package io.trane.ndbc.netty4;

import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.trane.future.Future;
import io.trane.ndbc.Config;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Optional;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:io/trane/ndbc/netty4/InitSSLHandler.class */
public class InitSSLHandler {
    public Future<Void> apply(String str, int i, Optional<Config.SSL> optional, NettyChannel nettyChannel) {
        return (Future) optional.map(ssl -> {
            SslContextBuilder forClient = SslContextBuilder.forClient();
            if (ssl.mode() == Config.SSL.Mode.VERIFY_CA || ssl.mode() == Config.SSL.Mode.VERIFY_FULL) {
                Optional rootCert = ssl.rootCert();
                forClient.getClass();
                rootCert.map(forClient::trustManager).orElseGet(() -> {
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        FileInputStream fileInputStream = new FileInputStream(System.getProperty("java.home") + "/lib/security/cacerts");
                        try {
                            keyStore.load(fileInputStream, "changeit".toCharArray());
                            fileInputStream.close();
                            trustManagerFactory.init(keyStore);
                            return forClient.trustManager(trustManagerFactory);
                        } catch (Throwable th) {
                            fileInputStream.close();
                            throw th;
                        }
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                });
            } else {
                forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
            }
            try {
                SslContext build = forClient.build();
                return nettyChannel.ctx().onSuccess(channelHandlerContext -> {
                    SSLEngine newEngine = build.newEngine(channelHandlerContext.alloc(), str, i);
                    if (ssl.mode() == Config.SSL.Mode.VERIFY_FULL) {
                        SSLParameters sSLParameters = newEngine.getSSLParameters();
                        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
                        newEngine.setSSLParameters(sSLParameters);
                    }
                    channelHandlerContext.pipeline().addFirst(new ChannelHandler[]{new SslHandler(newEngine)});
                }).voided();
            } catch (SSLException e) {
                throw new RuntimeException(e);
            }
        }).orElse(Future.VOID);
    }
}
