package io.micrometer.shaded.reactor.netty.tcp;

import io.micrometer.shaded.io.netty.bootstrap.Bootstrap;
import io.micrometer.shaded.io.netty.bootstrap.ServerBootstrap;
import io.micrometer.shaded.io.netty.channel.Channel;
import io.micrometer.shaded.io.netty.channel.ChannelHandlerContext;
import io.micrometer.shaded.io.netty.channel.ChannelInboundHandlerAdapter;
import io.micrometer.shaded.io.netty.handler.codec.http2.Http2SecurityUtil;
import io.micrometer.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.micrometer.shaded.io.netty.handler.ssl.ApplicationProtocolNames;
import io.micrometer.shaded.io.netty.handler.ssl.OpenSsl;
import io.micrometer.shaded.io.netty.handler.ssl.SslContext;
import io.micrometer.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.micrometer.shaded.io.netty.handler.ssl.SslHandler;
import io.micrometer.shaded.io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.micrometer.shaded.io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.micrometer.shaded.reactor.core.Exceptions;
import io.micrometer.shaded.reactor.netty.ConnectionObserver;
import io.micrometer.shaded.reactor.netty.NettyPipeline;
import io.micrometer.shaded.reactor.netty.ReactorNetty;
import io.micrometer.shaded.reactor.netty.channel.BootstrapHandlers;
import io.micrometer.shaded.reactor.util.Logger;
import io.micrometer.shaded.reactor.util.Loggers;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.time.Duration;
import java.util.Objects;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.annotation.Nullable;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider.class */
public final class SslProvider {
    final SslContext sslContext;
    final SslContextBuilder sslContextBuilder;
    final DefaultConfigurationType type;
    final long handshakeTimeoutMillis;
    final long closeNotifyFlushTimeoutMillis;
    final long closeNotifyReadTimeoutMillis;
    final Consumer<? super SslHandler> handlerConfigurator;
    static final Logger log = Loggers.getLogger((Class<?>) SslProvider.class);

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$Build.class */
    static final class Build implements SslContextSpec, DefaultConfigurationSpec, Builder {
        static final long DEFAULT_SSL_HANDSHAKE_TIMEOUT = Long.parseLong(System.getProperty(ReactorNetty.SSL_HANDSHAKE_TIMEOUT, "10000"));
        SslContextBuilder sslCtxBuilder;
        DefaultConfigurationType type;
        SslContext sslContext;
        Consumer<? super SslHandler> handlerConfigurator;
        long handshakeTimeoutMillis = DEFAULT_SSL_HANDSHAKE_TIMEOUT;
        long closeNotifyFlushTimeoutMillis = 3000;
        long closeNotifyReadTimeoutMillis;

        Build() {
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.SslContextSpec
        public final Builder sslContext(SslContext sslContext) {
            this.sslContext = (SslContext) Objects.requireNonNull(sslContext, "sslContext");
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.SslContextSpec
        public final DefaultConfigurationSpec sslContext(SslContextBuilder sslContextBuilder) {
            this.sslCtxBuilder = (SslContextBuilder) Objects.requireNonNull(sslContextBuilder, "sslCtxBuilder");
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.DefaultConfigurationSpec
        public final Builder defaultConfiguration(DefaultConfigurationType defaultConfigurationType) {
            this.type = (DefaultConfigurationType) Objects.requireNonNull(defaultConfigurationType, "type");
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder handshakeTimeout(Duration duration) {
            Objects.requireNonNull(duration, "handshakeTimeout");
            return handshakeTimeoutMillis(duration.toMillis());
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder handlerConfigurator(Consumer<? super SslHandler> consumer) {
            Objects.requireNonNull(consumer, "handshakeTimeout");
            this.handlerConfigurator = consumer;
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder handshakeTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl handshake timeout must be positive was: " + j);
            }
            this.handshakeTimeoutMillis = j;
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyFlushTimeout(Duration duration) {
            Objects.requireNonNull(duration, "closeNotifyFlushTimeout");
            return closeNotifyFlushTimeoutMillis(duration.toMillis());
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyFlushTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl close_notify flush timeout must be positive, was: " + j);
            }
            this.closeNotifyFlushTimeoutMillis = j;
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyReadTimeout(Duration duration) {
            Objects.requireNonNull(duration, "closeNotifyReadTimeout");
            return closeNotifyReadTimeoutMillis(duration.toMillis());
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public final Builder closeNotifyReadTimeoutMillis(long j) {
            if (j < 0) {
                throw new IllegalArgumentException("ssl close_notify read timeout must be positive, was: " + j);
            }
            this.closeNotifyReadTimeoutMillis = j;
            return this;
        }

