package io.undertow.protocols.ssl;

import io.undertow.UndertowOptions;
import io.undertow.connector.ByteBufferPool;
import io.undertow.server.DefaultByteBufferPool;
import java.io.Closeable;
import java.io.IOException;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.xnio.ChannelListener;
import org.xnio.ChannelListeners;
import org.xnio.FutureResult;
import org.xnio.IoFuture;
import org.xnio.IoUtils;
import org.xnio.Option;
import org.xnio.OptionMap;
import org.xnio.Options;
import org.xnio.Sequence;
import org.xnio.SslClientAuthMode;
import org.xnio.StreamConnection;
import org.xnio.Xnio;
import org.xnio.XnioExecutor;
import org.xnio.XnioIoThread;
import org.xnio.XnioWorker;
import org.xnio.channels.AcceptingChannel;
import org.xnio.channels.AssembledConnectedSslStreamChannel;
import org.xnio.channels.BoundChannel;
import org.xnio.channels.ConnectedSslStreamChannel;
import org.xnio.channels.ConnectedStreamChannel;
import org.xnio.ssl.JsseSslUtils;
import org.xnio.ssl.JsseXnioSsl;
import org.xnio.ssl.SslConnection;
import org.xnio.ssl.XnioSsl;

/* loaded from: input_file:io/undertow/protocols/ssl/UndertowXnioSsl.class */
public class UndertowXnioSsl extends XnioSsl {
    private static final ByteBufferPool DEFAULT_BUFFER_POOL = new DefaultByteBufferPool(true, 17408, -1, 12);
    private final ByteBufferPool bufferPool;
    private final Executor delegatedTaskExecutor;
    private volatile SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/undertow/protocols/ssl/UndertowXnioSsl$StreamConnectionChannelListener.class */
    public class StreamConnectionChannelListener implements ChannelListener<StreamConnection> {
        private final OptionMap optionMap;
        private final InetSocketAddress destination;
        private final FutureResult<SslConnection> futureResult;
        private final ChannelListener<? super SslConnection> openListener;

        StreamConnectionChannelListener(OptionMap optionMap, InetSocketAddress inetSocketAddress, FutureResult<SslConnection> futureResult, ChannelListener<? super SslConnection> channelListener) {
            this.optionMap = optionMap;
            this.destination = inetSocketAddress;
            this.futureResult = futureResult;
            this.openListener = channelListener;
        }

        @Override // org.xnio.ChannelListener
        public void handleEvent(StreamConnection streamConnection) {
            try {
                SSLEngine createSSLEngine = JsseSslUtils.createSSLEngine(UndertowXnioSsl.this.sslContext, this.optionMap, this.destination);
                SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
                InetAddress address = this.destination.getAddress();
                String hostString = this.destination.getHostString();
                if ((address instanceof Inet6Address) && hostString.contains(":")) {
                    hostString = address.getHostName();
                }
                sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(hostString)));
                String str = (String) this.optionMap.get((Option<Option<String>>) UndertowOptions.ENDPOINT_IDENTIFICATION_ALGORITHM, (Option<String>) null);
                if (str != null) {
                    sSLParameters.setEndpointIdentificationAlgorithm(str);
                }
                createSSLEngine.setSSLParameters(sSLParameters);
                UndertowSslConnection undertowSslConnection = new UndertowSslConnection(streamConnection, createSSLEngine, UndertowXnioSsl.this.bufferPool, UndertowXnioSsl.this.delegatedTaskExecutor);
                if (this.futureResult.setResult(undertowSslConnection)) {
                    ChannelListeners.invokeChannelListener(undertowSslConnection, this.openListener);
                } else {
                    IoUtils.safeClose((Closeable) streamConnection);
                }
            } catch (Throwable th) {
                this.futureResult.setException(new IOException(th));
            }
        }
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap) throws NoSuchProviderException, NoSuchAlgorithmException, KeyManagementException {
        this(xnio, optionMap, DEFAULT_BUFFER_POOL, JsseSslUtils.createSSLContext(optionMap));
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap, SSLContext sSLContext) {
        this(xnio, optionMap, DEFAULT_BUFFER_POOL, sSLContext);
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap, SSLContext sSLContext, Executor executor) {
        this(xnio, optionMap, DEFAULT_BUFFER_POOL, sSLContext, executor);
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap, ByteBufferPool byteBufferPool) throws NoSuchProviderException, NoSuchAlgorithmException, KeyManagementException {
        this(xnio, optionMap, byteBufferPool, JsseSslUtils.createSSLContext(optionMap));
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap, ByteBufferPool byteBufferPool, SSLContext sSLContext) {
        this(xnio, optionMap, byteBufferPool, sSLContext, null);
    }

