package org.kaazing.k3po.driver.internal.ext.tls.bootstrap;

import java.io.File;
import java.io.FileInputStream;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Objects;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ConcurrentNavigableMap;
import java.util.concurrent.ConcurrentSkipListMap;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.jboss.netty.channel.Channel;
import org.jboss.netty.channel.ChannelException;
import org.jboss.netty.channel.ChannelFuture;
import org.jboss.netty.channel.ChannelFutureListener;
import org.jboss.netty.channel.ChannelHandler;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.ChannelStateEvent;
import org.jboss.netty.channel.Channels;
import org.jboss.netty.channel.ChildChannelStateEvent;
import org.jboss.netty.channel.SimpleChannelHandler;
import org.jboss.netty.handler.ssl.SslHandler;
import org.jboss.netty.util.internal.ConcurrentHashMap;
import org.kaazing.k3po.driver.internal.netty.bootstrap.ServerBootstrap;
import org.kaazing.k3po.driver.internal.netty.bootstrap.channel.AbstractServerChannelSink;
import org.kaazing.k3po.driver.internal.netty.channel.ChannelAddress;

/* loaded from: input_file:org/kaazing/k3po/driver/internal/ext/tls/bootstrap/TlsServerChannelSink.class */
public class TlsServerChannelSink extends AbstractServerChannelSink<TlsServerChannel> {
    private final SecureRandom random;
    private final ConcurrentNavigableMap<ChannelAddress, TlsServerChannel> tlsBindings;
    private final ConcurrentMap<ChannelAddress, TlsTransport> tlsTransports;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kaazing/k3po/driver/internal/ext/tls/bootstrap/TlsServerChannelSink$TlsTransport.class */
    public static final class TlsTransport {
        final ChannelFuture future;
        final AtomicInteger count;

        TlsTransport(ChannelFuture channelFuture) {
            this(channelFuture, 0);
        }

        TlsTransport(ChannelFuture channelFuture, int i) {
            this.future = channelFuture;
            this.count = new AtomicInteger(i);
        }

        public int hashCode() {
            return Objects.hash(this.future, this.count);
        }

        public boolean equals(Object obj) {
            TlsTransport tlsTransport = (TlsTransport) obj;
            return Objects.equals(this.future, tlsTransport.future) && this.count.get() == tlsTransport.count.get();
        }

        public String toString() {
            return String.format("[future=@%d, count=%d]", Integer.valueOf(Objects.hashCode(this.future)), Integer.valueOf(this.count.get()));
        }
    }

    public TlsServerChannelSink(SecureRandom secureRandom) {
        this(secureRandom, new ConcurrentSkipListMap(ChannelAddress.ADDRESS_COMPARATOR));
    }

    private TlsServerChannelSink(SecureRandom secureRandom, ConcurrentNavigableMap<ChannelAddress, TlsServerChannel> concurrentNavigableMap) {
        this.random = secureRandom;
        this.tlsBindings = concurrentNavigableMap;
        this.tlsTransports = new ConcurrentHashMap();
    }

