package com.linecorp.armeria.server;

import com.linecorp.armeria.internal.common.util.SslContextUtil;
import com.linecorp.armeria.internal.shaded.caffeine.cache.Node;
import com.linecorp.armeria.internal.shaded.guava.collect.ImmutableList;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.util.ReferenceCountUtil;
import java.nio.ByteBuffer;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/linecorp/armeria/server/ServerSslContextUtil.class */
public final class ServerSslContextUtil {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.linecorp.armeria.server.ServerSslContextUtil$1, reason: invalid class name */
    /* loaded from: input_file:com/linecorp/armeria/server/ServerSslContextUtil$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus = new int[SSLEngineResult.HandshakeStatus.values().length];

        static {
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_UNWRAP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_TASK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[SSLEngineResult.HandshakeStatus.NEED_WRAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLSession validateSslContext(SslContext sslContext) {
        if (!sslContext.isServer()) {
            throw new IllegalArgumentException("sslContext: " + sslContext + " (expected: server context)");
        }
        SSLEngine sSLEngine = null;
        SSLEngine sSLEngine2 = null;
        try {
            try {
                sSLEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
                sSLEngine.setUseClientMode(false);
                sSLEngine.setNeedClientAuth(false);
                sSLEngine2 = buildSslContext(() -> {
                    return SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE);
                }, true, ImmutableList.of()).newEngine(ByteBufAllocator.DEFAULT);
                sSLEngine2.setUseClientMode(true);
                sSLEngine2.setEnabledProtocols(sSLEngine2.getSupportedProtocols());
                sSLEngine2.setEnabledCipherSuites(sSLEngine2.getSupportedCipherSuites());
                ByteBuffer allocate = ByteBuffer.allocate(sSLEngine2.getSession().getPacketBufferSize());
                wrap(sSLEngine2, allocate);
                allocate.flip();
                unwrap(sSLEngine, allocate);
                allocate.clear();
                wrap(sSLEngine, allocate);
                SSLSession handshakeSession = sSLEngine.getHandshakeSession();
                ReferenceCountUtil.release(sSLEngine);
                ReferenceCountUtil.release(sSLEngine2);
                return handshakeSession;
            } catch (SSLException e) {
                throw new IllegalStateException("failed to validate SSL/TLS configuration: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            ReferenceCountUtil.release(sSLEngine);
            ReferenceCountUtil.release(sSLEngine2);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslContext buildSslContext(Supplier<SslContextBuilder> supplier, boolean z, Iterable<? extends Consumer<? super SslContextBuilder>> iterable) {
        return SslContextUtil.createSslContext(supplier, false, z, iterable);
    }

    private static void unwrap(SSLEngine sSLEngine, ByteBuffer byteBuffer) throws SSLException {
        ByteBuffer allocate = ByteBuffer.allocate(sSLEngine.getSession().getApplicationBufferSize());
        for (int i = 0; i < 8; i++) {
            allocate.clear();
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[sSLEngine.unwrap(byteBuffer, allocate).getHandshakeStatus().ordinal()]) {
                case 1:
                    break;
                case Node.PROTECTED /* 2 */:
                    sSLEngine.getDelegatedTask().run();
                    break;
                default:
                    return;
            }
        }
    }

    private static void wrap(SSLEngine sSLEngine, ByteBuffer byteBuffer) throws SSLException {
        ByteBuffer allocate = ByteBuffer.allocate(0);
        for (int i = 0; i < 8; i++) {
            switch (AnonymousClass1.$SwitchMap$javax$net$ssl$SSLEngineResult$HandshakeStatus[sSLEngine.wrap(allocate, byteBuffer).getHandshakeStatus().ordinal()]) {
                case Node.PROTECTED /* 2 */:
                    sSLEngine.getDelegatedTask().run();
                    break;
                case 3:
                    break;
                default:
                    return;
            }
        }
    }

    private ServerSslContextUtil() {
    }
}