    public UndertowXnioSsl(Xnio xnio, OptionMap optionMap, ByteBufferPool byteBufferPool, SSLContext sSLContext, Executor executor) {
        super(xnio, sSLContext, optionMap);
        this.bufferPool = byteBufferPool;
        this.sslContext = sSLContext;
        this.delegatedTaskExecutor = executor;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Executor getDelegatedTaskExecutor() {
        return this.delegatedTaskExecutor;
    }

    public static SSLEngine getSslEngine(SslConnection sslConnection) {
        return sslConnection instanceof UndertowSslConnection ? ((UndertowSslConnection) sslConnection).getSSLEngine() : JsseXnioSsl.getSslEngine(sslConnection);
    }

    public static SslConduit getSslConduit(SslConnection sslConnection) {
        return ((UndertowSslConnection) sslConnection).getSslConduit();
    }

    @Override // org.xnio.ssl.XnioSsl
    public IoFuture<ConnectedSslStreamChannel> connectSsl(XnioWorker xnioWorker, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, final ChannelListener<? super ConnectedSslStreamChannel> channelListener, ChannelListener<? super BoundChannel> channelListener2, OptionMap optionMap) {
        final FutureResult futureResult = new FutureResult(IoUtils.directExecutor());
        IoFuture<SslConnection> addNotifier = openSslConnection(xnioWorker, inetSocketAddress, inetSocketAddress2, new ChannelListener<SslConnection>() { // from class: io.undertow.protocols.ssl.UndertowXnioSsl.2
            @Override // org.xnio.ChannelListener
            public void handleEvent(SslConnection sslConnection) {
                AssembledConnectedSslStreamChannel assembledConnectedSslStreamChannel = new AssembledConnectedSslStreamChannel(sslConnection, sslConnection.getSourceChannel(), sslConnection.getSinkChannel());
                if (futureResult.setResult(assembledConnectedSslStreamChannel)) {
                    ChannelListeners.invokeChannelListener(assembledConnectedSslStreamChannel, channelListener);
                } else {
                    IoUtils.safeClose((Closeable) assembledConnectedSslStreamChannel);
                }
            }
        }, channelListener2, optionMap).addNotifier(new IoFuture.HandlingNotifier<SslConnection, FutureResult<ConnectedSslStreamChannel>>() { // from class: io.undertow.protocols.ssl.UndertowXnioSsl.1
            @Override // org.xnio.IoFuture.HandlingNotifier
            public void handleCancelled(FutureResult<ConnectedSslStreamChannel> futureResult2) {
                futureResult2.setCancelled();
            }

            @Override // org.xnio.IoFuture.HandlingNotifier
            public void handleFailed(IOException iOException, FutureResult<ConnectedSslStreamChannel> futureResult2) {
                futureResult2.setException(iOException);
            }
        }, futureResult);
        futureResult.getIoFuture().addNotifier(new IoFuture.HandlingNotifier<ConnectedStreamChannel, IoFuture<SslConnection>>() { // from class: io.undertow.protocols.ssl.UndertowXnioSsl.3
            @Override // org.xnio.IoFuture.HandlingNotifier
            public void handleCancelled(IoFuture<SslConnection> ioFuture) {
                ioFuture.cancel();
            }
        }, addNotifier);
        futureResult.addCancelHandler(addNotifier);
        return futureResult.getIoFuture();
    }

