package org.asynchttpclient.netty.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.util.ReferenceCountUtil;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import org.asynchttpclient.AsyncHttpClientConfig;
import org.asynchttpclient.util.MiscUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/async-http-client-2.12.1.jar:org/asynchttpclient/netty/ssl/DefaultSslEngineFactory.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-io-kafka-connect-adaptor-2.7.1.4.jar:META-INF/bundled-dependencies/async-http-client-2.12.1.jar:org/asynchttpclient/netty/ssl/DefaultSslEngineFactory.class */
public class DefaultSslEngineFactory extends SslEngineFactoryBase {
    private volatile SslContext sslContext;

    private SslContext buildSslContext(AsyncHttpClientConfig asyncHttpClientConfig) throws SSLException {
        if (asyncHttpClientConfig.getSslContext() != null) {
            return asyncHttpClientConfig.getSslContext();
        }
        SslContextBuilder sessionTimeout = SslContextBuilder.forClient().sslProvider(asyncHttpClientConfig.isUseOpenSsl() ? SslProvider.OPENSSL : SslProvider.JDK).sessionCacheSize(asyncHttpClientConfig.getSslSessionCacheSize()).sessionTimeout(asyncHttpClientConfig.getSslSessionTimeout());
        if (MiscUtils.isNonEmpty(asyncHttpClientConfig.getEnabledProtocols())) {
            sessionTimeout.protocols(asyncHttpClientConfig.getEnabledProtocols());
        }
        if (MiscUtils.isNonEmpty(asyncHttpClientConfig.getEnabledCipherSuites())) {
            sessionTimeout.ciphers(Arrays.asList(asyncHttpClientConfig.getEnabledCipherSuites()));
        } else if (!asyncHttpClientConfig.isFilterInsecureCipherSuites()) {
            sessionTimeout.ciphers(null, IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS);
        }
        if (asyncHttpClientConfig.isUseInsecureTrustManager()) {
            sessionTimeout.trustManager(InsecureTrustManagerFactory.INSTANCE);
        }
        return configureSslContextBuilder(sessionTimeout).build();
    }

    @Override // org.asynchttpclient.SslEngineFactory
    public SSLEngine newSslEngine(AsyncHttpClientConfig asyncHttpClientConfig, String str, int i) {
        SSLEngine newEngine = asyncHttpClientConfig.isDisableHttpsEndpointIdentificationAlgorithm() ? this.sslContext.newEngine(ByteBufAllocator.DEFAULT) : this.sslContext.newEngine(ByteBufAllocator.DEFAULT, domain(str), i);
        configureSslEngine(newEngine, asyncHttpClientConfig);
        return newEngine;
    }

    @Override // org.asynchttpclient.SslEngineFactory
    public void init(AsyncHttpClientConfig asyncHttpClientConfig) throws SSLException {
        this.sslContext = buildSslContext(asyncHttpClientConfig);
    }

    @Override // org.asynchttpclient.SslEngineFactory
    public void destroy() {
        ReferenceCountUtil.release(this.sslContext);
    }

    protected SslContextBuilder configureSslContextBuilder(SslContextBuilder sslContextBuilder) {
        return sslContextBuilder;
    }
}
