package io.grpc.netty;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.errorprone.annotations.ForOverride;
import io.camunda.zeebe.model.bpmn.impl.BpmnModelConstants;
import io.grpc.CallCredentials;
import io.grpc.ChannelCredentials;
import io.grpc.ChannelLogger;
import io.grpc.ChoiceChannelCredentials;
import io.grpc.ChoiceServerCredentials;
import io.grpc.CompositeCallCredentials;
import io.grpc.CompositeChannelCredentials;
import io.grpc.Grpc;
import io.grpc.InsecureChannelCredentials;
import io.grpc.InsecureServerCredentials;
import io.grpc.InternalChannelz;
import io.grpc.SecurityLevel;
import io.grpc.ServerCredentials;
import io.grpc.Status;
import io.grpc.TlsChannelCredentials;
import io.grpc.TlsServerCredentials;
import io.grpc.internal.GrpcAttributes;
import io.grpc.internal.GrpcUtil;
import io.grpc.internal.ObjectPool;
import io.grpc.netty.ProtocolNegotiator;
import io.netty.channel.ChannelDuplexHandler;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.http.DefaultHttpRequest;
import io.netty.handler.codec.http.HttpClientCodec;
import io.netty.handler.codec.http.HttpClientUpgradeHandler;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http2.Http2ClientUpgradeCodec;
import io.netty.handler.proxy.HttpProxyHandler;
import io.netty.handler.proxy.ProxyConnectionEvent;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.OpenSslEngine;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslHandshakeCompletionEvent;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.AsciiString;
import java.io.ByteArrayInputStream;
import java.net.SocketAddress;
import java.net.URI;
import java.nio.channels.ClosedChannelException;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.apache.naming.factory.Constants;

/* loaded from: input_file:io/grpc/netty/ProtocolNegotiators.class */
final class ProtocolNegotiators {
    private static final Logger log = Logger.getLogger(ProtocolNegotiators.class.getName());
    private static final EnumSet<TlsChannelCredentials.Feature> understoodTlsFeatures = EnumSet.of(TlsChannelCredentials.Feature.MTLS, TlsChannelCredentials.Feature.CUSTOM_MANAGERS);
    private static final EnumSet<TlsServerCredentials.Feature> understoodServerTlsFeatures = EnumSet.of(TlsServerCredentials.Feature.MTLS, TlsServerCredentials.Feature.CUSTOM_MANAGERS);

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$ClientTlsHandler.class */
    static final class ClientTlsHandler extends ProtocolNegotiationHandler {
        private final SslContext sslContext;
        private final String host;
        private final int port;
        private Executor executor;
        private final Optional<Runnable> handshakeCompleteRunnable;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ClientTlsHandler(ChannelHandler channelHandler, SslContext sslContext, String str, Executor executor, ChannelLogger channelLogger, Optional<Runnable> optional) {
            super(channelHandler, channelLogger);
            this.sslContext = (SslContext) Preconditions.checkNotNull(sslContext, "sslContext");
            HostPort parseAuthority = ProtocolNegotiators.parseAuthority(str);
            this.host = parseAuthority.host;
            this.port = parseAuthority.port;
            this.executor = executor;
            this.handshakeCompleteRunnable = optional;
        }

        @Override // io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        protected void handlerAdded0(ChannelHandlerContext channelHandlerContext) {
            SSLEngine newEngine = this.sslContext.newEngine(channelHandlerContext.alloc(), this.host, this.port);
            SSLParameters sSLParameters = newEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            newEngine.setSSLParameters(sSLParameters);
            channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, this.executor != null ? new SslHandler(newEngine, false, this.executor) : new SslHandler(newEngine, false));
        }

        @Override // io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        protected void userEventTriggered0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!(obj instanceof SslHandshakeCompletionEvent)) {
                super.userEventTriggered0(channelHandlerContext, obj);
                return;
            }
            SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
            if (!sslHandshakeCompletionEvent.isSuccess()) {
                Throwable cause = sslHandshakeCompletionEvent.cause();
                if (cause instanceof ClosedChannelException) {
                    cause = Status.UNAVAILABLE.withDescription("Connection closed while performing TLS negotiation").withCause(cause).asRuntimeException();
                }
                if (this.handshakeCompleteRunnable.isPresent()) {
                    this.handshakeCompleteRunnable.get().run();
                }
                channelHandlerContext.fireExceptionCaught(cause);
                return;
            }
            SslHandler sslHandler = (SslHandler) channelHandlerContext.pipeline().get(SslHandler.class);
            if (this.sslContext.applicationProtocolNegotiator().protocols().contains(sslHandler.applicationProtocol())) {
                ProtocolNegotiators.logSslEngineDetails(Level.FINER, channelHandlerContext, "TLS negotiation succeeded.", null);
                propagateTlsComplete(channelHandlerContext, sslHandler.engine().getSession());
                return;
            }
            RuntimeException unavailableException = ProtocolNegotiators.unavailableException("Failed ALPN negotiation: Unable to find compatible protocol");
            ProtocolNegotiators.logSslEngineDetails(Level.FINE, channelHandlerContext, "TLS negotiation failed.", unavailableException);
            if (this.handshakeCompleteRunnable.isPresent()) {
                this.handshakeCompleteRunnable.get().run();
            }
            channelHandlerContext.fireExceptionCaught((Throwable) unavailableException);
        }

