package io.netty.incubator.codec.quic;

import gg.essential.lib.caffeine.cache.LocalCacheFactory;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslProtocols;
import io.netty.handler.ssl.util.LazyJavaxX509Certificate;
import io.netty.handler.ssl.util.LazyX509Certificate;
import io.netty.util.NetUtil;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ObjectUtil;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.LongFunction;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.X509Certificate;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:essential_essential_1-3-0-3_fabric_1-18.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslEngine.class */
public final class QuicheQuicSslEngine extends QuicSslEngine {
    QuicheQuicSslContext ctx;
    private final String peerHost;
    private final int peerPort;
    private final QuicheQuicSslSession session = new QuicheQuicSslSession();
    private volatile Certificate[] localCertificateChain;
    private List<SNIServerName> sniHostNames;
    private boolean handshakeFinished;
    private String applicationProtocol;
    private boolean sessionReused;
    final String tlsHostName;
    volatile QuicheQuicConnection connection;
    String sniHostname;

    /* loaded from: input_file:essential_essential_1-3-0-3_fabric_1-18.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicheQuicSslEngine$QuicheQuicSslSession.class */
    private final class QuicheQuicSslSession implements SSLSession {
        private X509Certificate[] x509PeerCerts;
        private Certificate[] peerCerts;
        private String protocol;
        private String cipher;
        private byte[] id;
        private long creationTime;
        private long timeout;
        private boolean invalid;
        private long lastAccessedTime;
        private Map<String, Object> values;

        private QuicheQuicSslSession() {
            this.creationTime = -1L;
            this.timeout = -1L;
            this.lastAccessedTime = -1L;
        }

        private boolean isEmpty(Object[] objArr) {
            return objArr == null || objArr.length == 0;
        }

        private boolean isEmpty(byte[] bArr) {
            return bArr == null || bArr.length == 0;
        }

        void handshakeFinished(byte[] bArr, String str, String str2, byte[] bArr2, byte[][] bArr3, long j, long j2) {
            synchronized (QuicheQuicSslEngine.this) {
                initPeerCerts(bArr3, bArr2);
                this.id = bArr;
                this.cipher = str;
                this.protocol = str2;
                this.creationTime = j * 1000;
                this.timeout = j2 * 1000;
                this.lastAccessedTime = System.currentTimeMillis();
            }
        }

        void removeFromCacheIfInvalid() {
            if (isValid()) {
                return;
            }
            removeFromCache();
        }

        private void removeFromCache() {
            QuicClientSessionCache sessionCache = QuicheQuicSslEngine.this.ctx.getSessionCache();
            if (sessionCache != null) {
                sessionCache.removeSession(getPeerHost(), getPeerPort());
            }
        }

        private void initPeerCerts(byte[][] bArr, byte[] bArr2) {
            if (QuicheQuicSslEngine.this.getUseClientMode()) {
                if (isEmpty(bArr)) {
                    this.peerCerts = EmptyArrays.EMPTY_CERTIFICATES;
                    this.x509PeerCerts = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
                    return;
                } else {
                    this.peerCerts = new Certificate[bArr.length];
                    this.x509PeerCerts = new X509Certificate[bArr.length];
                    initCerts(bArr, 0);
                    return;
                }
            }
            if (isEmpty(bArr2)) {
                this.peerCerts = EmptyArrays.EMPTY_CERTIFICATES;
                this.x509PeerCerts = EmptyArrays.EMPTY_JAVAX_X509_CERTIFICATES;
            } else {
                if (isEmpty(bArr)) {
                    this.peerCerts = new Certificate[]{new LazyX509Certificate(bArr2)};
                    this.x509PeerCerts = new X509Certificate[]{new LazyJavaxX509Certificate(bArr2)};
                    return;
                }
                this.peerCerts = new Certificate[bArr.length + 1];
                this.x509PeerCerts = new X509Certificate[bArr.length + 1];
                this.peerCerts[0] = new LazyX509Certificate(bArr2);
                this.x509PeerCerts[0] = new LazyJavaxX509Certificate(bArr2);
                initCerts(bArr, 1);
            }
        }

        private void initCerts(byte[][] bArr, int i) {
            for (int i2 = 0; i2 < bArr.length; i2++) {
                int i3 = i + i2;
                this.peerCerts[i3] = new LazyX509Certificate(bArr[i2]);
                this.x509PeerCerts[i3] = new LazyJavaxX509Certificate(bArr[i2]);
            }
        }

        @Override // javax.net.ssl.SSLSession
        public byte[] getId() {
            synchronized (this) {
                if (this.id == null) {
                    return EmptyArrays.EMPTY_BYTES;
                }
                return (byte[]) this.id.clone();
            }
        }

