package org.infinispan.server.core.utils;

import io.netty.handler.ssl.AlpnHackedJdkSslContext;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.CipherSuiteFilter;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import org.infinispan.commons.util.SslContextFactory;
import org.infinispan.server.core.configuration.SslConfiguration;
import org.infinispan.server.core.configuration.SslEngineConfiguration;

/* loaded from: input_file:org/infinispan/server/core/utils/SslUtils.class */
public class SslUtils {
    public static JdkSslContext createNettySslContext(SslConfiguration sslConfiguration, SslEngineConfiguration sslEngineConfiguration, ApplicationProtocolConfig applicationProtocolConfig) {
        return createSslContext(createJdkSslContext(sslConfiguration, sslEngineConfiguration), requireClientAuth(sslConfiguration), applicationProtocolConfig);
    }

    public static SSLContext createJdkSslContext(SslConfiguration sslConfiguration, SslEngineConfiguration sslEngineConfiguration) {
        return sslEngineConfiguration.sslContext() != null ? sslEngineConfiguration.sslContext() : SslContextFactory.getContext(sslEngineConfiguration.keyStoreFileName(), sslEngineConfiguration.keyStoreType(), sslEngineConfiguration.keyStorePassword(), sslEngineConfiguration.keyStoreCertificatePassword(), sslEngineConfiguration.keyAlias(), sslEngineConfiguration.trustStoreFileName(), sslEngineConfiguration.trustStoreType(), sslEngineConfiguration.trustStorePassword(), sslEngineConfiguration.protocol(), (ClassLoader) null);
    }

    private static JdkSslContext createSslContext(SSLContext sSLContext, ClientAuth clientAuth, ApplicationProtocolConfig applicationProtocolConfig) {
        String[] supportedCipherSuites = SslContextFactory.getEngine(sSLContext, false, clientAuth == ClientAuth.REQUIRE).getSupportedCipherSuites();
        return (applicationProtocolConfig == null || isJdkAlpn()) ? new JdkSslContext(sSLContext, false, (Iterable<String>) Arrays.asList(supportedCipherSuites), (CipherSuiteFilter) IdentityCipherSuiteFilter.INSTANCE, applicationProtocolConfig, clientAuth, (String[]) null, false) : new AlpnHackedJdkSslContext(sSLContext, false, Arrays.asList(supportedCipherSuites), IdentityCipherSuiteFilter.INSTANCE, applicationProtocolConfig, clientAuth);
    }

    private static ClientAuth requireClientAuth(SslConfiguration sslConfiguration) {
        return sslConfiguration.requireClientAuth() ? ClientAuth.REQUIRE : ClientAuth.NONE;
    }

    private static boolean isJdkAlpn() {
        return !SecurityActions.getSystemProperty("java.version").startsWith("1.8");
    }
}
