package io.helidon.common.tls;

import io.helidon.builder.api.RuntimeType;
import io.helidon.common.config.Config;
import io.helidon.common.tls.TlsConfig;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

@RuntimeType.PrototypedBy(TlsConfig.class)
/* loaded from: input_file:io/helidon/common/tls/Tls.class */
public class Tls implements RuntimeType.Api<TlsConfig> {
    public static final String ENDPOINT_IDENTIFICATION_HTTPS = "HTTPS";
    public static final String ENDPOINT_IDENTIFICATION_NONE = "NONE";
    private final SSLContext sslContext;
    private final SSLParameters sslParameters;
    private final SSLSocketFactory sslSocketFactory;
    private final SSLServerSocketFactory sslServerSocketFactory;
    private final boolean enabled;
    private final TlsConfig tlsConfig;
    private final TlsManager tlsManager;

    private Tls(TlsConfig tlsConfig) {
        this.tlsConfig = (TlsConfig) Objects.requireNonNull(tlsConfig);
        this.sslParameters = tlsConfig.sslParameters().orElseThrow();
        this.enabled = tlsConfig.enabled();
        if (!tlsConfig.enabled()) {
            this.sslContext = null;
            this.sslSocketFactory = null;
            this.sslServerSocketFactory = null;
            this.tlsManager = null;
            return;
        }
        this.tlsManager = tlsConfig.manager();
        this.tlsManager.init(tlsConfig);
        this.sslContext = this.tlsManager.sslContext();
        this.sslSocketFactory = this.sslContext.getSocketFactory();
        this.sslServerSocketFactory = this.sslContext.getServerSocketFactory();
    }

    public static TlsConfig.Builder builder() {
        return TlsConfig.builder();
    }

    public static Tls create(Config config) {
        return builder().m8config(config).m7build();
    }

    public static Tls create(TlsConfig tlsConfig) {
        return new Tls(tlsConfig);
    }

    public static Tls create(Consumer<TlsConfig.Builder> consumer) {
        TlsConfig.Builder builder = TlsConfig.builder();
        consumer.accept(builder);
        return create(builder.m6buildPrototype());
    }

    /* renamed from: prototype, reason: merged with bridge method [inline-methods] */
    public TlsConfig m4prototype() {
        return this.tlsConfig;
    }

    public final SSLEngine newEngine() {
        checkEnabled();
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setSSLParameters(this.sslParameters);
        return createSSLEngine;
    }

    public int hashCode() {
        return this.enabled ? (31 * Objects.hash(sslContext())) + hashCode(sslParameters()) : Objects.hash(Tls.class);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof Tls)) {
            return false;
        }
        Tls tls = (Tls) obj;
        if (enabled() || tls.enabled()) {
            return sslContext().equals(tls.sslContext()) && equals(sslParameters(), tls.sslParameters());
        }
        return true;
    }

    public SSLServerSocket createServerSocket() {
        checkEnabled();
        try {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket();
            sSLServerSocket.setSSLParameters(this.sslParameters);
            return sSLServerSocket;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public SSLSocket createSocket(List<String> list, Socket socket, InetSocketAddress inetSocketAddress) {
        checkEnabled();
        try {
            SSLSocket sSLSocket = (SSLSocket) this.sslSocketFactory.createSocket(socket, inetSocketAddress.getHostName(), inetSocketAddress.getPort(), true);
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setApplicationProtocols((String[]) list.toArray(new String[0]));
            sSLParameters.setServerNames(this.sslParameters.getServerNames());
            sSLParameters.setCipherSuites(this.sslParameters.getCipherSuites());
            sSLParameters.setAlgorithmConstraints(this.sslParameters.getAlgorithmConstraints());
            sSLParameters.setEnableRetransmissions(this.sslParameters.getEnableRetransmissions());
            sSLParameters.setEndpointIdentificationAlgorithm(this.sslParameters.getEndpointIdentificationAlgorithm());
            sSLParameters.setMaximumPacketSize(this.sslParameters.getMaximumPacketSize());
            sSLParameters.setNamedGroups(this.sslParameters.getNamedGroups());
            sSLParameters.setProtocols(this.sslParameters.getProtocols());
            sSLParameters.setSignatureSchemes(this.sslParameters.getSignatureSchemes());
            sSLParameters.setSNIMatchers(this.sslParameters.getSNIMatchers());
            sSLParameters.setUseCipherSuitesOrder(this.sslParameters.getUseCipherSuitesOrder());
            if (this.sslParameters.getNeedClientAuth()) {
                sSLParameters.setNeedClientAuth(this.sslParameters.getNeedClientAuth());
            }
            if (this.sslParameters.getWantClientAuth()) {
                sSLParameters.setWantClientAuth(this.sslParameters.getWantClientAuth());
            }
            sSLSocket.setSSLParameters(sSLParameters);
            return sSLSocket;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public SSLContext sslContext() {
        checkEnabled();
        return this.sslContext;
    }

