package org.eclipse.californium.elements.tcp.netty;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.eclipse.californium.elements.config.CertificateAuthenticationMode;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.elements.config.TcpConfig;
import org.eclipse.californium.elements.util.JceProviderUtil;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.eclipse.californium.elements.util.StringUtil;

/* loaded from: input_file:org/eclipse/californium/elements/tcp/netty/TlsServerConnector.class */
public class TlsServerConnector extends TcpServerConnector {
    private final CertificateAuthenticationMode clientAuthMode;
    private final SSLContext sslContext;
    private final String[] weakCipherSuites;
    private final long handshakeTimeoutMillis;

    /* renamed from: org.eclipse.californium.elements.tcp.netty.TlsServerConnector$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/californium/elements/tcp/netty/TlsServerConnector$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$californium$elements$config$CertificateAuthenticationMode = new int[CertificateAuthenticationMode.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$californium$elements$config$CertificateAuthenticationMode[CertificateAuthenticationMode.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$californium$elements$config$CertificateAuthenticationMode[CertificateAuthenticationMode.WANTED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$californium$elements$config$CertificateAuthenticationMode[CertificateAuthenticationMode.NEEDED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public TlsServerConnector(SSLContext sSLContext, InetSocketAddress inetSocketAddress, Configuration configuration) {
        super(inetSocketAddress, configuration, new TlsContextUtil((CertificateAuthenticationMode) configuration.get(TcpConfig.TLS_CLIENT_AUTHENTICATION_MODE)));
        this.sslContext = sSLContext;
        this.clientAuthMode = (CertificateAuthenticationMode) configuration.get(TcpConfig.TLS_CLIENT_AUTHENTICATION_MODE);
        this.handshakeTimeoutMillis = configuration.get(TcpConfig.TLS_HANDSHAKE_TIMEOUT, TimeUnit.MILLISECONDS).longValue();
        this.weakCipherSuites = JceProviderUtil.hasStrongEncryption() ? null : SslContextUtil.getWeakCipherSuites(sSLContext);
    }

    @Override // org.eclipse.californium.elements.tcp.netty.TcpServerConnector
    protected void onNewChannelCreated(Channel channel) {
        SSLEngine createSllEngineForChannel = createSllEngineForChannel(channel);
        switch (AnonymousClass1.$SwitchMap$org$eclipse$californium$elements$config$CertificateAuthenticationMode[this.clientAuthMode.ordinal()]) {
            case 2:
                createSllEngineForChannel.setWantClientAuth(true);
                break;
            case 3:
                createSllEngineForChannel.setNeedClientAuth(true);
                break;
        }
        createSllEngineForChannel.setUseClientMode(false);
        if (this.weakCipherSuites != null) {
            createSllEngineForChannel.setEnabledCipherSuites(this.weakCipherSuites);
        }
        ChannelHandler sslHandler = new SslHandler(createSllEngineForChannel);
        sslHandler.setHandshakeTimeoutMillis(this.handshakeTimeoutMillis);
        channel.pipeline().addFirst(new ChannelHandler[]{sslHandler});
    }

    @Override // org.eclipse.californium.elements.tcp.netty.TcpServerConnector
    public String getProtocol() {
        return "TLS";
    }

    private SSLEngine createSllEngineForChannel(Channel channel) {
        SocketAddress remoteAddress = channel.remoteAddress();
        if (!(remoteAddress instanceof InetSocketAddress)) {
            this.LOGGER.info("Connection from {}", StringUtil.toLog(remoteAddress));
            return this.sslContext.createSSLEngine();
        }
        this.LOGGER.info("Connection from inet {}", StringUtil.toLog(remoteAddress));
        InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress;
        return this.sslContext.createSSLEngine(inetSocketAddress.getAddress().getHostAddress(), inetSocketAddress.getPort());
    }
}
