package io.servicetalk.transport.netty.internal;

import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.servicetalk.transport.api.ClientSslConfig;
import io.servicetalk.transport.api.ServerSslConfig;
import io.servicetalk.transport.api.SslClientAuthMode;
import io.servicetalk.transport.api.SslConfig;
import java.io.InputStream;
import java.util.List;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/servicetalk/transport/netty/internal/SslContextFactory.class */
public final class SslContextFactory {

    /* renamed from: io.servicetalk.transport.netty.internal.SslContextFactory$1, reason: invalid class name */
    /* loaded from: input_file:io/servicetalk/transport/netty/internal/SslContextFactory$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$servicetalk$transport$api$SslClientAuthMode = new int[SslClientAuthMode.values().length];

        static {
            try {
                $SwitchMap$io$servicetalk$transport$api$SslClientAuthMode[SslClientAuthMode.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$servicetalk$transport$api$SslClientAuthMode[SslClientAuthMode.OPTIONAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$servicetalk$transport$api$SslClientAuthMode[SslClientAuthMode.REQUIRE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    private SslContextFactory() {
    }

    public static SslContext forClient(ClientSslConfig clientSslConfig) {
        SslContextBuilder sessionTimeout = SslContextBuilder.forClient().sessionCacheSize(clientSslConfig.sessionCacheSize()).sessionTimeout(clientSslConfig.sessionTimeout());
        configureTrustManager(clientSslConfig, sessionTimeout);
        KeyManagerFactory keyManagerFactory = clientSslConfig.keyManagerFactory();
        if (keyManagerFactory != null) {
            sessionTimeout.keyManager(keyManagerFactory);
        } else {
            InputStream inputStream = null;
            InputStream inputStream2 = null;
            try {
                inputStream = (InputStream) supplierNullSafe(clientSslConfig.keyCertChainSupplier());
                inputStream2 = (InputStream) supplierNullSafe(clientSslConfig.keySupplier());
                sessionTimeout.keyManager(inputStream, inputStream2, clientSslConfig.keyPassword());
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                } finally {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                }
            } catch (Throwable th) {
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                    throw th;
                } catch (Throwable th2) {
                    inputStream2 = inputStream2;
                    throw th2;
                }
            }
        }
        List alpnProtocols = clientSslConfig.alpnProtocols();
        sessionTimeout.sslProvider(SslUtils.toNettySslProvider(clientSslConfig.provider(), (alpnProtocols == null || alpnProtocols.isEmpty()) ? false : true));
        sessionTimeout.protocols(clientSslConfig.sslProtocols());
        sessionTimeout.ciphers(clientSslConfig.ciphers());
        sessionTimeout.applicationProtocolConfig(SslUtils.nettyApplicationProtocol(alpnProtocols));
        try {
            return sessionTimeout.build();
        } catch (SSLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    /* JADX WARN: Finally extract failed */
    public static SslContext forServer(ServerSslConfig serverSslConfig) {
        SslContextBuilder forServer;
        KeyManagerFactory keyManagerFactory = serverSslConfig.keyManagerFactory();
        if (keyManagerFactory != null) {
            forServer = SslContextBuilder.forServer(keyManagerFactory);
        } else {
            InputStream inputStream = null;
            InputStream inputStream2 = null;
            try {
                inputStream = (InputStream) supplierNullSafe(serverSslConfig.keyCertChainSupplier());
                inputStream2 = (InputStream) supplierNullSafe(serverSslConfig.keySupplier());
                forServer = SslContextBuilder.forServer(inputStream, inputStream2, serverSslConfig.keyPassword());
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                } finally {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                }
            } catch (Throwable th) {
                try {
                    BuilderUtils.closeAndRethrowUnchecked(inputStream);
                    BuilderUtils.closeAndRethrowUnchecked(inputStream2);
                    throw th;
                } catch (Throwable th2) {
                    inputStream2 = inputStream2;
                    throw th2;
                }
            }
        }
        List alpnProtocols = serverSslConfig.alpnProtocols();
        forServer.sessionCacheSize(serverSslConfig.sessionCacheSize()).sessionTimeout(serverSslConfig.sessionTimeout()).applicationProtocolConfig(SslUtils.nettyApplicationProtocol(alpnProtocols));
        switch (AnonymousClass1.$SwitchMap$io$servicetalk$transport$api$SslClientAuthMode[serverSslConfig.clientAuthMode().ordinal()]) {
            case 1:
                forServer.clientAuth(ClientAuth.NONE);
                break;
            case 2:
                forServer.clientAuth(ClientAuth.OPTIONAL);
                break;
            case 3:
                forServer.clientAuth(ClientAuth.REQUIRE);
                break;
            default:
                throw new IllegalArgumentException("Unsupported: " + serverSslConfig.clientAuthMode());
        }
        configureTrustManager(serverSslConfig, forServer);
        forServer.protocols(serverSslConfig.sslProtocols());
        forServer.ciphers(serverSslConfig.ciphers());
        forServer.sslProvider(SslUtils.toNettySslProvider(serverSslConfig.provider(), (alpnProtocols == null || alpnProtocols.isEmpty()) ? false : true));
        try {
            return forServer.build();
        } catch (SSLException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private static void configureTrustManager(SslConfig sslConfig, SslContextBuilder sslContextBuilder) {
        if (sslConfig.trustManagerFactory() != null) {
            sslContextBuilder.trustManager(sslConfig.trustManagerFactory());
            return;
        }
        InputStream inputStream = (InputStream) supplierNullSafe(sslConfig.trustCertChainSupplier());
        try {
            sslContextBuilder.trustManager(inputStream);
        } finally {
            BuilderUtils.closeAndRethrowUnchecked(inputStream);
        }
    }

    @Nullable
    private static <T> T supplierNullSafe(@Nullable Supplier<T> supplier) {
        if (supplier == null) {
            return null;
        }
        return supplier.get();
    }
}