        private void propagateTlsComplete(ChannelHandlerContext channelHandlerContext, SSLSession sSLSession) {
            InternalChannelz.Security security = new InternalChannelz.Security(new InternalChannelz.Tls(sSLSession));
            ProtocolNegotiationEvent protocolNegotiationEvent = getProtocolNegotiationEvent();
            replaceProtocolNegotiationEvent(protocolNegotiationEvent.withAttributes(protocolNegotiationEvent.getAttributes().toBuilder().set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY).set(Grpc.TRANSPORT_ATTR_SSL_SESSION, sSLSession).build()).withSecurity(security));
            if (this.handshakeCompleteRunnable.isPresent()) {
                this.handshakeCompleteRunnable.get().run();
            }
            fireProtocolNegotiationEvent(channelHandlerContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$ClientTlsProtocolNegotiator.class */
    public static final class ClientTlsProtocolNegotiator implements ProtocolNegotiator {
        private final SslContext sslContext;
        private final ObjectPool<? extends Executor> executorPool;
        private final Optional<Runnable> handshakeCompleteRunnable;
        private Executor executor;

        public ClientTlsProtocolNegotiator(SslContext sslContext, ObjectPool<? extends Executor> objectPool, Optional<Runnable> optional) {
            this.sslContext = (SslContext) Preconditions.checkNotNull(sslContext, "sslContext");
            this.executorPool = objectPool;
            if (this.executorPool != null) {
                this.executor = this.executorPool.getObject();
            }
            this.handshakeCompleteRunnable = optional;
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public AsciiString scheme() {
            return Utils.HTTPS;
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            GrpcNegotiationHandler grpcNegotiationHandler = new GrpcNegotiationHandler(grpcHttp2ConnectionHandler);
            ChannelLogger negotiationLogger = grpcHttp2ConnectionHandler.getNegotiationLogger();
            return new WaitUntilActiveHandler(new ClientTlsHandler(grpcNegotiationHandler, this.sslContext, grpcHttp2ConnectionHandler.getAuthority(), this.executor, negotiationLogger, this.handshakeCompleteRunnable), negotiationLogger);
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public void close() {
            if (this.executorPool == null || this.executor == null) {
                return;
            }
            this.executorPool.returnObject(this.executor);
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$FixedProtocolNegotiatorServerFactory.class */
    private static final class FixedProtocolNegotiatorServerFactory implements ProtocolNegotiator.ServerFactory {
        private final ProtocolNegotiator protocolNegotiator;

        public FixedProtocolNegotiatorServerFactory(ProtocolNegotiator protocolNegotiator) {
            this.protocolNegotiator = (ProtocolNegotiator) Preconditions.checkNotNull(protocolNegotiator, "protocolNegotiator");
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ServerFactory
        public ProtocolNegotiator newNegotiator(ObjectPool<? extends Executor> objectPool) {
            return this.protocolNegotiator;
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$FromChannelCredentialsResult.class */
    public static final class FromChannelCredentialsResult {
        public final ProtocolNegotiator.ClientFactory negotiator;
        public final CallCredentials callCredentials;
        public final String error;

        private FromChannelCredentialsResult(ProtocolNegotiator.ClientFactory clientFactory, CallCredentials callCredentials, String str) {
            this.negotiator = clientFactory;
            this.callCredentials = callCredentials;
            this.error = str;
        }

        public static FromChannelCredentialsResult error(String str) {
            return new FromChannelCredentialsResult(null, null, (String) Preconditions.checkNotNull(str, BpmnModelConstants.BPMN_ELEMENT_ERROR));
        }

        public static FromChannelCredentialsResult negotiator(ProtocolNegotiator.ClientFactory clientFactory) {
            return new FromChannelCredentialsResult((ProtocolNegotiator.ClientFactory) Preconditions.checkNotNull(clientFactory, Constants.FACTORY), null, null);
        }

        public FromChannelCredentialsResult withCallCredentials(CallCredentials callCredentials) {
            Preconditions.checkNotNull(callCredentials, "callCreds");
            if (this.error != null) {
                return this;
            }
            if (this.callCredentials != null) {
                callCredentials = new CompositeCallCredentials(this.callCredentials, callCredentials);
            }
            return new FromChannelCredentialsResult(this.negotiator, callCredentials, null);
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$FromServerCredentialsResult.class */
    public static final class FromServerCredentialsResult {
        public final ProtocolNegotiator.ServerFactory negotiator;
        public final String error;

        private FromServerCredentialsResult(ProtocolNegotiator.ServerFactory serverFactory, String str) {
            this.negotiator = serverFactory;
            this.error = str;
        }

        public static FromServerCredentialsResult error(String str) {
            return new FromServerCredentialsResult(null, (String) Preconditions.checkNotNull(str, BpmnModelConstants.BPMN_ELEMENT_ERROR));
        }

        public static FromServerCredentialsResult negotiator(ProtocolNegotiator.ServerFactory serverFactory) {
            return new FromServerCredentialsResult((ProtocolNegotiator.ServerFactory) Preconditions.checkNotNull(serverFactory, Constants.FACTORY), null);
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$GrpcNegotiationHandler.class */
    static final class GrpcNegotiationHandler extends ChannelInboundHandlerAdapter {
        private final GrpcHttp2ConnectionHandler next;

        public GrpcNegotiationHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            this.next = (GrpcHttp2ConnectionHandler) Preconditions.checkNotNull(grpcHttp2ConnectionHandler, "next");
        }