    @Override // org.kaazing.k3po.driver.internal.netty.bootstrap.channel.AbstractChannelSink
    protected void bindRequested(ChannelPipeline channelPipeline, ChannelStateEvent channelStateEvent) throws Exception {
        final TlsServerChannel tlsServerChannel = (TlsServerChannel) channelStateEvent.getChannel();
        final ChannelFuture future = channelStateEvent.getFuture();
        final ChannelAddress channelAddress = (ChannelAddress) channelStateEvent.getValue();
        final URI location = channelAddress.getLocation();
        if (this.tlsBindings.putIfAbsent(channelAddress, tlsServerChannel) != null) {
            future.setFailure(new ChannelException(String.format("Duplicate bind failed: %s", location)));
        }
        ChannelAddress transport = channelAddress.getTransport();
        TlsTransport tlsTransport = this.tlsTransports.get(transport);
        if (tlsTransport == null) {
            TlsServerChannelConfig config = tlsServerChannel.getConfig();
            final File keyStoreFile = config.getKeyStoreFile();
            final File trustStoreFile = config.getTrustStoreFile();
            final char[] keyStorePassword = config.getKeyStorePassword();
            final char[] trustStorePassword = config.getTrustStorePassword();
            final String[] applicationProtocols = config.getApplicationProtocols();
            ChannelPipelineFactory channelPipelineFactory = new ChannelPipelineFactory() { // from class: org.kaazing.k3po.driver.internal.ext.tls.bootstrap.TlsServerChannelSink.1
                public ChannelPipeline getPipeline() throws Exception {
                    KeyManager[] keyManagerArr = null;
                    if (keyStoreFile != null) {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(new FileInputStream(keyStoreFile), keyStorePassword);
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                        keyManagerFactory.init(keyStore, keyStorePassword);
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                    }
                    TrustManager[] trustManagerArr = null;
                    if (trustStoreFile != null) {
                        KeyStore keyStore2 = KeyStore.getInstance("JKS");
                        keyStore2.load(new FileInputStream(trustStoreFile), trustStorePassword);
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
                        trustManagerFactory.init(keyStore2);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                    }
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagerArr, trustManagerArr, TlsServerChannelSink.this.random);
                    SSLEngine createSSLEngine = sSLContext.createSSLEngine();
                    createSSLEngine.setUseClientMode(false);
                    String host = location.getHost();
                    SSLParameters sSLParameters = new SSLParameters();
                    sSLParameters.setSNIMatchers(Collections.singleton(SNIHostName.createSNIMatcher(host)));
                    if (applicationProtocols != null && applicationProtocols.length > 0) {
                        TlsServerChannelSink.setApplicationProtocols(sSLParameters, applicationProtocols);
                    }
                    createSSLEngine.setSSLParameters(sSLParameters);
                    ChannelHandler sslHandler = new SslHandler(createSSLEngine);
                    sslHandler.setIssueHandshake(true);
                    return Channels.pipeline(new ChannelHandler[]{sslHandler, new TlsChildChannelSource(TlsServerChannelSink.this.tlsBindings)});
                }
            };
            String scheme = transport.getLocation().getScheme();
            String scheme2 = channelAddress.getLocation().getScheme();
            ServerBootstrap newServerBootstrap = this.bootstrapFactory.newServerBootstrap(scheme);
            newServerBootstrap.setParentHandler(createParentHandler(tlsServerChannel, transport));
            newServerBootstrap.setPipelineFactory(channelPipelineFactory);
            newServerBootstrap.setOptions(tlsServerChannel.getConfig().getTransportOptions());
            newServerBootstrap.setOption(String.format("%s.nextProtocol", scheme), scheme2);
            TlsTransport tlsTransport2 = new TlsTransport(newServerBootstrap.bindAsync(transport), 1);
            tlsTransport = this.tlsTransports.putIfAbsent(transport, tlsTransport2);
            if (tlsTransport == null) {
                tlsTransport = tlsTransport2;
            }
        } else {
            tlsTransport.count.incrementAndGet();
        }
        if (tlsTransport.future.isDone()) {
            handleTlsTransportBindComplete(tlsServerChannel, future, channelAddress, tlsTransport.future);
        } else {
            tlsTransport.future.addListener(new ChannelFutureListener() { // from class: org.kaazing.k3po.driver.internal.ext.tls.bootstrap.TlsServerChannelSink.2
                public void operationComplete(ChannelFuture channelFuture) throws Exception {
                    TlsServerChannelSink.handleTlsTransportBindComplete(tlsServerChannel, future, channelAddress, channelFuture);
                }
            });
        }
    }

    @Override // org.kaazing.k3po.driver.internal.netty.bootstrap.channel.AbstractChannelSink
    protected void unbindRequested(ChannelPipeline channelPipeline, ChannelStateEvent channelStateEvent) throws Exception {
        final TlsServerChannel channel = channelStateEvent.getChannel();
        final ChannelFuture future = channelStateEvent.getFuture();
        ChannelAddress localAddress = channel.mo63getLocalAddress();
        if (!this.tlsBindings.remove(localAddress, channel)) {
            future.setFailure(new ChannelException("Channel not bound"));
            return;
        }
        ChannelAddress transport = localAddress.getTransport();
        TlsTransport tlsTransport = this.tlsTransports.get(transport);
        if (!$assertionsDisabled && tlsTransport == null) {
            throw new AssertionError();
        }
        if (tlsTransport.count.decrementAndGet() != 0) {
            Channels.fireChannelUnbound(channel);
            future.setSuccess();
            return;
        }
        if (this.tlsTransports.remove(transport, new TlsTransport(tlsTransport.future))) {
            ChannelFuture unbind = channel.mo96getTransport().unbind();
            if (unbind.isDone()) {
                handleTlsTransportUnbindComplete(channel, future, unbind);
            } else {
                unbind.addListener(new ChannelFutureListener() { // from class: org.kaazing.k3po.driver.internal.ext.tls.bootstrap.TlsServerChannelSink.3
                    public void operationComplete(ChannelFuture channelFuture) throws Exception {
                        TlsServerChannelSink.handleTlsTransportUnbindComplete(channel, future, channelFuture);
                    }
                });
            }
        }
    }

