package org.xbib.net.http.server.netty.secure;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.CipherSuiteFilter;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.xbib.net.http.HttpAddress;
import org.xbib.net.http.HttpVersion;
import org.xbib.net.security.CertificateProvider;
import org.xbib.net.security.CertificateReader;
import org.xbib.net.security.util.DistinguishedNameParser;

/* loaded from: input_file:org/xbib/net/http/server/netty/secure/HttpsAddress.class */
public class HttpsAddress extends HttpAddress {
    private static final Logger logger = Logger.getLogger(HttpsAddress.class.getName());
    private final SslContext sslContext;

    /* loaded from: input_file:org/xbib/net/http/server/netty/secure/HttpsAddress$Builder.class */
    public static class Builder {
        private static TrustManagerFactory TRUST_MANAGER_FACTORY;
        private static final Iterable<String> DEFAULT_OPENSSL_CIPHERS = Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256");
        private static final Iterable<String> DEFAULT_JDK_CIPHERS = Arrays.asList(((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites());
        private String host;
        private KeyStore trustManagerKeyStore;
        private Provider sslContextProvider;
        private SslProvider sslProvider;
        private Iterable<String> ciphers;
        private CipherSuiteFilter cipherSuiteFilter;
        private Collection<? extends X509Certificate> certChain;
        private PrivateKey privateKey;
        private ApplicationProtocolConfig applicationProtocolConfig;
        private boolean enableOcsp;
        private Set<String> hostNames;
        private int port = -1;
        private boolean isSecure = true;
        private HttpVersion httpVersion = HttpVersion.HTTP_1_1;
        private long sesseionCacheSize = 0;
        private long sessionTimeout = 0;
        private ClientAuth clientAuth = ClientAuth.NONE;
        private TrustManagerFactory trustManagerFactory = TRUST_MANAGER_FACTORY;

        private Builder() {
            this.sslProvider = OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
            this.ciphers = OpenSsl.isAvailable() ? DEFAULT_OPENSSL_CIPHERS : DEFAULT_JDK_CIPHERS;
            this.cipherSuiteFilter = SupportedCipherSuiteFilter.INSTANCE;
        }

        public Builder setHost(String str) {
            this.host = str;
            return this;
        }

        public Builder setPort(int i) {
            this.port = i;
            return this;
        }

        public Builder setSecure(boolean z) {
            this.isSecure = z;
            return this;
        }

        public Builder setVersion(HttpVersion httpVersion) {
            this.httpVersion = httpVersion;
            return this;
        }

        public Builder setTrustManagerFactory(TrustManagerFactory trustManagerFactory) {
            this.trustManagerFactory = trustManagerFactory;
            return this;
        }

        public Builder setTrustManagerKeyStore(KeyStore keyStore) {
            this.trustManagerKeyStore = keyStore;
            return this;
        }

        public Builder setSslContextProvider(Provider provider) {
            this.sslContextProvider = provider;
            return this;
        }

        public Builder setSslProvider(SslProvider sslProvider) {
            this.sslProvider = sslProvider;
            return this;
        }

        public Builder setCiphers(Iterable<String> iterable) {
            this.ciphers = iterable;
            return this;
        }

        public Builder setCipherSuiteFilter(CipherSuiteFilter cipherSuiteFilter) {
            this.cipherSuiteFilter = cipherSuiteFilter;
            return this;
        }

        public Builder setJdkSslProvider() {
            setSslProvider(SslProvider.JDK);
            setCiphers(DEFAULT_JDK_CIPHERS);
            return this;
        }

        public Builder setOpenSSLSslProvider() {
            setSslProvider(SslProvider.OPENSSL);
            setCiphers(DEFAULT_OPENSSL_CIPHERS);
            return this;
        }

        public Builder setPrivateKey(PrivateKey privateKey) {
            this.privateKey = privateKey;
            return this;
        }

        public Builder setCertChain(Collection<? extends X509Certificate> collection) {
            Objects.requireNonNull(collection);
            this.certChain = collection;
            return this;
        }

        public Builder setCertChain(InputStream inputStream, String str, InputStream inputStream2) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
            Map.Entry provide;
            boolean z = false;
            Iterator it = ServiceLoader.load(CertificateProvider.class).iterator();
            while (it.hasNext()) {
                try {
                    provide = ((CertificateProvider) it.next()).provide(inputStream, str, inputStream2);
                } catch (IOException | CertificateException e) {
                    HttpsAddress.logger.log(Level.WARNING, e.getMessage(), (Throwable) e);
                }
                if (provide != null) {
                    setPrivateKey((PrivateKey) provide.getKey());
                    setCertChain((Collection) provide.getValue());
                    z = true;
                    break;
                }
                continue;
            }
            if (!z) {
                throw new CertificateException("no certificate found");
            }
            this.hostNames = HttpsAddress.getServerNames((X509Certificate) CertificateReader.orderCertificateChain(this.certChain).get(0));
            return this;
        }

