package io.vertx.core.net.impl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.DelegatingSslContext;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.OpenSslServerContext;
import io.netty.handler.ssl.OpenSslServerSessionContext;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.util.Mapping;
import io.vertx.core.VertxException;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.file.FileSystem;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.http.HttpVersion;
import io.vertx.core.impl.VertxInternal;
import io.vertx.core.logging.Logger;
import io.vertx.core.logging.LoggerFactory;
import io.vertx.core.net.JdkSSLEngineOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.NetClientOptions;
import io.vertx.core.net.NetServerOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.SSLEngineOptions;
import io.vertx.core.net.SocketAddress;
import io.vertx.core.net.TCPSSLOptions;
import io.vertx.core.net.TrustOptions;
import java.io.ByteArrayInputStream;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:BOOT-INF/lib/vertx-core-3.9.7.jar:io/vertx/core/net/impl/SSLHelper.class */
public class SSLHelper {
    private static final Map<HttpVersion, String> PROTOCOL_NAME_MAPPING = new EnumMap(HttpVersion.class);
    private static final Logger log;
    private boolean ssl;
    private boolean sni;
    private long sslHandshakeTimeout;
    private TimeUnit sslHandshakeTimeoutUnit;
    private KeyCertOptions keyCertOptions;
    private TrustOptions trustOptions;
    private boolean trustAll;
    private ArrayList<String> crlPaths;
    private ArrayList<Buffer> crlValues;
    private ClientAuth clientAuth;
    private Set<String> enabledCipherSuites;
    private boolean openSsl;
    private boolean client;
    private boolean useAlpn;
    private List<HttpVersion> applicationProtocols;
    private Set<String> enabledProtocols;
    private String endpointIdentificationAlgorithm;
    private SslContext sslContext;
    private Map<Certificate, SslContext> sslContextMap;
    private boolean openSslSessionCacheEnabled;

    public static SSLEngineOptions resolveEngineOptions(TCPSSLOptions tCPSSLOptions) {
        SSLEngineOptions sslEngineOptions = tCPSSLOptions.getSslEngineOptions();
        if (sslEngineOptions == null && tCPSSLOptions.isUseAlpn()) {
            if (JdkSSLEngineOptions.isAlpnAvailable()) {
                sslEngineOptions = new JdkSSLEngineOptions();
            } else if (OpenSSLEngineOptions.isAlpnAvailable()) {
                sslEngineOptions = new OpenSSLEngineOptions();
            }
        }
        if (sslEngineOptions == null) {
            sslEngineOptions = new JdkSSLEngineOptions();
        } else if ((sslEngineOptions instanceof OpenSSLEngineOptions) && !OpenSsl.isAvailable()) {
            VertxException vertxException = new VertxException("OpenSSL is not available");
            Throwable unavailabilityCause = OpenSsl.unavailabilityCause();
            if (unavailabilityCause != null) {
                vertxException.initCause(unavailabilityCause);
            }
            throw vertxException;
        }
        if (tCPSSLOptions.isUseAlpn()) {
            if ((sslEngineOptions instanceof JdkSSLEngineOptions) && !JdkSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN not available for JDK SSL/TLS engine");
            }
            if ((sslEngineOptions instanceof OpenSSLEngineOptions) && !OpenSSLEngineOptions.isAlpnAvailable()) {
                throw new VertxException("ALPN is not available for OpenSSL SSL/TLS engine");
            }
        }
        return sslEngineOptions;
    }

