package org.apache.nifi.processors.grpc.ssl;

import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;

/* loaded from: input_file:org/apache/nifi/processors/grpc/ssl/SslContextProvider.class */
public class SslContextProvider {
    private static final boolean START_TLS = false;
    private static final String H2_PROTOCOL = "h2";

    public static SslContext getSslContext(SSLContextService sSLContextService, boolean z) {
        SSLContext createContext = sSLContextService.createContext();
        TlsConfiguration createTlsConfiguration = sSLContextService.createTlsConfiguration();
        return new JdkSslContext(createContext, z, Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{H2_PROTOCOL}), StringUtils.isBlank(createTlsConfiguration.getTruststorePath()) ? ClientAuth.NONE : ClientAuth.REQUIRE, createTlsConfiguration.getEnabledProtocols(), false);
    }
}
