package org.apache.pulsar.jetcd.shaded.io.vertx.core.net.impl;

import java.security.cert.CRL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.pulsar.jetcd.shaded.io.vertx.core.VertxException;
import org.apache.pulsar.jetcd.shaded.io.vertx.core.http.ClientAuth;
import org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/jetcd-core-shaded-3.3.2.3.jar:org/apache/pulsar/jetcd/shaded/io/vertx/core/net/impl/SslContextProvider.class */
public class SslContextProvider {
    private final Supplier<SslContextFactory> provider;
    private final Set<String> enabledProtocols;
    private final List<CRL> crls;
    private final ClientAuth clientAuth;
    private final Set<String> enabledCipherSuites;
    private final List<String> applicationProtocols;
    private final String endpointIdentificationAlgorithm;
    private final KeyManagerFactory keyManagerFactory;
    private final TrustManagerFactory trustManagerFactory;
    private final Function<String, KeyManagerFactory> keyManagerFactoryMapper;
    private final Function<String, TrustManager[]> trustManagerMapper;
    private static final TrustManager TRUST_ALL_MANAGER = new X509TrustManager() { // from class: org.apache.pulsar.jetcd.shaded.io.vertx.core.net.impl.SslContextProvider.4
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    };

    public SslContextProvider(ClientAuth clientAuth, String str, List<String> list, Set<String> set, Set<String> set2, KeyManagerFactory keyManagerFactory, Function<String, KeyManagerFactory> function, TrustManagerFactory trustManagerFactory, Function<String, TrustManager[]> function2, List<CRL> list2, Supplier<SslContextFactory> supplier) {
        this.provider = supplier;
        this.clientAuth = clientAuth;
        this.endpointIdentificationAlgorithm = str;
        this.applicationProtocols = list;
        this.enabledCipherSuites = new HashSet(set);
        this.enabledProtocols = set2;
        this.keyManagerFactory = keyManagerFactory;
        this.trustManagerFactory = trustManagerFactory;
        this.keyManagerFactoryMapper = function;
        this.trustManagerMapper = function2;
        this.crls = list2;
    }

    public VertxSslContext createContext(boolean z, KeyManagerFactory keyManagerFactory, TrustManager[] trustManagerArr, String str, boolean z2, boolean z3) {
        if (keyManagerFactory == null) {
            keyManagerFactory = defaultKeyManagerFactory();
        }
        if (z3) {
            trustManagerArr = createTrustAllManager();
        } else if (trustManagerArr == null) {
            trustManagerArr = defaultTrustManagers();
        }
        return z ? createServerContext(keyManagerFactory, trustManagerArr, str, z2) : createClientContext(keyManagerFactory, trustManagerArr, str, z2);
    }

    public VertxSslContext createContext(boolean z, boolean z2) {
        return createContext(z, defaultKeyManagerFactory(), defaultTrustManagers(), null, z2, false);
    }

    public VertxSslContext createClientContext(KeyManagerFactory keyManagerFactory, TrustManager[] trustManagerArr, final String str, boolean z) {
        try {
            SslContextFactory applicationProtocols = this.provider.get().useAlpn(z).forClient(true).enabledCipherSuites(this.enabledCipherSuites).applicationProtocols(this.applicationProtocols);
            if (keyManagerFactory != null) {
                applicationProtocols.keyMananagerFactory(keyManagerFactory);
            }
            if (trustManagerArr != null) {
                applicationProtocols.trustManagerFactory(buildVertxTrustManagerFactory(trustManagerArr));
            }
            return new VertxSslContext(applicationProtocols.create()) { // from class: org.apache.pulsar.jetcd.shaded.io.vertx.core.net.impl.SslContextProvider.1
                @Override // io.grpc.netty.shaded.io.netty.handler.ssl.DelegatingSslContext
                protected void initEngine(SSLEngine sSLEngine) {
                    SslContextProvider.this.configureEngine(sSLEngine, SslContextProvider.this.enabledProtocols, str, true);
                }
            };
        } catch (Exception e) {
            throw new VertxException(e);
        }
    }

