package net.corda.nodeapi.internal.protonwrapper.netty;

import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.nodeapi.internal.config.CertificateStore;
import net.corda.nodeapi.internal.crypto.X509UtilitiesKt;
import org.hibernate.event.internal.EntityCopyAllowedLoggedObserver;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.MDC;

/* compiled from: SNIKeyManager.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��n\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0010\u0011\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\b��\u0018�� 72\u00020\u00012\u00020\u00022\u00020\u0003:\u00017B\u0015\u0012\u0006\u0010\u0004\u001a\u00020\u0001\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0002\u0010\u0007J7\u0010\u000e\u001a\u0004\u0018\u00010\t2\u000e\u0010\u000f\u001a\n\u0012\u0006\b\u0001\u0012\u00020\t0\u00102\u000e\u0010\u0011\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00120\u00102\u0006\u0010\u0013\u001a\u00020\u0014H\u0016¢\u0006\u0002\u0010\u0015J\u001c\u0010\u000e\u001a\u0004\u0018\u00010\t2\u0006\u0010\u0016\u001a\u00020\u00172\b\u0010\u0018\u001a\u0004\u0018\u00010\tH\u0002J7\u0010\u0019\u001a\u0004\u0018\u00010\t2\u000e\u0010\u000f\u001a\n\u0012\u0006\b\u0001\u0012\u00020\t0\u00102\u000e\u0010\u0011\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00120\u00102\u0006\u0010\u001a\u001a\u00020\u001bH\u0016¢\u0006\u0002\u0010\u001cJ5\u0010\u001d\u001a\u0004\u0018\u00010\t2\b\u0010\u000f\u001a\u0004\u0018\u00010\t2\u0010\u0010\u0011\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0012\u0018\u00010\u00102\b\u0010\u001a\u001a\u0004\u0018\u00010\u001bH\u0016¢\u0006\u0002\u0010\u001eJ3\u0010\u001f\u001a\u0004\u0018\u00010\t2\b\u0010\u000f\u001a\u0004\u0018\u00010\t2\u0010\u0010\u0011\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0012\u0018\u00010\u00102\u0006\u0010\u0013\u001a\u00020\u0014H\u0016¢\u0006\u0002\u0010 J5\u0010\u001f\u001a\u0004\u0018\u00010\t2\b\u0010\u000f\u001a\u0004\u0018\u00010\t2\u0010\u0010\u0011\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0012\u0018\u00010\u00102\b\u0010!\u001a\u0004\u0018\u00010\"H\u0002¢\u0006\u0002\u0010#JD\u0010$\u001a(\u0012\f\u0012\n &*\u0004\u0018\u00010%0% &*\u0014\u0012\u000e\b\u0001\u0012\n &*\u0004\u0018\u00010%0%\u0018\u00010\u00100\u00102\u000e\u0010'\u001a\n &*\u0004\u0018\u00010\t0\tH\u0096\u0001¢\u0006\u0002\u0010(Jr\u0010)\u001a(\u0012\f\u0012\n &*\u0004\u0018\u00010\t0\t &*\u0014\u0012\u000e\b\u0001\u0012\n &*\u0004\u0018\u00010\t0\t\u0018\u00010\u00100\u00102\u000e\u0010'\u001a\n &*\u0004\u0018\u00010\t0\t2,\u0010*\u001a(\u0012\f\u0012\n &*\u0004\u0018\u00010\u00120\u0012 &*\u0014\u0012\u000e\b\u0001\u0012\n &*\u0004\u0018\u00010\u00120\u0012\u0018\u00010\u00100\u0010H\u0096\u0001¢\u0006\u0002\u0010+J!\u0010,\u001a\n &*\u0004\u0018\u00010-0-2\u000e\u0010'\u001a\n &*\u0004\u0018\u00010\t0\tH\u0096\u0001Jr\u0010.