    public SSLParameters sslParameters() {
        return this.sslParameters;
    }

    public void reload(Tls tls) {
        if (this.enabled) {
            this.tlsManager.reload(tls);
        }
    }

    public boolean enabled() {
        return this.enabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<X509KeyManager> keyManager() {
        return this.tlsManager.keyManager();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<X509TrustManager> trustManager() {
        return this.tlsManager.trustManager();
    }

    private static int hashCode(SSLParameters sSLParameters) {
        return (31 * ((31 * ((31 * Objects.hash(sSLParameters.getAlgorithmConstraints(), Boolean.valueOf(sSLParameters.getEnableRetransmissions()), sSLParameters.getEndpointIdentificationAlgorithm(), Integer.valueOf(sSLParameters.getMaximumPacketSize()), Boolean.valueOf(sSLParameters.getNeedClientAuth()), Boolean.valueOf(sSLParameters.getUseCipherSuitesOrder()), Boolean.valueOf(sSLParameters.getWantClientAuth()), sSLParameters.getServerNames(), sSLParameters.getSNIMatchers())) + Arrays.hashCode(sSLParameters.getApplicationProtocols()))) + Arrays.hashCode(sSLParameters.getCipherSuites()))) + Arrays.hashCode(sSLParameters.getProtocols());
    }

    static boolean equals(SSLParameters sSLParameters, SSLParameters sSLParameters2) {
        return Objects.equals(sSLParameters.getAlgorithmConstraints(), sSLParameters2.getAlgorithmConstraints()) && Arrays.equals(sSLParameters.getApplicationProtocols(), sSLParameters2.getApplicationProtocols()) && Arrays.equals(sSLParameters.getCipherSuites(), sSLParameters2.getCipherSuites()) && sSLParameters.getEnableRetransmissions() == sSLParameters2.getEnableRetransmissions() && Objects.equals(sSLParameters.getEndpointIdentificationAlgorithm(), sSLParameters2.getEndpointIdentificationAlgorithm()) && sSLParameters.getMaximumPacketSize() == sSLParameters2.getMaximumPacketSize() && sSLParameters.getNeedClientAuth() == sSLParameters2.getNeedClientAuth() && Arrays.equals(sSLParameters.getProtocols(), sSLParameters2.getProtocols()) && sSLParameters.getUseCipherSuitesOrder() == sSLParameters2.getUseCipherSuitesOrder() && sSLParameters.getWantClientAuth() == sSLParameters2.getWantClientAuth() && Objects.equals(sSLParameters.getServerNames(), sSLParameters2.getServerNames()) && Objects.equals(sSLParameters.getSNIMatchers(), sSLParameters2.getSNIMatchers());
    }

    private void checkEnabled() {
        if (this.sslContext == null) {
            throw new IllegalStateException("TLS config is disabled, SSL related methods cannot be called.");
        }
    }
}
