package io.ktor.server.netty;

import androidx.navigation.compose.l;
import f3.e;
import g3.p;
import g3.t;
import io.ktor.server.engine.ApplicationEngineEnvironment;
import io.ktor.server.engine.EngineConnectorConfig;
import io.ktor.server.engine.EnginePipeline;
import io.ktor.server.engine.EngineSSLConnectorConfig;
import io.ktor.server.netty.http1.NettyHttp1Handler;
import io.ktor.server.netty.http2.NettyHttp2Handler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpServerExpectContinueHandler;
import io.netty.handler.codec.http2.Http2MultiplexCodecBuilder;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.codec.rtsp.RtspHeaders;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.ApplicationProtocolNegotiationHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.timeout.ReadTimeoutHandler;
import io.netty.handler.timeout.WriteTimeoutHandler;
import io.netty.util.concurrent.EventExecutorGroup;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.File;
import java.io.FileInputStream;
import java.nio.channels.ClosedChannelException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import k3.h;
import kotlin.Metadata;
import kotlinx.coroutines.CoroutineScopeKt;
import r.d1;
import r3.k;

@Metadata(d1 = {"\u0000|\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u0000 22\b\u0012\u0004\u0012\u00020\u00020\u0001:\u000223By\u0012\u0006\u0010\u0011\u001a\u00020\u0010\u0012\u0006\u0010\u0014\u001a\u00020\u0013\u0012\u0006\u0010\u0017\u001a\u00020\u0016\u0012\u0006\u0010\u001a\u001a\u00020\u0019\u0012\u0006\u0010\u001c\u001a\u00020\u0019\u0012\u0006\u0010\u001e\u001a\u00020\u001d\u0012\u0006\u0010!\u001a\u00020 \u0012\u0006\u0010#\u001a\u00020 \u0012\u0006\u0010$\u001a\u00020 \u0012\u0006\u0010%\u001a\u00020 \u0012\f\u0010(\u001a\b\u0012\u0004\u0012\u00020'0&\u0012\u0012\u0010+\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00070*¢\u0006\u0004\b0\u00101J\u0018\u0010\b\u001a\u00020\u00072\u0006\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0006\u001a\u00020\u0005H\u0002J\f\u0010\u000b\u001a\u00020\n*\u00020\tH\u0002J\u000e\u0010\r\u001a\u0004\u0018\u00010\f*\u00020\tH\u0002J\u0010\u0010\u000f\u001a\u00020\u00072\u0006\u0010\u000e\u001a\u00020\u0002H\u0014R\u0014\u0010\u0011\u001a\u00020\u00108\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0011\u0010\u0012R\u0014\u0010\u0014\u001a\u00020\u00138\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0014\u0010\u0015R\u0014\u0010\u0017\u001a\u00020\u00168\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0017\u0010\u0018R\u0014\u0010\u001a\u001a\u00020\u00198\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001a\u0010\u001bR\u0014\u0010\u001c\u001a\u00020\u00198\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001c\u0010\u001bR\u0014\u0010\u001e\u001a\u00020\u001d8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001e\u0010\u001fR\u0014\u0010!\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b!\u0010\"R\u0014\u0010#\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b#\u0010\"R\u0014\u0010$\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b$\u0010\"R\u0014\u0010%\u001a\u00020 8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b%\u0010\"R\u001a\u0010(\u001a\b\u0012\u0004\u0012\u00020'0&8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b(\u0010)R \u0010+\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00070*8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b+\u0010,R\u0018\u0010.\u001a\u0004\u0018\u00010-8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b.\u0010/¨\u00064"}, d2 = {"Lio/ktor/server/netty/NettyChannelInitializer;", "Lio/netty/channel/ChannelInitializer;", "Lio/netty/channel/socket/SocketChannel;", "Lio/netty/channel/ChannelPipeline;", "pipeline", "", "protocol", "Lf3/u;", "configurePipeline", "Lio/ktor/server/engine/EngineSSLConnectorConfig;", "", "hasTrustStore", "Ljavax/net/ssl/TrustManagerFactory;", "trustManagerFactory", "ch", "initChannel", "Lio/ktor/server/engine/EnginePipeline;", "enginePipeline", "Lio/ktor/server/engine/EnginePipeline;", "Lio/ktor/server/engine/ApplicationEngineEnvironment;", "environment", "Lio/ktor/server/engine/ApplicationEngineEnvironment;", "Lio/netty/util/concurrent/EventExecutorGroup;", "callEventGroup", "Lio/netty/util/concurrent/EventExecutorGroup;", "Lk3/h;", "engineContext", "Lk3/h;", "userContext", "Lio/ktor/server/engine/EngineConnectorConfig;", "connector", "Lio/ktor/server/engine/EngineConnectorConfig;", "", "requestQueueLimit", "I", "runningLimit", "responseWriteTimeout", "requestReadTimeout", "Lkotlin/Function0;", "Lio/netty/handler/codec/http/HttpServerCodec;", "httpServerCodec", "Lr3/a;", "Lkotlin/Function1;", "channelPipelineConfig", "Lr3/k;", "Lio/netty/handler/ssl/SslContext;", "sslContext", "Lio/netty/handler/ssl/SslContext;", "<init>", "(Lio/ktor/server/engine/EnginePipeline;Lio/ktor/server/engine/ApplicationEngineEnvironment;Lio/netty/util/concurrent/EventExecutorGroup;Lk3/h;Lk3/h;Lio/ktor/server/engine/EngineConnectorConfig;IIIILr3/a;Lr3/k;)V", "Companion", "NegotiatedPipelineInitializer", "ktor-server-netty"}, k = 1, mv = {1, 8, 0})
/* loaded from: classes.dex */
public final class NettyChannelInitializer extends ChannelInitializer<SocketChannel> {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final e alpnProvider$delegate = d1.i1(NettyChannelInitializer$Companion$alpnProvider$2.INSTANCE);
    private final EventExecutorGroup callEventGroup;
    private final k channelPipelineConfig;
    private final EngineConnectorConfig connector;
    private final h engineContext;
    private final EnginePipeline enginePipeline;
    private final ApplicationEngineEnvironment environment;
    private final r3.a httpServerCodec;
    private final int requestQueueLimit;
    private final int requestReadTimeout;
    private final int responseWriteTimeout;
    private final int runningLimit;
    private SslContext sslContext;
    private final h userContext;