        @Override // io.micrometer.shaded.reactor.netty.tcp.SslProvider.Builder
        public SslProvider build() {
            return new SslProvider(this);
        }
    }

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$Builder.class */
    public interface Builder {
        Builder handlerConfigurator(Consumer<? super SslHandler> consumer);

        Builder handshakeTimeout(Duration duration);

        Builder handshakeTimeoutMillis(long j);

        Builder closeNotifyFlushTimeout(Duration duration);

        Builder closeNotifyFlushTimeoutMillis(long j);

        Builder closeNotifyReadTimeout(Duration duration);

        Builder closeNotifyReadTimeoutMillis(long j);

        SslProvider build();
    }

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$DefaultConfigurationSpec.class */
    public interface DefaultConfigurationSpec {
        Builder defaultConfiguration(DefaultConfigurationType defaultConfigurationType);
    }

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$DefaultConfigurationType.class */
    public enum DefaultConfigurationType {
        NONE,
        TCP,
        H2
    }

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$DeferredSslSupport.class */
    static final class DeferredSslSupport implements Function<Bootstrap, BiConsumer<ConnectionObserver, Channel>> {
        final SslProvider sslProvider;

        DeferredSslSupport(SslProvider sslProvider) {
            this.sslProvider = sslProvider;
        }

        /* JADX WARN: Type inference failed for: r3v1, types: [io.micrometer.shaded.io.netty.bootstrap.BootstrapConfig] */
        @Override // java.util.function.Function
        public BiConsumer<ConnectionObserver, Channel> apply(Bootstrap bootstrap) {
            return new SslSupportConsumer(this.sslProvider, bootstrap.config2().remoteAddress());
        }
    }

    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$SslContextSpec.class */
    public interface SslContextSpec {
        Builder sslContext(SslContext sslContext);

        DefaultConfigurationSpec sslContext(SslContextBuilder sslContextBuilder);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$SslReadHandler.class */
    public static final class SslReadHandler extends ChannelInboundHandlerAdapter {
        boolean handshakeDone;

        SslReadHandler() {
        }

        @Override // io.micrometer.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.micrometer.shaded.io.netty.channel.ChannelInboundHandler
        public void channelActive(ChannelHandlerContext channelHandlerContext) {
            channelHandlerContext.read();
        }

        @Override // io.micrometer.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.micrometer.shaded.io.netty.channel.ChannelInboundHandler
        public void channelReadComplete(ChannelHandlerContext channelHandlerContext) throws Exception {
            if (!this.handshakeDone) {
                channelHandlerContext.read();
            }
            super.channelReadComplete(channelHandlerContext);
        }

        @Override // io.micrometer.shaded.io.netty.channel.ChannelInboundHandlerAdapter, io.micrometer.shaded.io.netty.channel.ChannelInboundHandler
        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (obj instanceof SslHandshakeCompletionEvent) {
                this.handshakeDone = true;
                if (channelHandlerContext.pipeline().context(this) != null) {
                    channelHandlerContext.pipeline().remove(this);
                }
                SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                if (sslHandshakeCompletionEvent.isSuccess()) {
                    channelHandlerContext.fireChannelActive();
                } else {
                    channelHandlerContext.fireExceptionCaught(sslHandshakeCompletionEvent.cause());
                }
            }
            super.userEventTriggered(channelHandlerContext, obj);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/micrometer/shaded/reactor/netty/tcp/SslProvider$SslSupportConsumer.class */
    public static final class SslSupportConsumer implements BiConsumer<ConnectionObserver, Channel> {
        final SslProvider sslProvider;
        final InetSocketAddress sniInfo;

        SslSupportConsumer(SslProvider sslProvider, @Nullable SocketAddress socketAddress) {
            this.sslProvider = sslProvider;
            if (socketAddress instanceof InetSocketAddress) {
                this.sniInfo = (InetSocketAddress) socketAddress;
            } else {
                this.sniInfo = null;
            }
        }

