package io.vertx.core.internal.tls;

import io.netty.handler.ssl.OpenSsl;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.VertxException;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.internal.ContextInternal;
import io.vertx.core.net.ClientSSLOptions;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.SSLEngineOptions;
import io.vertx.core.net.SSLOptions;
import io.vertx.core.net.TrustOptions;
import io.vertx.core.spi.tls.SslContextFactory;
import java.io.ByteArrayInputStream;
import java.security.cert.CRL;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/vertx/core/internal/tls/SslContextManager.class */
public class SslContextManager {
    private static final Config NULL_CONFIG = new Config(null, null, null, null, null);
    static final EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth> CLIENT_AUTH_MAPPING = new EnumMap<>(ClientAuth.class);
    private final Supplier<SslContextFactory> supplier;
    private final boolean useWorkerPool;
    private final Map<ConfigKey, Future<Config>> configMap;
    private final Map<ConfigKey, Future<SslContextProvider>> sslContextProviderMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vertx/core/internal/tls/SslContextManager$Config.class */
    public static final class Config {
        private final KeyManagerFactory keyManagerFactory;
        private final TrustManagerFactory trustManagerFactory;
        private final Function<String, KeyManagerFactory> keyManagerFactoryMapper;
        private final Function<String, TrustManager[]> trustManagerMapper;
        private final List<CRL> crls;

        public Config(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, Function<String, KeyManagerFactory> function, Function<String, TrustManager[]> function2, List<CRL> list) {
            this.keyManagerFactory = keyManagerFactory;
            this.trustManagerFactory = trustManagerFactory;
            this.keyManagerFactoryMapper = function;
            this.trustManagerMapper = function2;
            this.crls = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vertx/core/internal/tls/SslContextManager$ConfigKey.class */
    public static final class ConfigKey {
        private final KeyCertOptions keyCertOptions;
        private final TrustOptions trustOptions;
        private final List<Buffer> crlValues;

        public ConfigKey(SSLOptions sSLOptions) {
            this(sSLOptions.getKeyCertOptions(), SslContextManager.trustOptionsOf(sSLOptions), sSLOptions.getCrlValues());
        }

        public ConfigKey(KeyCertOptions keyCertOptions, TrustOptions trustOptions, List<Buffer> list) {
            this.keyCertOptions = keyCertOptions;
            this.trustOptions = trustOptions;
            this.crlValues = list != null ? new ArrayList(list) : null;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ConfigKey)) {
                return false;
            }
            ConfigKey configKey = (ConfigKey) obj;
            return Objects.equals(this.keyCertOptions, configKey.keyCertOptions) && Objects.equals(this.trustOptions, configKey.trustOptions) && Objects.equals(this.crlValues, configKey.crlValues);
        }

        public int hashCode() {
            return (31 * ((31 * Objects.hashCode(this.keyCertOptions)) + Objects.hashCode(this.trustOptions))) + Objects.hashCode(this.crlValues);
        }
    }

    /* loaded from: input_file:io/vertx/core/internal/tls/SslContextManager$LruCache.class */
    private static class LruCache<K, V> extends LinkedHashMap<K, V> {
        private final int maxSize;

        public LruCache(int i) {
            if (i < 1) {
                throw new UnsupportedOperationException();
            }
            this.maxSize = i;
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<K, V> entry) {
            return size() > this.maxSize;
        }
    }

    public SslContextManager(SSLEngineOptions sSLEngineOptions, int i) {
        this.configMap = new LruCache(i);
        this.sslContextProviderMap = new LruCache(i);
        Objects.requireNonNull(sSLEngineOptions);
        this.supplier = sSLEngineOptions::sslContextFactory;
        this.useWorkerPool = sSLEngineOptions.getUseWorkerThread();
    }

    public static SSLEngineOptions resolveEngineOptions(SSLEngineOptions sSLEngineOptions, boolean z) {
        if (sSLEngineOptions == null && z) {
            if (JdkSSLEngineOptions.isAlpnAvailable()) {
                sSLEngineOptions = new JdkSSLEngineOptions();
            } else if (OpenSSLEngineOptions.isAlpnAvailable()) {
                sSLEngineOptions = new OpenSSLEngineOptions();
            }
        }
        if (sSLEngineOptions == null) {
            sSLEngineOptions = new JdkSSLEngineOptions();
        } else if ((sSLEngineOptions instanceof OpenSSLEngineOptions) && !OpenSsl.isAvailable()) {
            VertxException vertxException = new VertxException("OpenSSL is not available");
            Throwable unavailabilityCause = OpenSsl.unavailabilityCause();
            if (unavailabilityCause != null) {
                vertxException.initCause(unavailabilityCause);
            }
            throw vertxException;
        }
        if (z) {
            if ((sSLEngineOptions instanceof JdkSSLEngineOptions) && !JdkSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN not available for JDK SSL/TLS engine");
            }
            if ((sSLEngineOptions instanceof OpenSSLEngineOptions) && !OpenSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN is not available for OpenSSL SSL/TLS engine");
            }
        }
        return sSLEngineOptions;
    }

    public synchronized int sniEntrySize() {
        int i = 0;
        Iterator<Future<SslContextProvider>> it = this.sslContextProviderMap.values().iterator();
        while (it.hasNext()) {
            SslContextProvider result = it.next().result();
            if (result != null) {
                i += result.sniEntrySize();
            }
        }
        return i;
    }

    public SslContextManager(SSLEngineOptions sSLEngineOptions) {
        this(sSLEngineOptions, HttpServerOptions.DEFAULT_MAX_FORM_FIELDS);
    }

