package io.lettuce.core;

import io.lettuce.core.internal.HostAndPort;
import io.lettuce.core.internal.LettuceAssert;
import io.lettuce.core.resource.ClientResources;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.util.Iterator;
import java.util.List;
import java.util.function.Supplier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:WEB-INF/lib/lettuce-core-6.2.6.RELEASE.jar:io/lettuce/core/SslConnectionBuilder.class */
public class SslConnectionBuilder extends ConnectionBuilder {
    private RedisURI redisURI;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/lettuce-core-6.2.6.RELEASE.jar:io/lettuce/core/SslConnectionBuilder$SslChannelInitializer.class */
    public static class SslChannelInitializer extends ChannelInitializer<Channel> {
        private final Supplier<List<ChannelHandler>> handlers;
        private final HostAndPort hostAndPort;
        private final SslVerifyMode verifyPeer;
        private final boolean startTls;
        private final ClientResources clientResources;
        private final SslOptions sslOptions;

        public SslChannelInitializer(Supplier<List<ChannelHandler>> supplier, HostAndPort hostAndPort, SslVerifyMode sslVerifyMode, boolean z, ClientResources clientResources, SslOptions sslOptions) {
            this.handlers = supplier;
            this.hostAndPort = hostAndPort;
            this.verifyPeer = sslVerifyMode;
            this.startTls = z;
            this.clientResources = clientResources;
            this.sslOptions = sslOptions;
        }

        ChannelHandler withHostAndPort(HostAndPort hostAndPort) {
            return new SslChannelInitializer(this.handlers, hostAndPort, this.verifyPeer, this.startTls, this.clientResources, this.sslOptions);
        }

        @Override // io.netty.channel.ChannelInitializer
        protected void initChannel(Channel channel) throws Exception {
            SslHandler sslHandler = new SslHandler(initializeSSLEngine(channel.alloc()), this.startTls);
            sslHandler.setHandshakeTimeoutMillis(this.sslOptions.getHandshakeTimeout().toMillis());
            channel.pipeline().addLast(sslHandler);
            Iterator<ChannelHandler> it = this.handlers.get().iterator();
            while (it.hasNext()) {
                channel.pipeline().addLast(it.next());
            }
            this.clientResources.nettyCustomizer().afterChannelInitialized(channel);
        }

        private SSLEngine initializeSSLEngine(ByteBufAllocator byteBufAllocator) throws IOException, GeneralSecurityException {
            SSLParameters createSSLParameters = this.sslOptions.createSSLParameters();
            SslContextBuilder createSslContextBuilder = this.sslOptions.createSslContextBuilder();
            if (this.verifyPeer == SslVerifyMode.FULL) {
                createSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            } else if (this.verifyPeer == SslVerifyMode.CA) {
                createSSLParameters.setEndpointIdentificationAlgorithm("");
            } else if (this.verifyPeer == SslVerifyMode.NONE) {
                createSslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            SslContext build = createSslContextBuilder.build();
            SSLEngine newEngine = this.hostAndPort != null ? build.newEngine(byteBufAllocator, this.hostAndPort.getHostText(), this.hostAndPort.getPort()) : build.newEngine(byteBufAllocator);
            newEngine.setSSLParameters(createSSLParameters);
            return newEngine;
        }

        @Override // io.netty.channel.ChannelInitializer, io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler, io.netty.channel.ChannelInboundHandler
        public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
            channelHandlerContext.channel().attr(ConnectionBuilder.INIT_FAILURE).set(th);
            super.exceptionCaught(channelHandlerContext, th);
        }
    }

    public SslConnectionBuilder ssl(RedisURI redisURI) {
        this.redisURI = redisURI;
        return this;
    }

    public static SslConnectionBuilder sslConnectionBuilder() {
        return new SslConnectionBuilder();
    }

    public static boolean isSslChannelInitializer(ChannelHandler channelHandler) {
        return channelHandler instanceof SslChannelInitializer;
    }

    public static ChannelHandler withSocketAddress(ChannelHandler channelHandler, SocketAddress socketAddress) {
        LettuceAssert.assertState(isSslChannelInitializer(channelHandler), "handler must be SslChannelInitializer");
        return ((SslChannelInitializer) channelHandler).withHostAndPort(toHostAndPort(socketAddress));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.lettuce.core.ConnectionBuilder
    public List<ChannelHandler> buildHandlers() {
        LettuceAssert.assertState(this.redisURI != null, "RedisURI must not be null");
        LettuceAssert.assertState(this.redisURI.isSsl(), "RedisURI is not configured for SSL (ssl is false)");
        return super.buildHandlers();
    }

    @Override // io.lettuce.core.ConnectionBuilder
    public ChannelInitializer<Channel> build(SocketAddress socketAddress) {
        return new SslChannelInitializer(this::buildHandlers, toHostAndPort(socketAddress), this.redisURI.getVerifyMode(), this.redisURI.isStartTls(), clientResources(), clientOptions().getSslOptions());
    }

    static HostAndPort toHostAndPort(SocketAddress socketAddress) {
        if (!(socketAddress instanceof InetSocketAddress)) {
            return null;
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
        return HostAndPort.of(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
    }
}
