package org.apache.nifi.event.transport.netty.channel.ssl;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslHandler;
import java.util.List;
import java.util.Objects;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.nifi.event.transport.netty.channel.StandardChannelInitializer;
import org.apache.nifi.security.util.ClientAuth;

/* loaded from: input_file:WEB-INF/lib/nifi-event-transport-1.15.1.jar:org/apache/nifi/event/transport/netty/channel/ssl/ServerSslHandlerChannelInitializer.class */
public class ServerSslHandlerChannelInitializer<T extends Channel> extends StandardChannelInitializer<T> {
    private final SSLContext sslContext;
    private final ClientAuth clientAuth;

    public ServerSslHandlerChannelInitializer(Supplier<List<ChannelHandler>> supplier, SSLContext sSLContext, ClientAuth clientAuth) {
        super(supplier);
        this.sslContext = (SSLContext) Objects.requireNonNull(sSLContext, "SSLContext is required");
        this.clientAuth = (ClientAuth) Objects.requireNonNull(clientAuth, "ClientAuth is required");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.event.transport.netty.channel.StandardChannelInitializer, io.netty.channel.ChannelInitializer
    public void initChannel(Channel channel) {
        channel.pipeline().addLast(newSslHandler());
        super.initChannel(channel);
    }

    private SslHandler newSslHandler() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        if (ClientAuth.REQUIRED.equals(this.clientAuth)) {
            createSSLEngine.setNeedClientAuth(true);
        } else if (ClientAuth.WANT.equals(this.clientAuth)) {
            createSSLEngine.setWantClientAuth(true);
        }
        return new SslHandler(createSSLEngine);
    }
}