    public VertxSslContext createServerContext(KeyManagerFactory keyManagerFactory, TrustManager[] trustManagerArr, final String str, boolean z) {
        try {
            SslContextFactory applicationProtocols = this.provider.get().useAlpn(z).forClient(false).enabledCipherSuites(this.enabledCipherSuites).applicationProtocols(this.applicationProtocols);
            applicationProtocols.clientAuth(SSLHelper.CLIENT_AUTH_MAPPING.get(this.clientAuth));
            if (str != null) {
                applicationProtocols.serverName(str);
            }
            if (keyManagerFactory != null) {
                applicationProtocols.keyMananagerFactory(keyManagerFactory);
            }
            if (trustManagerArr != null) {
                applicationProtocols.trustManagerFactory(buildVertxTrustManagerFactory(trustManagerArr));
            }
            return new VertxSslContext(applicationProtocols.create()) { // from class: org.apache.pulsar.jetcd.shaded.io.vertx.core.net.impl.SslContextProvider.2
                @Override // io.grpc.netty.shaded.io.netty.handler.ssl.DelegatingSslContext
                protected void initEngine(SSLEngine sSLEngine) {
                    SslContextProvider.this.configureEngine(sSLEngine, SslContextProvider.this.enabledProtocols, str, false);
                }
            };
        } catch (Exception e) {
            throw new VertxException(e);
        }
    }

    public TrustManager[] defaultTrustManagers() {
        if (this.trustManagerFactory != null) {
            return this.trustManagerFactory.getTrustManagers();
        }
        return null;
    }

    public TrustManagerFactory defaultTrustManagerFactory() {
        return this.trustManagerFactory;
    }

    public KeyManagerFactory defaultKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    public KeyManagerFactory resolveKeyManagerFactory(String str) throws Exception {
        if (this.keyManagerFactoryMapper != null) {
            return this.keyManagerFactoryMapper.apply(str);
        }
        return null;
    }

    public TrustManager[] resolveTrustManagers(String str) throws Exception {
        if (this.trustManagerMapper != null) {
            return this.trustManagerMapper.apply(str);
        }
        return null;
    }

    private VertxTrustManagerFactory buildVertxTrustManagerFactory(TrustManager[] trustManagerArr) {
        if (this.crls != null && this.crls.size() > 0) {
            trustManagerArr = createUntrustRevokedCertTrustManager(trustManagerArr, this.crls);
        }
        return new VertxTrustManagerFactory(trustManagerArr);
    }

    private static TrustManager[] createUntrustRevokedCertTrustManager(TrustManager[] trustManagerArr, final List<CRL> list) {
        TrustManager[] trustManagerArr2 = (TrustManager[]) trustManagerArr.clone();
        for (int i = 0; i < trustManagerArr2.length; i++) {
            TrustManager trustManager = trustManagerArr2[i];
            if (trustManager instanceof X509TrustManager) {
                final X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                trustManagerArr2[i] = new X509TrustManager() { // from class: org.apache.pulsar.jetcd.shaded.io.vertx.core.net.impl.SslContextProvider.3
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        checkRevoked(x509CertificateArr);
                        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        checkRevoked(x509CertificateArr);
                        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                    }

                    private void checkRevoked(X509Certificate[] x509CertificateArr) throws CertificateException {
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            Iterator it = list.iterator();
                            while (it.hasNext()) {
                                if (((CRL) it.next()).isRevoked(x509Certificate)) {
                                    throw new CertificateException("Certificate revoked");
                                }
                            }
                        }
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return x509TrustManager.getAcceptedIssuers();
                    }
                };
            }
        }
        return trustManagerArr2;
    }

    private static TrustManager[] createTrustAllManager() {
        return new TrustManager[]{TRUST_ALL_MANAGER};
    }

    public void configureEngine(SSLEngine sSLEngine, Set<String> set, String str, boolean z) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set);
        linkedHashSet.retainAll(Arrays.asList(sSLEngine.getSupportedProtocols()));
        sSLEngine.setEnabledProtocols((String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
        if (z && !this.endpointIdentificationAlgorithm.isEmpty()) {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(this.endpointIdentificationAlgorithm);
            sSLEngine.setSSLParameters(sSLParameters);
        }
        if (str != null) {
            SSLParameters sSLParameters2 = sSLEngine.getSSLParameters();
            sSLParameters2.setServerNames(Collections.singletonList(new SNIHostName(str)));
            sSLEngine.setSSLParameters(sSLParameters2);
        }
    }
}