        @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!(obj instanceof ProtocolNegotiationEvent)) {
                super.userEventTriggered(channelHandlerContext, obj);
                return;
            }
            ProtocolNegotiationEvent protocolNegotiationEvent = (ProtocolNegotiationEvent) obj;
            channelHandlerContext.pipeline().replace(channelHandlerContext.name(), (String) null, this.next);
            this.next.handleProtocolNegotiationCompleted(protocolNegotiationEvent.getAttributes(), protocolNegotiationEvent.getSecurity());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$HostPort.class */
    public static final class HostPort {
        final String host;
        final int port;

        public HostPort(String str, int i) {
            this.host = str;
            this.port = i;
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$Http2UpgradeAndGrpcHandler.class */
    static final class Http2UpgradeAndGrpcHandler extends ChannelInboundHandlerAdapter {
        private final String authority;
        private final GrpcHttp2ConnectionHandler next;
        private final ChannelLogger negotiationLogger;
        private ProtocolNegotiationEvent pne;

        Http2UpgradeAndGrpcHandler(String str, GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            this.authority = (String) Preconditions.checkNotNull(str, "authority");
            this.next = (GrpcHttp2ConnectionHandler) Preconditions.checkNotNull(grpcHttp2ConnectionHandler, "next");
            this.negotiationLogger = grpcHttp2ConnectionHandler.getNegotiationLogger();
        }

        @Override // io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler
        public void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
            this.negotiationLogger.log(ChannelLogger.ChannelLogLevel.INFO, "Http2Upgrade started");
            HttpClientCodec httpClientCodec = new HttpClientCodec();
            channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, httpClientCodec);
            channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, new HttpClientUpgradeHandler(httpClientCodec, new Http2ClientUpgradeCodec(this.next), 1000));
            DefaultHttpRequest defaultHttpRequest = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.GET, "/");
            defaultHttpRequest.headers().add(HttpHeaderNames.HOST, this.authority);
            channelHandlerContext.writeAndFlush(defaultHttpRequest).addListener2(ChannelFutureListener.FIRE_EXCEPTION_ON_FAILURE);
            super.handlerAdded(channelHandlerContext);
        }

        @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (obj instanceof ProtocolNegotiationEvent) {
                Preconditions.checkState(this.pne == null, "negotiation already started");
                this.pne = (ProtocolNegotiationEvent) obj;
            } else {
                if (obj == HttpClientUpgradeHandler.UpgradeEvent.UPGRADE_SUCCESSFUL) {
                    Preconditions.checkState(this.pne != null, "negotiation not yet complete");
                    this.negotiationLogger.log(ChannelLogger.ChannelLogLevel.INFO, "Http2Upgrade finished");
                    channelHandlerContext.pipeline().remove(channelHandlerContext.name());
                    this.next.handleProtocolNegotiationCompleted(this.pne.getAttributes(), this.pne.getSecurity());
                    return;
                }
                if (obj == HttpClientUpgradeHandler.UpgradeEvent.UPGRADE_REJECTED) {
                    channelHandlerContext.fireExceptionCaught((Throwable) ProtocolNegotiators.unavailableException("HTTP/2 upgrade rejected"));
                } else {
                    super.userEventTriggered(channelHandlerContext, obj);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$PlaintextProtocolNegotiator.class */
    public static final class PlaintextProtocolNegotiator implements ProtocolNegotiator {
        PlaintextProtocolNegotiator() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            return new WaitUntilActiveHandler(new GrpcNegotiationHandler(grpcHttp2ConnectionHandler), grpcHttp2ConnectionHandler.getNegotiationLogger());
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public void close() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public AsciiString scheme() {
            return Utils.HTTP;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$PlaintextProtocolNegotiatorClientFactory.class */
    public static final class PlaintextProtocolNegotiatorClientFactory implements ProtocolNegotiator.ClientFactory {
        PlaintextProtocolNegotiatorClientFactory() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public ProtocolNegotiator newNegotiator() {
            return ProtocolNegotiators.plaintext();
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public int getDefaultPort() {
            return 80;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$PlaintextProtocolNegotiatorServerFactory.class */
    public static final class PlaintextProtocolNegotiatorServerFactory implements ProtocolNegotiator.ServerFactory {
        PlaintextProtocolNegotiatorServerFactory() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ServerFactory
        public ProtocolNegotiator newNegotiator(ObjectPool<? extends Executor> objectPool) {
            return ProtocolNegotiators.serverPlaintext();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$PlaintextUpgradeProtocolNegotiator.class */
    public static final class PlaintextUpgradeProtocolNegotiator implements ProtocolNegotiator {
        PlaintextUpgradeProtocolNegotiator() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public AsciiString scheme() {
            return Utils.HTTP;
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
            return new WaitUntilActiveHandler(new Http2UpgradeAndGrpcHandler(grpcHttp2ConnectionHandler.getAuthority(), grpcHttp2ConnectionHandler), grpcHttp2ConnectionHandler.getNegotiationLogger());
        }

