package io.netty.handler.ssl;

import io.netty.util.internal.PlatformDependent;
import io.netty.util.internal.SuppressJava6Requirement;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com.gradle.enterprise.testacceleration.worker.jar:io/netty/handler/ssl/ResumptionController.class */
public final class ResumptionController {
    private final Set<SSLEngine> confirmedValidations = Collections.synchronizedSet(Collections.newSetFromMap(new WeakHashMap()));
    private final AtomicReference<ResumableX509ExtendedTrustManager> resumableTm = new AtomicReference<>();

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressJava6Requirement(reason = "Guarded by version check")
    /* loaded from: input_file:com.gradle.enterprise.testacceleration.worker.jar:io/netty/handler/ssl/ResumptionController$X509ExtendedWrapTrustManager.class */
    public static final class X509ExtendedWrapTrustManager extends X509ExtendedTrustManager {
        private final X509ExtendedTrustManager trustManager;
        private final Set<SSLEngine> confirmedValidations;

        X509ExtendedWrapTrustManager(X509ExtendedTrustManager x509ExtendedTrustManager, Set<SSLEngine> set) {
            this.trustManager = x509ExtendedTrustManager;
            this.confirmedValidations = set;
        }

        private static void unsupported() throws CertificateException {
            throw new CertificateException(new UnsupportedOperationException("Resumable trust managers require the SSLEngine parameter"));
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            unsupported();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            unsupported();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            unsupported();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            unsupported();
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            this.trustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
            this.confirmedValidations.add(sSLEngine);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            this.trustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
            this.confirmedValidations.add(sSLEngine);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.trustManager.getAcceptedIssuers();
        }
    }

    @SuppressJava6Requirement(reason = "Guarded by version check")
    public TrustManager wrapIfNeeded(TrustManager trustManager) {
        if (!(trustManager instanceof ResumableX509ExtendedTrustManager)) {
            return trustManager;
        }
        if (PlatformDependent.javaVersion() < 7 || !(trustManager instanceof X509ExtendedTrustManager)) {
            throw new IllegalStateException("ResumableX509ExtendedTrustManager implementation must be a subclass of X509ExtendedTrustManager, found: " + (trustManager == null ? null : trustManager.getClass()));
        }
        if (this.resumableTm.compareAndSet(null, (ResumableX509ExtendedTrustManager) trustManager)) {
            return new X509ExtendedWrapTrustManager((X509ExtendedTrustManager) trustManager, this.confirmedValidations);
        }
        throw new IllegalStateException("Only one ResumableX509ExtendedTrustManager can be configured for resumed sessions");
    }

    public void remove(SSLEngine sSLEngine) {
        if (this.resumableTm.get() != null) {
            this.confirmedValidations.remove(unwrapEngine(sSLEngine));
        }
    }

    public boolean validateResumeIfNeeded(SSLEngine sSLEngine) throws CertificateException, SSLPeerUnverifiedException {
        ResumableX509ExtendedTrustManager resumableX509ExtendedTrustManager;
        SSLSession session = sSLEngine.getSession();
        if (!session.isValid()) {
            return false;
        }
        if ((!sSLEngine.getUseClientMode() && !sSLEngine.getNeedClientAuth() && !sSLEngine.getWantClientAuth()) || (resumableX509ExtendedTrustManager = this.resumableTm.get()) == null) {
            return false;
        }
        SSLEngine unwrapEngine = unwrapEngine(sSLEngine);
        if (this.confirmedValidations.remove(unwrapEngine)) {
            return false;
        }
        try {
            Certificate[] peerCertificates = session.getPeerCertificates();
            if (unwrapEngine.getUseClientMode()) {
                resumableX509ExtendedTrustManager.resumeServerTrusted(chainOf(peerCertificates), unwrapEngine);
                return true;
            }
            resumableX509ExtendedTrustManager.resumeClientTrusted(chainOf(peerCertificates), unwrapEngine);
            return true;
        } catch (SSLPeerUnverifiedException e) {
            if (unwrapEngine.getUseClientMode() || unwrapEngine.getNeedClientAuth()) {
                throw e;
            }
            return false;
        }
    }

    private static SSLEngine unwrapEngine(SSLEngine sSLEngine) {
        return sSLEngine instanceof JdkSslEngine ? ((JdkSslEngine) sSLEngine).getWrappedEngine() : sSLEngine;
    }

    private static X509Certificate[] chainOf(Certificate[] certificateArr) {
        if (certificateArr instanceof X509Certificate[]) {
            return (X509Certificate[]) certificateArr;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            Certificate certificate = certificateArr[i];
            if (!(certificate instanceof X509Certificate) && certificate != null) {
                throw new IllegalArgumentException("Only X509Certificates are supported, found: " + certificate.getClass());
            }
            x509CertificateArr[i] = (X509Certificate) certificate;
        }
        return x509CertificateArr;
    }
}