        public Builder setSelfCert(String str) throws CertificateException {
            boolean z = false;
            Iterator it = ServiceLoader.load(CertificateProvider.class).iterator();
            while (it.hasNext()) {
                try {
                    Map.Entry provideSelfSigned = ((CertificateProvider) it.next()).provideSelfSigned(str);
                    setPrivateKey((PrivateKey) provideSelfSigned.getKey());
                    setCertChain((Collection) provideSelfSigned.getValue());
                    z = true;
                } catch (IOException | CertificateException e) {
                }
            }
            if (z) {
                return this;
            }
            throw new CertificateException("no self-signed certificate found");
        }

        public Builder setApplicationProtocolConfig(ApplicationProtocolConfig applicationProtocolConfig) {
            this.applicationProtocolConfig = applicationProtocolConfig;
            return this;
        }

        public Builder setSessionCacheSize(long j) {
            this.sesseionCacheSize = j;
            return this;
        }

        public Builder setSessionTimeout(long j) {
            this.sessionTimeout = j;
            return this;
        }

        public Builder setClientAuth(ClientAuth clientAuth) {
            this.clientAuth = clientAuth;
            return this;
        }

        public Builder enableOcsp(boolean z) {
            this.enableOcsp = z;
            return this;
        }

        public HttpsAddress build() throws KeyStoreException, SSLException {
            Objects.requireNonNull(this.host);
            Objects.requireNonNull(this.httpVersion);
            Objects.requireNonNull(this.privateKey);
            Objects.requireNonNull(this.certChain);
            if (this.certChain.isEmpty()) {
                throw new IllegalArgumentException("cert chain must not be empty");
            }
            Objects.requireNonNull(this.sslProvider);
            Objects.requireNonNull(this.ciphers);
            Objects.requireNonNull(this.cipherSuiteFilter);
            this.trustManagerFactory.init(this.trustManagerKeyStore);
            SslContextBuilder ciphers = SslContextBuilder.forServer(this.privateKey, this.certChain).trustManager(this.trustManagerFactory).sslProvider(this.sslProvider).ciphers(this.ciphers, this.cipherSuiteFilter);
            if (this.sslContextProvider != null) {
                ciphers.sslContextProvider(this.sslContextProvider);
            }
            if (this.applicationProtocolConfig == null) {
                if (this.httpVersion.equals(HttpVersion.HTTP_2_0)) {
                    this.applicationProtocolConfig = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"h2", "http/1.1"});
                }
                if (this.httpVersion.equals(HttpVersion.HTTP_1_1)) {
                    this.applicationProtocolConfig = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"http/1.1"});
                }
            }
            ciphers.applicationProtocolConfig(this.applicationProtocolConfig);
            ciphers.sessionCacheSize(this.sesseionCacheSize);
            ciphers.sessionTimeout(this.sessionTimeout);
            ciphers.clientAuth(this.clientAuth);
            ciphers.enableOcsp(this.enableOcsp);
            SslContext build = ciphers.build();
            Logger logger = HttpsAddress.logger;
            Level level = Level.FINE;
            String name = build.getClass().getName();
            List protocols = build.applicationProtocolNegotiator().protocols();
            long sessionCacheSize = build.sessionCacheSize();
            long sessionTimeout = build.sessionTimeout();
            build.cipherSuites();
            logger.log(level, "SSL context up: " + name + " negotiating for protocols = " + protocols + " session cache = " + sessionCacheSize + " session timeout = " + logger + " cipher suite = " + sessionTimeout);
            return new HttpsAddress(this.host, Integer.valueOf(this.port), this.httpVersion, this.isSecure, this.hostNames, build);
        }

        static {
            try {
                TRUST_MANAGER_FACTORY = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            } catch (Exception e) {
                TRUST_MANAGER_FACTORY = null;
            }
        }
    }

    public HttpsAddress(String str, Integer num, HttpVersion httpVersion, boolean z, Set<String> set, SslContext sslContext) {
        super(str, num, httpVersion, z, set);
        this.sslContext = sslContext;
    }

    public static Builder builder() {
        return new Builder().setSecure(true);
    }

    public static HttpsAddress https1(String str) throws KeyStoreException, SSLException {
        return builder().setVersion(HttpVersion.HTTP_1_1).setHost(str).setPort(443).build();
    }

    public static HttpAddress https1(String str, int i) throws KeyStoreException, SSLException {
        return builder().setVersion(HttpVersion.HTTP_1_1).setHost(str).setPort(i).build();
    }

    public static HttpAddress https2(String str) throws KeyStoreException, SSLException {
        return builder().setVersion(HttpVersion.HTTP_2_0).setHost(str).setPort(443).build();
    }

    public static HttpAddress https2(String str, int i) throws KeyStoreException, SSLException {
        return builder().setVersion(HttpVersion.HTTP_2_0).setHost(str).setPort(i).build();
    }

    public SslContext getSslContext() {
        return this.sslContext;
    }

    private static Set<String> getServerNames(X509Certificate x509Certificate) throws CertificateParsingException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(new DistinguishedNameParser(x509Certificate.getSubjectX500Principal()).findMostSpecific("CN"));
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (((Integer) list.get(0)).intValue() == 2) {
                    linkedHashSet.add(list.get(1).toString());
                }
            }
        }
        return linkedHashSet;
    }
}
