package org.eclipse.californium.elements.tcp;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/tcp/TlsServerConnector.class */
public class TlsServerConnector extends TcpServerConnector {
    private static final Logger LOGGER = LoggerFactory.getLogger(TlsServerConnector.class.getName());
    private final SSLContext sslContext;
    private final ClientAuthMode clientAuthMode;

    /* loaded from: input_file:org/eclipse/californium/elements/tcp/TlsServerConnector$ClientAuthMode.class */
    public enum ClientAuthMode {
        NONE,
        WANTED,
        NEEDED
    }

    public TlsServerConnector(SSLContext sSLContext, ClientAuthMode clientAuthMode, InetSocketAddress inetSocketAddress, int i, int i2) {
        super(inetSocketAddress, i, i2);
        this.sslContext = sSLContext;
        this.clientAuthMode = clientAuthMode;
    }

    public TlsServerConnector(SSLContext sSLContext, InetSocketAddress inetSocketAddress, int i, int i2) {
        super(inetSocketAddress, i, i2);
        this.sslContext = sSLContext;
        this.clientAuthMode = ClientAuthMode.NONE;
    }

    public TlsServerConnector(KeyManagerFactory keyManagerFactory, InetSocketAddress inetSocketAddress, int i, int i2) {
        super(inetSocketAddress, i, i2);
        this.clientAuthMode = ClientAuthMode.NONE;
        try {
            this.sslContext = SSLContext.getInstance("TLS");
            this.sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to initialize SSL engine", e);
        }
    }

    @Override // org.eclipse.californium.elements.tcp.TcpServerConnector
    protected void onNewChannelCreated(Channel channel) {
        SSLEngine createSllEngineForChannel = createSllEngineForChannel(channel);
        switch (this.clientAuthMode) {
            case WANTED:
                createSllEngineForChannel.setWantClientAuth(true);
                break;
            case NEEDED:
                createSllEngineForChannel.setNeedClientAuth(true);
                break;
        }
        createSllEngineForChannel.setUseClientMode(false);
        channel.pipeline().addFirst(new ChannelHandler[]{new SslHandler(createSllEngineForChannel)});
    }

    @Override // org.eclipse.californium.elements.tcp.TcpServerConnector
    public String getProtocol() {
        return "TLS";
    }

    private SSLEngine createSllEngineForChannel(Channel channel) {
        SocketAddress remoteAddress = channel.remoteAddress();
        if (!(remoteAddress instanceof InetSocketAddress)) {
            LOGGER.info("Connection from {}", remoteAddress);
            return this.sslContext.createSSLEngine();
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) remoteAddress;
        LOGGER.info("Connection from inet {}", inetSocketAddress);
        return this.sslContext.createSSLEngine(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
    }
}
