package io.servicetalk.transport.netty.internal;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.servicetalk.transport.api.ServerSecurityConfigurator;
import io.servicetalk.transport.netty.internal.RequestResponseCloseHandler;
import java.io.InputStream;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/servicetalk/transport/netty/internal/SslContextFactory.class */
public final class SslContextFactory {

    /* renamed from: io.servicetalk.transport.netty.internal.SslContextFactory$1, reason: invalid class name */
    /* loaded from: input_file:io/servicetalk/transport/netty/internal/SslContextFactory$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$servicetalk$transport$api$ServerSecurityConfigurator$ClientAuth = new int[ServerSecurityConfigurator.ClientAuth.values().length];

        static {
            try {
                $SwitchMap$io$servicetalk$transport$api$ServerSecurityConfigurator$ClientAuth[ServerSecurityConfigurator.ClientAuth.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$servicetalk$transport$api$ServerSecurityConfigurator$ClientAuth[ServerSecurityConfigurator.ClientAuth.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$servicetalk$transport$api$ServerSecurityConfigurator$ClientAuth[ServerSecurityConfigurator.ClientAuth.REQUIRE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private SslContextFactory() {
    }

    public static SslContext forClient(ReadOnlyClientSecurityConfig readOnlyClientSecurityConfig, List<String> list) {
        Objects.requireNonNull(readOnlyClientSecurityConfig);
        SslContextBuilder sessionTimeout = SslContextBuilder.forClient().sessionCacheSize(readOnlyClientSecurityConfig.sessionCacheSize()).sessionTimeout(readOnlyClientSecurityConfig.sessionTimeout());
        configureTrustManager(readOnlyClientSecurityConfig, sessionTimeout);
        KeyManagerFactory keyManagerFactory = readOnlyClientSecurityConfig.keyManagerFactory();
        if (keyManagerFactory != null) {
            sessionTimeout.keyManager(keyManagerFactory);
        } else {
            InputStream inputStream = null;
            InputStream inputStream2 = null;
            try {
                inputStream = readOnlyClientSecurityConfig.keyCertChainSupplier().get();
                inputStream2 = readOnlyClientSecurityConfig.keySupplier().get();
                sessionTimeout.keyManager(inputStream, inputStream2, readOnlyClientSecurityConfig.keyPassword());
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                } finally {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                }
            } catch (Throwable th) {
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                    throw th;
                } catch (Throwable th2) {
                    inputStream2 = inputStream2;
                    throw th2;
                }
            }
        }
        sessionTimeout.sslProvider(SslUtils.toNettySslProvider(readOnlyClientSecurityConfig.provider(), !list.isEmpty()));
        sessionTimeout.protocols(readOnlyClientSecurityConfig.protocols());
        sessionTimeout.ciphers(readOnlyClientSecurityConfig.ciphers());
        sessionTimeout.applicationProtocolConfig(SslUtils.nettyApplicationProtocol(list));
        try {
            return sessionTimeout.build();
        } catch (SSLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    /* JADX WARN: Finally extract failed */
    public static SslContext forServer(ReadOnlyServerSecurityConfig readOnlyServerSecurityConfig, List<String> list) {
        SslContextBuilder forServer;
        Objects.requireNonNull(readOnlyServerSecurityConfig);
        KeyManagerFactory keyManagerFactory = readOnlyServerSecurityConfig.keyManagerFactory();
        if (keyManagerFactory != null) {
            forServer = SslContextBuilder.forServer(keyManagerFactory);
        } else {
            InputStream inputStream = null;
            InputStream inputStream2 = null;
            try {
                inputStream = readOnlyServerSecurityConfig.keyCertChainSupplier().get();
                inputStream2 = readOnlyServerSecurityConfig.keySupplier().get();
                forServer = SslContextBuilder.forServer(inputStream, inputStream2, readOnlyServerSecurityConfig.keyPassword());
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                } finally {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                }
            } catch (Throwable th) {
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                    throw th;
                } catch (Throwable th2) {
                    inputStream2 = inputStream2;
                    throw th2;
                }
            }
        }
        forServer.sessionCacheSize(readOnlyServerSecurityConfig.sessionCacheSize()).sessionTimeout(readOnlyServerSecurityConfig.sessionTimeout()).applicationProtocolConfig(SslUtils.nettyApplicationProtocol(list));
        switch (AnonymousClass1.$SwitchMap$io$servicetalk$transport$api$ServerSecurityConfigurator$ClientAuth[readOnlyServerSecurityConfig.clientAuth().ordinal()]) {
            case RequestResponseCloseHandler.State.READ /* 1 */:
                forServer.clientAuth(ClientAuth.NONE);
                break;
            case RequestResponseCloseHandler.State.WRITE /* 2 */:
                forServer.clientAuth(ClientAuth.OPTIONAL);
                break;
            case RequestResponseCloseHandler.State.MASK_IDLE /* 3 */:
                forServer.clientAuth(ClientAuth.REQUIRE);
                break;
            default:
                throw new IllegalArgumentException("Unsupported ClientAuth value: " + readOnlyServerSecurityConfig.clientAuth());
        }
        configureTrustManager(readOnlyServerSecurityConfig, forServer);
        forServer.protocols(readOnlyServerSecurityConfig.protocols());
        forServer.ciphers(readOnlyServerSecurityConfig.ciphers());
        forServer.sslProvider(SslUtils.toNettySslProvider(readOnlyServerSecurityConfig.provider(), !list.isEmpty()));
        try {
            return forServer.build();
        } catch (SSLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static void configureTrustManager(ReadOnlySecurityConfig readOnlySecurityConfig, SslContextBuilder sslContextBuilder) {
        if (readOnlySecurityConfig.trustManagerFactory() != null) {
            sslContextBuilder.trustManager(readOnlySecurityConfig.trustManagerFactory());
            return;
        }
        InputStream inputStream = readOnlySecurityConfig.trustCertChainSupplier().get();
        try {
            sslContextBuilder.trustManager(inputStream);
        } finally {
            BuilderUtils.closeAndRethrowUnchecked(inputStream);
        }
    }
}