    @Override // org.xnio.ssl.XnioSsl
    public IoFuture<SslConnection> openSslConnection(XnioWorker xnioWorker, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, ChannelListener<? super SslConnection> channelListener, ChannelListener<? super BoundChannel> channelListener2, OptionMap optionMap) {
        FutureResult<SslConnection> futureResult = new FutureResult<>(xnioWorker);
        return setupSslConnection(futureResult, xnioWorker.openStreamConnection(inetSocketAddress, inetSocketAddress2, new StreamConnectionChannelListener(optionMap, inetSocketAddress2, futureResult, channelListener), channelListener2, optionMap));
    }

    @Override // org.xnio.ssl.XnioSsl
    public IoFuture<SslConnection> openSslConnection(XnioIoThread xnioIoThread, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2, ChannelListener<? super SslConnection> channelListener, ChannelListener<? super BoundChannel> channelListener2, OptionMap optionMap) {
        FutureResult<SslConnection> futureResult = new FutureResult<>(xnioIoThread);
        return setupSslConnection(futureResult, xnioIoThread.openStreamConnection(inetSocketAddress, inetSocketAddress2, new StreamConnectionChannelListener(optionMap, inetSocketAddress2, futureResult, channelListener), channelListener2, optionMap));
    }

    public SslConnection wrapExistingConnection(StreamConnection streamConnection, OptionMap optionMap) {
        return new UndertowSslConnection(streamConnection, createSSLEngine(this.sslContext, optionMap, (InetSocketAddress) streamConnection.getPeerAddress(), true), this.bufferPool, this.delegatedTaskExecutor);
    }

    public SslConnection wrapExistingConnection(StreamConnection streamConnection, OptionMap optionMap, boolean z) {
        return new UndertowSslConnection(streamConnection, createSSLEngine(this.sslContext, optionMap, (InetSocketAddress) streamConnection.getPeerAddress(), z), this.bufferPool, this.delegatedTaskExecutor);
    }

    public SslConnection wrapExistingConnection(StreamConnection streamConnection, OptionMap optionMap, URI uri) {
        SSLEngine createSSLEngine = createSSLEngine(this.sslContext, optionMap, getPeerAddress(uri), true);
        SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
        if (sSLParameters.getServerNames() == null || sSLParameters.getServerNames().isEmpty()) {
            sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(uri.getHost())));
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        return new UndertowSslConnection(streamConnection, createSSLEngine, this.bufferPool, this.delegatedTaskExecutor);
    }

    private InetSocketAddress getPeerAddress(URI uri) {
        String host = uri.getHost();
        int port = uri.getPort();
        if (port == -1) {
            port = uri.getScheme().equals("wss") ? 443 : 80;
        }
        return new InetSocketAddress(host, port);
    }

