package com.hivemq.client.internal.mqtt.handler.ssl;

import com.hivemq.client.internal.mqtt.MqttClientConfig;
import com.hivemq.client.internal.mqtt.MqttClientSslConfigImpl;
import com.hivemq.client.internal.mqtt.handler.ssl.MqttSslInitializer;
import com.hivemq.client.internal.util.collections.ImmutableList;
import io.netty.channel.Channel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import j$.util.function.BiConsumer;
import j$.util.function.Consumer;
import java.net.InetSocketAddress;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;

/* loaded from: classes.dex */
public final class MqttSslInitializer {
    private MqttSslInitializer() {
    }

    static SslContext b(MqttClientSslConfigImpl mqttClientSslConfigImpl) throws SSLException {
        ImmutableList<String> e10 = mqttClientSslConfigImpl.e();
        return SslContextBuilder.forClient().trustManager(mqttClientSslConfigImpl.f()).keyManager(mqttClientSslConfigImpl.d()).protocols(e10 == null ? null : (String[]) e10.toArray(new String[0])).ciphers(mqttClientSslConfigImpl.b(), SupportedCipherSuiteFilter.INSTANCE).build();
    }

    public static void c(final Channel channel, MqttClientConfig mqttClientConfig, MqttClientSslConfigImpl mqttClientSslConfigImpl, final Consumer<Channel> consumer, final BiConsumer<Channel, Throwable> biConsumer) {
        final InetSocketAddress g9 = mqttClientConfig.i().g();
        try {
            SslContext h3 = mqttClientConfig.h();
            if (h3 == null) {
                h3 = b(mqttClientSslConfigImpl);
                mqttClientConfig.w(h3);
            }
            final SslHandler newHandler = h3.newHandler(channel.alloc(), g9.getHostString(), g9.getPort());
            newHandler.setHandshakeTimeoutMillis(mqttClientSslConfigImpl.a());
            final HostnameVerifier c9 = mqttClientSslConfigImpl.c();
            if (c9 == null) {
                SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                newHandler.engine().setSSLParameters(sSLParameters);
            }
            newHandler.handshakeFuture().addListener(new GenericFutureListener() { // from class: o.a
                @Override // io.netty.util.concurrent.GenericFutureListener
                public final void operationComplete(Future future) {
                    MqttSslInitializer.d(c9, g9, newHandler, biConsumer, channel, consumer, future);
                }
            });
            channel.pipeline().addLast("ssl", newHandler);
        } catch (Throwable th) {
            biConsumer.accept(channel, th);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void d(HostnameVerifier hostnameVerifier, InetSocketAddress inetSocketAddress, SslHandler sslHandler, BiConsumer biConsumer, Channel channel, Consumer consumer, Future future) throws Exception {
        if (!future.isSuccess()) {
            biConsumer.accept(channel, future.cause());
        } else if (hostnameVerifier == null || hostnameVerifier.verify(inetSocketAddress.getHostString(), sslHandler.engine().getSession())) {
            consumer.accept(channel);
        } else {
            biConsumer.accept(channel, new SSLHandshakeException("Hostname verification failed"));
        }
    }
}
