package io.netty.incubator.codec.quic;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.util.KeyManagerFactoryWrapper;
import io.netty.handler.ssl.util.TrustManagerFactoryWrapper;
import io.netty.util.Mapping;
import io.netty.util.internal.ObjectUtil;
import java.io.File;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:essential-c1eb12362917046791cfcaa5dce11cb7.jar:gg/essential/sps/quic/jvm/netty.jar:io/netty/incubator/codec/quic/QuicSslContextBuilder.class */
public final class QuicSslContextBuilder {
    private static final X509ExtendedKeyManager SNI_KEYMANAGER = new X509ExtendedKeyManager() { // from class: io.netty.incubator.codec.quic.QuicSslContextBuilder.1
        private final X509Certificate[] emptyCerts = new X509Certificate[0];
        private final String[] emptyStrings = new String[0];

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.emptyStrings;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.emptyStrings;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.emptyCerts;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }
    };
    private final boolean forServer;
    private TrustManagerFactory trustManagerFactory;
    private String keyPassword;
    private KeyManagerFactory keyManagerFactory;
    private long sessionCacheSize = 20480;
    private long sessionTimeout = 300;
    private ClientAuth clientAuth = ClientAuth.NONE;
    private String[] applicationProtocols;
    private Boolean earlyData;
    private BoringSSLKeylog keylog;
    private Mapping<? super String, ? extends QuicSslContext> mapping;

    public static QuicSslContextBuilder forClient() {
        return new QuicSslContextBuilder(false);
    }

    public static QuicSslContextBuilder forServer(File file, String str, File file2) {
        return new QuicSslContextBuilder(true).keyManager(file, str, file2);
    }

    public static QuicSslContextBuilder forServer(PrivateKey privateKey, String str, X509Certificate... x509CertificateArr) {
        return new QuicSslContextBuilder(true).keyManager(privateKey, str, x509CertificateArr);
    }

    public static QuicSslContextBuilder forServer(KeyManagerFactory keyManagerFactory, String str) {
        return new QuicSslContextBuilder(true).keyManager(keyManagerFactory, str);
    }

    public static QuicSslContextBuilder forServer(KeyManager keyManager, String str) {
        return new QuicSslContextBuilder(true).keyManager(keyManager, str);
    }

    public static QuicSslContext buildForServerWithSni(Mapping<? super String, ? extends QuicSslContext> mapping) {
        return forServer(SNI_KEYMANAGER, (String) null).sni(mapping).build();
    }

    private QuicSslContextBuilder(boolean z) {
        this.forServer = z;
    }

    private QuicSslContextBuilder sni(Mapping<? super String, ? extends QuicSslContext> mapping) {
        this.mapping = (Mapping) ObjectUtil.checkNotNull(mapping, "mapping");
        return this;
    }

    public QuicSslContextBuilder earlyData(boolean z) {
        this.earlyData = Boolean.valueOf(z);
        return this;
    }

    public QuicSslContextBuilder keylog(boolean z) {
        keylog(z ? BoringSSLLoggingKeylog.INSTANCE : null);
        return this;
    }

    public QuicSslContextBuilder keylog(BoringSSLKeylog boringSSLKeylog) {
        this.keylog = boringSSLKeylog;
        return this;
    }

    public QuicSslContextBuilder trustManager(File file) {
        try {
            return trustManager(QuicheQuicSslContext.toX509Certificates0(file));
        } catch (Exception e) {
            throw new IllegalArgumentException("File does not contain valid certificates: " + file, e);
        }
    }

    public QuicSslContextBuilder trustManager(X509Certificate... x509CertificateArr) {
        try {
            return trustManager(QuicheQuicSslContext.buildTrustManagerFactory0(x509CertificateArr));
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public QuicSslContextBuilder trustManager(TrustManagerFactory trustManagerFactory) {
        this.trustManagerFactory = trustManagerFactory;
        return this;
    }

    public QuicSslContextBuilder trustManager(TrustManager trustManager) {
        return trustManager(new TrustManagerFactoryWrapper(trustManager));
    }

    public QuicSslContextBuilder keyManager(File file, String str, File file2) {
        try {
            try {
                return keyManager(QuicheQuicSslContext.toPrivateKey0(file, str), str, QuicheQuicSslContext.toX509Certificates0(file2));
            } catch (Exception e) {
                throw new IllegalArgumentException("File does not contain valid private key: " + file, e);
            }
        } catch (Exception e2) {
            throw new IllegalArgumentException("File does not contain valid certificates: " + file2, e2);
        }
    }

    public QuicSslContextBuilder keyManager(PrivateKey privateKey, String str, X509Certificate... x509CertificateArr) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            char[] charArray = str == null ? new char[0] : str.toCharArray();
            keyStore.setKeyEntry("alias", privateKey, charArray, x509CertificateArr);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, charArray);
            return keyManager(keyManagerFactory, str);
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public QuicSslContextBuilder keyManager(KeyManagerFactory keyManagerFactory, String str) {
        this.keyPassword = str;
        this.keyManagerFactory = keyManagerFactory;
        return this;
    }

    public QuicSslContextBuilder keyManager(KeyManager keyManager, String str) {
        return keyManager(new KeyManagerFactoryWrapper(keyManager), str);
    }

    public QuicSslContextBuilder applicationProtocols(String... strArr) {
        this.applicationProtocols = strArr;
        return this;
    }

    public QuicSslContextBuilder sessionCacheSize(long j) {
        this.sessionCacheSize = j;
        return this;
    }

    public QuicSslContextBuilder sessionTimeout(long j) {
        this.sessionTimeout = j;
        return this;
    }

    public QuicSslContextBuilder clientAuth(ClientAuth clientAuth) {
        if (!this.forServer) {
            throw new UnsupportedOperationException("Only supported for server");
        }
        this.clientAuth = (ClientAuth) ObjectUtil.checkNotNull(clientAuth, "clientAuth");
        return this;
    }

    public QuicSslContext build() {
        return this.forServer ? new QuicheQuicSslContext(true, this.sessionTimeout, this.sessionCacheSize, this.clientAuth, this.trustManagerFactory, this.keyManagerFactory, this.keyPassword, this.mapping, this.earlyData, this.keylog, this.applicationProtocols) : new QuicheQuicSslContext(false, this.sessionTimeout, this.sessionCacheSize, this.clientAuth, this.trustManagerFactory, this.keyManagerFactory, this.keyPassword, this.mapping, this.earlyData, this.keylog, this.applicationProtocols);
    }
}