    @Metadata(d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\b\t\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\t\u0010\nJ\n\u0010\u0003\u001a\u0004\u0018\u00010\u0002H\u0002R\u001d\u0010\b\u001a\u0004\u0018\u00010\u00028@X\u0080\u0084\u0002¢\u0006\f\n\u0004\b\u0004\u0010\u0005\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u000b"}, d2 = {"Lio/ktor/server/netty/NettyChannelInitializer$Companion;", "", "Lio/netty/handler/ssl/SslProvider;", "findAlpnProvider", "alpnProvider$delegate", "Lf3/e;", "getAlpnProvider$ktor_server_netty", "()Lio/netty/handler/ssl/SslProvider;", "alpnProvider", "<init>", "()V", "ktor-server-netty"}, k = 1, mv = {1, 8, 0})
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(kotlin.jvm.internal.e eVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final SslProvider findAlpnProvider() {
            try {
                SslProvider sslProvider = SslProvider.OPENSSL;
                if (SslProvider.isAlpnSupported(sslProvider)) {
                    return sslProvider;
                }
            } catch (Throwable unused) {
            }
            try {
                SslProvider sslProvider2 = SslProvider.JDK;
                if (SslProvider.isAlpnSupported(sslProvider2)) {
                    return sslProvider2;
                }
                return null;
            } catch (Throwable unused2) {
                return null;
            }
        }

        public final SslProvider getAlpnProvider$ktor_server_netty() {
            return (SslProvider) NettyChannelInitializer.alpnProvider$delegate.getValue();
        }
    }

