package org.springframework.boot.web.embedded.netty;

import ch.qos.logback.core.net.ssl.SSL;
import io.netty.handler.ssl.ClientAuth;
import java.io.InputStream;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.stream.Stream;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.springframework.boot.web.server.Http2;
import org.springframework.boot.web.server.Ssl;
import org.springframework.boot.web.server.SslConfigurationValidator;
import org.springframework.boot.web.server.SslStoreProvider;
import org.springframework.boot.web.server.WebServerException;
import org.springframework.util.ResourceUtils;
import reactor.netty.http.Http11SslContextSpec;
import reactor.netty.http.Http2SslContextSpec;
import reactor.netty.http.server.HttpServer;
import reactor.netty.tcp.AbstractProtocolSslContextSpec;

@Deprecated
/* loaded from: input_file:BOOT-INF/lib/spring-boot-2.4.6.jar:org/springframework/boot/web/embedded/netty/SslServerCustomizer.class */
public class SslServerCustomizer implements NettyServerCustomizer {
    private final Ssl ssl;
    private final Http2 http2;
    private final SslStoreProvider sslStoreProvider;

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-2.4.6.jar:org/springframework/boot/web/embedded/netty/SslServerCustomizer$ConfigurableAliasKeyManager.class */
    private static final class ConfigurableAliasKeyManager extends X509ExtendedKeyManager {
        private final X509ExtendedKeyManager delegate;
        private final String alias;

        private ConfigurableAliasKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager, String str) {
            this.delegate = x509ExtendedKeyManager;
            this.alias = str;
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.delegate.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedKeyManager
        public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
            return this.alias != null ? this.alias : this.delegate.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.delegate.chooseClientAlias(strArr, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.delegate.chooseServerAlias(str, principalArr, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.delegate.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.delegate.getClientAliases(str, principalArr);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.delegate.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.delegate.getServerAliases(str, principalArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/spring-boot-2.4.6.jar:org/springframework/boot/web/embedded/netty/SslServerCustomizer$ConfigurableAliasKeyManagerFactory.class */
    public static final class ConfigurableAliasKeyManagerFactory extends KeyManagerFactory {
        private ConfigurableAliasKeyManagerFactory(String str, String str2) throws NoSuchAlgorithmException {
            this(KeyManagerFactory.getInstance(str2), str, str2);
        }

        private ConfigurableAliasKeyManagerFactory(KeyManagerFactory keyManagerFactory, String str, String str2) {
            super(new ConfigurableAliasKeyManagerFactorySpi(keyManagerFactory, str), keyManagerFactory.getProvider(), str2);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-2.4.6.jar:org/springframework/boot/web/embedded/netty/SslServerCustomizer$ConfigurableAliasKeyManagerFactorySpi.class */
    private static final class ConfigurableAliasKeyManagerFactorySpi extends KeyManagerFactorySpi {
        private final KeyManagerFactory delegate;
        private final String alias;

        private ConfigurableAliasKeyManagerFactorySpi(KeyManagerFactory keyManagerFactory, String str) {
            this.delegate = keyManagerFactory;
            this.alias = str;
        }

        @Override // javax.net.ssl.KeyManagerFactorySpi
        protected void engineInit(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
            this.delegate.init(keyStore, cArr);
        }

        @Override // javax.net.ssl.KeyManagerFactorySpi
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
            throw new InvalidAlgorithmParameterException("Unsupported ManagerFactoryParameters");
        }

        @Override // javax.net.ssl.KeyManagerFactorySpi
        protected KeyManager[] engineGetKeyManagers() {
            Stream stream = Arrays.stream(this.delegate.getKeyManagers());
            Class<X509ExtendedKeyManager> cls = X509ExtendedKeyManager.class;
            X509ExtendedKeyManager.class.getClass();
            Stream filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509ExtendedKeyManager> cls2 = X509ExtendedKeyManager.class;
            X509ExtendedKeyManager.class.getClass();
            return (KeyManager[]) filter.map((v1) -> {
                return r1.cast(v1);
            }).map(this::wrap).toArray(i -> {
                return new KeyManager[i];
            });
        }

        private ConfigurableAliasKeyManager wrap(X509ExtendedKeyManager x509ExtendedKeyManager) {
            return new ConfigurableAliasKeyManager(x509ExtendedKeyManager, this.alias);
        }
    }

    public SslServerCustomizer(Ssl ssl, Http2 http2, SslStoreProvider sslStoreProvider) {
        this.ssl = ssl;
        this.http2 = http2;
        this.sslStoreProvider = sslStoreProvider;
    }

