package org.infinispan.client.hotrod.impl.transport.netty;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import java.io.File;
import java.util.Collections;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.infinispan.client.hotrod.configuration.Configuration;
import org.infinispan.client.hotrod.configuration.SslConfiguration;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.util.SslContextFactory;

/* loaded from: input_file:org/infinispan/client/hotrod/impl/transport/netty/SslHandlerHelper.class */
public class SslHandlerHelper {
    public static SslHandler createSslHandler(Configuration configuration, ByteBufAllocator byteBufAllocator, String... strArr) {
        SslContext jdkSslContext;
        SslConfiguration ssl = configuration.security().ssl();
        SSLContext sslContext = ssl.sslContext();
        if (sslContext == null) {
            SslContextBuilder forClient = SslContextBuilder.forClient();
            try {
                if (ssl.keyStoreFileName() != null) {
                    forClient.keyManager(SslContextFactory.getKeyManagerFactory(ssl.keyStoreFileName(), ssl.keyStoreType(), ssl.keyStorePassword(), ssl.keyStoreCertificatePassword(), ssl.keyAlias(), configuration.classLoader()));
                }
                if (ssl.trustStoreFileName() != null) {
                    forClient.trustManager(SslContextFactory.getTrustManagerFactory(ssl.trustStoreFileName(), ssl.trustStoreType(), ssl.trustStorePassword(), configuration.classLoader()));
                }
                if (ssl.trustStorePath() != null) {
                    forClient.trustManager(new File(ssl.trustStorePath()));
                }
                if (ssl.protocol() != null) {
                    forClient.protocols(new String[]{ssl.protocol()});
                }
                if (strArr != null && strArr.length > 0) {
                    forClient.sslProvider(OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK);
                    forClient.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, strArr));
                }
                jdkSslContext = forClient.build();
            } catch (Exception e) {
                throw new CacheConfigurationException(e);
            }
        } else {
            jdkSslContext = new JdkSslContext(sslContext, true, ClientAuth.NONE);
        }
        SslHandler newHandler = jdkSslContext.newHandler(byteBufAllocator, ssl.sniHostName(), -1);
        if (ssl.sniHostName() != null) {
            SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
            sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(ssl.sniHostName())));
            newHandler.engine().setSSLParameters(sSLParameters);
        }
        return newHandler;
    }
}