\u001a(\u0012\f\u0012\n &*\u0004\u0018\u00010\t0\t &*\u0014\u0012\u000e\b\u0001\u0012\n &*\u0004\u0018\u00010\t0\t\u0018\u00010\u00100\u00102\u000e\u0010'\u001a\n &*\u0004\u0018\u00010\t0\t2,\u0010*\u001a(\u0012\f\u0012\n &*\u0004\u0018\u00010\u00120\u0012 &*\u0014\u0012\u000e\b\u0001\u0012\n &*\u0004\u0018\u00010\u00120\u0012\u0018\u00010\u00100\u0010H\u0096\u0001¢\u0006\u0002\u0010+J\u0016\u0010/\u001a\u0002002\f\u00101\u001a\b\u0012\u0004\u0012\u00020\t02H\u0002J\u001a\u00103\u001a\u0004\u0018\u00010\t2\u000e\u00104\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\t02H\u0002J\u0016\u00105\u001a\u0002002\f\u00106\u001a\b\u0012\u0004\u0012\u00020002H\u0002R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0001X\u0082\u0004¢\u0006\u0002\n��R\u001c\u0010\b\u001a\u0004\u0018\u00010\tX\u0096\u000e¢\u0006\u000e\n��\u001a\u0004\b\n\u0010\u000b\"\u0004\b\f\u0010\r¨\u00068"}, d2 = {"Lnet/corda/nodeapi/internal/protonwrapper/netty/SNIKeyManager;", "Ljavax/net/ssl/X509ExtendedKeyManager;", "Ljavax/net/ssl/X509KeyManager;", "Lnet/corda/nodeapi/internal/protonwrapper/netty/AliasProvidingKeyMangerWrapper;", "keyManager", "amqpConfig", "Lnet/corda/nodeapi/internal/protonwrapper/netty/AMQPConfiguration;", "(Ljavax/net/ssl/X509ExtendedKeyManager;Lnet/corda/nodeapi/internal/protonwrapper/netty/AMQPConfiguration;)V", "lastAlias", "", "getLastAlias", "()Ljava/lang/String;", "setLastAlias", "(Ljava/lang/String;)V", "chooseClientAlias", "keyType", "", "issuers", "Ljava/security/Principal;", "socket", "Ljava/net/Socket;", "([Ljava/lang/String;[Ljava/security/Principal;Ljava/net/Socket;)Ljava/lang/String;", "keyStore", "Lnet/corda/nodeapi/internal/config/CertificateStore;", "clientLegalName", "chooseEngineClientAlias", "engine", "Ljavax/net/ssl/SSLEngine;", "([Ljava/lang/String;[Ljava/security/Principal;Ljavax/net/ssl/SSLEngine;)Ljava/lang/String;", "chooseEngineServerAlias", "(Ljava/lang/String;[Ljava/security/Principal;Ljavax/net/ssl/SSLEngine;)Ljava/lang/String;", "chooseServerAlias", "(Ljava/lang/String;[Ljava/security/Principal;Ljava/net/Socket;)Ljava/lang/String;", "matcher", "Ljavax/net/ssl/SNIMatcher;", "(Ljava/lang/String;[Ljava/security/Principal;Ljavax/net/ssl/SNIMatcher;)Ljava/lang/String;", "getCertificateChain", "Ljava/security/cert/X509Certificate;", "kotlin.jvm.PlatformType", "p0", "(Ljava/lang/String;)[Ljava/security/cert/X509Certificate;", "getClientAliases", "p1", "(Ljava/lang/String;[Ljava/security/Principal;)[Ljava/lang/String;", "getPrivateKey", "Ljava/security/PrivateKey;", "getServerAliases", "logDebugWithMDC", "", "msg", "Lkotlin/Function0;", "storeIfNotNull", "func", "withMDC", "block", "Companion", "node-api"})
/* loaded from: input_file:corda-node-api-4.9.8.jar:net/corda/nodeapi/internal/protonwrapper/netty/SNIKeyManager.class */
public final class SNIKeyManager extends X509ExtendedKeyManager implements X509KeyManager, AliasProvidingKeyMangerWrapper {