    private static SSLEngine createSSLEngine(SSLContext sSLContext, OptionMap optionMap, InetSocketAddress inetSocketAddress, boolean z) {
        SslClientAuthMode sslClientAuthMode;
        SSLEngine createSSLEngine = sSLContext.createSSLEngine((String) optionMap.get((Option<Option<String>>) Options.SSL_PEER_HOST_NAME, (Option<String>) inetSocketAddress.getHostString()), optionMap.get(Options.SSL_PEER_PORT, inetSocketAddress.getPort()));
        createSSLEngine.setUseClientMode(z);
        createSSLEngine.setEnableSessionCreation(optionMap.get(Options.SSL_ENABLE_SESSION_CREATION, true));
        Sequence sequence = (Sequence) optionMap.get(Options.SSL_ENABLED_CIPHER_SUITES);
        if (sequence != null) {
            HashSet hashSet = new HashSet(Arrays.asList(createSSLEngine.getSupportedCipherSuites()));
            ArrayList arrayList = new ArrayList();
            Iterator it = sequence.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (hashSet.contains(str)) {
                    arrayList.add(str);
                }
            }
            createSSLEngine.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
        }
        Sequence sequence2 = (Sequence) optionMap.get(Options.SSL_ENABLED_PROTOCOLS);
        if (sequence2 != null) {
            HashSet hashSet2 = new HashSet(Arrays.asList(createSSLEngine.getSupportedProtocols()));
            ArrayList arrayList2 = new ArrayList();
            Iterator it2 = sequence2.iterator();
            while (it2.hasNext()) {
                String str2 = (String) it2.next();
                if (hashSet2.contains(str2)) {
                    arrayList2.add(str2);
                }
            }
            createSSLEngine.setEnabledProtocols((String[]) arrayList2.toArray(new String[arrayList2.size()]));
        }
        if (!z && (sslClientAuthMode = (SslClientAuthMode) optionMap.get(Options.SSL_CLIENT_AUTH_MODE)) != null) {
            switch (sslClientAuthMode) {
                case NOT_REQUESTED:
                    createSSLEngine.setNeedClientAuth(false);
                    createSSLEngine.setWantClientAuth(false);
                    break;
                case REQUESTED:
                    createSSLEngine.setWantClientAuth(true);
                    break;
                case REQUIRED:
                    createSSLEngine.setNeedClientAuth(true);
                    break;
                default:
                    throw new IllegalStateException();
            }
        }
        if (optionMap.get(UndertowOptions.SSL_USER_CIPHER_SUITES_ORDER, false)) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setUseCipherSuitesOrder(true);
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        String str3 = (String) optionMap.get((Option<Option<String>>) UndertowOptions.ENDPOINT_IDENTIFICATION_ALGORITHM, (Option<String>) null);
        if (str3 != null) {
            SSLParameters sSLParameters2 = createSSLEngine.getSSLParameters();
            sSLParameters2.setEndpointIdentificationAlgorithm(str3);
            createSSLEngine.setSSLParameters(sSLParameters2);
        }
        return createSSLEngine;
    }

    private IoFuture<SslConnection> setupSslConnection(FutureResult<SslConnection> futureResult, IoFuture<StreamConnection> ioFuture) {
        ioFuture.addNotifier(new IoFuture.HandlingNotifier<StreamConnection, FutureResult<SslConnection>>() { // from class: io.undertow.protocols.ssl.UndertowXnioSsl.4
            @Override // org.xnio.IoFuture.HandlingNotifier
            public void handleCancelled(FutureResult<SslConnection> futureResult2) {
                futureResult2.setCancelled();
            }

            @Override // org.xnio.IoFuture.HandlingNotifier
            public void handleFailed(IOException iOException, FutureResult<SslConnection> futureResult2) {
                futureResult2.setException(iOException);
            }
        }, futureResult);
        futureResult.addCancelHandler(ioFuture);
        return futureResult.getIoFuture();
    }

    @Override // org.xnio.ssl.XnioSsl
    public AcceptingChannel<ConnectedSslStreamChannel> createSslTcpServer(XnioWorker xnioWorker, InetSocketAddress inetSocketAddress, ChannelListener<? super AcceptingChannel<ConnectedSslStreamChannel>> channelListener, OptionMap optionMap) throws IOException {
        final AcceptingChannel<SslConnection> createSslConnectionServer = createSslConnectionServer(xnioWorker, inetSocketAddress, null, optionMap);
        AcceptingChannel<ConnectedSslStreamChannel> acceptingChannel = new AcceptingChannel<ConnectedSslStreamChannel>() { // from class: io.undertow.protocols.ssl.UndertowXnioSsl.5
            @Override // org.xnio.channels.AcceptingChannel, org.xnio.channels.SimpleAcceptingChannel
            public ConnectedSslStreamChannel accept() throws IOException {
                SslConnection sslConnection = (SslConnection) createSslConnectionServer.accept();
                if (sslConnection == null) {
                    return null;
                }
                return new AssembledConnectedSslStreamChannel(sslConnection, sslConnection.getSourceChannel(), sslConnection.getSinkChannel());
            }

