package io.lettuce.core;

import io.lettuce.core.ConnectionEvents;
import io.lettuce.core.event.connection.ConnectedEvent;
import io.lettuce.core.event.connection.ConnectionActivatedEvent;
import io.lettuce.core.event.connection.DisconnectedEvent;
import io.lettuce.core.internal.HostAndPort;
import io.lettuce.core.internal.LettuceAssert;
import io.lettuce.core.protocol.AsyncCommand;
import io.lettuce.core.resource.ClientResources;
import io.netty.buffer.ByteBufAllocator;
import io.netty.channel.Channel;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.time.Duration;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.function.Supplier;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:io/lettuce/core/SslConnectionBuilder.class */
public class SslConnectionBuilder extends ConnectionBuilder {
    private RedisURI redisURI;

    /* loaded from: input_file:io/lettuce/core/SslConnectionBuilder$SslChannelInitializer.class */
    static class SslChannelInitializer extends ChannelInitializer<Channel> implements RedisChannelInitializer {
        private final Supplier<AsyncCommand<?, ?, ?>> pingCommandSupplier;
        private final Supplier<List<ChannelHandler>> handlers;
        private final HostAndPort hostAndPort;
        private final boolean verifyPeer;
        private final boolean startTls;
        private final ClientResources clientResources;
        private final Duration timeout;
        private final SslOptions sslOptions;
        private volatile CompletableFuture<Boolean> initializedFuture = new CompletableFuture<>();

        public SslChannelInitializer(Supplier<AsyncCommand<?, ?, ?>> supplier, Supplier<List<ChannelHandler>> supplier2, HostAndPort hostAndPort, boolean z, boolean z2, ClientResources clientResources, Duration duration, SslOptions sslOptions) {
            this.pingCommandSupplier = supplier;
            this.handlers = supplier2;
            this.hostAndPort = hostAndPort;
            this.verifyPeer = z;
            this.startTls = z2;
            this.clientResources = clientResources;
            this.timeout = duration;
            this.sslOptions = sslOptions;
        }

        protected void initChannel(Channel channel) throws Exception {
            doInitialize(channel);
        }

        private void doInitialize(Channel channel) throws IOException, GeneralSecurityException {
            SSLEngine initializeSSLEngine = initializeSSLEngine(channel.alloc());
            if (channel.pipeline().get("first") == null) {
                channel.pipeline().addFirst("first", new ChannelDuplexHandler() { // from class: io.lettuce.core.SslConnectionBuilder.SslChannelInitializer.1
                    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SslChannelInitializer.this.clientResources.eventBus().publish(new ConnectedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        super.channelActive(channelHandlerContext);
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        SslChannelInitializer.this.clientResources.eventBus().publish(new DisconnectedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        super.channelInactive(channelHandlerContext);
                    }
                });
            }
            channel.pipeline().addLast(new ChannelHandler[]{new SslHandler(initializeSSLEngine, this.startTls)});
            if (channel.pipeline().get("channelActivator") == null) {
                channel.pipeline().addLast("channelActivator", new RedisChannelInitializerImpl() { // from class: io.lettuce.core.SslConnectionBuilder.SslChannelInitializer.2
                    private AsyncCommand<?, ?, ?> pingCommand;

                    @Override // io.lettuce.core.RedisChannelInitializer
                    public CompletableFuture<Boolean> channelInitialized() {
                        return SslChannelInitializer.this.initializedFuture;
                    }

                    public void channelInactive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        if (!SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslChannelInitializer.this.initializedFuture.completeExceptionally(new RedisConnectionException("Connection closed prematurely"));
                        }
                        SslChannelInitializer.this.initializedFuture = new CompletableFuture();
                        this.pingCommand = null;
                        super.channelInactive(channelHandlerContext);
                    }