        @Override // javax.net.ssl.SSLSession
        public SSLSessionContext getSessionContext() {
            return QuicheQuicSslEngine.this.ctx.sessionContext();
        }

        @Override // javax.net.ssl.SSLSession
        public long getCreationTime() {
            long j;
            synchronized (QuicheQuicSslEngine.this) {
                j = this.creationTime;
            }
            return j;
        }

        @Override // javax.net.ssl.SSLSession
        public long getLastAccessedTime() {
            return this.lastAccessedTime;
        }

        @Override // javax.net.ssl.SSLSession
        public void invalidate() {
            boolean z;
            synchronized (this) {
                z = !this.invalid;
                this.invalid = true;
            }
            if (z) {
                removeFromCache();
            }
        }

        @Override // javax.net.ssl.SSLSession
        public boolean isValid() {
            boolean z;
            synchronized (QuicheQuicSslEngine.this) {
                z = !this.invalid && System.currentTimeMillis() - this.timeout < this.creationTime;
            }
            return z;
        }

        @Override // javax.net.ssl.SSLSession
        public void putValue(String str, Object obj) {
            Object put;
            ObjectUtil.checkNotNull(str, "name");
            ObjectUtil.checkNotNull(obj, LocalCacheFactory.VALUE);
            synchronized (this) {
                Map<String, Object> map = this.values;
                if (map == null) {
                    HashMap hashMap = new HashMap(2);
                    this.values = hashMap;
                    map = hashMap;
                }
                put = map.put(str, obj);
            }
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueBound(newSSLSessionBindingEvent(str));
            }
            notifyUnbound(put, str);
        }

        @Override // javax.net.ssl.SSLSession
        public Object getValue(String str) {
            ObjectUtil.checkNotNull(str, "name");
            synchronized (this) {
                if (this.values == null) {
                    return null;
                }
                return this.values.get(str);
            }
        }

        @Override // javax.net.ssl.SSLSession
        public void removeValue(String str) {
            ObjectUtil.checkNotNull(str, "name");
            synchronized (this) {
                Map<String, Object> map = this.values;
                if (map == null) {
                    return;
                }
                notifyUnbound(map.remove(str), str);
            }
        }

        @Override // javax.net.ssl.SSLSession
        public String[] getValueNames() {
            synchronized (this) {
                Map<String, Object> map = this.values;
                if (map == null || map.isEmpty()) {
                    return EmptyArrays.EMPTY_STRINGS;
                }
                return (String[]) map.keySet().toArray(new String[0]);
            }
        }

        private SSLSessionBindingEvent newSSLSessionBindingEvent(String str) {
            return new SSLSessionBindingEvent(QuicheQuicSslEngine.this.session, str);
        }

        private void notifyUnbound(Object obj, String str) {
            if (obj instanceof SSLSessionBindingListener) {
                ((SSLSessionBindingListener) obj).valueUnbound(newSSLSessionBindingEvent(str));
            }
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
            Certificate[] certificateArr;
            synchronized (QuicheQuicSslEngine.this) {
                if (isEmpty(this.peerCerts)) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                certificateArr = (Certificate[]) this.peerCerts.clone();
            }
            return certificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Certificate[] getLocalCertificates() {
            Certificate[] certificateArr = QuicheQuicSslEngine.this.localCertificateChain;
            if (certificateArr == null) {
                return null;
            }
            return (Certificate[]) certificateArr.clone();
        }

        @Override // javax.net.ssl.SSLSession
        public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
            X509Certificate[] x509CertificateArr;
            synchronized (QuicheQuicSslEngine.this) {
                if (isEmpty(this.x509PeerCerts)) {
                    throw new SSLPeerUnverifiedException("peer not verified");
                }
                x509CertificateArr = (X509Certificate[]) this.x509PeerCerts.clone();
            }
            return x509CertificateArr;
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
            return ((java.security.cert.X509Certificate) getPeerCertificates()[0]).getSubjectX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public Principal getLocalPrincipal() {
            Certificate[] certificateArr = QuicheQuicSslEngine.this.localCertificateChain;
            if (certificateArr == null || certificateArr.length == 0) {
                return null;
            }
            return ((java.security.cert.X509Certificate) certificateArr[0]).getIssuerX500Principal();
        }

        @Override // javax.net.ssl.SSLSession
        public String getCipherSuite() {
            return this.cipher;
        }

        @Override // javax.net.ssl.SSLSession
        public String getProtocol() {
            return this.protocol;
        }

        @Override // javax.net.ssl.SSLSession
        public String getPeerHost() {
            return QuicheQuicSslEngine.this.peerHost;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPeerPort() {
            return QuicheQuicSslEngine.this.peerPort;
        }

