillis;

        Build() {
        }

        @Override // reactor.netty.tcp.SslProvider.SslContextSpec
        public final Builder sslContext(SslContext sslContext) {
            this.sslContext = (SslContext) Objects.requireNonNull(sslContext, "sslContext");
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.SslContextSpec
        public final DefaultConfigurationSpec sslContext(SslContextBuilder sslContextBuilder) {
            this.sslCtxBuilder = (SslContextBuilder) Objects.requireNonNull(sslContextBuilder, "sslCtxBuilder");
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.DefaultConfigurationSpec
        public final Builder defaultConfiguration(DefaultConfigurationType defaultConfigurationType) {
            this.type = (DefaultConfigurationType) Objects.requireNonNull(defaultConfigurationType, Metrics.TYPE);
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder handshakeTimeout(Duration duration) {
            Objects.requireNonNull(duration, "handshakeTimeout");
            return handshakeTimeoutMillis(duration.toMillis());
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder handlerConfigurator(Consumer<? super SslHandler> consumer) {
            Objects.requireNonNull(consumer, "handshakeTimeout");
            this.handlerConfigurator = consumer;
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder handshakeTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl handshake timeout must be positive was: " + j);
            }
            this.handshakeTimeoutMillis = j;
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyFlushTimeout(Duration duration) {
            Objects.requireNonNull(duration, "closeNotifyFlushTimeout");
            return closeNotifyFlushTimeoutMillis(duration.toMillis());
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyFlushTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl close_notify flush timeout must be positive, was: " + j);
            }
            this.closeNotifyFlushTimeoutMillis = j;
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyReadTimeout(Duration duration) {
            Objects.requireNonNull(duration, "closeNotifyReadTimeout");
            return closeNotifyReadTimeoutMillis(duration.toMillis());
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyReadTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl close_notify read timeout must be positive, was: " + j);
            }
            this.closeNotifyReadTimeoutMillis = j;
            return this;
        }

        @Override // reactor.netty.tcp.SslProvider.Builder
        public SslProvider build() {
            return new SslProvider(this);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Build build = (Build) obj;
            return this.handshakeTimeoutMillis == build.handshakeTimeoutMillis && this.closeNotifyFlushTimeoutMillis == build.closeNotifyFlushTimeoutMillis && this.closeNotifyReadTimeoutMillis == build.closeNotifyReadTimeoutMillis && Objects.equals(this.sslCtxBuilder, build.sslCtxBuilder) && this.type == build.type && Objects.equals(this.sslContext, build.sslContext) && Objects.equals(this.handlerConfigurator, build.handlerConfigurator);
        }

        public int hashCode() {
            return Objects.hash(this.sslCtxBuilder, this.type, this.sslContext, this.handlerConfigurator, Long.valueOf(this.handshakeTimeoutMillis), Long.valueOf(this.closeNotifyFlushTimeoutMillis), Long.valueOf(this.closeNotifyReadTimeoutMillis));
        }
    }

    /* loaded from: input_file:reactor/netty/tcp/SslProvider$Builder.class */
    public interface Builder {
        Builder handlerConfigurator(Consumer<? super SslHandler> consumer);

        Builder handshakeTimeout(Duration duration);

        Builder handshakeTimeoutMillis(long j);

        Builder closeNotifyFlushTimeout(Duration duration);

        Builder closeNotifyFlushTimeoutMillis(long j);

        Builder closeNotifyReadTimeout(Duration duration);

        Builder closeNotifyReadTimeoutMillis(long j);

        SslProvider build();
    }

    /* loaded from: input_file:reactor/netty/tcp/SslProvider$DefaultConfigurationSpec.class */
    public interface DefaultConfigurationSpec {
        Builder defaultConfiguration(DefaultConfigurationType defaultConfigurationType);
    }

    /* loaded from: input_file:reactor/netty/tcp/SslProvider$DefaultConfigurationType.class */
    public enum DefaultConfigurationType {
        NONE,
        TCP,
        H2
    }

    /* loaded from: input_file:reactor/netty/tcp/SslProvider$SslContextSpec.class */
    public interface SslContextSpec {
        Builder sslContext(SslContext sslContext);

        DefaultConfigurationSpec sslContext(SslContextBuilder sslContextBuilder);
    }

    /* loaded from: input_file:reactor/netty/tcp/SslProvider$SslReadHandler.class */
    static final class SslReadHandler extends ChannelInboundHandlerAdapter {
        boolean handshakeDone;
        ChannelMetricsRecorder recorder;
        long tlsHandshakeTimeStart;

