package io.r2dbc.postgresql.client;

import io.netty.handler.ssl.SslContext;
import io.r2dbc.postgresql.util.Assert;
import java.net.SocketAddress;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import reactor.util.annotation.Nullable;

/* loaded from: input_file:io/r2dbc/postgresql/client/SSLConfig.class */
public final class SSLConfig {

    @Nullable
    private final HostnameVerifier hostnameVerifier;
    private final SSLMode sslMode;

    @Nullable
    private final Supplier<SslContext> sslProvider;
    private final Function<SSLEngine, SSLEngine> sslEngineCustomizer;
    private final Function<SocketAddress, SSLParameters> sslParametersFactory;

    public SSLConfig(SSLMode sSLMode, @Nullable Supplier<SslContext> supplier, @Nullable HostnameVerifier hostnameVerifier) {
        this(sSLMode, supplier, Function.identity(), socketAddress -> {
            return new SSLParameters();
        }, hostnameVerifier);
    }

    public SSLConfig(SSLMode sSLMode, @Nullable Supplier<SslContext> supplier, Function<SSLEngine, SSLEngine> function, Function<SocketAddress, SSLParameters> function2, @Nullable HostnameVerifier hostnameVerifier) {
        if (sSLMode != SSLMode.DISABLE) {
            Assert.requireNonNull(supplier, "SslContext provider is required for ssl mode " + sSLMode);
        }
        if (sSLMode.verifyPeerName()) {
            Assert.requireNonNull(hostnameVerifier, "Hostname verifier is required for ssl mode verify-full");
        }
        this.sslMode = sSLMode;
        this.sslProvider = supplier;
        this.sslEngineCustomizer = function;
        this.sslParametersFactory = function2;
        this.hostnameVerifier = hostnameVerifier;
    }

    public static SSLConfig disabled() {
        return new SSLConfig(SSLMode.DISABLE, null, (str, sSLSession) -> {
            return true;
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HostnameVerifier getHostnameVerifier() {
        return this.hostnameVerifier;
    }

    public SSLMode getSslMode() {
        return this.sslMode;
    }

    public Supplier<SslContext> getSslProvider() {
        if (this.sslProvider == null) {
            throw new IllegalStateException("SSL Mode disabled. SslContext provider not available");
        }
        return this.sslProvider;
    }

    public Function<SSLEngine, SSLEngine> getSslEngineCustomizer() {
        return this.sslEngineCustomizer;
    }

    public Function<SocketAddress, SSLParameters> getSslParametersFactory() {
        return this.sslParametersFactory;
    }

    public SSLConfig mutateMode(SSLMode sSLMode) {
        return new SSLConfig(sSLMode, this.sslProvider, this.sslEngineCustomizer, this.sslParametersFactory, this.hostnameVerifier);
    }

    public static boolean isValidSniHostname(String str) {
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (!isLabelSeparator(charAt) && isNonLDHAsciiCodePoint(charAt)) {
                return false;
            }
        }
        return !str.endsWith(".");
    }

    private static boolean isNonLDHAsciiCodePoint(char c) {
        return (0 <= c && c <= ',') || ('.' <= c && c <= '/') || ((':' <= c && c <= '@') || (('[' <= c && c <= '`') || ('{' <= c && c <= 127)));
    }

    private static boolean isLabelSeparator(char c) {
        return c == '.' || c == 12290 || c == 65294 || c == 65377;
    }
}
