package cool.taomu.mqtt.broker;

import cool.taomu.mqtt.broker.entity.SslEntity;
import cool.taomu.mqtt.broker.utils.SslUtil;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import javax.net.ssl.SSLEngine;
import org.eclipse.xtext.xbase.lib.Exceptions;

/* loaded from: input_file:cool/taomu/mqtt/broker/MQTTSslHandler.class */
public class MQTTSslHandler {
    public static SslHandler build(SocketChannel socketChannel, SslEntity sslEntity) {
        try {
            SslUtil sslUtil = new SslUtil(sslEntity.getKeyStoreType());
            SslContextBuilder forServer = SslContextBuilder.forServer(sslUtil.keyManageFactory(sslEntity.getKeyFilePath(), sslEntity.getManagerPwd(), sslEntity.getStorePwd()));
            SSLEngine newEngine = forServer.sslProvider(SslProvider.valueOf("JDK")).build().newEngine(socketChannel.alloc(), socketChannel.remoteAddress().getHostString(), socketChannel.remoteAddress().getPort());
            newEngine.setUseClientMode(false);
            if (sslEntity.isUseClientCA()) {
                forServer.clientAuth(ClientAuth.REQUIRE);
                forServer.trustManager(sslUtil.trustManageFactory());
                newEngine.setNeedClientAuth(true);
            }
            return new SslHandler(newEngine);
        } catch (Throwable th) {
            throw Exceptions.sneakyThrow(th);
        }
    }
}