        SslReadHandler() {
        }

        public void channelRegistered(ChannelHandlerContext channelHandlerContext) {
            ChannelMetricsHandler channelMetricsHandler = channelHandlerContext.pipeline().get(NettyPipeline.ChannelMetricsHandler);
            if (channelMetricsHandler != null) {
                this.recorder = channelMetricsHandler.recorder();
                this.tlsHandshakeTimeStart = System.nanoTime();
            }
            channelHandlerContext.fireChannelRegistered();
        }

        public void channelActive(ChannelHandlerContext channelHandlerContext) {
            channelHandlerContext.read();
        }

        public void channelReadComplete(ChannelHandlerContext channelHandlerContext) {
            if (!this.handshakeDone) {
                channelHandlerContext.read();
            }
            channelHandlerContext.fireChannelReadComplete();
        }

        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) {
            if (obj instanceof SslHandshakeCompletionEvent) {
                this.handshakeDone = true;
                if (channelHandlerContext.pipeline().context(this) != null) {
                    channelHandlerContext.pipeline().remove(this);
                }
                SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                if (sslHandshakeCompletionEvent.isSuccess()) {
                    if (this.recorder != null) {
                        this.recorder.recordTlsHandshakeTime(channelHandlerContext.channel().remoteAddress(), Duration.ofNanos(System.nanoTime() - this.tlsHandshakeTimeStart), Metrics.SUCCESS);
                    }
                    channelHandlerContext.fireChannelActive();
                } else {
                    if (this.recorder != null) {
                        this.recorder.recordTlsHandshakeTime(channelHandlerContext.channel().remoteAddress(), Duration.ofNanos(System.nanoTime() - this.tlsHandshakeTimeStart), Metrics.ERROR);
                    }
                    channelHandlerContext.fireExceptionCaught(sslHandshakeCompletionEvent.cause());
                }
            }
            channelHandlerContext.fireUserEventTriggered(obj);
        }
    }

    public static SslContextSpec builder() {
        return new Build();
    }

    public static SslProvider addHandlerConfigurator(SslProvider sslProvider, Consumer<? super SslHandler> consumer) {
        Objects.requireNonNull(sslProvider, "provider");
        Objects.requireNonNull(consumer, "handlerConfigurator");
        return new SslProvider(sslProvider, consumer);
    }

    public static SslProvider updateDefaultConfiguration(SslProvider sslProvider, DefaultConfigurationType defaultConfigurationType) {
        Objects.requireNonNull(sslProvider, "provider");
        Objects.requireNonNull(defaultConfigurationType, Metrics.TYPE);
        return new SslProvider(sslProvider, defaultConfigurationType);
    }

    public static SslProvider defaultClientProvider() {
        return TcpClientSecure.DEFAULT_SSL_PROVIDER;
    }

    SslProvider(Build build) {
        this.sslContextBuilder = build.sslCtxBuilder;
        this.type = build.type;
        if (build.sslContext != null) {
            this.sslContext = build.sslContext;
        } else {
            if (this.sslContextBuilder == null) {
                throw new IllegalArgumentException("Neither SslContextBuilder nor SslContext is specified");
            }
            if (this.type != null) {
                updateDefaultConfiguration();
            }
            try {
                this.sslContext = this.sslContextBuilder.build();
            } catch (SSLException e) {
                throw Exceptions.propagate(e);
            }
        }
        this.handlerConfigurator = build.handlerConfigurator;
        this.handshakeTimeoutMillis = build.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = build.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = build.closeNotifyReadTimeoutMillis;
        this.builderHashCode = build.hashCode();
    }

    SslProvider(SslProvider sslProvider, Consumer<? super SslHandler> consumer) {
        this.sslContext = sslProvider.sslContext;
        this.sslContextBuilder = sslProvider.sslContextBuilder;
        this.type = sslProvider.type;
        if (sslProvider.handlerConfigurator == null) {
            this.handlerConfigurator = consumer;
        } else {
            this.handlerConfigurator = sslHandler -> {
                consumer.accept(sslHandler);
                sslProvider.handlerConfigurator.accept(sslHandler);
            };
        }
        this.handshakeTimeoutMillis = sslProvider.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = sslProvider.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = sslProvider.closeNotifyReadTimeoutMillis;
        this.builderHashCode = sslProvider.builderHashCode;
    }

