package com.linkedin.alpini.netty4.ssl;

import com.linkedin.alpini.netty4.handlers.ChannelInitializer;
import com.linkedin.alpini.netty4.misc.NettyUtils;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.ChannelPromise;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.Executor;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

@ChannelHandler.Sharable
/* loaded from: input_file:com/linkedin/alpini/netty4/ssl/SslClientInitializer.class */
public class SslClientInitializer extends ChannelInitializer<Channel> {
    private final boolean _sslEnabled;
    private final SSLEngineFactory _sslEngineFactory;
    private final SecureClientHandler _secureClientHandler;
    private final ChannelHandler _connectHandler;
    private Executor _sslExecutor;

    @ChannelHandler.Sharable
    /* loaded from: input_file:com/linkedin/alpini/netty4/ssl/SslClientInitializer$ConnectHandler.class */
    private class ConnectHandler extends ChannelOutboundHandlerAdapter {
        private ConnectHandler() {
        }

        @Override // io.netty.channel.ChannelOutboundHandlerAdapter, io.netty.channel.ChannelOutboundHandler
        public void connect(ChannelHandlerContext channelHandlerContext, SocketAddress socketAddress, SocketAddress socketAddress2, ChannelPromise channelPromise) {
            channelHandlerContext.connect(socketAddress, socketAddress2, replaceHandler(channelHandlerContext, socketAddress, channelPromise));
        }

        /* JADX WARN: Type inference failed for: r0v2, types: [io.netty.channel.ChannelPromise] */
        private ChannelPromise replaceHandler(ChannelHandlerContext channelHandlerContext, SocketAddress socketAddress, ChannelPromise channelPromise) {
            return channelHandlerContext.newPromise().addListener2(future -> {
                if (!future.isSuccess()) {
                    channelPromise.setFailure2(future.cause());
                } else if (SslClientInitializer.this._sslExecutor != null) {
                    CompletableFuture.supplyAsync(() -> {
                        return SslClientInitializer.this.createSSLEngine(channelHandlerContext, socketAddress);
                    }, SslClientInitializer.this._sslExecutor).whenCompleteAsync((sSLEngine, th) -> {
                        if (th != null) {
                            channelPromise.setFailure2(th);
                        } else {
                            SslClientInitializer.this.replaceChannelHandler(channelHandlerContext, this, sSLEngine);
                            channelPromise.setSuccess();
                        }
                    }, (Executor) channelHandlerContext.executor());
                } else {
                    SslClientInitializer.this.replaceChannelHandler(channelHandlerContext, this, SslClientInitializer.this.createSSLEngine(channelHandlerContext, socketAddress));
                    channelPromise.setSuccess();
                }
            });
        }

        @Override // io.netty.channel.ChannelOutboundHandlerAdapter, io.netty.channel.ChannelOutboundHandler
        public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
            throw new IllegalStateException();
        }
    }

    public SslClientInitializer(SSLEngineFactory sSLEngineFactory) {
        this(sSLEngineFactory, false);
    }

    public SslClientInitializer(SSLEngineFactory sSLEngineFactory, boolean z) {
        this._connectHandler = new ConnectHandler();
        this._sslEngineFactory = sSLEngineFactory;
        this._sslEnabled = this._sslEngineFactory != null && this._sslEngineFactory.isSslEnabled();
        if (this._sslEnabled) {
            this._secureClientHandler = new SecureClientHandler(z ? this::clientCertificateValidation : null);
        } else {
            this._secureClientHandler = null;
        }
    }

    public SslClientInitializer enableSslTaskExecutor(Executor executor) {
        this._sslExecutor = (Executor) Objects.requireNonNull(executor);
        return this;
    }

    protected boolean clientCertificateValidation(ChannelHandlerContext channelHandlerContext, X509Certificate x509Certificate) {
        return true;
    }

    @Override // com.linkedin.alpini.netty4.handlers.ChannelInitializer
    protected void initChannel(Channel channel) throws Exception {
        if (this._sslEnabled) {
            if (!channel.isActive()) {
                channel.pipeline().replace(this, "ssl-wait-connected", this._connectHandler);
            } else {
                ChannelHandlerContext context = channel.pipeline().context(this);
                replaceChannelHandler(context, this, createSSLEngine(context, channel.remoteAddress()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLEngine createSSLEngine(ChannelHandlerContext channelHandlerContext, SocketAddress socketAddress) {
        SSLEngine createSSLEngine;
        if (socketAddress instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
            createSSLEngine = this._sslEngineFactory.createSSLEngine(channelHandlerContext.alloc(), inetSocketAddress.getHostString(), inetSocketAddress.getPort(), false);
        } else {
            createSSLEngine = this._sslEngineFactory.createSSLEngine(channelHandlerContext.alloc(), false);
        }
        createSSLEngine.setUseClientMode(true);
        SSLParameters sSLParameters = this._sslEngineFactory.getSSLParameters();
        if (sSLParameters != null) {
            HashSet hashSet = new HashSet(Arrays.asList(createSSLEngine.getSupportedCipherSuites()));
            Stream of = Stream.of((Object[]) sSLParameters.getCipherSuites());
            Objects.requireNonNull(hashSet);
            createSSLEngine.setEnabledCipherSuites((String[]) of.filter((v1) -> {
                return r2.contains(v1);
            }).toArray(i -> {
                return new String[i];
            }));
        }
        return createSSLEngine;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void replaceChannelHandler(ChannelHandlerContext channelHandlerContext, ChannelHandler channelHandler, SSLEngine sSLEngine) {
        channelHandlerContext.pipeline().addAfter(NettyUtils.executorGroup(channelHandlerContext.channel()), channelHandlerContext.name(), "SecureClientHandler", this._secureClientHandler);
        channelHandlerContext.pipeline().replace(channelHandler, "SSLHandler", this._sslExecutor != null ? new FusedSslHandler(sSLEngine, this._sslExecutor) : new FusedSslHandler(sSLEngine));
    }
}