        @Override // java.util.function.BiConsumer
        public void accept(ConnectionObserver connectionObserver, Channel channel) {
            SslHandler newHandler;
            if (this.sniInfo != null) {
                newHandler = this.sslProvider.getSslContext().newHandler(channel.alloc(), this.sniInfo.getHostString(), this.sniInfo.getPort());
                if (SslProvider.log.isDebugEnabled()) {
                    SslProvider.log.debug(ReactorNetty.format(channel, "SSL enabled using engine {} and SNI {}"), newHandler.engine().getClass().getSimpleName(), this.sniInfo);
                }
            } else {
                newHandler = this.sslProvider.getSslContext().newHandler(channel.alloc());
                if (SslProvider.log.isDebugEnabled()) {
                    SslProvider.log.debug(ReactorNetty.format(channel, "SSL enabled using engine {}"), newHandler.engine().getClass().getSimpleName());
                }
            }
            this.sslProvider.configure(newHandler);
            if (channel.pipeline().get(NettyPipeline.ProxyHandler) != null) {
                channel.pipeline().addAfter(NettyPipeline.ProxyHandler, NettyPipeline.SslHandler, newHandler);
            } else {
                channel.pipeline().addFirst(NettyPipeline.SslHandler, newHandler);
            }
            if (channel.pipeline().get(NettyPipeline.LoggingHandler) != null) {
                channel.pipeline().addAfter(NettyPipeline.LoggingHandler, NettyPipeline.SslReader, new SslReadHandler());
            } else {
                channel.pipeline().addAfter(NettyPipeline.SslHandler, NettyPipeline.SslReader, new SslReadHandler());
            }
        }
    }

    public static SslContextSpec builder() {
        return new Build();
    }

    public static SslProvider addHandlerConfigurator(SslProvider sslProvider, Consumer<? super SslHandler> consumer) {
        Objects.requireNonNull(sslProvider, "provider");
        Objects.requireNonNull(consumer, "handlerConfigurator");
        return new SslProvider(sslProvider, consumer);
    }

    public static SslProvider updateDefaultConfiguration(SslProvider sslProvider, DefaultConfigurationType defaultConfigurationType) {
        Objects.requireNonNull(sslProvider, "provider");
        Objects.requireNonNull(defaultConfigurationType, "type");
        return new SslProvider(sslProvider, defaultConfigurationType);
    }

    public static SslProvider defaultClientProvider() {
        return TcpClientSecure.DEFAULT_CLIENT_PROVIDER;
    }

    public static Bootstrap setBootstrap(Bootstrap bootstrap, SslProvider sslProvider) {
        BootstrapHandlers.updateConfiguration(bootstrap, NettyPipeline.SslHandler, new DeferredSslSupport(sslProvider));
        return bootstrap;
    }

    @Nullable
    public static SslProvider findSslSupport(Bootstrap bootstrap) {
        DeferredSslSupport deferredSslSupport = (DeferredSslSupport) BootstrapHandlers.findConfiguration(DeferredSslSupport.class, bootstrap.config2().handler());
        if (deferredSslSupport == null) {
            return null;
        }
        return deferredSslSupport.sslProvider;
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [io.micrometer.shaded.io.netty.bootstrap.ServerBootstrapConfig] */
    @Nullable
    public static SslProvider findSslSupport(ServerBootstrap serverBootstrap) {
        SslSupportConsumer sslSupportConsumer = (SslSupportConsumer) BootstrapHandlers.findConfiguration(SslSupportConsumer.class, serverBootstrap.config2().childHandler());
        if (sslSupportConsumer == null) {
            return null;
        }
        return sslSupportConsumer.sslProvider;
    }

    public static Bootstrap removeSslSupport(Bootstrap bootstrap) {
        BootstrapHandlers.removeConfiguration(bootstrap, NettyPipeline.SslHandler);
        return bootstrap;
    }

