package org.eclipse.jetty.quic.client;

import java.io.IOException;
import java.net.SocketAddress;
import java.nio.channels.DatagramChannel;
import java.nio.channels.SelectableChannel;
import java.nio.channels.SelectionKey;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.util.Map;
import java.util.Objects;
import java.util.function.UnaryOperator;
import org.eclipse.jetty.io.ClientConnector;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.DatagramChannelEndPoint;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.ManagedSelector;
import org.eclipse.jetty.quic.common.QuicConfiguration;
import org.eclipse.jetty.quic.quiche.PemExporter;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/jetty/quic/client/QuicClientConnectorConfigurator.class */
public class QuicClientConnectorConfigurator extends ClientConnector.Configurator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) QuicClientConnectorConfigurator.class);
    static final String PRIVATE_KEY_PEM_PATH_KEY = QuicClientConnectorConfigurator.class.getName() + ".privateKeyPemPath";
    static final String CERTIFICATE_CHAIN_PEM_PATH_KEY = QuicClientConnectorConfigurator.class.getName() + ".certificateChainPemPath";
    static final String TRUSTED_CERTIFICATES_PEM_PATH_KEY = QuicClientConnectorConfigurator.class.getName() + ".trustedCertificatesPemPath";
    private final QuicConfiguration configuration;
    private final UnaryOperator<Connection> configurator;
    private Path privateKeyPemPath;
    private Path certificateChainPemPath;
    private Path trustedCertificatesPemPath;

    public QuicClientConnectorConfigurator() {
        this(UnaryOperator.identity());
    }

    public QuicClientConnectorConfigurator(UnaryOperator<Connection> unaryOperator) {
        this.configuration = new QuicConfiguration();
        this.configurator = (UnaryOperator) Objects.requireNonNull(unaryOperator);
        this.configuration.setSessionRecvWindow(16777216);
        this.configuration.setBidirectionalStreamRecvWindow(8388608);
        this.configuration.setDisableActiveMigration(true);
    }

    public QuicConfiguration getQuicConfiguration() {
        return this.configuration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        Path pemWorkDirectory = this.configuration.getPemWorkDirectory();
        SslContextFactory.Client sslContextFactory = ((ClientConnector) getBean(ClientConnector.class)).getSslContextFactory();
        KeyStore trustStore = sslContextFactory.getTrustStore();
        if (trustStore != null) {
            this.trustedCertificatesPemPath = PemExporter.exportTrustStore(trustStore, pemWorkDirectory != null ? pemWorkDirectory : Path.of(System.getProperty("java.io.tmpdir"), new String[0]));
            this.configuration.getImplementationConfiguration().put(TRUSTED_CERTIFICATES_PEM_PATH_KEY, this.trustedCertificatesPemPath.toString());
        }
        String certAlias = sslContextFactory.getCertAlias();
        if (certAlias != null) {
            if (pemWorkDirectory == null) {
                throw new IllegalStateException("No PEM work directory configured");
            }
            KeyStore keyStore = sslContextFactory.getKeyStore();
            String keyManagerPassword = sslContextFactory.getKeyManagerPassword();
            Path[] exportKeyPair = PemExporter.exportKeyPair(keyStore, certAlias, keyManagerPassword == null ? sslContextFactory.getKeyStorePassword().toCharArray() : keyManagerPassword.toCharArray(), pemWorkDirectory);
            this.privateKeyPemPath = exportKeyPair[0];
            this.certificateChainPemPath = exportKeyPair[1];
            this.configuration.getImplementationConfiguration().put(PRIVATE_KEY_PEM_PATH_KEY, this.privateKeyPemPath.toString());
            this.configuration.getImplementationConfiguration().put(CERTIFICATE_CHAIN_PEM_PATH_KEY, this.certificateChainPemPath.toString());
        }
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStop() throws Exception {
        super.doStop();
        deleteFile(this.privateKeyPemPath);
        this.privateKeyPemPath = null;
        this.configuration.getImplementationConfiguration().remove(PRIVATE_KEY_PEM_PATH_KEY);
        deleteFile(this.certificateChainPemPath);
        this.certificateChainPemPath = null;
        this.configuration.getImplementationConfiguration().remove(CERTIFICATE_CHAIN_PEM_PATH_KEY);
        deleteFile(this.trustedCertificatesPemPath);
        this.trustedCertificatesPemPath = null;
        this.configuration.getImplementationConfiguration().remove(TRUSTED_CERTIFICATES_PEM_PATH_KEY);
    }

    private void deleteFile(Path path) {
        if (path != null) {
            try {
                Files.delete(path);
            } catch (IOException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("could not delete {}", path, e);
                }
            }
        }
    }

    @Override // org.eclipse.jetty.io.ClientConnector.Configurator
    public boolean isIntrinsicallySecure(ClientConnector clientConnector, SocketAddress socketAddress) {
        return true;
    }

    @Override // org.eclipse.jetty.io.ClientConnector.Configurator
    public ClientConnector.Configurator.ChannelWithAddress newChannelWithAddress(ClientConnector clientConnector, SocketAddress socketAddress, Map<String, Object> map) throws IOException {
        map.put(QuicConfiguration.CONTEXT_KEY, this.configuration);
        DatagramChannel open = DatagramChannel.open();
        if (clientConnector.getBindAddress() == null) {
            open.bind((SocketAddress) null);
        }
        return new ClientConnector.Configurator.ChannelWithAddress(open, socketAddress);
    }

    @Override // org.eclipse.jetty.io.ClientConnector.Configurator
    public EndPoint newEndPoint(ClientConnector clientConnector, SocketAddress socketAddress, SelectableChannel selectableChannel, ManagedSelector managedSelector, SelectionKey selectionKey) {
        return new DatagramChannelEndPoint((DatagramChannel) selectableChannel, managedSelector, selectionKey, clientConnector.getScheduler());
    }

    @Override // org.eclipse.jetty.io.ClientConnector.Configurator
    public Connection newConnection(ClientConnector clientConnector, SocketAddress socketAddress, EndPoint endPoint, Map<String, Object> map) {
        return (Connection) this.configurator.apply(new ClientQuicConnection(clientConnector, endPoint, map));
    }
}
