package org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls;

import io.grpc.netty.shaded.io.netty.handler.ssl.ApplicationProtocolConfig;
import io.grpc.netty.shaded.io.netty.handler.ssl.ClientAuth;
import io.grpc.netty.shaded.io.netty.handler.ssl.OpenSsl;
import io.grpc.netty.shaded.io.netty.handler.ssl.OpenSslServerContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.OpenSslServerSessionContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslProvider;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/jetcd-core-shaded-3.3.3.2.jar:org/apache/pulsar/jetcd/shaded/io/vertx/core/spi/tls/DefaultSslContextFactory.class */
public class DefaultSslContextFactory implements SslContextFactory {
    private final SslProvider sslProvider;
    private final boolean sslSessionCacheEnabled;
    private Set<String> enabledCipherSuites;
    private List<String> applicationProtocols;
    private boolean useAlpn;
    private ClientAuth clientAuth;
    private boolean forClient;
    private KeyManagerFactory kmf;
    private TrustManagerFactory tmf;

    public DefaultSslContextFactory(SslProvider sslProvider, boolean z) {
        this.sslProvider = sslProvider;
        this.sslSessionCacheEnabled = z;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory useAlpn(boolean z) {
        this.useAlpn = z;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory clientAuth(ClientAuth clientAuth) {
        this.clientAuth = clientAuth;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory forClient(boolean z) {
        this.forClient = z;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory keyMananagerFactory(KeyManagerFactory keyManagerFactory) {
        this.kmf = keyManagerFactory;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory trustManagerFactory(TrustManagerFactory trustManagerFactory) {
        this.tmf = trustManagerFactory;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContext create() throws SSLException {
        return createContext(this.useAlpn, this.forClient, this.kmf, this.tmf);
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory enabledCipherSuites(Set<String> set) {
        this.enabledCipherSuites = set;
        return this;
    }

    @Override // org.apache.pulsar.jetcd.shaded.io.vertx.core.spi.tls.SslContextFactory
    public SslContextFactory applicationProtocols(List<String> list) {
        this.applicationProtocols = list;
        return this;
    }

    private SslContext createContext(boolean z, boolean z2, KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory) throws SSLException {
        SslContextBuilder forServer;
        ApplicationProtocolConfig.SelectorFailureBehavior selectorFailureBehavior;
        ApplicationProtocolConfig.SelectedListenerFailureBehavior selectedListenerFailureBehavior;
        if (z2) {
            forServer = SslContextBuilder.forClient();
            if (keyManagerFactory != null) {
                forServer.keyManager(keyManagerFactory);
            }
        } else {
            forServer = SslContextBuilder.forServer(keyManagerFactory);
        }
        Collection collection = this.enabledCipherSuites;
        switch (this.sslProvider) {
            case OPENSSL:
                forServer.sslProvider(SslProvider.OPENSSL);
                if (collection == null || collection.isEmpty()) {
                    collection = OpenSsl.availableOpenSslCipherSuites();
                    break;
                }
                break;
            case JDK:
                forServer.sslProvider(SslProvider.JDK);
                if (collection == null || collection.isEmpty()) {
                    collection = DefaultJDKCipherSuite.get();
                    break;
                }
                break;
            default:
                throw new UnsupportedOperationException();
        }
        if (trustManagerFactory != null) {
            forServer.trustManager(trustManagerFactory);
        }
        if (collection != null && collection.size() > 0) {
            forServer.ciphers(collection);
        }
        if (z && this.applicationProtocols != null && this.applicationProtocols.size() > 0) {
            if (this.sslProvider == SslProvider.JDK) {
                selectorFailureBehavior = ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT;
                selectedListenerFailureBehavior = ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT;
            } else {
                selectorFailureBehavior = ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE;
                selectedListenerFailureBehavior = ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT;
            }
            forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, selectorFailureBehavior, selectedListenerFailureBehavior, (Iterable<String>) this.applicationProtocols));
        }
        if (this.clientAuth != null) {
            forServer.clientAuth(this.clientAuth);
        }
        SslContext build = forServer.build();
        if (build instanceof OpenSslServerContext) {
            SSLSessionContext sessionContext = build.sessionContext();
            if (sessionContext instanceof OpenSslServerSessionContext) {
                ((OpenSslServerSessionContext) sessionContext).setSessionCacheEnabled(this.sslSessionCacheEnabled);
            }
        }
        return build;
    }
}