        @Override // javax.net.ssl.SSLSession
        public int getPacketBufferSize() {
            return -1;
        }

        @Override // javax.net.ssl.SSLSession
        public int getApplicationBufferSize() {
            return -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuicheQuicSslEngine(QuicheQuicSslContext quicheQuicSslContext, String str, int i) {
        this.ctx = quicheQuicSslContext;
        this.peerHost = str;
        this.peerPort = i;
        if (!quicheQuicSslContext.isClient() || !isValidHostNameForSNI(str)) {
            this.tlsHostName = null;
        } else {
            this.tlsHostName = str;
            this.sniHostNames = Collections.singletonList(new SNIHostName(this.tlsHostName));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long moveTo(String str, QuicheQuicSslContext quicheQuicSslContext) {
        this.ctx.remove(this);
        this.ctx = quicheQuicSslContext;
        long add = quicheQuicSslContext.add(this);
        this.sniHostname = str;
        return add;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public QuicheQuicConnection createConnection(LongFunction<Long> longFunction) {
        return this.ctx.createConnection(longFunction, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setLocalCertificateChain(Certificate[] certificateArr) {
        this.localCertificateChain = certificateArr;
    }

    static boolean isValidHostNameForSNI(String str) {
        return (str == null || str.indexOf(46) <= 0 || str.endsWith(".") || NetUtil.isValidIpV4Address(str) || NetUtil.isValidIpV6Address(str)) ? false : true;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLParameters getSSLParameters() {
        SSLParameters sSLParameters = super.getSSLParameters();
        sSLParameters.setServerNames(this.sniHostNames);
        return sSLParameters;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String getApplicationProtocol() {
        return this.applicationProtocol;
    }

    @Override // javax.net.ssl.SSLEngine
    public synchronized String getHandshakeApplicationProtocol() {
        return this.applicationProtocol;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult wrap(ByteBuffer[] byteBufferArr, int i, int i2, ByteBuffer byteBuffer) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult unwrap(ByteBuffer byteBuffer, ByteBuffer[] byteBufferArr, int i, int i2) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public Runnable getDelegatedTask() {
        return null;
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeInbound() {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isInboundDone() {
        return false;
    }

    @Override // javax.net.ssl.SSLEngine
    public void closeOutbound() {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean isOutboundDone() {
        return false;
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedCipherSuites() {
        return (String[]) this.ctx.cipherSuites().toArray(new String[0]);
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledCipherSuites() {
        return getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledCipherSuites(String[] strArr) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getSupportedProtocols() {
        return new String[]{SslProtocols.TLS_v1_3};
    }

    @Override // javax.net.ssl.SSLEngine
    public String[] getEnabledProtocols() {
        return getSupportedProtocols();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnabledProtocols(String[] strArr) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getSession() {
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLSession getHandshakeSession() {
        if (this.handshakeFinished) {
            return null;
        }
        return this.session;
    }

    @Override // javax.net.ssl.SSLEngine
    public void beginHandshake() {
    }

    @Override // javax.net.ssl.SSLEngine
    public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
        return this.handshakeFinished ? SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING : SSLEngineResult.HandshakeStatus.NEED_WRAP;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setUseClientMode(boolean z) {
        if (z != this.ctx.isClient()) {
            throw new UnsupportedOperationException();
        }
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getUseClientMode() {
        return this.ctx.isClient();
    }

    @Override // javax.net.ssl.SSLEngine
    public void setNeedClientAuth(boolean z) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getNeedClientAuth() {
        return this.ctx.clientAuth == ClientAuth.REQUIRE;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setWantClientAuth(boolean z) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getWantClientAuth() {
        return this.ctx.clientAuth == ClientAuth.OPTIONAL;
    }

    @Override // javax.net.ssl.SSLEngine
    public void setEnableSessionCreation(boolean z) {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.SSLEngine
    public boolean getEnableSessionCreation() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void handshakeFinished(byte[] bArr, String str, String str2, byte[] bArr2, byte[][] bArr3, long j, long j2, byte[] bArr4, boolean z) {
        if (bArr4 == null) {
            this.applicationProtocol = null;
        } else {
            this.applicationProtocol = new String(bArr4);
        }
        this.session.handshakeFinished(bArr, str, str2, bArr2, bArr3, j, j2);
        this.sessionReused = z;
        this.handshakeFinished = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeSessionFromCacheIfInvalid() {
        this.session.removeFromCacheIfInvalid();
    }

    synchronized boolean isSessionReused() {
        return this.sessionReused;
    }
}