    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0003\n\u0002\b\u0005\b\u0082\u0004\u0018\u00002\u00020\u0001B\u0007¢\u0006\u0004\b\u000b\u0010\fJ\u0018\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0014J\u001a\u0010\n\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\b\u0010\t\u001a\u0004\u0018\u00010\bH\u0014¨\u0006\r"}, d2 = {"Lio/ktor/server/netty/NettyChannelInitializer$NegotiatedPipelineInitializer;", "Lio/netty/handler/ssl/ApplicationProtocolNegotiationHandler;", "Lio/netty/channel/ChannelHandlerContext;", "ctx", "", "protocol", "Lf3/u;", "configurePipeline", "", "cause", "handshakeFailure", "<init>", "(Lio/ktor/server/netty/NettyChannelInitializer;)V", "ktor-server-netty"}, k = 1, mv = {1, 8, 0})
    /* loaded from: classes.dex */
    public final class NegotiatedPipelineInitializer extends ApplicationProtocolNegotiationHandler {
        public NegotiatedPipelineInitializer() {
            super(ApplicationProtocolNames.HTTP_1_1);
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        public void configurePipeline(ChannelHandlerContext channelHandlerContext, String str) {
            l.f0(channelHandlerContext, "ctx");
            l.f0(str, "protocol");
            NettyChannelInitializer nettyChannelInitializer = NettyChannelInitializer.this;
            ChannelPipeline pipeline = channelHandlerContext.pipeline();
            l.e0(pipeline, "ctx.pipeline()");
            nettyChannelInitializer.configurePipeline(pipeline, str);
        }

        @Override // io.netty.handler.ssl.ApplicationProtocolNegotiationHandler
        public void handshakeFailure(ChannelHandlerContext channelHandlerContext, Throwable th) {
            l.f0(channelHandlerContext, "ctx");
            if (th instanceof ClosedChannelException) {
                channelHandlerContext.close();
            } else {
                super.handshakeFailure(channelHandlerContext, th);
            }
        }
    }

    public NettyChannelInitializer(EnginePipeline enginePipeline, ApplicationEngineEnvironment applicationEngineEnvironment, EventExecutorGroup eventExecutorGroup, h hVar, h hVar2, EngineConnectorConfig engineConnectorConfig, int i7, int i8, int i9, int i10, r3.a aVar, k kVar) {
        l.f0(enginePipeline, "enginePipeline");
        l.f0(applicationEngineEnvironment, "environment");
        l.f0(eventExecutorGroup, "callEventGroup");
        l.f0(hVar, "engineContext");
        l.f0(hVar2, "userContext");
        l.f0(engineConnectorConfig, "connector");
        l.f0(aVar, "httpServerCodec");
        l.f0(kVar, "channelPipelineConfig");
        this.enginePipeline = enginePipeline;
        this.environment = applicationEngineEnvironment;
        this.callEventGroup = eventExecutorGroup;
        this.engineContext = hVar;
        this.userContext = hVar2;
        this.connector = engineConnectorConfig;
        this.requestQueueLimit = i7;
        this.runningLimit = i8;
        this.responseWriteTimeout = i9;
        this.requestReadTimeout = i10;
        this.httpServerCodec = aVar;
        this.channelPipelineConfig = kVar;
        if (engineConnectorConfig instanceof EngineSSLConnectorConfig) {
            Certificate[] certificateChain = ((EngineSSLConnectorConfig) engineConnectorConfig).getKeyStore().getCertificateChain(((EngineSSLConnectorConfig) engineConnectorConfig).getKeyAlias());
            l.e0(certificateChain, "connector.keyStore.getCe…Chain(connector.keyAlias)");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) t.k3(p.z2(certificateChain)).toArray(new X509Certificate[0]);
            char[] cArr = (char[]) ((EngineSSLConnectorConfig) engineConnectorConfig).getPrivateKeyPassword().invoke();
            Key key = ((EngineSSLConnectorConfig) engineConnectorConfig).getKeyStore().getKey(((EngineSSLConnectorConfig) engineConnectorConfig).getKeyAlias(), cArr);
            l.d0(key, "null cannot be cast to non-null type java.security.PrivateKey");
            int length = cArr.length;
            l.f0(cArr, "<this>");
            Arrays.fill(cArr, 0, length, (char) 0);
            SslContextBuilder forServer = SslContextBuilder.forServer((PrivateKey) key, (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length));
            Companion companion = INSTANCE;
            if (companion.getAlpnProvider$ktor_server_netty() != null) {
                forServer.sslProvider(companion.getAlpnProvider$ktor_server_netty());
                forServer.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
                forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
            }
            TrustManagerFactory trustManagerFactory = trustManagerFactory((EngineSSLConnectorConfig) engineConnectorConfig);
            if (trustManagerFactory != null) {
                forServer.trustManager(trustManagerFactory);
            }
            this.sslContext = forServer.build();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void configurePipeline(ChannelPipeline channelPipeline, String str) {
        if (l.I(str, ApplicationProtocolNames.HTTP_2)) {
            NettyHttp2Handler nettyHttp2Handler = new NettyHttp2Handler(this.enginePipeline, this.environment.getApplication(), this.callEventGroup, this.userContext, this.runningLimit);
            channelPipeline.addLast(Http2MultiplexCodecBuilder.forServer(nettyHttp2Handler).build());
            channelPipeline.channel().closeFuture().addListener((GenericFutureListener<? extends Future<? super Void>>) new b(nettyHttp2Handler, 0));
            this.channelPipelineConfig.invoke(channelPipeline);
            return;
        }
        if (!l.I(str, ApplicationProtocolNames.HTTP_1_1)) {
            this.environment.getLog().error("Unsupported protocol " + str);
            channelPipeline.close();
            return;
        }
        NettyHttp1Handler nettyHttp1Handler = new NettyHttp1Handler(this.enginePipeline, this.environment, this.callEventGroup, this.engineContext, this.userContext, this.runningLimit);
        if (this.requestReadTimeout > 0) {
            channelPipeline.addLast("readTimeout", new ReadTimeoutHandler(this.requestReadTimeout));
        }
        channelPipeline.addLast("codec", (ChannelHandler) this.httpServerCodec.invoke());
        channelPipeline.addLast("continue", new HttpServerExpectContinueHandler());
        channelPipeline.addLast(RtspHeaders.Values.TIMEOUT, new WriteTimeoutHandler(this.responseWriteTimeout));
        channelPipeline.addLast("http1", nettyHttp1Handler);
        this.channelPipelineConfig.invoke(channelPipeline);
        channelPipeline.context("codec").fireChannelActive();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final void configurePipeline$lambda$5(NettyHttp2Handler nettyHttp2Handler, Future future) {
        l.f0(nettyHttp2Handler, "$handler");
        CoroutineScopeKt.cancel$default(nettyHttp2Handler, null, 1, null);
    }

