package io.micronaut.http.client.netty.ssl;

import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.http.HttpVersion;
import io.micronaut.http.ssl.ClientAuthentication;
import io.micronaut.http.ssl.SslBuilder;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.http.ssl.SslConfigurationException;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.util.Arrays;
import java.util.Optional;
import javax.inject.Singleton;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;

@Singleton
@Internal
@BootstrapContextCompatible
/* loaded from: input_file:META-INF/rewrite/classpath/micronaut-http-client-2.5.13.jar:io/micronaut/http/client/netty/ssl/NettyClientSslBuilder.class */
public class NettyClientSslBuilder extends SslBuilder<SslContext> {
    public NettyClientSslBuilder(ResourceResolver resourceResolver) {
        super(resourceResolver);
    }

    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<SslContext> build(SslConfiguration sslConfiguration) {
        return build(sslConfiguration, HttpVersion.HTTP_1_1);
    }

    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<SslContext> build(SslConfiguration sslConfiguration, HttpVersion httpVersion) {
        if (!sslConfiguration.isEnabled()) {
            return Optional.empty();
        }
        boolean z = httpVersion == HttpVersion.HTTP_2_0;
        SslContextBuilder trustManager = SslContextBuilder.forClient().keyManager(getKeyManagerFactory(sslConfiguration)).trustManager(getTrustManagerFactory(sslConfiguration));
        if (sslConfiguration.getProtocols().isPresent()) {
            trustManager.protocols(sslConfiguration.getProtocols().get());
        }
        if (sslConfiguration.getCiphers().isPresent()) {
            trustManager = trustManager.ciphers(Arrays.asList(sslConfiguration.getCiphers().get()));
        } else if (z) {
            trustManager.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
        }
        if (sslConfiguration.getClientAuthentication().isPresent()) {
            ClientAuthentication clientAuthentication = sslConfiguration.getClientAuthentication().get();
            if (clientAuthentication == ClientAuthentication.NEED) {
                trustManager = trustManager.clientAuth(ClientAuth.REQUIRE);
            } else if (clientAuthentication == ClientAuthentication.WANT) {
                trustManager = trustManager.clientAuth(ClientAuth.OPTIONAL);
            }
        }
        if (z) {
            trustManager.sslProvider(SslProvider.isAlpnSupported(SslProvider.OPENSSL) ? SslProvider.OPENSSL : SslProvider.JDK);
            trustManager.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"http/1.1", "h2"}));
        }
        try {
            return Optional.of(trustManager.build());
        } catch (SSLException e) {
            throw new SslConfigurationException("An error occurred while setting up SSL", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.micronaut.http.ssl.SslBuilder
    public KeyManagerFactory getKeyManagerFactory(SslConfiguration sslConfiguration) {
        try {
            if (getKeyStore(sslConfiguration).isPresent()) {
                return super.getKeyManagerFactory(sslConfiguration);
            }
            return null;
        } catch (Exception e) {
            throw new SslConfigurationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.micronaut.http.ssl.SslBuilder
    public TrustManagerFactory getTrustManagerFactory(SslConfiguration sslConfiguration) {
        try {
            return getTrustStore(sslConfiguration).isPresent() ? super.getTrustManagerFactory(sslConfiguration) : InsecureTrustManagerFactory.INSTANCE;
        } catch (Exception e) {
            throw new SslConfigurationException(e);
        }
    }
}
