package cc.blynk.server;

import cc.blynk.server.acme.AcmeClient;
import cc.blynk.server.acme.ContentHolder;
import cc.blynk.utils.properties.ServerProperties;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.util.internal.PlatformDependent;
import java.io.File;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:cc/blynk/server/SslContextHolder.class */
public class SslContextHolder {
    private static final Logger log = LogManager.getLogger((Class<?>) SslContextHolder.class);
    public volatile SslContext sslCtx;
    public final AcmeClient acmeClient;
    private final boolean isAutoGenerationEnabled;
    public final boolean isNeedInitializeOnStart;
    public final ContentHolder contentHolder = new ContentHolder();
    private final boolean onlyLatestTLS;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslContextHolder(ServerProperties serverProperties, String str) {
        this.onlyLatestTLS = serverProperties.getBoolProperty("latest.tls");
        String property = serverProperties.getProperty("server.ssl.cert");
        String property2 = serverProperties.getProperty("server.ssl.key");
        String property3 = serverProperties.getProperty("server.ssl.key.pass");
        if (property == null || property.isEmpty()) {
            log.info("Didn't find custom user certificates.");
            this.isAutoGenerationEnabled = true;
        } else {
            this.isAutoGenerationEnabled = false;
        }
        String property4 = serverProperties.getProperty("server.host");
        if (AcmeClient.DOMAIN_CHAIN_FILE.exists() && AcmeClient.DOMAIN_KEY_FILE.exists()) {
            log.info("Found generated with Let's Encrypt certificates.");
            property = AcmeClient.DOMAIN_CHAIN_FILE.getAbsolutePath();
            property2 = AcmeClient.DOMAIN_KEY_FILE.getAbsolutePath();
            property3 = null;
            this.isNeedInitializeOnStart = false;
            this.acmeClient = new AcmeClient(str, property4, this.contentHolder);
        } else {
            log.info("Didn't find Let's Encrypt certificates.");
            if (property4 == null || property4.isEmpty() || str == null || str.isEmpty() || str.equals("example@gmail.com") || str.startsWith("SMTP")) {
                log.warn("You didn't specified 'server.host' or 'contact.email' properties in server.properties file. Automatic certificate generation is turned off. Please specify above properties for automatic certificates retrieval.");
                this.acmeClient = null;
                this.isNeedInitializeOnStart = false;
            } else {
                log.info("Automatic certificate generation is turned ON.");
                this.acmeClient = new AcmeClient(str, property4, this.contentHolder);
                this.isNeedInitializeOnStart = true;
            }
        }
        if (isOpenSslAvailable()) {
            log.info("Using native openSSL provider.");
        }
        this.sslCtx = initSslContext(property, property2, property3, fetchSslProvider());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isOpenSslAvailable() {
        return PlatformDependent.bitMode() != 32 && OpenSsl.isAvailable();
    }

    public void regenerate() throws Exception {
        this.acmeClient.requestCertificate();
        this.sslCtx = initSslContext(AcmeClient.DOMAIN_CHAIN_FILE.getAbsolutePath(), AcmeClient.DOMAIN_KEY_FILE.getAbsolutePath(), null, fetchSslProvider());
    }

    public boolean runRenewalWorker() {
        return this.isAutoGenerationEnabled && this.acmeClient != null;
    }

    public void generateInitialCertificates(ServerProperties serverProperties) {
        if (this.isAutoGenerationEnabled && this.isNeedInitializeOnStart) {
            System.out.println("Generating own initial certificates...");
            try {
                regenerate();
                System.out.println("Success! The certificate for your domain " + serverProperties.getProperty("server.host") + " has been generated!");
            } catch (Exception e) {
                System.out.println("Error during certificate generation.");
                System.out.println(e.getMessage());
            }
        }
    }

    private SslContext initSslContext(String str, String str2, String str3, SslProvider sslProvider) {
        try {
            File file = new File(str);
            File file2 = new File(str2);
            if (file.exists() && file2.exists()) {
                return build(file, file2, str3, sslProvider);
            }
            log.warn("ATTENTION. Server certificate paths (cert : '{}', key : '{}') not valid. Using embedded server certs and one way ssl. This is not secure. Please replace it with your own certs.", file.getAbsolutePath(), file2.getAbsolutePath());
            return build(sslProvider);
        } catch (IllegalArgumentException | CertificateException | SSLException e) {
            log.error("Error initializing ssl context. Reason : {}", e.getMessage());
            throw new RuntimeException(e.getMessage());
        }
    }

    private static SslProvider fetchSslProvider() {
        return isOpenSslAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
    }

    public static SslContext build(SslProvider sslProvider) throws CertificateException, SSLException {
        SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
        return SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()).sslProvider(sslProvider).build();
    }

    public SslContext build(File file, File file2, String str, SslProvider sslProvider) throws SSLException {
        SslContextBuilder sslProvider2 = (str == null || str.isEmpty()) ? SslContextBuilder.forServer(file, file2).sslProvider(sslProvider) : SslContextBuilder.forServer(file, file2, str).sslProvider(sslProvider);
        if (this.onlyLatestTLS) {
            sslProvider2.protocols("TLSv1.3", "TLSv1.2");
        }
        return sslProvider2.build();
    }

    public static SslContext build(File file, File file2, String str, SslProvider sslProvider, File file3) throws SSLException {
        log.info("Creating SSL context for cert '{}', key '{}', key pass '{}'", file.getAbsolutePath(), file2.getAbsoluteFile(), str);
        return (str == null || str.isEmpty()) ? SslContextBuilder.forServer(file, file2).sslProvider(sslProvider).trustManager(file3).build() : SslContextBuilder.forServer(file, file2, str).sslProvider(sslProvider).trustManager(file3).build();
    }
}
