package io.lettuce.core;

import io.lettuce.core.ConnectionEvents;
import io.lettuce.core.event.connection.ConnectedEvent;
import io.lettuce.core.event.connection.ConnectionActivatedEvent;
import io.lettuce.core.event.connection.DisconnectedEvent;
import io.lettuce.core.internal.LettuceAssert;
import io.lettuce.core.protocol.AsyncCommand;
import io.lettuce.core.resource.ClientResources;
import io.netty.channel.Channel;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.geotools.styling.FeatureTypeStyle;

/* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.1.8.RELEASE.jar:io/lettuce/core/SslConnectionBuilder.class */
public class SslConnectionBuilder extends ConnectionBuilder {
    private RedisURI redisURI;

    /* loaded from: input_file:BOOT-INF/lib/lettuce-core-5.1.8.RELEASE.jar:io/lettuce/core/SslConnectionBuilder$SslChannelInitializer.class */
    static class SslChannelInitializer extends ChannelInitializer<Channel> implements RedisChannelInitializer {
        private final Supplier<AsyncCommand<?, ?, ?>> pingCommandSupplier;
        private final Supplier<List<ChannelHandler>> handlers;
        private final RedisURI redisURI;
        private final ClientResources clientResources;
        private final Duration timeout;
        private final SslOptions sslOptions;
        private volatile CompletableFuture<Boolean> initializedFuture = new CompletableFuture<>();

        public SslChannelInitializer(Supplier<AsyncCommand<?, ?, ?>> supplier, Supplier<List<ChannelHandler>> supplier2, RedisURI redisURI, ClientResources clientResources, Duration duration, SslOptions sslOptions) {
            this.pingCommandSupplier = supplier;
            this.handlers = supplier2;
            this.redisURI = redisURI;
            this.clientResources = clientResources;
            this.timeout = duration;
            this.sslOptions = sslOptions;
        }

        @Override // io.netty.channel.ChannelInitializer
        protected void initChannel(Channel channel) throws Exception {
            InputStream openStream;
            SSLParameters sSLParameters = new SSLParameters();
            SslContextBuilder sslProvider = SslContextBuilder.forClient().sslProvider(this.sslOptions.getSslProvider());
            if (this.redisURI.isVerifyPeer()) {
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            } else {
                sslProvider.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            if (this.sslOptions.getKeystore() != null) {
                openStream = this.sslOptions.getKeystore().openStream();
                Throwable th = null;
                try {
                    try {
                        sslProvider.keyManager(createKeyManagerFactory(openStream, this.sslOptions.getKeystorePassword().length == 0 ? null : this.sslOptions.getKeystorePassword()));
                        if (openStream != null) {
                            if (0 != 0) {
                                try {
                                    openStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                openStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            }
            if (this.sslOptions.getTruststore() != null) {
                openStream = this.sslOptions.getTruststore().openStream();
                Throwable th3 = null;
                try {
                    try {
                        sslProvider.trustManager(createTrustManagerFactory(openStream, this.sslOptions.getTruststorePassword().length == 0 ? null : this.sslOptions.getTruststorePassword()));
                        if (openStream != null) {
                            if (0 != 0) {
                                try {
                                    openStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                openStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            }
            SSLEngine newEngine = sslProvider.build().newEngine(channel.alloc(), this.redisURI.getHost(), this.redisURI.getPort());
            newEngine.setSSLParameters(sSLParameters);
            if (channel.pipeline().get(FeatureTypeStyle.VALUE_EVALUATION_MODE_FIRST) == null) {
                channel.pipeline().addFirst(FeatureTypeStyle.VALUE_EVALUATION_MODE_FIRST, new ChannelDuplexHandler() { // from class: io.lettuce.core.SslConnectionBuilder.SslChannelInitializer.1
                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
                    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SslChannelInitializer.this.clientResources.eventBus().publish(new ConnectedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        super.channelActive(channelHandlerContext);
                    }

                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SslChannelInitializer.this.clientResources.eventBus().publish(new DisconnectedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        super.channelInactive(channelHandlerContext);
                    }
                });
            }
            channel.pipeline().addLast(new SslHandler(newEngine, this.redisURI.isStartTls()));
            if (channel.pipeline().get("channelActivator") == null) {
                channel.pipeline().addLast("channelActivator", new RedisChannelInitializerImpl() { // from class: io.lettuce.core.SslConnectionBuilder.SslChannelInitializer.2
                    private AsyncCommand<?, ?, ?> pingCommand;