        @Override // io.grpc.netty.ProtocolNegotiator
        public void close() {
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$PlaintextUpgradeProtocolNegotiatorClientFactory.class */
    private static final class PlaintextUpgradeProtocolNegotiatorClientFactory implements ProtocolNegotiator.ClientFactory {
        private PlaintextUpgradeProtocolNegotiatorClientFactory() {
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public ProtocolNegotiator newNegotiator() {
            return ProtocolNegotiators.plaintextUpgrade();
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public int getDefaultPort() {
            return 80;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$ProtocolNegotiationHandler.class */
    public static class ProtocolNegotiationHandler extends ChannelDuplexHandler {
        private final ChannelHandler next;
        private final String negotiatorName;
        private ProtocolNegotiationEvent pne;
        private final ChannelLogger negotiationLogger;

        /* JADX INFO: Access modifiers changed from: protected */
        public ProtocolNegotiationHandler(ChannelHandler channelHandler, String str, ChannelLogger channelLogger) {
            this.next = (ChannelHandler) Preconditions.checkNotNull(channelHandler, "next");
            this.negotiatorName = str;
            this.negotiationLogger = (ChannelLogger) Preconditions.checkNotNull(channelLogger, "negotiationLogger");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public ProtocolNegotiationHandler(ChannelHandler channelHandler, ChannelLogger channelLogger) {
            this.next = (ChannelHandler) Preconditions.checkNotNull(channelHandler, "next");
            this.negotiatorName = getClass().getSimpleName().replace("Handler", "");
            this.negotiationLogger = (ChannelLogger) Preconditions.checkNotNull(channelLogger, "negotiationLogger");
        }

        @Override // io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler
        public final void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
            this.negotiationLogger.log(ChannelLogger.ChannelLogLevel.DEBUG, "{0} started", this.negotiatorName);
            handlerAdded0(channelHandlerContext);
        }

        @ForOverride
        protected void handlerAdded0(ChannelHandlerContext channelHandlerContext) throws Exception {
            super.handlerAdded(channelHandlerContext);
        }

        @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
        public final void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (!(obj instanceof ProtocolNegotiationEvent)) {
                userEventTriggered0(channelHandlerContext, obj);
                return;
            }
            Preconditions.checkState(this.pne == null, "pre-existing negotiation: %s < %s", this.pne, obj);
            this.pne = (ProtocolNegotiationEvent) obj;
            protocolNegotiationEventTriggered(channelHandlerContext);
        }

        protected void userEventTriggered0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            super.userEventTriggered(channelHandlerContext, obj);
        }

        @ForOverride
        protected void protocolNegotiationEventTriggered(ChannelHandlerContext channelHandlerContext) {
        }

        protected final ProtocolNegotiationEvent getProtocolNegotiationEvent() {
            Preconditions.checkState(this.pne != null, "previous protocol negotiation event hasn't triggered");
            return this.pne;
        }

        protected final void replaceProtocolNegotiationEvent(ProtocolNegotiationEvent protocolNegotiationEvent) {
            Preconditions.checkState(this.pne != null, "previous protocol negotiation event hasn't triggered");
            this.pne = (ProtocolNegotiationEvent) Preconditions.checkNotNull(protocolNegotiationEvent);
        }

        protected final void fireProtocolNegotiationEvent(ChannelHandlerContext channelHandlerContext) {
            Preconditions.checkState(this.pne != null, "previous protocol negotiation event hasn't triggered");
            this.negotiationLogger.log(ChannelLogger.ChannelLogLevel.INFO, "{0} completed", this.negotiatorName);
            channelHandlerContext.pipeline().replace(channelHandlerContext.name(), (String) null, this.next);
            channelHandlerContext.fireUserEventTriggered((Object) this.pne);
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$ProxyProtocolNegotiationHandler.class */
    static final class ProxyProtocolNegotiationHandler extends ProtocolNegotiationHandler {
        private final SocketAddress address;

        @Nullable
        private final String userName;

        @Nullable
        private final String password;

        public ProxyProtocolNegotiationHandler(SocketAddress socketAddress, @Nullable String str, @Nullable String str2, ChannelHandler channelHandler, ChannelLogger channelLogger) {
            super(channelHandler, channelLogger);
            this.address = (SocketAddress) Preconditions.checkNotNull(socketAddress, "address");
            this.userName = str;
            this.password = str2;
        }