                    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
                        if (SslChannelInitializer.this.initializedFuture.isDone()) {
                            super.channelActive(channelHandlerContext);
                        }
                    }

                    public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
                        if ((obj instanceof SslHandshakeCompletionEvent) && !SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
                            if (!sslHandshakeCompletionEvent.isSuccess()) {
                                SslChannelInitializer.this.initializedFuture.completeExceptionally(sslHandshakeCompletionEvent.cause());
                            } else if (SslChannelInitializer.this.pingCommandSupplier != PlainChannelInitializer.NO_PING) {
                                this.pingCommand = (AsyncCommand) SslChannelInitializer.this.pingCommandSupplier.get();
                                PlainChannelInitializer.pingBeforeActivate(this.pingCommand, SslChannelInitializer.this.initializedFuture, channelHandlerContext, SslChannelInitializer.this.clientResources, SslChannelInitializer.this.timeout);
                            } else {
                                channelHandlerContext.fireChannelActive();
                            }
                        }
                        if ((obj instanceof ConnectionEvents.Activated) && !SslChannelInitializer.this.initializedFuture.isDone()) {
                            SslChannelInitializer.this.initializedFuture.complete(true);
                            SslChannelInitializer.this.clientResources.eventBus().publish(new ConnectionActivatedEvent(ConnectionEventTrigger.local(channelHandlerContext), ConnectionEventTrigger.remote(channelHandlerContext)));
                        }
                        super.userEventTriggered(channelHandlerContext, obj);
                    }

                    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) throws Exception {
                        if ((th instanceof SSLHandshakeException) || (th.getCause() instanceof SSLException)) {
                            SslChannelInitializer.this.initializedFuture.completeExceptionally(th);
                        }
                        super.exceptionCaught(channelHandlerContext, th);
                    }
                });
            }
            Iterator<ChannelHandler> it = this.handlers.get().iterator();
            while (it.hasNext()) {
                channel.pipeline().addLast(new ChannelHandler[]{it.next()});
            }
            this.clientResources.nettyCustomizer().afterChannelInitialized(channel);
        }

        private SSLEngine initializeSSLEngine(ByteBufAllocator byteBufAllocator) throws IOException, GeneralSecurityException {
            SSLParameters createSSLParameters = this.sslOptions.createSSLParameters();
            SslContextBuilder createSslContextBuilder = this.sslOptions.createSslContextBuilder();
            if (this.verifyPeer) {
                createSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            } else {
                createSslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            SslContext build = createSslContextBuilder.build();
            SSLEngine newEngine = this.hostAndPort != null ? build.newEngine(byteBufAllocator, this.hostAndPort.getHostText(), this.hostAndPort.getPort()) : build.newEngine(byteBufAllocator);
            newEngine.setSSLParameters(createSSLParameters);
            return newEngine;
        }

        @Override // io.lettuce.core.RedisChannelInitializer
        public CompletableFuture<Boolean> channelInitialized() {
            return this.initializedFuture;
        }
    }

    public SslConnectionBuilder ssl(RedisURI redisURI) {
        this.redisURI = redisURI;
        return this;
    }

    public static SslConnectionBuilder sslConnectionBuilder() {
        return new SslConnectionBuilder();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.lettuce.core.ConnectionBuilder
    public List<ChannelHandler> buildHandlers() {
        LettuceAssert.assertState(this.redisURI != null, "RedisURI must not be null");
        LettuceAssert.assertState(this.redisURI.isSsl(), "RedisURI is not configured for SSL (ssl is false)");
        return super.buildHandlers();
    }

    @Override // io.lettuce.core.ConnectionBuilder
    @Deprecated
    public RedisChannelInitializer build() {
        return new SslChannelInitializer(getPingCommandSupplier(), this::buildHandlers, toHostAndPort(this.redisURI), this.redisURI.isVerifyPeer(), this.redisURI.isStartTls(), clientResources(), getTimeout(), clientOptions().getSslOptions());
    }

    @Override // io.lettuce.core.ConnectionBuilder
    public RedisChannelInitializer build(SocketAddress socketAddress) {
        return new SslChannelInitializer(getPingCommandSupplier(), this::buildHandlers, toHostAndPort(socketAddress), this.redisURI.isVerifyPeer(), this.redisURI.isStartTls(), clientResources(), getTimeout(), clientOptions().getSslOptions());
    }

    static HostAndPort toHostAndPort(RedisURI redisURI) {
        if (LettuceStrings.isNotEmpty(redisURI.getHost())) {
            return HostAndPort.of(redisURI.getHost(), redisURI.getPort());
        }
        return null;
    }

    static HostAndPort toHostAndPort(SocketAddress socketAddress) {
        if (!(socketAddress instanceof InetSocketAddress)) {
            return null;
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
        return HostAndPort.of(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
    }
}
