package io.servicetalk.transport.netty.internal;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.ReferenceCountUtil;
import io.servicetalk.transport.api.ClientSslConfig;
import io.servicetalk.transport.api.SslProvider;
import io.servicetalk.transport.netty.internal.RequestResponseCloseHandler;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:io/servicetalk/transport/netty/internal/SslUtils.class */
final class SslUtils {

    /* renamed from: io.servicetalk.transport.netty.internal.SslUtils$1, reason: invalid class name */
    /* loaded from: input_file:io/servicetalk/transport/netty/internal/SslUtils$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$servicetalk$transport$api$SslProvider = new int[SslProvider.values().length];

        static {
            try {
                $SwitchMap$io$servicetalk$transport$api$SslProvider[SslProvider.JDK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$servicetalk$transport$api$SslProvider[SslProvider.OPENSSL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    private SslUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslHandler newHandler(SslContext sslContext, ByteBufAllocator byteBufAllocator, ClientSslConfig clientSslConfig) {
        SslHandler newHandler = sslContext.newHandler(byteBufAllocator, clientSslConfig.peerHost(), clientSslConfig.peerPort());
        SSLEngine engine = newHandler.engine();
        try {
            String hostnameVerificationAlgorithm = clientSslConfig.hostnameVerificationAlgorithm();
            String sniHostname = clientSslConfig.sniHostname();
            SSLParameters sSLParameters = engine.getSSLParameters();
            if (hostnameVerificationAlgorithm != null) {
                sSLParameters.setEndpointIdentificationAlgorithm(hostnameVerificationAlgorithm);
            }
            if (sniHostname != null) {
                sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(sniHostname)));
            }
            engine.setSSLParameters(sSLParameters);
            return newHandler;
        } catch (Throwable th) {
            ReferenceCountUtil.release(engine);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslHandler newHandler(SslContext sslContext, ByteBufAllocator byteBufAllocator) {
        return sslContext.newHandler(byteBufAllocator);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ApplicationProtocolConfig nettyApplicationProtocol(@Nullable List<String> list) {
        return (list == null || list.isEmpty()) ? ApplicationProtocolConfig.DISABLED : new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, list);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nullable
    public static io.netty.handler.ssl.SslProvider toNettySslProvider(@Nullable SslProvider sslProvider, boolean z) {
        if (sslProvider == null) {
            if (!z) {
                return null;
            }
            if (io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL)) {
                return io.netty.handler.ssl.SslProvider.OPENSSL;
            }
            if (io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.JDK)) {
                return io.netty.handler.ssl.SslProvider.JDK;
            }
            throw new IllegalStateException("ALPN configured but not supported by the current classpath: add OPENSSL support (https://netty.io/wiki/forked-tomcat-native.html) or configure ALPN for JDK (https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html)");
        }
        switch (AnonymousClass1.$SwitchMap$io$servicetalk$transport$api$SslProvider[sslProvider.ordinal()]) {
            case RequestResponseCloseHandler.State.READ /* 1 */:
                if (!z || io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.JDK)) {
                    return io.netty.handler.ssl.SslProvider.JDK;
                }
                throw new IllegalStateException("ALPN configured but not supported by the current classpath. For more information, see https://www.eclipse.org/jetty/documentation/current/alpn-chapter.html");
            case RequestResponseCloseHandler.State.WRITE /* 2 */:
                OpenSsl.ensureAvailability();
                if (!z || io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL)) {
                    return io.netty.handler.ssl.SslProvider.OPENSSL;
                }
                throw new IllegalStateException("ALPN configured but not supported by installed version of OpenSSL");
            default:
                throw new Error("Unknown SSL provider specified: " + sslProvider);
        }
    }
}
