package com.predic8.membrane.core.transport.ssl;

import com.oracle.util.ssl.SSLCapabilities;
import com.oracle.util.ssl.SSLExplorer;
import com.predic8.membrane.core.proxies.ServiceProxyKey;
import com.predic8.membrane.core.util.EndOfStreamException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.ssl.SNIServerName;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.3.jar:com/predic8/membrane/core/transport/ssl/SSLContextCollection.class */
public class SSLContextCollection implements SSLProvider {
    public static final byte[] ALERT_UNRECOGNIZED_NAME = {21, 3, 1, 0, 2, 2, 112};
    private static final Logger log = LoggerFactory.getLogger(SSLContextCollection.class.getName());
    private final List<SSLContext> sslContexts;
    private final List<Pattern> dnsNames = new ArrayList();

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.3.jar:com/predic8/membrane/core/transport/ssl/SSLContextCollection$Builder.class */
    public static class Builder {
        private final List<String> dnsNames = new ArrayList();
        private final List<SSLContext> sslContexts = new ArrayList();

        public SSLProvider build() {
            if (this.sslContexts.isEmpty()) {
                throw new IllegalStateException("No SSLContext's were added to this Builder before invoking build().");
            }
            return this.sslContexts.size() > 1 ? new SSLContextCollection(this.sslContexts, this.dnsNames) : (SSLProvider) this.sslContexts.getFirst();
        }

        public void add(SSLContext sSLContext) {
            if (this.sslContexts.contains(sSLContext)) {
                return;
            }
            this.sslContexts.add(sSLContext);
            this.dnsNames.add(sSLContext.constructHostNamePattern());
        }
    }

    private SSLContextCollection(List<SSLContext> list, List<String> list2) {
        Iterator<String> it = list2.iterator();
        while (it.hasNext()) {
            this.dnsNames.add(Pattern.compile(ServiceProxyKey.createHostPattern(it.next()), 2));
        }
        this.sslContexts = list;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
        return new ServerSocket(i, i2, inetAddress);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket wrapAcceptedSocket(Socket socket) throws IOException, EndOfStreamException {
        List<SNIServerName> serverNames;
        InputStream inputStream = socket.getInputStream();
        byte[] bArr = new byte[255];
        socket.setSoTimeout(30000);
        int readTLSRecordHeader = readTLSRecordHeader(0, 5, inputStream, bArr);
        int requiredSize = SSLExplorer.getRequiredSize(bArr, 0, readTLSRecordHeader);
        if (bArr.length < requiredSize) {
            bArr = Arrays.copyOf(bArr, requiredSize);
        }
        int readTLSRecordHeader2 = readTLSRecordHeader(readTLSRecordHeader, requiredSize, inputStream, bArr);
        SSLCapabilities explore = SSLExplorer.explore(bArr, 0, requiredSize);
        SSLContext sSLContext = null;
        if (explore != null && (serverNames = explore.getServerNames()) != null && !serverNames.isEmpty()) {
            Iterator<SNIServerName> it = serverNames.iterator();
            loop0: while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String str = new String(it.next().getEncoded(), StandardCharsets.UTF_8);
                for (int i = 0; i < this.dnsNames.size(); i++) {
                    if (this.dnsNames.get(i).matcher(str).matches()) {
                        sSLContext = this.sslContexts.get(i);
                        break loop0;
                    }
                }
            }
            if (sSLContext == null) {
                try {
                    socket.getOutputStream().write(ALERT_UNRECOGNIZED_NAME);
                    if (socket != null) {
                        socket.close();
                    }
                    throw new TLSUnrecognizedNameException(getHostname(serverNames));
                } catch (Throwable th) {
                    if (socket != null) {
                        try {
                            socket.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        }
        if (sSLContext == null) {
            Iterator<SSLContext> it2 = this.sslContexts.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                SSLContext next = it2.next();
                if (next.isUseAsDefault()) {
                    sSLContext = next;
                    break;
                }
            }
        }
        if (sSLContext == null) {
            sSLContext = (SSLContext) this.sslContexts.getFirst();
        }
        return sSLContext.wrap(socket, bArr, readTLSRecordHeader2);
    }

    private static int readTLSRecordHeader(int i, int i2, InputStream inputStream, byte[] bArr) throws IOException, EndOfStreamException {
        while (i < i2) {
            int read = inputStream.read(bArr, i, i2 - i);
            if (read < 0) {
                throw new EndOfStreamException("unexpected end of stream!");
            }
            i += read;
        }
        return i;
    }

    @Nullable
    private static String getHostname(List<SNIServerName> list) {
        StringBuilder sb = null;
        for (SNIServerName sNIServerName : list) {
            if (sb == null) {
                sb = new StringBuilder();
            } else {
                sb.append(", ");
            }
            sb.append(new String(sNIServerName.getEncoded(), StandardCharsets.UTF_8));
        }
        return sb.toString();
    }

    private SSLContext getSSLContextForHostname(String str) {
        SSLContext sSLContext = null;
        int i = 0;
        while (true) {
            if (i >= this.dnsNames.size()) {
                break;
            }
            if (this.dnsNames.get(i).matcher(str).matches()) {
                sSLContext = this.sslContexts.get(i);
                break;
            }
            i++;
        }
        if (sSLContext == null) {
            sSLContext = (SSLContext) this.sslContexts.getFirst();
        }
        return sSLContext;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket() {
        throw new IllegalStateException("not implemented");
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, int i3, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        return getSSLContextForHostname(str).createSocket(str, i, inetAddress, i2, i3, str2, strArr);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public boolean showSSLExceptions() {
        Iterator<SSLContext> it = this.sslContexts.iterator();
        while (it.hasNext()) {
            if (!it.next().showSSLExceptions()) {
                return false;
            }
        }
        return true;
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(String str, int i, int i2, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        return getSSLContextForHostname(str).createSocket(str, i, i2, str2, strArr);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public Socket createSocket(Socket socket, String str, int i, int i2, @javax.annotation.Nullable String str2, @javax.annotation.Nullable String[] strArr) throws IOException {
        return getSSLContextForHostname(str).createSocket(socket, str, i, i2, str2, strArr);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public String[] getApplicationProtocols(Socket socket) {
        return ((SSLContext) this.sslContexts.getFirst()).getApplicationProtocols(socket);
    }

    @Override // com.predic8.membrane.core.transport.ssl.SSLProvider
    public void stop() {
        Iterator<SSLContext> it = this.sslContexts.iterator();
        while (it.hasNext()) {
            it.next().stop();
        }
    }
}