    SslProvider(Build build) {
        this.sslContextBuilder = build.sslCtxBuilder;
        this.type = build.type;
        if (build.sslContext != null) {
            this.sslContext = build.sslContext;
        } else {
            if (this.sslContextBuilder == null) {
                throw new IllegalArgumentException("Neither SslContextBuilder nor SslContext is specified");
            }
            if (this.type != null) {
                updateDefaultConfiguration();
            }
            try {
                this.sslContext = this.sslContextBuilder.build();
            } catch (SSLException e) {
                throw Exceptions.propagate(e);
            }
        }
        this.handlerConfigurator = build.handlerConfigurator;
        this.handshakeTimeoutMillis = build.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = build.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = build.closeNotifyReadTimeoutMillis;
    }

    SslProvider(SslProvider sslProvider, Consumer<? super SslHandler> consumer) {
        this.sslContext = sslProvider.sslContext;
        this.sslContextBuilder = sslProvider.sslContextBuilder;
        this.type = sslProvider.type;
        if (sslProvider.handlerConfigurator == null) {
            this.handlerConfigurator = consumer;
        } else {
            this.handlerConfigurator = sslHandler -> {
                consumer.accept(sslHandler);
                sslProvider.handlerConfigurator.accept(sslHandler);
            };
        }
        this.handshakeTimeoutMillis = sslProvider.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = sslProvider.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = sslProvider.closeNotifyReadTimeoutMillis;
    }

    SslProvider(SslProvider sslProvider, DefaultConfigurationType defaultConfigurationType) {
        this.sslContextBuilder = sslProvider.sslContextBuilder;
        this.type = defaultConfigurationType;
        if (this.sslContextBuilder != null) {
            updateDefaultConfiguration();
            try {
                this.sslContext = this.sslContextBuilder.build();
            } catch (SSLException e) {
                throw Exceptions.propagate(e);
            }
        } else {
            this.sslContext = sslProvider.sslContext;
        }
        this.handlerConfigurator = sslProvider.handlerConfigurator;
        this.handshakeTimeoutMillis = sslProvider.handshakeTimeoutMillis;
        this.closeNotifyFlushTimeoutMillis = sslProvider.closeNotifyFlushTimeoutMillis;
        this.closeNotifyReadTimeoutMillis = sslProvider.closeNotifyReadTimeoutMillis;
    }

    void updateDefaultConfiguration() {
        switch (this.type) {
            case H2:
                this.sslContextBuilder.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
                break;
            case TCP:
                break;
            case NONE:
            default:
                return;
        }
        this.sslContextBuilder.sslProvider(OpenSsl.isAlpnSupported() ? io.micrometer.shaded.io.netty.handler.ssl.SslProvider.OPENSSL : io.micrometer.shaded.io.netty.handler.ssl.SslProvider.JDK);
    }

    public SslContext getSslContext() {
        return this.sslContext;
    }

    @Nullable
    public DefaultConfigurationType getDefaultConfigurationType() {
        return this.type;
    }

    public void configure(SslHandler sslHandler) {
        sslHandler.setHandshakeTimeoutMillis(this.handshakeTimeoutMillis);
        sslHandler.setCloseNotifyFlushTimeoutMillis(this.closeNotifyFlushTimeoutMillis);
        sslHandler.setCloseNotifyReadTimeoutMillis(this.closeNotifyReadTimeoutMillis);
        if (this.handlerConfigurator != null) {
            this.handlerConfigurator.accept(sslHandler);
        }
    }

    public String asSimpleString() {
        return toString();
    }

    public String asDetailedString() {
        return "handshakeTimeoutMillis=" + this.handshakeTimeoutMillis + ", closeNotifyFlushTimeoutMillis=" + this.closeNotifyFlushTimeoutMillis + ", closeNotifyReadTimeoutMillis=" + this.closeNotifyReadTimeoutMillis;
    }

    public String toString() {
        return "SslProvider{" + asDetailedString() + "}";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ServerBootstrap removeSslSupport(ServerBootstrap serverBootstrap) {
        BootstrapHandlers.removeConfiguration(serverBootstrap, NettyPipeline.SslHandler);
        return serverBootstrap;
    }

    public static ServerBootstrap setBootstrap(ServerBootstrap serverBootstrap, SslProvider sslProvider) {
        BootstrapHandlers.updateConfiguration(serverBootstrap, NettyPipeline.SslHandler, new SslSupportConsumer(sslProvider, null));
        return serverBootstrap;
    }
}