    public Future<SslContextProvider> resolveSslContextProvider(SSLOptions sSLOptions, String str, ClientAuth clientAuth, List<String> list, ContextInternal contextInternal) {
        return resolveSslContextProvider(sSLOptions, str, clientAuth, list, false, contextInternal);
    }

    public Future<SslContextProvider> resolveSslContextProvider(SSLOptions sSLOptions, String str, ClientAuth clientAuth, List<String> list, boolean z, ContextInternal contextInternal) {
        ConfigKey configKey = new ConfigKey(sSLOptions);
        synchronized (this) {
            if (z) {
                this.sslContextProviderMap.remove(configKey);
            } else {
                Future<SslContextProvider> future = this.sslContextProviderMap.get(configKey);
                if (future != null) {
                    return future;
                }
            }
            Promise promise = Promise.promise();
            this.sslContextProviderMap.put(configKey, promise.future());
            buildSslContextProvider(sSLOptions, str, clientAuth, list, z, contextInternal).onComplete(promise);
            return promise.future();
        }
    }

    public Future<SslContextProvider> buildSslContextProvider(SSLOptions sSLOptions, String str, ClientAuth clientAuth, List<String> list, boolean z, ContextInternal contextInternal) {
        return buildConfig(sSLOptions, z, contextInternal).map(config -> {
            return buildSslContextProvider(sSLOptions, str, this.supplier, clientAuth, (List<String>) list, config);
        });
    }

    private SslContextProvider buildSslContextProvider(SSLOptions sSLOptions, String str, Supplier<SslContextFactory> supplier, ClientAuth clientAuth, List<String> list, Config config) {
        if (clientAuth == null && str == null) {
            throw new VertxException("Missing hostname verification algorithm: you must set TCP client options host name verification algorithm");
        }
        return new SslContextProvider(this.useWorkerPool, clientAuth, str, list, sSLOptions.getEnabledCipherSuites(), sSLOptions.getEnabledSecureTransportProtocols(), config.keyManagerFactory, config.keyManagerFactoryMapper, config.trustManagerFactory, config.trustManagerMapper, config.crls, supplier);
    }

    private static TrustOptions trustOptionsOf(SSLOptions sSLOptions) {
        return ((sSLOptions instanceof ClientSSLOptions) && ((ClientSSLOptions) sSLOptions).isTrustAll()) ? TrustAllOptions.INSTANCE : sSLOptions.getTrustOptions();
    }

    private Future<Config> buildConfig(SSLOptions sSLOptions, boolean z, ContextInternal contextInternal) {
        if (trustOptionsOf(sSLOptions) == null && sSLOptions.getKeyCertOptions() == null) {
            return contextInternal.succeededFuture(NULL_CONFIG);
        }
        ConfigKey configKey = new ConfigKey(sSLOptions);
        synchronized (this) {
            if (z) {
                this.configMap.remove(configKey);
            } else {
                Future<Config> future = this.configMap.get(configKey);
                if (future != null) {
                    return future;
                }
            }
            Promise promise = Promise.promise();
            this.configMap.put(configKey, promise.future());
            contextInternal.executeBlockingInternal(() -> {
                KeyManagerFactory keyManagerFactory = null;
                Function<String, KeyManagerFactory> function = null;
                TrustManagerFactory trustManagerFactory = null;
                Function<String, TrustManager[]> function2 = null;
                ArrayList arrayList = new ArrayList();
                if (sSLOptions.getKeyCertOptions() != null) {
                    keyManagerFactory = sSLOptions.getKeyCertOptions().getKeyManagerFactory(contextInternal.owner());
                    function = sSLOptions.getKeyCertOptions().keyManagerFactoryMapper(contextInternal.owner());
                }
                TrustOptions trustOptionsOf = trustOptionsOf(sSLOptions);
                if (trustOptionsOf != null) {
                    trustManagerFactory = trustOptionsOf.getTrustManagerFactory(contextInternal.owner());
                    function2 = trustOptionsOf.trustManagerMapper(contextInternal.owner());
                }
                ArrayList arrayList2 = new ArrayList();
                if (sSLOptions.getCrlPaths() != null) {
                    Stream<R> map = sSLOptions.getCrlPaths().stream().map(str -> {
                        return contextInternal.owner().fileResolver().resolve(str).getAbsolutePath();
                    });
                    FileSystem fileSystem = contextInternal.owner().fileSystem();
                    Objects.requireNonNull(fileSystem);
                    arrayList2.addAll((Collection) map.map(fileSystem::readFileBlocking).collect(Collectors.toList()));
                }
                if (sSLOptions.getCrlValues() != null) {
                    arrayList2.addAll(sSLOptions.getCrlValues());
                }
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    arrayList.addAll(certificateFactory.generateCRLs(new ByteArrayInputStream(((Buffer) it.next()).getBytes())));
                }
                return new Config(keyManagerFactory, trustManagerFactory, function, function2, arrayList);
            }).onComplete(promise);
            return promise.future();
        }
    }

    static {
        CLIENT_AUTH_MAPPING.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.REQUIRED, (ClientAuth) io.netty.handler.ssl.ClientAuth.REQUIRE);
        CLIENT_AUTH_MAPPING.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.REQUEST, (ClientAuth) io.netty.handler.ssl.ClientAuth.OPTIONAL);
        CLIENT_AUTH_MAPPING.put((EnumMap<ClientAuth, io.netty.handler.ssl.ClientAuth>) ClientAuth.NONE, (ClientAuth) io.netty.handler.ssl.ClientAuth.NONE);
    }
}