    public SSLHelper(HttpClientOptions httpClientOptions, KeyCertOptions keyCertOptions, TrustOptions trustOptions) {
        this.clientAuth = ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = "";
        this.sslContextMap = new ConcurrentHashMap();
        this.openSslSessionCacheEnabled = true;
        SSLEngineOptions resolveEngineOptions = resolveEngineOptions(httpClientOptions);
        this.ssl = httpClientOptions.isSsl();
        this.sslHandshakeTimeout = httpClientOptions.getSslHandshakeTimeout();
        this.sslHandshakeTimeoutUnit = httpClientOptions.getSslHandshakeTimeoutUnit();
        this.keyCertOptions = keyCertOptions;
        this.trustOptions = trustOptions;
        this.trustAll = httpClientOptions.isTrustAll();
        this.crlPaths = new ArrayList<>(httpClientOptions.getCrlPaths());
        this.crlValues = new ArrayList<>(httpClientOptions.getCrlValues());
        this.enabledCipherSuites = httpClientOptions.getEnabledCipherSuites();
        this.openSsl = resolveEngineOptions instanceof OpenSSLEngineOptions;
        this.client = true;
        this.useAlpn = httpClientOptions.isUseAlpn();
        this.enabledProtocols = httpClientOptions.getEnabledSecureTransportProtocols();
        if (httpClientOptions.isVerifyHost()) {
            this.endpointIdentificationAlgorithm = "HTTPS";
        }
        this.openSslSessionCacheEnabled = (resolveEngineOptions instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) resolveEngineOptions).isSessionCacheEnabled();
    }

    public SSLHelper(HttpServerOptions httpServerOptions, KeyCertOptions keyCertOptions, TrustOptions trustOptions) {
        this.clientAuth = ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = "";
        this.sslContextMap = new ConcurrentHashMap();
        this.openSslSessionCacheEnabled = true;
        SSLEngineOptions resolveEngineOptions = resolveEngineOptions(httpServerOptions);
        this.ssl = httpServerOptions.isSsl();
        this.sslHandshakeTimeout = httpServerOptions.getSslHandshakeTimeout();
        this.sslHandshakeTimeoutUnit = httpServerOptions.getSslHandshakeTimeoutUnit();
        this.keyCertOptions = keyCertOptions;
        this.trustOptions = trustOptions;
        this.clientAuth = httpServerOptions.getClientAuth();
        this.crlPaths = httpServerOptions.getCrlPaths() != null ? new ArrayList<>(httpServerOptions.getCrlPaths()) : null;
        this.crlValues = httpServerOptions.getCrlValues() != null ? new ArrayList<>(httpServerOptions.getCrlValues()) : null;
        this.enabledCipherSuites = httpServerOptions.getEnabledCipherSuites();
        this.openSsl = resolveEngineOptions instanceof OpenSSLEngineOptions;
        this.client = false;
        this.useAlpn = httpServerOptions.isUseAlpn();
        this.enabledProtocols = httpServerOptions.getEnabledSecureTransportProtocols();
        this.openSslSessionCacheEnabled = (resolveEngineOptions instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) resolveEngineOptions).isSessionCacheEnabled();
        this.sni = httpServerOptions.isSni();
    }

    public SSLHelper(NetClientOptions netClientOptions, KeyCertOptions keyCertOptions, TrustOptions trustOptions) {
        this.clientAuth = ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = "";
        this.sslContextMap = new ConcurrentHashMap();
        this.openSslSessionCacheEnabled = true;
        SSLEngineOptions resolveEngineOptions = resolveEngineOptions(netClientOptions);
        this.ssl = netClientOptions.isSsl();
        this.sslHandshakeTimeout = netClientOptions.getSslHandshakeTimeout();
        this.sslHandshakeTimeoutUnit = netClientOptions.getSslHandshakeTimeoutUnit();
        this.keyCertOptions = keyCertOptions;
        this.trustOptions = trustOptions;
        this.trustAll = netClientOptions.isTrustAll();
        this.crlPaths = new ArrayList<>(netClientOptions.getCrlPaths());
        this.crlValues = new ArrayList<>(netClientOptions.getCrlValues());
        this.enabledCipherSuites = netClientOptions.getEnabledCipherSuites();
        this.openSsl = resolveEngineOptions instanceof OpenSSLEngineOptions;
        this.client = true;
        this.useAlpn = false;
        this.enabledProtocols = netClientOptions.getEnabledSecureTransportProtocols();
        this.endpointIdentificationAlgorithm = netClientOptions.getHostnameVerificationAlgorithm();
        this.openSslSessionCacheEnabled = (resolveEngineOptions instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) resolveEngineOptions).isSessionCacheEnabled();
    }

