package com.firenio.baseio.component;

import com.firenio.baseio.Options;
import com.firenio.baseio.log.Logger;
import com.firenio.baseio.log.LoggerFactory;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import org.wildfly.openssl.OpenSSLEngine;
import org.wildfly.openssl.OpenSSLProvider;

/* loaded from: input_file:com/firenio/baseio/component/SslContext.class */
public final class SslContext {
    public static final List<String> ENABLED_CIPHERS;
    public static final String[] ENABLED_PROTOCOLS;
    static final Logger logger = LoggerFactory.getLogger((Class<?>) SslContext.class);
    public static final boolean OPENSSL_AVAILABLE;
    public static final int SSL_PACKET_BUFFER_SIZE;
    public static final int SSL_UNWRAP_BUFFER_SIZE;
    public static final Set<String> SUPPORTED_CIPHERS;
    private final String[] applicationProtocols;
    private final String[] cipherSuites;
    private final ClientAuth clientAuth;
    private final boolean isServer;
    private final SSLContext sslContext;
    private final List<String> unmodifiableCipherSuites;

    /* loaded from: input_file:com/firenio/baseio/component/SslContext$ClientAuth.class */
    public enum ClientAuth {
        NONE,
        OPTIONAL,
        REQUIRE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslContext(SSLContext sSLContext, boolean z, List<String> list, ClientAuth clientAuth, String[] strArr) throws SSLException {
        this.applicationProtocols = strArr;
        this.clientAuth = clientAuth;
        this.cipherSuites = filterCipherSuites(list, ENABLED_CIPHERS, SUPPORTED_CIPHERS);
        this.unmodifiableCipherSuites = Collections.unmodifiableList(Arrays.asList(this.cipherSuites));
        this.sslContext = sSLContext;
        this.isServer = z;
        if (strArr != null && !OPENSSL_AVAILABLE) {
            throw new SSLException("applicationProtocols enabled but openssl not available");
        }
    }

    public final List<String> cipherSuites() {
        return this.unmodifiableCipherSuites;
    }

    private SSLEngine configureEngine(SSLEngine sSLEngine) {
        sSLEngine.setEnabledCipherSuites(this.cipherSuites);
        sSLEngine.setEnabledProtocols(ENABLED_PROTOCOLS);
        sSLEngine.setUseClientMode(isClient());
        if (isServer()) {
            if (this.clientAuth == ClientAuth.OPTIONAL) {
                sSLEngine.setWantClientAuth(true);
            } else if (this.clientAuth == ClientAuth.REQUIRE) {
                sSLEngine.setNeedClientAuth(true);
            }
        }
        if (this.applicationProtocols == null) {
            return sSLEngine;
        }
        ((OpenSSLEngine) sSLEngine).setApplicationProtocols(this.applicationProtocols);
        return sSLEngine;
    }

    private String[] filterCipherSuites(List<String> list, List<String> list2, Set<String> set) {
        String next;
        if (list == null) {
            return (String[]) list2.toArray(new String[list2.size()]);
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            if (set.contains(next)) {
                arrayList.add(next);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public final boolean isClient() {
        return !isServer();
    }

    public final boolean isServer() {
        return this.isServer;
    }

    public final SSLEngine newEngine(String str, int i) {
        return configureEngine(this.sslContext.createSSLEngine(str, i));
    }

    public final long sessionCacheSize() {
        return sessionContext().getSessionCacheSize();
    }

    public final SSLSessionContext sessionContext() {
        return isServer() ? this.sslContext.getServerSessionContext() : this.sslContext.getClientSessionContext();
    }

    public final long sessionTimeout() {
        return sessionContext().getSessionTimeout();
    }

    private static void addIfSupported(Set<String> set, List<String> list, String... strArr) {
        for (String str : strArr) {
            if (set.contains(str)) {
                list.add(str);
            }
        }
    }

    public static int getPacketBufferSize() {
        return SSL_PACKET_BUFFER_SIZE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLContext newSSLContext() throws NoSuchAlgorithmException {
        return OPENSSL_AVAILABLE ? SSLContext.getInstance("openssl.TLS") : SSLContext.getInstance("TLS");
    }

    static {
        try {
            CertificateFactory.getInstance("X.509");
            boolean z = false;
            try {
                if (Options.isEnableOpenssl()) {
                    Class.forName("org.wildfly.openssl.OpenSSLProvider");
                    OpenSSLProvider.register();
                    z = true;
                }
            } catch (Error | Exception e) {
            }
            OPENSSL_AVAILABLE = z;
            try {
                SSLContext newSSLContext = newSSLContext();
                newSSLContext.init(null, null, null);
                SSL_UNWRAP_BUFFER_SIZE = Options.getSslUnwrapBufferSize(262144);
                SSLEngine createSSLEngine = newSSLContext.createSSLEngine();
                SSL_PACKET_BUFFER_SIZE = createSSLEngine.getSession().getPacketBufferSize();
                String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
                HashSet hashSet = new HashSet(supportedProtocols.length);
                for (String str : supportedProtocols) {
                    hashSet.add(str);
                }
                ArrayList arrayList = new ArrayList();
                addIfSupported(hashSet, arrayList, "TLSv1.3", "TLSv1.2", "TLSv1.1", "TLSv1");
                if (arrayList.isEmpty()) {
                    ENABLED_PROTOCOLS = createSSLEngine.getEnabledProtocols();
                } else {
                    ENABLED_PROTOCOLS = (String[]) arrayList.toArray(new String[arrayList.size()]);
                }
                String[] supportedCipherSuites = createSSLEngine.getSupportedCipherSuites();
                SUPPORTED_CIPHERS = new HashSet(supportedCipherSuites.length);
                for (String str2 : supportedCipherSuites) {
                    SUPPORTED_CIPHERS.add(str2);
                }
                ArrayList arrayList2 = new ArrayList();
                addIfSupported(SUPPORTED_CIPHERS, arrayList2, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA");
                if (arrayList2.isEmpty()) {
                    for (String str3 : createSSLEngine.getEnabledCipherSuites()) {
                        if (!str3.contains("_RC4_")) {
                            arrayList2.add(str3);
                        }
                    }
                }
                ENABLED_CIPHERS = Collections.unmodifiableList(arrayList2);
            } catch (Exception e2) {
                throw new Error("failed to initialize the default SSL context", e2);
            }
        } catch (CertificateException e3) {
            throw new IllegalStateException("unable to instance X.509 CertificateFactory", e3);
        }
    }
}