    @Nullable
    private String lastAlias;
    private final X509ExtendedKeyManager keyManager;
    private final AMQPConfiguration amqpConfig;
    public static final Companion Companion = new Companion(null);
    private static final Logger log = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: SNIKeyManager.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0005"}, d2 = {"Lnet/corda/nodeapi/internal/protonwrapper/netty/SNIKeyManager$Companion;", "", "()V", EntityCopyAllowedLoggedObserver.SHORT_NAME, "Lorg/slf4j/Logger;", "node-api"})
    /* loaded from: input_file:corda-node-api-4.9.8.jar:net/corda/nodeapi/internal/protonwrapper/netty/SNIKeyManager$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @Override // net.corda.nodeapi.internal.protonwrapper.netty.AliasProvidingKeyMangerWrapper
    @Nullable
    public String getLastAlias() {
        return this.lastAlias;
    }

    @Override // net.corda.nodeapi.internal.protonwrapper.netty.AliasProvidingKeyMangerWrapper
    public void setLastAlias(@Nullable String str) {
        this.lastAlias = str;
    }

    private final void withMDC(Function0<Unit> function0) {
        Map<String, String> copyOfContextMap = MDC.getCopyOfContextMap();
        try {
            MDC.put("lastAlias", getLastAlias());
            String sourceX500Name = this.amqpConfig.getSourceX500Name();
            MDC.put("isServer", String.valueOf(sourceX500Name == null || sourceX500Name.length() == 0));
            MDC.put("sourceX500Name", this.amqpConfig.getSourceX500Name());
            MDC.put("useOpenSSL", String.valueOf(this.amqpConfig.getUseOpenSsl()));
            function0.invoke();
            MDC.setContextMap(copyOfContextMap);
        } catch (Throwable th) {
            MDC.setContextMap(copyOfContextMap);
            throw th;
        }
    }

    private final void logDebugWithMDC(final Function0<String> function0) {
        if (log.isDebugEnabled()) {
            withMDC(new Function0<Unit>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$logDebugWithMDC$1
                @Override // kotlin.jvm.functions.Function0
                public /* bridge */ /* synthetic */ Unit invoke() {
                    invoke2();
                    return Unit.INSTANCE;
                }

                /* renamed from: invoke, reason: avoid collision after fix types in other method */
                public final void invoke2() {
                    Logger logger;
                    logger = SNIKeyManager.log;
                    logger.debug((String) Function0.this.invoke());
                }

                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(0);
                }
            });
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String chooseClientAlias(@NotNull String[] keyType, @NotNull Principal[] issuers, @NotNull Socket socket) {
        Intrinsics.checkParameterIsNotNull(keyType, "keyType");
        Intrinsics.checkParameterIsNotNull(issuers, "issuers");
        Intrinsics.checkParameterIsNotNull(socket, "socket");
        return storeIfNotNull(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseClientAlias$1
            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final String invoke() {
                AMQPConfiguration aMQPConfiguration;
                AMQPConfiguration aMQPConfiguration2;
                String chooseClientAlias;
                SNIKeyManager sNIKeyManager = SNIKeyManager.this;
                aMQPConfiguration = SNIKeyManager.this.amqpConfig;
                CertificateStore keyStore = aMQPConfiguration.getKeyStore();
                aMQPConfiguration2 = SNIKeyManager.this.amqpConfig;
                chooseClientAlias = sNIKeyManager.chooseClientAlias(keyStore, aMQPConfiguration2.getSourceX500Name());
                return chooseClientAlias;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    @Nullable
    public String chooseEngineClientAlias(@NotNull String[] keyType, @NotNull Principal[] issuers, @NotNull SSLEngine engine) {
        Intrinsics.checkParameterIsNotNull(keyType, "keyType");
        Intrinsics.checkParameterIsNotNull(issuers, "issuers");
        Intrinsics.checkParameterIsNotNull(engine, "engine");
        return storeIfNotNull(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseEngineClientAlias$1
            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final String invoke() {
                AMQPConfiguration aMQPConfiguration;
                AMQPConfiguration aMQPConfiguration2;
                String chooseClientAlias;
                SNIKeyManager sNIKeyManager = SNIKeyManager.this;
                aMQPConfiguration = SNIKeyManager.this.amqpConfig;
                CertificateStore keyStore = aMQPConfiguration.getKeyStore();
                aMQPConfiguration2 = SNIKeyManager.this.amqpConfig;
                chooseClientAlias = sNIKeyManager.chooseClientAlias(keyStore, aMQPConfiguration2.getSourceX500Name());
                return chooseClientAlias;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
    }