        @Override // io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        protected void protocolNegotiationEventTriggered(ChannelHandlerContext channelHandlerContext) {
            channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, (this.userName == null || this.password == null) ? new HttpProxyHandler(this.address) : new HttpProxyHandler(this.address, this.userName, this.password));
        }

        @Override // io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        protected void userEventTriggered0(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (obj instanceof ProxyConnectionEvent) {
                fireProtocolNegotiationEvent(channelHandlerContext);
            } else {
                super.userEventTriggered(channelHandlerContext, obj);
            }
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$ServerTlsHandler.class */
    static final class ServerTlsHandler extends ChannelInboundHandlerAdapter {
        private Executor executor;
        private final ChannelHandler next;
        private final SslContext sslContext;
        private ProtocolNegotiationEvent pne = ProtocolNegotiationEvent.DEFAULT;

        ServerTlsHandler(ChannelHandler channelHandler, SslContext sslContext, ObjectPool<? extends Executor> objectPool) {
            this.sslContext = (SslContext) Preconditions.checkNotNull(sslContext, "sslContext");
            this.next = (ChannelHandler) Preconditions.checkNotNull(channelHandler, "next");
            if (objectPool != null) {
                this.executor = objectPool.getObject();
            }
        }

        @Override // io.netty.channel.ChannelHandlerAdapter, io.netty.channel.ChannelHandler
        public void handlerAdded(ChannelHandlerContext channelHandlerContext) throws Exception {
            super.handlerAdded(channelHandlerContext);
            SSLEngine newEngine = this.sslContext.newEngine(channelHandlerContext.alloc());
            channelHandlerContext.pipeline().addBefore(channelHandlerContext.name(), null, this.executor != null ? new SslHandler(newEngine, false, this.executor) : new SslHandler(newEngine, false));
        }

        @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
        public void userEventTriggered(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            if (obj instanceof ProtocolNegotiationEvent) {
                this.pne = (ProtocolNegotiationEvent) obj;
                return;
            }
            if (!(obj instanceof SslHandshakeCompletionEvent)) {
                super.userEventTriggered(channelHandlerContext, obj);
                return;
            }
            SslHandshakeCompletionEvent sslHandshakeCompletionEvent = (SslHandshakeCompletionEvent) obj;
            if (!sslHandshakeCompletionEvent.isSuccess()) {
                ProtocolNegotiators.logSslEngineDetails(Level.FINE, channelHandlerContext, "TLS negotiation failed for new client.", null);
                channelHandlerContext.fireExceptionCaught(sslHandshakeCompletionEvent.cause());
                return;
            }
            SslHandler sslHandler = (SslHandler) channelHandlerContext.pipeline().get(SslHandler.class);
            if (this.sslContext.applicationProtocolNegotiator().protocols().contains(sslHandler.applicationProtocol())) {
                channelHandlerContext.pipeline().replace(channelHandlerContext.name(), (String) null, this.next);
                fireProtocolNegotiationEvent(channelHandlerContext, sslHandler.engine().getSession());
            } else {
                ProtocolNegotiators.logSslEngineDetails(Level.FINE, channelHandlerContext, "TLS negotiation failed for new client.", null);
                channelHandlerContext.fireExceptionCaught((Throwable) ProtocolNegotiators.unavailableException("Failed protocol negotiation: Unable to find compatible protocol"));
            }
        }

        private void fireProtocolNegotiationEvent(ChannelHandlerContext channelHandlerContext, SSLSession sSLSession) {
            channelHandlerContext.fireUserEventTriggered((Object) this.pne.withAttributes(this.pne.getAttributes().toBuilder().set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.PRIVACY_AND_INTEGRITY).set(Grpc.TRANSPORT_ATTR_SSL_SESSION, sSLSession).build()).withSecurity(new InternalChannelz.Security(new InternalChannelz.Tls(sSLSession))));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$TlsProtocolNegotiatorClientFactory.class */
    public static final class TlsProtocolNegotiatorClientFactory implements ProtocolNegotiator.ClientFactory {
        private final SslContext sslContext;

        public TlsProtocolNegotiatorClientFactory(SslContext sslContext) {
            this.sslContext = (SslContext) Preconditions.checkNotNull(sslContext, "sslContext");
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public ProtocolNegotiator newNegotiator() {
            return ProtocolNegotiators.tls(this.sslContext);
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ClientFactory
        public int getDefaultPort() {
            return GrpcUtil.DEFAULT_PORT_SSL;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$TlsProtocolNegotiatorServerFactory.class */
    public static final class TlsProtocolNegotiatorServerFactory implements ProtocolNegotiator.ServerFactory {
        private final SslContext sslContext;

        public TlsProtocolNegotiatorServerFactory(SslContext sslContext) {
            this.sslContext = (SslContext) Preconditions.checkNotNull(sslContext, "sslContext");
        }

        @Override // io.grpc.netty.ProtocolNegotiator.ServerFactory
        public ProtocolNegotiator newNegotiator(ObjectPool<? extends Executor> objectPool) {
            return ProtocolNegotiators.serverTls(this.sslContext, objectPool);
        }
    }

