package io.grpc.netty;

import io.axoniq.ext.com.google.common.base.Preconditions;
import io.axoniq.ext.com.google.errorprone.annotations.CanIgnoreReturnValue;
import io.axoniq.ext.io.netty.handler.codec.http2.Http2SecurityUtil;
import io.axoniq.ext.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.axoniq.ext.io.netty.handler.ssl.ApplicationProtocolNegotiator;
import io.axoniq.ext.io.netty.handler.ssl.OpenSsl;
import io.axoniq.ext.io.netty.handler.ssl.SslContextBuilder;
import io.axoniq.ext.io.netty.handler.ssl.SslProvider;
import io.axoniq.ext.io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.File;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:io/grpc/netty/GrpcSslContexts.class */
public class GrpcSslContexts {
    private static final String GRPC_EXP_VERSION = "grpc-exp";
    private static final String HTTP2_VERSION = "h2";
    static final List<String> NEXT_PROTOCOL_VERSIONS = Collections.unmodifiableList(Arrays.asList(GRPC_EXP_VERSION, HTTP2_VERSION));
    private static final ApplicationProtocolConfig ALPN = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, (Iterable<String>) NEXT_PROTOCOL_VERSIONS);
    private static final ApplicationProtocolConfig NPN = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.NPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, (Iterable<String>) NEXT_PROTOCOL_VERSIONS);
    private static final ApplicationProtocolConfig NPN_AND_ALPN = new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.NPN_AND_ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, (Iterable<String>) NEXT_PROTOCOL_VERSIONS);

    private GrpcSslContexts() {
    }

    public static SslContextBuilder forClient() {
        return configure(SslContextBuilder.forClient());
    }

    public static SslContextBuilder forServer(File file, File file2) {
        return configure(SslContextBuilder.forServer(file, file2));
    }

    public static SslContextBuilder forServer(File file, File file2, String str) {
        return configure(SslContextBuilder.forServer(file, file2, str));
    }

    @CanIgnoreReturnValue
    public static SslContextBuilder configure(SslContextBuilder sslContextBuilder) {
        return configure(sslContextBuilder, defaultSslProvider());
    }

    @CanIgnoreReturnValue
    public static SslContextBuilder configure(SslContextBuilder sslContextBuilder, SslProvider sslProvider) {
        return sslContextBuilder.sslProvider(sslProvider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(selectApplicationProtocolConfig(sslProvider));
    }

    private static SslProvider defaultSslProvider() {
        return OpenSsl.isAvailable() ? SslProvider.OPENSSL : SslProvider.JDK;
    }

    private static ApplicationProtocolConfig selectApplicationProtocolConfig(SslProvider sslProvider) {
        switch (sslProvider) {
            case JDK:
                if (JettyTlsUtil.isJettyAlpnConfigured()) {
                    return ALPN;
                }
                if (JettyTlsUtil.isJettyNpnConfigured()) {
                    return NPN;
                }
                throw new IllegalArgumentException("Jetty ALPN/NPN has not been properly configured.", JettyTlsUtil.getJettyAlpnUnavailabilityCause());
            case OPENSSL:
                if (OpenSsl.isAvailable()) {
                    return OpenSsl.isAlpnSupported() ? NPN_AND_ALPN : NPN;
                }
                throw new IllegalArgumentException("OpenSSL is not installed on the system.", OpenSsl.unavailabilityCause());
            default:
                throw new IllegalArgumentException("Unsupported provider: " + sslProvider);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void ensureAlpnAndH2Enabled(ApplicationProtocolNegotiator applicationProtocolNegotiator) {
        Preconditions.checkArgument(applicationProtocolNegotiator != null, "ALPN must be configured");
        Preconditions.checkArgument((applicationProtocolNegotiator.protocols() == null || applicationProtocolNegotiator.protocols().isEmpty()) ? false : true, "ALPN must be enabled and list HTTP/2 as a supported protocol.");
        Preconditions.checkArgument(applicationProtocolNegotiator.protocols().contains(HTTP2_VERSION), "This ALPN config does not support HTTP/2. Expected %s, but got %s'.", HTTP2_VERSION, applicationProtocolNegotiator.protocols());
    }
}
