package cn.ipokerface.aps;

import cn.ipokerface.aps.PushClient;
import cn.ipokerface.aps.auth.ApnsSignKey;
import cn.ipokerface.aps.utils.P12Util;
import io.netty.handler.codec.http2.Http2FrameLogger;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.util.ReferenceCounted;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/ipokerface/aps/PushClientBuilder.class */
public class PushClientBuilder {
    private static final Logger logger = LoggerFactory.getLogger(PushClientBuilder.class);
    private PushClient.Environment environment;
    private String topic;
    private X509Certificate certificate;
    private PrivateKey certificatePrivateKey;
    private String certificatePrivateKeyPassword;
    private ApnsSignKey signKey;
    private File trustedServerCertificatePemFile;
    private InputStream trustedServerCertificateInputStream;
    private X509Certificate[] trustedServerCertificates;
    private PushClientMetricsListener metricsListener;
    private Duration connectionTimeout;
    private Http2FrameLogger frameLogger;
    private Duration tokenExpiration = Duration.ofMinutes(50);
    private Duration idleInterval = Duration.ofMinutes(1);
    private int poolCapacity = 1;

    public PushClientBuilder environment(PushClient.Environment environment) {
        this.environment = environment;
        return this;
    }

    public PushClientBuilder topic(String str) {
        this.topic = str;
        return this;
    }

    public PushClientBuilder credential(String str, String str2) throws SSLException, IOException {
        return credential(new FileInputStream(str), str2);
    }

    public PushClientBuilder credential(InputStream inputStream, String str) throws SSLException, IOException {
        try {
            KeyStore.PrivateKeyEntry firstPrivateKeyEntryFromP12InputStream = P12Util.getFirstPrivateKeyEntryFromP12InputStream(inputStream, str);
            Certificate certificate = firstPrivateKeyEntryFromP12InputStream.getCertificate();
            if (certificate instanceof X509Certificate) {
                return clientCredentials((X509Certificate) certificate, firstPrivateKeyEntryFromP12InputStream.getPrivateKey(), str);
            }
            throw new KeyStoreException("Found a certificate in the provided PKCS#12 file, but it was not an X.509 certificate.");
        } catch (KeyStoreException e) {
            throw new SSLException(e);
        }
    }

    public PushClientBuilder clientCredentials(X509Certificate x509Certificate, PrivateKey privateKey, String str) {
        this.certificate = x509Certificate;
        this.certificatePrivateKey = privateKey;
        this.certificatePrivateKeyPassword = str;
        return this;
    }

    public PushClientBuilder signingKey(ApnsSignKey apnsSignKey) {
        this.signKey = apnsSignKey;
        return this;
    }

    public PushClientBuilder tokenExpiration(Duration duration) {
        this.tokenExpiration = duration;
        return this;
    }

    public PushClientBuilder trustedServerCertificateChain(File file) {
        this.trustedServerCertificatePemFile = file;
        return this;
    }

    public PushClientBuilder trustedServerCertificateChain(InputStream inputStream) {
        this.trustedServerCertificateInputStream = inputStream;
        return this;
    }

    public PushClientBuilder trustedServerCertificateChain(X509Certificate... x509CertificateArr) {
        this.trustedServerCertificates = x509CertificateArr;
        return this;
    }

    public PushClientBuilder metricsListener(PushClientMetricsListener pushClientMetricsListener) {
        this.metricsListener = pushClientMetricsListener;
        return this;
    }

    public PushClientBuilder connectionTimeout(Duration duration) {
        this.connectionTimeout = duration;
        return this;
    }

    public PushClientBuilder idleInterval(Duration duration) {
        this.idleInterval = duration;
        return this;
    }

    public PushClientBuilder http2FrameLogger(Http2FrameLogger http2FrameLogger) {
        this.frameLogger = http2FrameLogger;
        return this;
    }

    public PushClientBuilder poolCapacity(int i) {
        this.poolCapacity = i;
        return this;
    }

    public PushClient build() throws SSLException {
        SslProvider sslProvider;
        if (this.environment == null) {
            throw new IllegalStateException("No APNs server address specified.");
        }
        if (this.certificate == null && this.certificatePrivateKey == null && this.signKey == null) {
            throw new IllegalStateException("No client credentials specified; either TLS credentials (a certificate/private key) or an APNs signing key must be provided before building a client.");
        }
        if ((this.certificate != null || this.certificatePrivateKey != null) && this.signKey != null) {
            throw new IllegalStateException("Clients may not have both a signing key and TLS credentials.");
        }
        if (OpenSsl.isAvailable()) {
            logger.info("Native SSL provider is available; will use native provider.");
            sslProvider = SslProvider.OPENSSL_REFCNT;
        } else {
            logger.info("Native SSL provider not available; will use JDK SSL provider.");
            sslProvider = SslProvider.JDK;
        }
        SslContextBuilder ciphers = SslContextBuilder.forClient().sslProvider(sslProvider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
        if (this.certificate != null && this.certificatePrivateKey != null) {
            ciphers.keyManager(this.certificatePrivateKey, this.certificatePrivateKeyPassword, new X509Certificate[]{this.certificate});
        }
        if (this.trustedServerCertificatePemFile != null) {
            ciphers.trustManager(this.trustedServerCertificatePemFile);
        } else if (this.trustedServerCertificateInputStream != null) {
            ciphers.trustManager(this.trustedServerCertificateInputStream);
        } else if (this.trustedServerCertificates != null) {
            ciphers.trustManager(this.trustedServerCertificates);
        }
        ReferenceCounted build = ciphers.build();
        try {
            PushClient pushClient = new PushClient(this.environment, this.topic, build, this.signKey, this.tokenExpiration, this.connectionTimeout, this.idleInterval, this.metricsListener, this.frameLogger, this.poolCapacity);
            if (build instanceof ReferenceCounted) {
                build.release();
            }
            return pushClient;
        } catch (Throwable th) {
            if (build instanceof ReferenceCounted) {
                build.release();
            }
            throw th;
        }
    }
}