    @Override // java.util.function.Function
    public HttpServer apply(HttpServer httpServer) {
        AbstractProtocolSslContextSpec<?> createSslContextSpec = createSslContextSpec();
        return httpServer.secure(sslContextSpec -> {
            sslContextSpec.sslContext(createSslContextSpec);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractProtocolSslContextSpec<?> createSslContextSpec() {
        AbstractProtocolSslContextSpec forServer = (this.http2 == null || !this.http2.isEnabled()) ? Http11SslContextSpec.forServer(getKeyManagerFactory(this.ssl, this.sslStoreProvider)) : Http2SslContextSpec.forServer(getKeyManagerFactory(this.ssl, this.sslStoreProvider));
        forServer.configure(sslContextBuilder -> {
            sslContextBuilder.trustManager(getTrustManagerFactory(this.ssl, this.sslStoreProvider));
            if (this.ssl.getEnabledProtocols() != null) {
                sslContextBuilder.protocols(this.ssl.getEnabledProtocols());
            }
            if (this.ssl.getCiphers() != null) {
                sslContextBuilder.ciphers(Arrays.asList(this.ssl.getCiphers()));
            }
            if (this.ssl.getClientAuth() == Ssl.ClientAuth.NEED) {
                sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
            } else if (this.ssl.getClientAuth() == Ssl.ClientAuth.WANT) {
                sslContextBuilder.clientAuth(ClientAuth.OPTIONAL);
            }
        });
        return forServer;
    }

    KeyManagerFactory getKeyManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore keyStore = getKeyStore(ssl, sslStoreProvider);
            SslConfigurationValidator.validateKeyAlias(keyStore, ssl.getKeyAlias());
            KeyManagerFactory keyManagerFactory = ssl.getKeyAlias() == null ? KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) : new ConfigurableAliasKeyManagerFactory(ssl.getKeyAlias(), KeyManagerFactory.getDefaultAlgorithm());
            char[] charArray = ssl.getKeyPassword() != null ? ssl.getKeyPassword().toCharArray() : null;
            if (charArray == null && ssl.getKeyStorePassword() != null) {
                charArray = ssl.getKeyStorePassword().toCharArray();
            }
            keyManagerFactory.init(keyStore, charArray);
            return keyManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getKeyStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getKeyStore() : loadKeyStore(ssl.getKeyStoreType(), ssl.getKeyStoreProvider(), ssl.getKeyStore(), ssl.getKeyStorePassword());
    }

    TrustManagerFactory getTrustManagerFactory(Ssl ssl, SslStoreProvider sslStoreProvider) {
        try {
            KeyStore trustStore = getTrustStore(ssl, sslStoreProvider);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);
            return trustManagerFactory;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore getTrustStore(Ssl ssl, SslStoreProvider sslStoreProvider) throws Exception {
        return sslStoreProvider != null ? sslStoreProvider.getTrustStore() : loadTrustStore(ssl.getTrustStoreType(), ssl.getTrustStoreProvider(), ssl.getTrustStore(), ssl.getTrustStorePassword());
    }

    private KeyStore loadKeyStore(String str, String str2, String str3, String str4) throws Exception {
        return loadStore(str, str2, str3, str4);
    }

    private KeyStore loadTrustStore(String str, String str2, String str3, String str4) throws Exception {
        if (str3 == null) {
            return null;
        }
        return loadStore(str, str2, str3, str4);
    }

    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x0073: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:33:0x0073 */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x0078: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:35:0x0078 */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    private KeyStore loadStore(String str, String str2, String str3, String str4) throws Exception {
        String str5 = str != null ? str : SSL.DEFAULT_KEYSTORE_TYPE;
        KeyStore keyStore = str2 != null ? KeyStore.getInstance(str5, str2) : KeyStore.getInstance(str5);
        try {
            try {
                InputStream openStream = ResourceUtils.getURL(str3).openStream();
                Throwable th = null;
                keyStore.load(openStream, str4 != null ? str4.toCharArray() : null);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            throw new WebServerException("Could not load key store '" + str3 + "'", e);
        }
    }
}
