package com.hivemq.bootstrap.netty.initializer;

import com.hivemq.bootstrap.netty.ChannelDependencies;
import com.hivemq.bootstrap.netty.ChannelHandlerNames;
import com.hivemq.configuration.service.entity.Tls;
import com.hivemq.configuration.service.entity.TlsListener;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.mqtt.handler.connect.NoTlsHandshakeIdleHandler;
import com.hivemq.mqtt.handler.disconnect.MqttServerDisconnector;
import com.hivemq.security.exception.SslException;
import com.hivemq.security.ssl.SslClientCertificateHandler;
import com.hivemq.security.ssl.SslExceptionHandler;
import com.hivemq.security.ssl.SslFactory;
import com.hivemq.security.ssl.SslSniHandler;
import io.netty.channel.Channel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.IdleStateHandler;
import java.util.concurrent.TimeUnit;

/* loaded from: input_file:com/hivemq/bootstrap/netty/initializer/AbstractTlsChannelInitializer.class */
public abstract class AbstractTlsChannelInitializer extends AbstractChannelInitializer {

    @NotNull
    private final TlsListener tlsListener;

    @NotNull
    private final SslFactory sslFactory;

    @NotNull
    private final ChannelDependencies channelDependencies;

    public AbstractTlsChannelInitializer(@NotNull ChannelDependencies channelDependencies, @NotNull TlsListener tlsListener, @NotNull SslFactory sslFactory) {
        super(channelDependencies, tlsListener);
        this.tlsListener = tlsListener;
        this.sslFactory = sslFactory;
        this.channelDependencies = channelDependencies;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hivemq.bootstrap.netty.initializer.AbstractChannelInitializer
    public void addNoConnectIdleHandler(@NotNull Channel channel) {
    }

    protected void addNoConnectIdleHandlerAfterTlsHandshake(@NotNull Channel channel) {
        super.addNoConnectIdleHandler(channel);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hivemq.bootstrap.netty.initializer.AbstractChannelInitializer
    public void addSpecialHandlers(@NotNull Channel channel) throws SslException {
        int handshakeTimeout = this.tlsListener.getTls().getHandshakeTimeout();
        IdleStateHandler idleStateHandler = new IdleStateHandler(handshakeTimeout, 0L, 0L, TimeUnit.MILLISECONDS);
        MqttServerDisconnector mqttServerDisconnector = this.channelDependencies.getMqttServerDisconnector();
        NoTlsHandshakeIdleHandler noTlsHandshakeIdleHandler = new NoTlsHandshakeIdleHandler(mqttServerDisconnector);
        if (handshakeTimeout > 0) {
            channel.pipeline().addLast(ChannelHandlerNames.NEW_CONNECTION_IDLE_HANDLER, idleStateHandler);
            channel.pipeline().addLast(ChannelHandlerNames.NO_TLS_HANDSHAKE_IDLE_EVENT_HANDLER, noTlsHandshakeIdleHandler);
        }
        Tls tls = this.tlsListener.getTls();
        SslContext sslContext = this.sslFactory.getSslContext(tls);
        SslHandler sslHandler = this.sslFactory.getSslHandler(channel, tls, sslContext);
        sslHandler.handshakeFuture().addListener(future -> {
            if (handshakeTimeout > 0) {
                channel.pipeline().remove(idleStateHandler);
                channel.pipeline().remove(noTlsHandshakeIdleHandler);
            }
            addNoConnectIdleHandlerAfterTlsHandshake(channel);
        });
        channel.pipeline().addFirst(ChannelHandlerNames.SSL_HANDLER, new SslSniHandler(sslHandler, sslContext));
        channel.pipeline().addAfter(ChannelHandlerNames.SSL_HANDLER, ChannelHandlerNames.SSL_EXCEPTION_HANDLER, new SslExceptionHandler(mqttServerDisconnector));
        channel.pipeline().addAfter(ChannelHandlerNames.SSL_EXCEPTION_HANDLER, ChannelHandlerNames.SSL_PARAMETER_HANDLER, this.channelDependencies.getSslParameterHandler());
        if (Tls.ClientAuthMode.NONE.equals(tls.getClientAuthMode())) {
            return;
        }
        channel.pipeline().addAfter(ChannelHandlerNames.SSL_PARAMETER_HANDLER, ChannelHandlerNames.SSL_CLIENT_CERTIFICATE_HANDLER, new SslClientCertificateHandler(tls, mqttServerDisconnector));
    }
}