    @Override // org.kaazing.k3po.driver.internal.netty.bootstrap.channel.AbstractChannelSink
    protected void closeRequested(ChannelPipeline channelPipeline, ChannelStateEvent channelStateEvent) throws Exception {
        final TlsServerChannel channel = channelStateEvent.getChannel();
        final ChannelFuture future = channelStateEvent.getFuture();
        boolean isBound = channel.isBound();
        if (future.isDone()) {
            return;
        }
        if (isBound) {
            unbindRequested(channelPipeline, channelStateEvent);
        }
        Channel mo96getTransport = channel.mo96getTransport();
        if (mo96getTransport != null) {
            ChannelFuture close = mo96getTransport.close();
            if (close.isDone()) {
                handleTlsTransportCloseComplete(channel, future, close);
            } else {
                close.addListener(new ChannelFutureListener() { // from class: org.kaazing.k3po.driver.internal.ext.tls.bootstrap.TlsServerChannelSink.4
                    public void operationComplete(ChannelFuture channelFuture) throws Exception {
                        TlsServerChannelSink.handleTlsTransportCloseComplete(channel, future, channelFuture);
                    }
                });
            }
        }
    }

    private ChannelHandler createParentHandler(TlsServerChannel tlsServerChannel, final ChannelAddress channelAddress) {
        return new SimpleChannelHandler() { // from class: org.kaazing.k3po.driver.internal.ext.tls.bootstrap.TlsServerChannelSink.5
            public void childChannelOpen(ChannelHandlerContext channelHandlerContext, ChildChannelStateEvent childChannelStateEvent) throws Exception {
                childChannelStateEvent.getChannel().setAttachment(channelAddress);
                super.childChannelOpen(channelHandlerContext, childChannelStateEvent);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void handleTlsTransportBindComplete(TlsServerChannel tlsServerChannel, ChannelFuture channelFuture, ChannelAddress channelAddress, ChannelFuture channelFuture2) {
        if (!channelFuture2.isSuccess()) {
            channelFuture.setFailure(channelFuture2.getCause());
            return;
        }
        tlsServerChannel.setTransport(channelFuture2.getChannel());
        tlsServerChannel.setLocalAddress(channelAddress);
        tlsServerChannel.setBound();
        Channels.fireChannelBound(tlsServerChannel, tlsServerChannel.mo63getLocalAddress());
        channelFuture.setSuccess();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void handleTlsTransportUnbindComplete(TlsServerChannel tlsServerChannel, ChannelFuture channelFuture, ChannelFuture channelFuture2) {
        if (!channelFuture2.isSuccess()) {
            channelFuture.setFailure(channelFuture2.getCause());
        } else {
            Channels.fireChannelUnbound(tlsServerChannel);
            channelFuture.setSuccess();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void handleTlsTransportCloseComplete(TlsServerChannel tlsServerChannel, ChannelFuture channelFuture, ChannelFuture channelFuture2) {
        if (!channelFuture2.isSuccess()) {
            channelFuture.setFailure(channelFuture2.getCause());
        } else {
            Channels.fireChannelClosed(tlsServerChannel);
            tlsServerChannel.setClosed();
        }
    }

    static void setApplicationProtocols(SSLParameters sSLParameters, String[] strArr) {
        try {
            SSLParameters.class.getMethod("setApplicationProtocols", String[].class).invoke(sSLParameters, strArr);
        } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
            throw new RuntimeException("Cannot call SSLParameters#setApplicationProtocols(). Use JDK 9 to run k3po", e);
        }
    }

    static {
        $assertionsDisabled = !TlsServerChannelSink.class.desiredAssertionStatus();
    }
}