    public SSLHelper(NetServerOptions netServerOptions, KeyCertOptions keyCertOptions, TrustOptions trustOptions) {
        this.clientAuth = ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = "";
        this.sslContextMap = new ConcurrentHashMap();
        this.openSslSessionCacheEnabled = true;
        SSLEngineOptions resolveEngineOptions = resolveEngineOptions(netServerOptions);
        this.ssl = netServerOptions.isSsl();
        this.sslHandshakeTimeout = netServerOptions.getSslHandshakeTimeout();
        this.sslHandshakeTimeoutUnit = netServerOptions.getSslHandshakeTimeoutUnit();
        this.keyCertOptions = keyCertOptions;
        this.trustOptions = trustOptions;
        this.clientAuth = netServerOptions.getClientAuth();
        this.crlPaths = netServerOptions.getCrlPaths() != null ? new ArrayList<>(netServerOptions.getCrlPaths()) : null;
        this.crlValues = netServerOptions.getCrlValues() != null ? new ArrayList<>(netServerOptions.getCrlValues()) : null;
        this.enabledCipherSuites = netServerOptions.getEnabledCipherSuites();
        this.openSsl = resolveEngineOptions instanceof OpenSSLEngineOptions;
        this.client = false;
        this.useAlpn = false;
        this.enabledProtocols = netServerOptions.getEnabledSecureTransportProtocols();
        this.openSslSessionCacheEnabled = (netServerOptions.getSslEngineOptions() instanceof OpenSSLEngineOptions) && ((OpenSSLEngineOptions) netServerOptions.getSslEngineOptions()).isSessionCacheEnabled();
        this.sni = netServerOptions.isSni();
    }

    public SSLHelper(SSLHelper sSLHelper) {
        this.clientAuth = ClientAuth.NONE;
        this.endpointIdentificationAlgorithm = "";
        this.sslContextMap = new ConcurrentHashMap();
        this.openSslSessionCacheEnabled = true;
        this.ssl = sSLHelper.ssl;
        this.sni = sSLHelper.sni;
        this.sslHandshakeTimeout = sSLHelper.sslHandshakeTimeout;
        this.sslHandshakeTimeoutUnit = sSLHelper.sslHandshakeTimeoutUnit;
        this.keyCertOptions = sSLHelper.keyCertOptions;
        this.trustOptions = sSLHelper.trustOptions;
        this.trustAll = sSLHelper.trustAll;
        this.crlPaths = sSLHelper.crlPaths;
        this.crlValues = sSLHelper.crlValues;
        this.clientAuth = sSLHelper.clientAuth;
        this.enabledCipherSuites = sSLHelper.enabledCipherSuites;
        this.openSsl = sSLHelper.openSsl;
        this.client = sSLHelper.client;
        this.useAlpn = sSLHelper.useAlpn;
        this.applicationProtocols = sSLHelper.applicationProtocols;
        this.enabledProtocols = sSLHelper.enabledProtocols;
        this.endpointIdentificationAlgorithm = sSLHelper.endpointIdentificationAlgorithm;
        this.openSslSessionCacheEnabled = sSLHelper.openSslSessionCacheEnabled;
    }

    public boolean isUseAlpn() {
        return this.useAlpn;
    }

    public SSLHelper setUseAlpn(boolean z) {
        this.useAlpn = z;
        return this;
    }

    public boolean isSSL() {
        return this.ssl;
    }

    public boolean isSNI() {
        return this.sni;
    }

    public long getSslHandshakeTimeout() {
        return this.sslHandshakeTimeout;
    }

    public TimeUnit getSslHandshakeTimeoutUnit() {
        return this.sslHandshakeTimeoutUnit;
    }