            @Override // org.xnio.channels.AcceptingChannel, org.xnio.channels.SimpleAcceptingChannel, org.xnio.channels.SuspendableAcceptChannel
            public ChannelListener.Setter<? extends AcceptingChannel<ConnectedSslStreamChannel>> getAcceptSetter() {
                return ChannelListeners.getDelegatingSetter(createSslConnectionServer.getAcceptSetter(), this);
            }

            @Override // org.xnio.channels.AcceptingChannel, org.xnio.channels.BoundChannel, org.xnio.channels.CloseableChannel
            public ChannelListener.Setter<? extends AcceptingChannel<ConnectedSslStreamChannel>> getCloseSetter() {
                return ChannelListeners.getDelegatingSetter(createSslConnectionServer.getCloseSetter(), this);
            }

            @Override // org.xnio.channels.BoundChannel
            public SocketAddress getLocalAddress() {
                return createSslConnectionServer.getLocalAddress();
            }

            @Override // org.xnio.channels.BoundChannel
            public <A extends SocketAddress> A getLocalAddress(Class<A> cls) {
                return (A) createSslConnectionServer.getLocalAddress(cls);
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public void suspendAccepts() {
                createSslConnectionServer.suspendAccepts();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public void resumeAccepts() {
                createSslConnectionServer.resumeAccepts();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public boolean isAcceptResumed() {
                return createSslConnectionServer.isAcceptResumed();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public void wakeupAccepts() {
                createSslConnectionServer.wakeupAccepts();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public void awaitAcceptable() throws IOException {
                createSslConnectionServer.awaitAcceptable();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            public void awaitAcceptable(long j, TimeUnit timeUnit) throws IOException {
                createSslConnectionServer.awaitAcceptable(j, timeUnit);
            }

            @Override // org.xnio.channels.CloseableChannel
            public XnioWorker getWorker() {
                return createSslConnectionServer.getWorker();
            }

            @Override // org.xnio.channels.SuspendableAcceptChannel
            @Deprecated
            public XnioExecutor getAcceptThread() {
                return createSslConnectionServer.getAcceptThread();
            }

            @Override // org.xnio.channels.CloseableChannel
            public XnioIoThread getIoThread() {
                return createSslConnectionServer.getIoThread();
            }

            @Override // org.xnio.channels.CloseableChannel, java.lang.AutoCloseable, org.xnio.channels.SuspendableWriteChannel, java.nio.channels.InterruptibleChannel
            public void close() throws IOException {
                createSslConnectionServer.close();
            }

            @Override // java.nio.channels.Channel
            public boolean isOpen() {
                return createSslConnectionServer.isOpen();
            }

            @Override // org.xnio.channels.Configurable
            public boolean supportsOption(Option<?> option) {
                return createSslConnectionServer.supportsOption(option);
            }

            @Override // org.xnio.channels.Configurable
            public <T> T getOption(Option<T> option) throws IOException {
                return (T) createSslConnectionServer.getOption(option);
            }

            @Override // org.xnio.channels.Configurable
            public <T> T setOption(Option<T> option, T t) throws IllegalArgumentException, IOException {
                return (T) createSslConnectionServer.setOption(option, t);
            }
        };
        acceptingChannel.getAcceptSetter().set(channelListener);
        return acceptingChannel;
    }

    public void updateSSLContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }

    @Override // org.xnio.ssl.XnioSsl
    public AcceptingChannel<SslConnection> createSslConnectionServer(XnioWorker xnioWorker, InetSocketAddress inetSocketAddress, ChannelListener<? super AcceptingChannel<SslConnection>> channelListener, OptionMap optionMap) throws IOException {
        UndertowAcceptingSslChannel undertowAcceptingSslChannel = new UndertowAcceptingSslChannel(this, xnioWorker.createStreamConnectionServer(inetSocketAddress, null, optionMap), optionMap, this.bufferPool, false);
        if (channelListener != null) {
            undertowAcceptingSslChannel.getAcceptSetter().set(channelListener);
        }
        return undertowAcceptingSslChannel;
    }
}