    /* loaded from: input_file:io/grpc/netty/ProtocolNegotiators$WaitUntilActiveHandler.class */
    static final class WaitUntilActiveHandler extends ProtocolNegotiationHandler {
        boolean protocolNegotiationEventReceived;

        /* JADX INFO: Access modifiers changed from: package-private */
        public WaitUntilActiveHandler(ChannelHandler channelHandler, ChannelLogger channelLogger) {
            super(channelHandler, channelLogger);
        }

        @Override // io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
        public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
            if (this.protocolNegotiationEventReceived) {
                replaceOnActive(channelHandlerContext);
                fireProtocolNegotiationEvent(channelHandlerContext);
            }
            super.channelActive(channelHandlerContext);
        }

        @Override // io.grpc.netty.ProtocolNegotiators.ProtocolNegotiationHandler
        protected void protocolNegotiationEventTriggered(ChannelHandlerContext channelHandlerContext) {
            this.protocolNegotiationEventReceived = true;
            if (channelHandlerContext.channel().isActive()) {
                replaceOnActive(channelHandlerContext);
                fireProtocolNegotiationEvent(channelHandlerContext);
            }
        }

        private void replaceOnActive(ChannelHandlerContext channelHandlerContext) {
            ProtocolNegotiationEvent protocolNegotiationEvent = getProtocolNegotiationEvent();
            replaceProtocolNegotiationEvent(protocolNegotiationEvent.withAttributes(protocolNegotiationEvent.getAttributes().toBuilder().set(Grpc.TRANSPORT_ATTR_LOCAL_ADDR, channelHandlerContext.channel().localAddress()).set(Grpc.TRANSPORT_ATTR_REMOTE_ADDR, channelHandlerContext.channel().remoteAddress()).set(GrpcAttributes.ATTR_SECURITY_LEVEL, SecurityLevel.NONE).build()));
        }
    }

    private ProtocolNegotiators() {
    }

    public static FromChannelCredentialsResult from(ChannelCredentials channelCredentials) {
        if (channelCredentials instanceof TlsChannelCredentials) {
            TlsChannelCredentials tlsChannelCredentials = (TlsChannelCredentials) channelCredentials;
            Set<TlsChannelCredentials.Feature> incomprehensible = tlsChannelCredentials.incomprehensible(understoodTlsFeatures);
            if (!incomprehensible.isEmpty()) {
                return FromChannelCredentialsResult.error("TLS features not understood: " + incomprehensible);
            }
            SslContextBuilder forClient = GrpcSslContexts.forClient();
            if (tlsChannelCredentials.getKeyManagers() != null) {
                forClient.keyManager(new FixedKeyManagerFactory(tlsChannelCredentials.getKeyManagers()));
            } else if (tlsChannelCredentials.getPrivateKey() != null) {
                forClient.keyManager(new ByteArrayInputStream(tlsChannelCredentials.getCertificateChain()), new ByteArrayInputStream(tlsChannelCredentials.getPrivateKey()), tlsChannelCredentials.getPrivateKeyPassword());
            }
            if (tlsChannelCredentials.getTrustManagers() != null) {
                forClient.trustManager(new FixedTrustManagerFactory(tlsChannelCredentials.getTrustManagers()));
            } else if (tlsChannelCredentials.getRootCertificates() != null) {
                forClient.trustManager(new ByteArrayInputStream(tlsChannelCredentials.getRootCertificates()));
            }
            try {
                return FromChannelCredentialsResult.negotiator(tlsClientFactory(forClient.build()));
            } catch (SSLException e) {
                log.log(Level.FINE, "Exception building SslContext", (Throwable) e);
                return FromChannelCredentialsResult.error("Unable to create SslContext: " + e.getMessage());
            }
        }
        if (channelCredentials instanceof InsecureChannelCredentials) {
            return FromChannelCredentialsResult.negotiator(plaintextClientFactory());
        }
        if (channelCredentials instanceof CompositeChannelCredentials) {
            CompositeChannelCredentials compositeChannelCredentials = (CompositeChannelCredentials) channelCredentials;
            return from(compositeChannelCredentials.getChannelCredentials()).withCallCredentials(compositeChannelCredentials.getCallCredentials());
        }
        if (channelCredentials instanceof NettyChannelCredentials) {
            return FromChannelCredentialsResult.negotiator(((NettyChannelCredentials) channelCredentials).getNegotiator());
        }
        if (!(channelCredentials instanceof ChoiceChannelCredentials)) {
            return FromChannelCredentialsResult.error("Unsupported credential type: " + channelCredentials.getClass().getName());
        }
        StringBuilder sb = new StringBuilder();
        Iterator<ChannelCredentials> it = ((ChoiceChannelCredentials) channelCredentials).getCredentialsList().iterator();
        while (it.hasNext()) {
            FromChannelCredentialsResult from = from(it.next());
            if (from.error == null) {
                return from;
            }
            sb.append(", ");
            sb.append(from.error);
        }
        return FromChannelCredentialsResult.error(sb.substring(2));
    }