    SslProvider(SslProvider sslProvider, DefaultConfigurationType defaultConfigurationType) {
        this.sslContextBuilder = sslProvider.sslContextBuilder;
        this.type = defaultConfigurationType;
        if (this.sslContextBuilder != null) {
            updateDefaultConfiguration();
            try {
                this.sslContext = this.sslContextBuilder.build();
            } catch (SSLException e) {
                throw Exceptions.propagate(e);
            }
        } else {
            this.sslContext = sslProvider.sslContext;
        }
        this.handlerConfigurator = sslProvider.handlerConfigurator;
        this.handshakeTimeoutMillis = sslProvider.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = sslProvider.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = sslProvider.closeNotifyReadTimeoutMillis;
        this.builderHashCode = sslProvider.builderHashCode;
    }

    void updateDefaultConfiguration() {
        switch (AnonymousClass1.$SwitchMap$reactor$netty$tcp$SslProvider$DefaultConfigurationType[this.type.ordinal()]) {
            case HttpDecoderSpec.DEFAULT_VALIDATE_HEADERS /* 1 */:
                this.sslContextBuilder.sslProvider(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ? io.netty.handler.ssl.SslProvider.OPENSSL : io.netty.handler.ssl.SslProvider.JDK).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"}));
                return;
            case 2:
                this.sslContextBuilder.sslProvider(OpenSsl.isAvailable() ? io.netty.handler.ssl.SslProvider.OPENSSL : io.netty.handler.ssl.SslProvider.JDK).ciphers((Iterable) null, IdentityCipherSuiteFilter.INSTANCE).applicationProtocolConfig((ApplicationProtocolConfig) null);
                return;
            case 3:
            default:
                return;
        }
    }

    public SslContext getSslContext() {
        return this.sslContext;
    }

    @Nullable
    public DefaultConfigurationType getDefaultConfigurationType() {
        return this.type;
    }

    public void configure(SslHandler sslHandler) {
        sslHandler.setHandshakeTimeoutMillis(this.handshakeTimeoutMillis);
        sslHandler.setCloseNotifyFlushTimeoutMillis(this.closeNotifyFlushTimeoutMillis);
        sslHandler.setCloseNotifyReadTimeoutMillis(this.closeNotifyReadTimeoutMillis);
        if (this.handlerConfigurator != null) {
            this.handlerConfigurator.accept(sslHandler);
        }
    }

    public void addSslHandler(Channel channel, @Nullable SocketAddress socketAddress, boolean z) {
        SslHandler newHandler;
        if (socketAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
            newHandler = getSslContext().newHandler(channel.alloc(), inetSocketAddress.getHostString(), inetSocketAddress.getPort());
            if (log.isDebugEnabled()) {
                log.debug(ReactorNetty.format(channel, "SSL enabled using engine {} and SNI {}"), new Object[]{newHandler.engine().getClass().getSimpleName(), inetSocketAddress});
            }
        } else {
            newHandler = getSslContext().newHandler(channel.alloc());
            if (log.isDebugEnabled()) {
                log.debug(ReactorNetty.format(channel, "SSL enabled using engine {}"), new Object[]{newHandler.engine().getClass().getSimpleName()});
            }
        }
        configure(newHandler);
        ChannelPipeline pipeline = channel.pipeline();
        if (pipeline.get(NettyPipeline.ProxyHandler) != null) {
            pipeline.addAfter(NettyPipeline.ProxyHandler, NettyPipeline.SslHandler, newHandler);
        } else {
            pipeline.addFirst(NettyPipeline.SslHandler, newHandler);
        }
        if (pipeline.get(NettyPipeline.LoggingHandler) == null) {
            pipeline.addAfter(NettyPipeline.SslHandler, NettyPipeline.SslReader, new SslReadHandler());
            return;
        }
        pipeline.addAfter(NettyPipeline.LoggingHandler, NettyPipeline.SslReader, new SslReadHandler());
        if (z) {
            pipeline.addBefore(NettyPipeline.SslHandler, NettyPipeline.SslLoggingHandler, new LoggingHandler("reactor.netty.tcp.ssl"));
        }
    }

    public String toString() {
        return "SslProvider {type=" + this.type + ", handshakeTimeoutMillis=" + this.handshakeTimeoutMillis + ", closeNotifyFlushTimeoutMillis=" + this.closeNotifyFlushTimeoutMillis + ", closeNotifyReadTimeoutMillis=" + this.closeNotifyReadTimeoutMillis + '}';
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        return obj != null && getClass() == obj.getClass() && this.builderHashCode == ((SslProvider) obj).builderHashCode;
    }

    public int hashCode() {
        return Objects.hash(Integer.valueOf(this.builderHashCode));
    }
}