    private final boolean hasTrustStore(EngineSSLConnectorConfig engineSSLConnectorConfig) {
        return (engineSSLConnectorConfig.getTrustStore() == null && engineSSLConnectorConfig.getTrustStorePath() == null) ? false : true;
    }

    private final TrustManagerFactory trustManagerFactory(EngineSSLConnectorConfig engineSSLConnectorConfig) {
        KeyStore trustStore = engineSSLConnectorConfig.getTrustStore();
        if (trustStore == null) {
            File trustStorePath = engineSSLConnectorConfig.getTrustStorePath();
            if (trustStorePath != null) {
                FileInputStream fileInputStream = new FileInputStream(trustStorePath);
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(fileInputStream, null);
                    l.j0(fileInputStream, null);
                    trustStore = keyStore;
                } catch (Throwable th) {
                    try {
                        throw th;
                    } catch (Throwable th2) {
                        l.j0(fileInputStream, th);
                        throw th2;
                    }
                }
            } else {
                trustStore = null;
            }
        }
        if (trustStore == null) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        return trustManagerFactory;
    }

    @Override // io.netty.channel.ChannelInitializer
    public void initChannel(SocketChannel socketChannel) {
        l.f0(socketChannel, "ch");
        ChannelPipeline pipeline = socketChannel.pipeline();
        if (this.connector instanceof EngineSSLConnectorConfig) {
            SslContext sslContext = this.sslContext;
            l.c0(sslContext);
            SSLEngine newEngine = sslContext.newEngine(socketChannel.alloc());
            if (hasTrustStore((EngineSSLConnectorConfig) this.connector)) {
                newEngine.setUseClientMode(false);
                newEngine.setNeedClientAuth(true);
            }
            List<String> enabledProtocols = ((EngineSSLConnectorConfig) this.connector).getEnabledProtocols();
            if (enabledProtocols != null) {
                newEngine.setEnabledProtocols((String[]) enabledProtocols.toArray(new String[0]));
            }
            pipeline.addLast("ssl", new SslHandler(newEngine));
            if (INSTANCE.getAlpnProvider$ktor_server_netty() != null) {
                pipeline.addLast(new NegotiatedPipelineInitializer());
                return;
            }
        } else {
            l.e0(pipeline, "this");
        }
        configurePipeline(pipeline, ApplicationProtocolNames.HTTP_1_1);
    }
}