    public static FromServerCredentialsResult from(ServerCredentials serverCredentials) {
        SslContextBuilder forServer;
        if (!(serverCredentials instanceof TlsServerCredentials)) {
            if (serverCredentials instanceof InsecureServerCredentials) {
                return FromServerCredentialsResult.negotiator(serverPlaintextFactory());
            }
            if (serverCredentials instanceof NettyServerCredentials) {
                return FromServerCredentialsResult.negotiator(((NettyServerCredentials) serverCredentials).getNegotiator());
            }
            if (!(serverCredentials instanceof ChoiceServerCredentials)) {
                return FromServerCredentialsResult.error("Unsupported credential type: " + serverCredentials.getClass().getName());
            }
            StringBuilder sb = new StringBuilder();
            Iterator<ServerCredentials> it = ((ChoiceServerCredentials) serverCredentials).getCredentialsList().iterator();
            while (it.hasNext()) {
                FromServerCredentialsResult from = from(it.next());
                if (from.error == null) {
                    return from;
                }
                sb.append(", ");
                sb.append(from.error);
            }
            return FromServerCredentialsResult.error(sb.substring(2));
        }
        TlsServerCredentials tlsServerCredentials = (TlsServerCredentials) serverCredentials;
        Set<TlsServerCredentials.Feature> incomprehensible = tlsServerCredentials.incomprehensible(understoodServerTlsFeatures);
        if (!incomprehensible.isEmpty()) {
            return FromServerCredentialsResult.error("TLS features not understood: " + incomprehensible);
        }
        if (tlsServerCredentials.getKeyManagers() != null) {
            forServer = GrpcSslContexts.configure(SslContextBuilder.forServer(new FixedKeyManagerFactory(tlsServerCredentials.getKeyManagers())));
        } else {
            if (tlsServerCredentials.getPrivateKey() == null) {
                throw new AssertionError("BUG! No key");
            }
            forServer = GrpcSslContexts.forServer(new ByteArrayInputStream(tlsServerCredentials.getCertificateChain()), new ByteArrayInputStream(tlsServerCredentials.getPrivateKey()), tlsServerCredentials.getPrivateKeyPassword());
        }
        if (tlsServerCredentials.getTrustManagers() != null) {
            forServer.trustManager(new FixedTrustManagerFactory(tlsServerCredentials.getTrustManagers()));
        } else if (tlsServerCredentials.getRootCertificates() != null) {
            forServer.trustManager(new ByteArrayInputStream(tlsServerCredentials.getRootCertificates()));
        }
        switch (tlsServerCredentials.getClientAuth()) {
            case OPTIONAL:
                forServer.clientAuth(ClientAuth.OPTIONAL);
                break;
            case REQUIRE:
                forServer.clientAuth(ClientAuth.REQUIRE);
                break;
            case NONE:
                forServer.clientAuth(ClientAuth.NONE);
                break;
            default:
                return FromServerCredentialsResult.error("Unknown TlsServerCredentials.ClientAuth value: " + tlsServerCredentials.getClientAuth());
        }
        try {
            return FromServerCredentialsResult.negotiator(serverTlsFactory(forServer.build()));
        } catch (SSLException e) {
            throw new IllegalArgumentException("Unexpected error converting ServerCredentials to Netty SslContext", e);
        }
    }

    public static ProtocolNegotiator.ServerFactory fixedServerFactory(ProtocolNegotiator protocolNegotiator) {
        return new FixedProtocolNegotiatorServerFactory(protocolNegotiator);
    }

    public static ProtocolNegotiator serverPlaintext() {
        return new PlaintextProtocolNegotiator();
    }

    public static ProtocolNegotiator.ServerFactory serverPlaintextFactory() {
        return new PlaintextProtocolNegotiatorServerFactory();
    }

    public static ProtocolNegotiator.ServerFactory serverTlsFactory(SslContext sslContext) {
        return new TlsProtocolNegotiatorServerFactory(sslContext);
    }

    public static ProtocolNegotiator serverTls(final SslContext sslContext, final ObjectPool<? extends Executor> objectPool) {
        Preconditions.checkNotNull(sslContext, "sslContext");
        final Executor object = objectPool != null ? objectPool.getObject() : null;
        return new ProtocolNegotiator() { // from class: io.grpc.netty.ProtocolNegotiators.1
            @Override // io.grpc.netty.ProtocolNegotiator
            public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
                return new WaitUntilActiveHandler(new ServerTlsHandler(new GrpcNegotiationHandler(grpcHttp2ConnectionHandler), SslContext.this, objectPool), grpcHttp2ConnectionHandler.getNegotiationLogger());
            }

            @Override // io.grpc.netty.ProtocolNegotiator
            public void close() {
                if (objectPool == null || object == null) {
                    return;
                }
                objectPool.returnObject(object);
            }