    @Override // javax.net.ssl.X509KeyManager
    @Nullable
    public String chooseServerAlias(@Nullable final String str, @Nullable final Principal[] principalArr, @NotNull final Socket socket) {
        Intrinsics.checkParameterIsNotNull(socket, "socket");
        return storeIfNotNull(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseServerAlias$1
            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final String invoke() {
                String chooseServerAlias;
                Socket socket2 = socket;
                if (socket2 == null) {
                    throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocket");
                }
                SSLParameters sSLParameters = ((SSLSocket) socket2).getSSLParameters();
                Intrinsics.checkExpressionValueIsNotNull(sSLParameters, "(socket as SSLSocket).sslParameters");
                Collection<SNIMatcher> sNIMatchers = sSLParameters.getSNIMatchers();
                Intrinsics.checkExpressionValueIsNotNull(sNIMatchers, "(socket as SSLSocket).sslParameters.sniMatchers");
                chooseServerAlias = SNIKeyManager.this.chooseServerAlias(str, principalArr, (SNIMatcher) CollectionsKt.first(sNIMatchers));
                return chooseServerAlias;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    @Nullable
    public String chooseEngineServerAlias(@Nullable final String str, @Nullable final Principal[] principalArr, @Nullable final SSLEngine sSLEngine) {
        return storeIfNotNull(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseEngineServerAlias$1
            @Override // kotlin.jvm.functions.Function0
            @Nullable
            public final String invoke() {
                SNIMatcher sNIMatcher;
                String chooseServerAlias;
                Collection<SNIMatcher> sNIMatchers;
                SSLEngine sSLEngine2 = sSLEngine;
                if (sSLEngine2 != null) {
                    SSLParameters sSLParameters = sSLEngine2.getSSLParameters();
                    if (sSLParameters != null && (sNIMatchers = sSLParameters.getSNIMatchers()) != null) {
                        sNIMatcher = (SNIMatcher) CollectionsKt.first(sNIMatchers);
                        chooseServerAlias = SNIKeyManager.this.chooseServerAlias(str, principalArr, sNIMatcher);
                        return chooseServerAlias;
                    }
                }
                sNIMatcher = null;
                chooseServerAlias = SNIKeyManager.this.chooseServerAlias(str, principalArr, sNIMatcher);
                return chooseServerAlias;
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String chooseServerAlias(final String str, final Principal[] principalArr, SNIMatcher sNIMatcher) {
        String[] serverAliases = this.keyManager.getServerAliases(str, principalArr);
        if (serverAliases != null) {
            if (!(serverAliases.length == 0)) {
                log.debug("Checking aliases: " + serverAliases + '.');
                if (sNIMatcher != null) {
                    if (sNIMatcher == null) {
                        throw new TypeCastException("null cannot be cast to non-null type net.corda.nodeapi.internal.protonwrapper.netty.ServerSNIMatcher");
                    }
                    final String matchedAlias = ((ServerSNIMatcher) sNIMatcher).getMatchedAlias();
                    if (ArraysKt.contains(serverAliases, matchedAlias)) {
                        logDebugWithMDC(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseServerAlias$3$1
                            @Override // kotlin.jvm.functions.Function0
                            @NotNull
                            public final String invoke() {
                                return "Found match for " + matchedAlias + '.';
                            }

                            /* JADX INFO: Access modifiers changed from: package-private */
                            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                            {
                                super(0);
                            }
                        });
                        return matchedAlias;
                    }
                }
                logDebugWithMDC(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseServerAlias$4
                    @Override // kotlin.jvm.functions.Function0
                    @NotNull
                    public final String invoke() {
                        return "Unable to find a matching alias.";
                    }
                });
                return null;
            }
        }
        logDebugWithMDC(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseServerAlias$2
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final String invoke() {
                return "Keystore doesn't contain any aliases for key type " + str + " and issuers " + principalArr + '.';
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String chooseClientAlias(CertificateStore certificateStore, String str) {
        if (str == null) {
            return null;
        }
        List<String> aliases = certificateStore.aliases();
        if (aliases.isEmpty()) {
            logDebugWithMDC(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseClientAlias$2$1
                @Override // kotlin.jvm.functions.Function0
                @NotNull
                public final String invoke() {
                    return "Keystore doesn't contain any entries.";
                }
            });
        }
        for (final String str2 : aliases) {
            X500Principal x500Name = X509UtilitiesKt.getX509(certificateStore.get(str2)).getSubjectX500Principal();
            CordaX500Name.Companion companion = CordaX500Name.Companion;
            Intrinsics.checkExpressionValueIsNotNull(x500Name, "x500Name");
            CordaX500Name build = companion.build(x500Name);
            final CordaX500Name parse = CordaX500Name.Companion.parse(str);
            if (Intrinsics.areEqual(parse, build)) {
                logDebugWithMDC(new Function0<String>() { // from class: net.corda.nodeapi.internal.protonwrapper.netty.SNIKeyManager$chooseClientAlias$2$2$1
                    @Override // kotlin.jvm.functions.Function0
                    @NotNull
                    public final String invoke() {
                        return "Found alias " + str2 + " for " + parse + '.';
                    }

                    /* JADX INFO: Access modifiers changed from: package-private */
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(0);
                    }
                });
                return str2;
            }
        }
        return null;
    }

    private final String storeIfNotNull(Function0<String> function0) {
        String invoke = function0.invoke();
        if (invoke != null) {
            setLastAlias(invoke);
        }
        return invoke;
    }

    public SNIKeyManager(@NotNull X509ExtendedKeyManager keyManager, @NotNull AMQPConfiguration amqpConfig) {
        Intrinsics.checkParameterIsNotNull(keyManager, "keyManager");
        Intrinsics.checkParameterIsNotNull(amqpConfig, "amqpConfig");
        this.keyManager = keyManager;
        this.amqpConfig = amqpConfig;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManager.getServerAliases(str, principalArr);
    }
}
