package org.kaazing.gateway.transport.ssl.bridge.filter;

import java.util.Collection;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentSkipListMap;
import org.apache.mina.core.filterchain.IoFilter;
import org.apache.mina.core.filterchain.IoFilterAdapter;
import org.apache.mina.core.session.IoSession;
import org.kaazing.gateway.resource.address.Comparators;
import org.kaazing.gateway.resource.address.ResourceAddress;
import org.kaazing.gateway.transport.TransportKeySelector;
import org.kaazing.gateway.transport.ssl.cert.DefaultKeySelector;
import org.kaazing.mina.netty.util.threadlocal.VicariousThreadLocal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/transport/ssl/bridge/filter/SslCertificateSelectionFilter.class */
public class SslCertificateSelectionFilter extends IoFilterAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(SslCertificateSelectionFilter.class);
    private static final ThreadLocal<AvailableCertInfo> availClientCertInfo = new VicariousThreadLocal<AvailableCertInfo>() { // from class: org.kaazing.gateway.transport.ssl.bridge.filter.SslCertificateSelectionFilter.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: initialValue, reason: merged with bridge method [inline-methods] */
        public AvailableCertInfo m8initialValue() {
            return new AvailableCertInfo();
        }
    };
    private static final ThreadLocal<AvailableCertInfo> availServerCertInfo = new VicariousThreadLocal<AvailableCertInfo>() { // from class: org.kaazing.gateway.transport.ssl.bridge.filter.SslCertificateSelectionFilter.2
        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: initialValue, reason: merged with bridge method [inline-methods] */
        public AvailableCertInfo m9initialValue() {
            return new AvailableCertInfo();
        }
    };
    private TransportKeySelector keySelector = new DefaultKeySelector();
    private boolean clientMode;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kaazing/gateway/transport/ssl/bridge/filter/SslCertificateSelectionFilter$AvailableCertInfo.class */
    public static class AvailableCertInfo {
        private IoSession session;
        private ResourceAddress certAliasesKey;
        private ConcurrentMap<ResourceAddress, Collection<String>> certAliases = new ConcurrentSkipListMap(Comparators.compareResourceOriginAndProtocolStack());

        public IoSession getSession() {
            return this.session;
        }

        public void setSession(IoSession ioSession) {
            this.session = ioSession;
        }

        public ResourceAddress getCertAliasesKey() {
            return this.certAliasesKey;
        }

        public void setCertAliasesKey(ResourceAddress resourceAddress) {
            this.certAliasesKey = resourceAddress;
        }

        public ConcurrentMap<ResourceAddress, Collection<String>> getCertAliases() {
            return this.certAliases;
        }
    }

    public SslCertificateSelectionFilter(boolean z) {
        this.clientMode = false;
        this.clientMode = z;
    }

    public static Collection<String> getAvailableClientCertAliases() {
        ConcurrentMap<ResourceAddress, Collection<String>> certAliases;
        AvailableCertInfo availableCertInfo = availClientCertInfo.get();
        if (availableCertInfo == null || (certAliases = availableCertInfo.getCertAliases()) == null || certAliases.isEmpty()) {
            return null;
        }
        return certAliases.get(availableCertInfo.getCertAliasesKey());
    }

    public static Collection<String> getAvailableServerCertAliases() {
        ConcurrentMap<ResourceAddress, Collection<String>> certAliases;
        AvailableCertInfo availableCertInfo = availServerCertInfo.get();
        if (availableCertInfo == null || (certAliases = availableCertInfo.getCertAliases()) == null || certAliases.isEmpty()) {
            return null;
        }
        return certAliases.get(availableCertInfo.getCertAliasesKey());
    }

    public static void setAvailableCertAliases(ResourceAddress resourceAddress, Collection<String> collection, boolean z) {
        AvailableCertInfo availableCertInfo = z ? availClientCertInfo.get() : availServerCertInfo.get();
        if (resourceAddress == null || collection == null) {
            return;
        }
        availableCertInfo.setCertAliasesKey(resourceAddress);
        availableCertInfo.getCertAliases().put(resourceAddress, collection);
    }

    public static IoSession getCurrentSession(boolean z) {
        return (z ? availClientCertInfo.get() : availServerCertInfo.get()).getSession();
    }

    public static void setCurrentSession(IoSession ioSession, boolean z) {
        (z ? availClientCertInfo.get() : availServerCertInfo.get()).setSession(ioSession);
    }

    public boolean getClientMode() {
        return this.clientMode;
    }

    public void setKeySelector(TransportKeySelector transportKeySelector) {
        this.keySelector = transportKeySelector;
    }

    public void messageReceived(IoFilter.NextFilter nextFilter, IoSession ioSession, Object obj) throws Exception {
        setCurrentSession(ioSession, this.clientMode);
        try {
            try {
                ResourceAddress availableCertAliasesKey = this.keySelector.getAvailableCertAliasesKey(this.clientMode);
                Collection availableCertAliases = this.keySelector.getAvailableCertAliases(this.clientMode);
                if (this.clientMode) {
                    setAvailableCertAliases(availableCertAliasesKey, availableCertAliases, this.clientMode);
                } else {
                    if (availableCertAliases == null) {
                        LOGGER.warn("Available certificate aliases is null for " + availableCertAliasesKey);
                    } else if (availableCertAliases.isEmpty()) {
                        LOGGER.warn("Certificate not available for SSL connection on " + availableCertAliasesKey);
                    }
                    setAvailableCertAliases(availableCertAliasesKey, availableCertAliases, this.clientMode);
                }
                super.messageReceived(nextFilter, ioSession, obj);
                setCurrentSession(null, this.clientMode);
            } catch (Exception e) {
                LOGGER.warn(String.format("Unable to determine certificate aliases: %s", e), e);
                throw e;
            }
        } catch (Throwable th) {
            setCurrentSession(null, this.clientMode);
            throw th;
        }
    }
}
