package com.alibaba.rsocket.transport.netty;

import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProtocols;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.rsocket.transport.ClientTransport;
import io.rsocket.transport.ServerTransport;
import io.rsocket.transport.netty.client.TcpClientTransport;
import io.rsocket.transport.netty.server.TcpServerTransport;
import io.rsocket.uri.UriHandler;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.compress.utils.CharsetNames;
import org.springframework.beans.factory.BeanFactory;
import reactor.netty.tcp.TcpClient;
import reactor.netty.tcp.TcpServer;

/* loaded from: input_file:BOOT-INF/lib/alibaba-rsocket-core-1.1.6.jar:com/alibaba/rsocket/transport/netty/TcpSslUriHandler.class */
public final class TcpSslUriHandler implements UriHandler {
    private static final String DEFAULT_PASSWORD = "changeit";
    private TrustManagerFactory trustManagerFactory;
    private static final List<String> SCHEMES = Arrays.asList("tcps", "tcp+tls", "tls");
    private static final String[] protocols = {SslProtocols.TLS_v1_3, SslProtocols.TLS_v1_2};

    public TcpSslUriHandler() {
        this.trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
        File file = new File(System.getProperty("user.home") + "/.rsocket/known_finder_prints");
        if (file.exists()) {
            ArrayList arrayList = new ArrayList();
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file), StandardCharsets.UTF_8));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        } else if (!readLine.isEmpty()) {
                            arrayList.add(readLine.replaceAll(":", "").trim());
                        }
                    } finally {
                    }
                }
                bufferedReader.close();
            } catch (Exception e) {
            }
            if (arrayList.isEmpty()) {
                return;
            }
            this.trustManagerFactory = new FingerPrintTrustManagerFactory(arrayList);
        }
    }

    @Override // io.rsocket.uri.UriHandler
    public Optional<ClientTransport> buildClient(URI uri) {
        Objects.requireNonNull(uri, "uri must not be null");
        if (!SCHEMES.contains(uri.getScheme())) {
            return Optional.empty();
        }
        try {
            SslContext build = SslContextBuilder.forClient().protocols(protocols).sslProvider(getSslProvider()).trustManager(this.trustManagerFactory).build();
            return Optional.of(TcpClientTransport.create(TcpClient.create().host(uri.getHost()).port(uri.getPort()).secure(sslContextSpec -> {
                sslContextSpec.sslContext(build);
            })));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    @Override // io.rsocket.uri.UriHandler
    public Optional<ServerTransport<?>> buildServer(URI uri) {
        PrivateKey key;
        X509Certificate cert;
        Objects.requireNonNull(uri, "uri must not be null");
        if (!SCHEMES.contains(uri.getScheme())) {
            return Optional.empty();
        }
        try {
            Map<String, String> splitQuery = splitQuery(uri);
            char[] charArray = splitQuery.getOrDefault("password", "changeit").toCharArray();
            File file = new File(splitQuery.getOrDefault("store", System.getProperty("user.home") + "/.rsocket/rsocket.p12"));
            if (file.exists()) {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    keyStore.load(fileInputStream, charArray);
                    fileInputStream.close();
                    String nextElement = keyStore.aliases().nextElement();
                    cert = (X509Certificate) keyStore.getCertificate(nextElement);
                    key = ((KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(charArray))).getPrivateKey();
                } finally {
                }
            } else {
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
                key = selfSignedCertificate.key();
                cert = selfSignedCertificate.cert();
            }
            PrivateKey privateKey = key;
            X509Certificate x509Certificate = cert;
            return Optional.of(TcpServerTransport.create(TcpServer.create().host(uri.getHost()).port(uri.getPort()).secure(sslContextSpec -> {
                sslContextSpec.sslContext(SslContextBuilder.forServer(privateKey, x509Certificate).protocols(protocols).sslProvider(getSslProvider()));
            })));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    private SslProvider getSslProvider() {
        return OpenSsl.isAvailable() ? SslProvider.OPENSSL_REFCNT : SslProvider.JDK;
    }

    private Map<String, String> splitQuery(URI uri) throws UnsupportedEncodingException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        String query = uri.getQuery();
        if (query != null && !query.isEmpty()) {
            for (String str : query.split(BeanFactory.FACTORY_BEAN_PREFIX)) {
                int indexOf = str.indexOf("=");
                linkedHashMap.put(URLDecoder.decode(str.substring(0, indexOf), CharsetNames.UTF_8), URLDecoder.decode(str.substring(indexOf + 1), CharsetNames.UTF_8));
            }
        }
        return linkedHashMap;
    }
}