                    @Override // io.lettuce.core.RedisChannelInitializer
                    public CompletableFuture<Boolean> channelInitialized() {
                        return SslChannelInitializer.this.initializedFuture;
                    }

                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        if (!SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslChannelInitializer.this.initializedFuture.completeExceptionally(new RedisConnectionException("Connection closed prematurely"));
                        }
                        SslChannelInitializer.this.initializedFuture = new CompletableFuture();
                        this.pingCommand = null;
                        super.channelInactive(channelHandlerContext);
                    }

                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
                    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        if (SslChannelInitializer.this.initializedFuture.isDone()) {
                            super.channelActive(channelHandlerContext);
                        }
                    }

                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if ((obj instanceof SslHandshakeCompletionEvent) && !SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                            if (!sslHandshakeCompletionEvent.isSuccess()) {
                                SslChannelInitializer.this.initializedFuture.completeExceptionally(sslHandshakeCompletionEvent.cause());
                            } else if (SslChannelInitializer.this.pingCommandSupplier != PlainChannelInitializer.NO_PING) {
                                this.pingCommand = (AsyncCommand) SslChannelInitializer.this.pingCommandSupplier.get();
                                PlainChannelInitializer.pingBeforeActivate(this.pingCommand, SslChannelInitializer.this.initializedFuture, channelHandlerContext, SslChannelInitializer.this.clientResources, SslChannelInitializer.this.timeout);
                            } else {
                                channelHandlerContext.fireChannelActive();
                            }
                        }
                        if ((obj instanceof ConnectionEvents.Activated) && !SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslChannelInitializer.this.initializedFuture.complete(true);
                            SslChannelInitializer.this.clientResources.eventBus().publish(new ConnectionActivatedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        }
                        super.userEventTriggered(channelHandlerContext, obj);
                    }

                    @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th5) throws Exception {
                        if ((th5 instanceof SSLHandshakeException) || (th5.getCause() instanceof SSLException)) {
                            SslChannelInitializer.this.initializedFuture.completeExceptionally(th5);
                        }
                        super.exceptionCaught(channelHandlerContext, th5);
                    }
                });
            }
            Iterator<ChannelHandler> it = this.handlers.get().iterator();
            while (it.hasNext()) {
                channel.pipeline().addLast(it.next());
            }
            this.clientResources.nettyCustomizer().afterChannelInitialized(channel);
        }

        @Override // io.lettuce.core.RedisChannelInitializer
        public CompletableFuture<Boolean> channelInitialized() {
            return this.initializedFuture;
        }

        private static KeyManagerFactory createKeyManagerFactory(InputStream inputStream, char[] cArr) throws GeneralSecurityException, IOException {
            KeyStore keyStore = getKeyStore(inputStream, cArr);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr == null ? new char[0] : cArr);
            return keyManagerFactory;
        }

        private static KeyStore getKeyStore(InputStream inputStream, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(inputStream, cArr);
                return keyStore;
            } finally {
                inputStream.close();
            }
        }

        private static TrustManagerFactory createTrustManagerFactory(InputStream inputStream, char[] cArr) throws GeneralSecurityException, IOException {
            KeyStore keyStore = getKeyStore(inputStream, cArr);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        }
    }

    public SslConnectionBuilder ssl(RedisURI redisURI) {
        this.redisURI = redisURI;
        return this;
    }

    public static SslConnectionBuilder sslConnectionBuilder() {
        return new SslConnectionBuilder();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.lettuce.core.ConnectionBuilder
    public List<ChannelHandler> buildHandlers() {
        LettuceAssert.assertState(this.redisURI != null, "RedisURI must not be null");
        LettuceAssert.assertState(this.redisURI.isSsl(), "RedisURI is not configured for SSL (ssl is false)");
        return super.buildHandlers();
    }

    @Override // io.lettuce.core.ConnectionBuilder
    public RedisChannelInitializer build() {
        return new SslChannelInitializer(getPingCommandSupplier(), this::buildHandlers, this.redisURI, clientResources(), getTimeout(), clientOptions().getSslOptions());
    }
}