    public ClientAuth getClientAuth() {
        return this.clientAuth;
    }

    public List<HttpVersion> getApplicationProtocols() {
        return this.applicationProtocols;
    }

    public SSLHelper setApplicationProtocols(List<HttpVersion> list) {
        this.applicationProtocols = list;
        return this;
    }

    private SslContext createContext(VertxInternal vertxInternal, X509KeyManager x509KeyManager, TrustManagerFactory trustManagerFactory) {
        SslContextBuilder forServer;
        try {
            if (this.client) {
                forServer = SslContextBuilder.forClient();
                KeyManagerFactory keyMgrFactory = getKeyMgrFactory(vertxInternal);
                if (keyMgrFactory != null) {
                    forServer.keyManager(keyMgrFactory);
                }
            } else if (x509KeyManager != null) {
                forServer = SslContextBuilder.forServer(x509KeyManager.getPrivateKey(null), (String) null, x509KeyManager.getCertificateChain(null));
            } else {
                KeyManagerFactory keyMgrFactory2 = getKeyMgrFactory(vertxInternal);
                if (keyMgrFactory2 == null) {
                    throw new VertxException("Key/certificate is mandatory for SSL");
                }
                forServer = SslContextBuilder.forServer(keyMgrFactory2);
            }
            Collection collection = this.enabledCipherSuites;
            if (this.openSsl) {
                forServer.sslProvider(SslProvider.OPENSSL);
                if (collection == null || collection.isEmpty()) {
                    collection = OpenSsl.availableOpenSslCipherSuites();
                }
            } else {
                forServer.sslProvider(SslProvider.JDK);
                if (collection == null || collection.isEmpty()) {
                    collection = DefaultJDKCipherSuite.get();
                }
            }
            if (trustManagerFactory != null) {
                forServer.trustManager(trustManagerFactory);
            }
            if (collection != null && collection.size() > 0) {
                forServer.ciphers(collection);
            }
            if (this.useAlpn && this.applicationProtocols != null && this.applicationProtocols.size() > 0) {
                ApplicationProtocolConfig.Protocol protocol = ApplicationProtocolConfig.Protocol.ALPN;
                ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior = ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE;
                ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior = ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
                Stream<HttpVersion> stream = this.applicationProtocols.stream();
                Map<HttpVersion, String> map = PROTOCOL_NAME_MAPPING;
                map.getClass();
                forServer.applicationProtocolConfig(new ApplicationProtocolConfig(protocol, selectorFailureBehavior, selectedListenerFailureBehavior, (Iterable<String>) stream.map((v1) -> {
                    return r7.get(v1);
                }).collect(Collectors.toList())));
            }
            SslContext build = forServer.build();
            if (build instanceof OpenSslServerContext) {
                SSLSessionContext sessionContext = build.sessionContext();
                if (sessionContext instanceof OpenSslServerSessionContext) {
                    ((OpenSslServerSessionContext) sessionContext).setSessionCacheEnabled(this.openSslSessionCacheEnabled);
                }
            }
            return build;
        } catch (Exception e) {
            throw new VertxException(e);
        }
    }

    private KeyManagerFactory getKeyMgrFactory(VertxInternal vertxInternal) throws Exception {
        if (this.keyCertOptions == null) {
            return null;
        }
        return this.keyCertOptions.getKeyManagerFactory(vertxInternal);
    }

