package io.ktor.server.netty;

import hb.InterfaceC4142i;
import ib.AbstractC4233l;
import ib.AbstractC4235n;
import io.ktor.server.application.Application;
import io.ktor.server.application.ApplicationEnvironment;
import io.ktor.server.engine.EngineConnectorConfig;
import io.ktor.server.engine.EnginePipeline;
import io.ktor.server.engine.EngineSSLConnectorConfig;
import io.ktor.server.netty.http1.NettyHttp1Handler;
import io.ktor.server.netty.http2.NettyHttp2Handler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpServerExpectContinueHandler;
import io.netty.handler.codec.http2.Http2MultiplexCodecBuilder;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.timeout.WriteTimeoutHandler;
import io.netty.util.concurrent.EventExecutorGroup;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.File;
import java.io.FileInputStream;
import java.nio.channels.ClosedChannelException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import kotlin.jvm.internal.AbstractC4440m;
import kotlin.jvm.internal.DefaultConstructorMarker;
import mb.InterfaceC4514k;
import xb.InterfaceC5299a;
import xb.k;
import zb.AbstractC5500a;

/* loaded from: classes5.dex */
public final class NettyChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final Companion Companion = new Companion(null);
    private static final InterfaceC4142i alpnProvider$delegate = AbstractC5500a.F(new io.ktor.client.plugins.api.a(28));
    private final InterfaceC5299a applicationProvider;
    private final EventExecutorGroup callEventGroup;
    private final k channelPipelineConfig;
    private final EngineConnectorConfig connector;
    private final boolean enableHttp2;
    private final InterfaceC4514k engineContext;
    private final EnginePipeline enginePipeline;
    private final ApplicationEnvironment environment;
    private final InterfaceC5299a httpServerCodec;
    private final int requestReadTimeout;
    private final int responseWriteTimeout;
    private final int runningLimit;
    private SslContext sslContext;
    private final InterfaceC4514k userContext;

    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final SslProvider findAlpnProvider() {
            try {
                SslProvider sslProvider = SslProvider.OPENSSL;
                if (SslProvider.isAlpnSupported(sslProvider)) {
                    return sslProvider;
                }
            } catch (Throwable unused) {
            }
            try {
                SslProvider sslProvider2 = SslProvider.JDK;
                if (SslProvider.isAlpnSupported(sslProvider2)) {
                    return sslProvider2;
                }
                return null;
            } catch (Throwable unused2) {
                return null;
            }
        }

        public final SslProvider getAlpnProvider$ktor_server_netty() {
            return (SslProvider) NettyChannelInitializer.alpnProvider$delegate.getValue();
        }
    }

    /* loaded from: classes5.dex */
    public final class NegotiatedPipelineInitializer extends ApplicationProtocolNegotiationHandler {
        public NegotiatedPipelineInitializer() {
            super(ApplicationProtocolNames.HTTP_1_1);
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        public void configurePipeline(ChannelHandlerContext ctx, String protocol) {
            AbstractC4440m.f(ctx, "ctx");
            AbstractC4440m.f(protocol, "protocol");
            NettyChannelInitializer nettyChannelInitializer = NettyChannelInitializer.this;
            ChannelPipeline pipeline = ctx.pipeline();
            AbstractC4440m.e(pipeline, "pipeline(...)");
            nettyChannelInitializer.configurePipeline(pipeline, protocol);
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        public void handshakeFailure(ChannelHandlerContext ctx, Throwable th) {
            AbstractC4440m.f(ctx, "ctx");
            if (th instanceof ClosedChannelException) {
                ctx.close();
            } else {
                super.handshakeFailure(ctx, th);
            }
        }
    }

    public NettyChannelInitializer(InterfaceC5299a applicationProvider, EnginePipeline enginePipeline, ApplicationEnvironment environment, EventExecutorGroup callEventGroup, InterfaceC4514k engineContext, InterfaceC4514k userContext, EngineConnectorConfig connector, int i2, int i3, int i7, InterfaceC5299a httpServerCodec, k channelPipelineConfig, boolean z10) {
        AbstractC4440m.f(applicationProvider, "applicationProvider");
        AbstractC4440m.f(enginePipeline, "enginePipeline");
        AbstractC4440m.f(environment, "environment");
        AbstractC4440m.f(callEventGroup, "callEventGroup");
        AbstractC4440m.f(engineContext, "engineContext");
        AbstractC4440m.f(userContext, "userContext");
        AbstractC4440m.f(connector, "connector");
        AbstractC4440m.f(httpServerCodec, "httpServerCodec");
        AbstractC4440m.f(channelPipelineConfig, "channelPipelineConfig");
        this.applicationProvider = applicationProvider;
        this.enginePipeline = enginePipeline;
        this.environment = environment;
        this.callEventGroup = callEventGroup;
        this.engineContext = engineContext;
        this.userContext = userContext;
        this.connector = connector;
        this.runningLimit = i2;
        this.responseWriteTimeout = i3;
        this.requestReadTimeout = i7;
        this.httpServerCodec = httpServerCodec;
        this.channelPipelineConfig = channelPipelineConfig;
        this.enableHttp2 = z10;
        if (connector instanceof EngineSSLConnectorConfig) {
            Certificate[] certificateChain = ((EngineSSLConnectorConfig) connector).getKeyStore().getCertificateChain(((EngineSSLConnectorConfig) connector).getKeyAlias());
            AbstractC4440m.e(certificateChain, "getCertificateChain(...)");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) AbstractC4235n.f1(AbstractC4233l.Q0(certificateChain)).toArray(new X509Certificate[0]);
            char[] cArr = (char[]) ((EngineSSLConnectorConfig) connector).getPrivateKeyPassword().invoke();
            Key key = ((EngineSSLConnectorConfig) connector).getKeyStore().getKey(((EngineSSLConnectorConfig) connector).getKeyAlias(), cArr);
            AbstractC4440m.d(key, "null cannot be cast to non-null type java.security.PrivateKey");
            int length = cArr.length;
            AbstractC4440m.f(cArr, "<this>");
            Arrays.fill(cArr, 0, length, (char) 0);
            SslContextBuilder forServer = SslContextBuilder.forServer((PrivateKey) key, (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length));
            if (z10) {
                Companion companion = Companion;
                if (companion.getAlpnProvider$ktor_server_netty() != null) {
                    forServer.sslProvider(companion.getAlpnProvider$ktor_server_netty());
                    forServer.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
                    forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
                }
            }
            TrustManagerFactory trustManagerFactory = trustManagerFactory((EngineSSLConnectorConfig) connector);
            if (trustManagerFactory != null) {
                forServer.trustManager(trustManagerFactory);
            }
            this.sslContext = forServer.build();
        }
    }