            @Override // io.grpc.netty.ProtocolNegotiator
            public AsciiString scheme() {
                return Utils.HTTPS;
            }
        };
    }

    public static ProtocolNegotiator serverTls(SslContext sslContext) {
        return serverTls(sslContext, null);
    }

    public static ProtocolNegotiator httpProxy(final SocketAddress socketAddress, @Nullable final String str, @Nullable final String str2, final ProtocolNegotiator protocolNegotiator) {
        Preconditions.checkNotNull(protocolNegotiator, "negotiator");
        Preconditions.checkNotNull(socketAddress, "proxyAddress");
        final AsciiString scheme = protocolNegotiator.scheme();
        return new ProtocolNegotiator() { // from class: io.grpc.netty.ProtocolNegotiators.1ProxyNegotiator
            @Override // io.grpc.netty.ProtocolNegotiator
            public ChannelHandler newHandler(GrpcHttp2ConnectionHandler grpcHttp2ConnectionHandler) {
                return new ProxyProtocolNegotiationHandler(socketAddress, str, str2, ProtocolNegotiator.this.newHandler(grpcHttp2ConnectionHandler), grpcHttp2ConnectionHandler.getNegotiationLogger());
            }

            @Override // io.grpc.netty.ProtocolNegotiator
            public AsciiString scheme() {
                return scheme;
            }

            @Override // io.grpc.netty.ProtocolNegotiator
            public void close() {
                ProtocolNegotiator.this.close();
            }
        };
    }

    @VisibleForTesting
    static HostPort parseAuthority(String str) {
        String str2;
        int i;
        URI authorityToUri = GrpcUtil.authorityToUri((String) Preconditions.checkNotNull(str, "authority"));
        if (authorityToUri.getHost() != null) {
            str2 = authorityToUri.getHost();
            i = authorityToUri.getPort();
        } else {
            str2 = str;
            i = -1;
        }
        return new HostPort(str2, i);
    }

    public static ProtocolNegotiator tls(SslContext sslContext, ObjectPool<? extends Executor> objectPool, Optional<Runnable> optional) {
        return new ClientTlsProtocolNegotiator(sslContext, objectPool, optional);
    }

    public static ProtocolNegotiator tls(SslContext sslContext) {
        return tls(sslContext, null, Optional.empty());
    }

    public static ProtocolNegotiator.ClientFactory tlsClientFactory(SslContext sslContext) {
        return new TlsProtocolNegotiatorClientFactory(sslContext);
    }

    public static ProtocolNegotiator plaintextUpgrade() {
        return new PlaintextUpgradeProtocolNegotiator();
    }

    public static ProtocolNegotiator.ClientFactory plaintextUpgradeClientFactory() {
        return new PlaintextUpgradeProtocolNegotiatorClientFactory();
    }

    public static ProtocolNegotiator plaintext() {
        return new PlaintextProtocolNegotiator();
    }

    public static ProtocolNegotiator.ClientFactory plaintextClientFactory() {
        return new PlaintextProtocolNegotiatorClientFactory();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static RuntimeException unavailableException(String str) {
        return Status.UNAVAILABLE.withDescription(str).asRuntimeException();
    }

    @VisibleForTesting
    static void logSslEngineDetails(Level level, ChannelHandlerContext channelHandlerContext, String str, @Nullable Throwable th) {
        if (log.isLoggable(level)) {
            SslHandler sslHandler = (SslHandler) channelHandlerContext.pipeline().get(SslHandler.class);
            SSLEngine engine = sslHandler.engine();
            StringBuilder sb = new StringBuilder(str);
            sb.append("\nSSLEngine Details: [\n");
            if (engine instanceof OpenSslEngine) {
                sb.append("    OpenSSL, ");
                sb.append("Version: 0x").append(Integer.toHexString(OpenSsl.version()));
                sb.append(" (").append(OpenSsl.versionString()).append("), ");
                sb.append("ALPN supported: ").append(SslProvider.isAlpnSupported(SslProvider.OPENSSL));
            } else if (JettyTlsUtil.isJettyAlpnConfigured()) {
                sb.append("    Jetty ALPN");
            } else if (JettyTlsUtil.isJettyNpnConfigured()) {
                sb.append("    Jetty NPN");
            } else if (JettyTlsUtil.isJava9AlpnAvailable()) {
                sb.append("    JDK9 ALPN");
            }
            sb.append("\n    TLS Protocol: ");
            sb.append(engine.getSession().getProtocol());
            sb.append("\n    Application Protocol: ");
            sb.append(sslHandler.applicationProtocol());
            sb.append("\n    Need Client Auth: ");
            sb.append(engine.getNeedClientAuth());
            sb.append("\n    Want Client Auth: ");
            sb.append(engine.getWantClientAuth());
            sb.append("\n    Supported protocols=");
            sb.append(Arrays.toString(engine.getSupportedProtocols()));
            sb.append("\n    Enabled protocols=");
            sb.append(Arrays.toString(engine.getEnabledProtocols()));
            sb.append("\n    Supported ciphers=");
            sb.append(Arrays.toString(engine.getSupportedCipherSuites()));
            sb.append("\n    Enabled ciphers=");
            sb.append(Arrays.toString(engine.getEnabledCipherSuites()));
            sb.append("\n]");
            log.log(level, sb.toString(), th);
        }
    }
}