    private TrustManagerFactory getTrustMgrFactory(VertxInternal vertxInternal, String str) throws Exception {
        TrustManagerFactory trustManagerFactory;
        TrustManager[] trustManagerArr = null;
        if (this.trustAll) {
            trustManagerArr = new TrustManager[]{createTrustAllTrustManager()};
        } else if (this.trustOptions != null) {
            if (str != null) {
                Function<String, TrustManager[]> trustManagerMapper = this.trustOptions.trustManagerMapper(vertxInternal);
                if (trustManagerMapper != null) {
                    trustManagerArr = trustManagerMapper.apply(str);
                }
                if (trustManagerArr == null && (trustManagerFactory = this.trustOptions.getTrustManagerFactory(vertxInternal)) != null) {
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                }
            } else {
                TrustManagerFactory trustManagerFactory2 = this.trustOptions.getTrustManagerFactory(vertxInternal);
                if (trustManagerFactory2 != null) {
                    trustManagerArr = trustManagerFactory2.getTrustManagers();
                }
            }
        }
        if (trustManagerArr == null) {
            return null;
        }
        if (this.crlPaths != null && this.crlValues != null && (this.crlPaths.size() > 0 || this.crlValues.size() > 0)) {
            Stream map = this.crlPaths.stream().map(str2 -> {
                return vertxInternal.resolveFile(str2).getAbsolutePath();
            });
            FileSystem fileSystem = vertxInternal.fileSystem();
            fileSystem.getClass();
            Stream concat = Stream.concat(map.map(fileSystem::readFileBlocking), this.crlValues.stream());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList();
            Iterator it = ((List) concat.collect(Collectors.toList())).iterator();
            while (it.hasNext()) {
                arrayList.addAll(certificateFactory.generateCRLs(new ByteArrayInputStream(((Buffer) it.next()).getBytes())));
            }
            trustManagerArr = createUntrustRevokedCertTrustManager(trustManagerArr, arrayList);
        }
        return new VertxTrustManagerFactory(trustManagerArr);
    }

    private static TrustManager[] createUntrustRevokedCertTrustManager(TrustManager[] trustManagerArr, final ArrayList<CRL> arrayList) {
        TrustManager[] trustManagerArr2 = (TrustManager[]) trustManagerArr.clone();
        for (int i = 0; i < trustManagerArr2.length; i++) {
            TrustManager trustManager = trustManagerArr2[i];
            if (trustManager instanceof X509TrustManager) {
                final X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                trustManagerArr2[i] = new X509TrustManager() { // from class: io.vertx.core.net.impl.SSLHelper.1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        checkRevoked(x509CertificateArr);
                        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        checkRevoked(x509CertificateArr);
                        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                    }

                    private void checkRevoked(X509Certificate[] x509CertificateArr) throws CertificateException {
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            Iterator it = arrayList.iterator();
                            while (it.hasNext()) {
                                if (((CRL) it.next()).isRevoked(x509Certificate)) {
                                    throw new CertificateException("Certificate revoked");
                                }
                            }
                        }
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return x509TrustManager.getAcceptedIssuers();
                    }
                };
            }
        }
        return trustManagerArr2;
    }

    private static TrustManager createTrustAllTrustManager() {
        return new X509TrustManager() { // from class: io.vertx.core.net.impl.SSLHelper.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    public Mapping<? super String, ? extends SslContext> serverNameMapper(VertxInternal vertxInternal) {
        return str -> {
            SslContext context = getContext(vertxInternal, str);
            if (context != null) {
                context = new DelegatingSslContext(context) { // from class: io.vertx.core.net.impl.SSLHelper.3
                    @Override // io.netty.handler.ssl.DelegatingSslContext
                    protected void initEngine(SSLEngine sSLEngine) {
                        SSLHelper.this.configureEngine(sSLEngine, str);
                    }
                };
            }
            return context;
        };
    }