    public static final SslProvider alpnProvider_delegate$lambda$12() {
        return Companion.findAlpnProvider();
    }

    public final void configurePipeline(ChannelPipeline channelPipeline, String str) {
        if (AbstractC4440m.a(str, ApplicationProtocolNames.HTTP_2)) {
            NettyHttp2Handler nettyHttp2Handler = new NettyHttp2Handler(this.enginePipeline, (Application) this.applicationProvider.invoke(), this.callEventGroup, this.userContext, this.runningLimit);
            channelPipeline.addLast(Http2MultiplexCodecBuilder.forServer(nettyHttp2Handler).build());
            channelPipeline.channel().closeFuture().addListener((GenericFutureListener<? extends Future<? super Void>>) new b(nettyHttp2Handler, 0));
            this.channelPipelineConfig.invoke(channelPipeline);
            return;
        }
        if (!AbstractC4440m.a(str, ApplicationProtocolNames.HTTP_1_1)) {
            this.environment.getLog().error("Unsupported protocol " + str);
            channelPipeline.close();
            return;
        }
        NettyHttp1Handler nettyHttp1Handler = new NettyHttp1Handler(this.applicationProvider, this.enginePipeline, this.environment, this.callEventGroup, this.engineContext, this.userContext, this.runningLimit);
        if (this.requestReadTimeout > 0) {
            channelPipeline.addLast("readTimeout", new KtorReadTimeoutHandler(this.requestReadTimeout));
        }
        channelPipeline.addLast("codec", (ChannelHandler) this.httpServerCodec.invoke());
        channelPipeline.addLast("continue", new HttpServerExpectContinueHandler());
        channelPipeline.addLast("timeout", new WriteTimeoutHandler(this.responseWriteTimeout));
        channelPipeline.addLast("http1", nettyHttp1Handler);
        this.channelPipelineConfig.invoke(channelPipeline);
        channelPipeline.context("codec").fireChannelActive();
    }

    private final boolean hasTrustStore(EngineSSLConnectorConfig engineSSLConnectorConfig) {
        return (engineSSLConnectorConfig.getTrustStore() == null && engineSSLConnectorConfig.getTrustStorePath() == null) ? false : true;
    }

    private final TrustManagerFactory trustManagerFactory(EngineSSLConnectorConfig engineSSLConnectorConfig) {
        KeyStore trustStore = engineSSLConnectorConfig.getTrustStore();
        if (trustStore == null) {
            File trustStorePath = engineSSLConnectorConfig.getTrustStorePath();
            if (trustStorePath != null) {
                FileInputStream fileInputStream = new FileInputStream(trustStorePath);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, null);
                    AbstractC5500a.l(fileInputStream, null);
                    trustStore = keyStore;
                } catch (Throwable th) {
                    try {
                        throw th;
                    } catch (Throwable th2) {
                        AbstractC5500a.l(fileInputStream, th);
                        throw th2;
                    }
                }
            } else {
                trustStore = null;
            }
        }
        if (trustStore == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        return trustManagerFactory;
    }

    @Override // io.netty.channel.ChannelInitializer
    public void initChannel(SocketChannel ch) {
        AbstractC4440m.f(ch, "ch");
        ChannelPipeline pipeline = ch.pipeline();
        if (!(this.connector instanceof EngineSSLConnectorConfig)) {
            AbstractC4440m.c(pipeline);
            configurePipeline(pipeline, ApplicationProtocolNames.HTTP_1_1);
            return;
        }
        SslContext sslContext = this.sslContext;
        AbstractC4440m.c(sslContext);
        SSLEngine newEngine = sslContext.newEngine(ch.alloc());
        if (hasTrustStore((EngineSSLConnectorConfig) this.connector)) {
            newEngine.setUseClientMode(false);
            newEngine.setNeedClientAuth(true);
        }
        List<String> enabledProtocols = ((EngineSSLConnectorConfig) this.connector).getEnabledProtocols();
        if (enabledProtocols != null) {
            newEngine.setEnabledProtocols((String[]) enabledProtocols.toArray(new String[0]));
        }
        pipeline.addLast("ssl", new SslHandler(newEngine));
        if (!this.enableHttp2 || Companion.getAlpnProvider$ktor_server_netty() == null) {
            configurePipeline(pipeline, ApplicationProtocolNames.HTTP_1_1);
        } else {
            pipeline.addLast(new NegotiatedPipelineInitializer());
        }
    }
}