    public void configureEngine(SSLEngine sSLEngine, String str) {
        if (this.enabledCipherSuites != null && !this.enabledCipherSuites.isEmpty()) {
            sSLEngine.setEnabledCipherSuites((String[]) this.enabledCipherSuites.toArray(new String[this.enabledCipherSuites.size()]));
        }
        sSLEngine.setUseClientMode(this.client);
        LinkedHashSet linkedHashSet = new LinkedHashSet(this.enabledProtocols);
        linkedHashSet.retainAll(Arrays.asList(sSLEngine.getSupportedProtocols()));
        if (linkedHashSet.isEmpty()) {
            log.warn("no SSL/TLS protocols are enabled due to configuration restrictions");
        }
        sSLEngine.setEnabledProtocols((String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]));
        if (!this.client) {
            switch (getClientAuth()) {
                case REQUEST:
                    sSLEngine.setWantClientAuth(true);
                    break;
                case REQUIRED:
                    sSLEngine.setNeedClientAuth(true);
                    break;
                case NONE:
                    sSLEngine.setNeedClientAuth(false);
                    break;
            }
        } else if (!this.endpointIdentificationAlgorithm.isEmpty()) {
            SSLParameters sSLParameters = sSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm(this.endpointIdentificationAlgorithm);
            sSLEngine.setSSLParameters(sSLParameters);
        }
        if (str != null) {
            SSLParameters sSLParameters2 = sSLEngine.getSSLParameters();
            sSLParameters2.setServerNames(Collections.singletonList(new SNIHostName(str)));
            sSLEngine.setSSLParameters(sSLParameters2);
        }
    }

    public SslContext getContext(VertxInternal vertxInternal) {
        return getContext(vertxInternal, null);
    }

    public SslContext getContext(VertxInternal vertxInternal, String str) {
        if (str == null) {
            if (this.sslContext == null) {
                try {
                    this.sslContext = createContext(vertxInternal, null, getTrustMgrFactory(vertxInternal, null));
                } catch (Exception e) {
                    throw new VertxException(e);
                }
            }
            return this.sslContext;
        }
        try {
            X509KeyManager apply = this.keyCertOptions.keyManagerMapper(vertxInternal).apply(str);
            if (apply == null) {
                return this.sslContext;
            }
            try {
                TrustManagerFactory trustMgrFactory = getTrustMgrFactory(vertxInternal, str);
                return this.sslContextMap.computeIfAbsent(apply.getCertificateChain(null)[0], certificate -> {
                    return createContext(vertxInternal, apply, trustMgrFactory);
                });
            } catch (Exception e2) {
                throw new VertxException(e2);
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    public synchronized void validate(VertxInternal vertxInternal) {
        if (this.ssl) {
            getContext(vertxInternal, null);
        }
    }

    public SSLEngine createEngine(SslContext sslContext) {
        SSLEngine newEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
        configureEngine(newEngine, null);
        return newEngine;
    }

    public SSLEngine createEngine(VertxInternal vertxInternal, SocketAddress socketAddress, String str) {
        SslContext context = getContext(vertxInternal, null);
        SSLEngine newEngine = socketAddress.path() != null ? context.newEngine(ByteBufAllocator.DEFAULT) : context.newEngine(ByteBufAllocator.DEFAULT, socketAddress.host(), socketAddress.port());
        configureEngine(newEngine, str);
        return newEngine;
    }

    public SSLEngine createEngine(VertxInternal vertxInternal, String str, int i, boolean z) {
        SSLEngine newEngine = getContext(vertxInternal, null).newEngine(ByteBufAllocator.DEFAULT, str, i);
        configureEngine(newEngine, z ? str : null);
        return newEngine;
    }

    public SSLEngine createEngine(VertxInternal vertxInternal, String str, int i) {
        SSLEngine newEngine = getContext(vertxInternal, null).newEngine(ByteBufAllocator.DEFAULT, str, i);
        configureEngine(newEngine, null);
        return newEngine;
    }

    public SSLEngine createEngine(VertxInternal vertxInternal) {
        SSLEngine newEngine = getContext(vertxInternal, null).newEngine(ByteBufAllocator.DEFAULT);
        configureEngine(newEngine, null);
        return newEngine;
    }

    static {
        PROTOCOL_NAME_MAPPING.put(HttpVersion.HTTP_2, ApplicationProtocolNames.HTTP_2);
        PROTOCOL_NAME_MAPPING.put(HttpVersion.HTTP_1_1, ApplicationProtocolNames.HTTP_1_1);
        PROTOCOL_NAME_MAPPING.put(HttpVersion.HTTP_1_0, "http/1.0");
        log = LoggerFactory.getLogger((Class<?>) SSLHelper.class);
    }
}
