package io.esastack.codec.common.ssl;

import esa.commons.StringUtils;
import esa.commons.logging.Logger;
import esa.commons.logging.LoggerFactory;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import java.io.IOException;
import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;

/* loaded from: input_file:io/esastack/codec/common/ssl/SslContextBuilder.class */
public class SslContextBuilder {
    private static final Logger logger = LoggerFactory.getLogger(SslContextBuilder.class);
    private InputStream certificate;
    private InputStream privateKey;
    private String keyPassword;
    private InputStream trustCertificates;
    private String[] ciphers;
    private String[] enabledProtocols;
    private long handshakeTimeoutMillis = 3000;

    private static SslProvider findSslProvider() {
        if (OpenSsl.isAvailable()) {
            logger.info("Using OPENSSL provider.");
            return SslProvider.OPENSSL;
        }
        if (!checkJdkProvider()) {
            throw new IllegalStateException("Could not find any valid TLS provider, please check your dependency or deployment environment, usually netty-tcnative, Conscrypt, or Jetty NPN/ALPN is needed.");
        }
        logger.info("Using JDK provider.");
        return SslProvider.JDK;
    }

    private static boolean checkJdkProvider() {
        Provider[] providers = Security.getProviders("SSLContext.TLS");
        return providers != null && providers.length > 0;
    }

    public SslContext buildServer() throws IOException {
        if (this.certificate == null) {
            throw new IllegalArgumentException("[TLS]certificate must be set， please check builder code");
        }
        if (this.privateKey == null) {
            throw new IllegalArgumentException("[TLS]privateKey must be set.please check builder code");
        }
        io.netty.handler.ssl.SslContextBuilder forServer = StringUtils.isBlank(this.keyPassword) ? io.netty.handler.ssl.SslContextBuilder.forServer(this.certificate, this.privateKey) : io.netty.handler.ssl.SslContextBuilder.forServer(this.certificate, this.privateKey, this.keyPassword);
        forServer.sslProvider(findSslProvider());
        if (this.trustCertificates != null) {
            forServer.trustManager(this.trustCertificates);
        }
        forServer.clientAuth(ClientAuth.OPTIONAL);
        if (this.ciphers != null && this.ciphers.length > 0) {
            forServer.ciphers(Arrays.asList(this.ciphers));
        }
        return forServer.build();
    }

    public SslContext buildClient() throws Exception {
        io.netty.handler.ssl.SslContextBuilder forClient = io.netty.handler.ssl.SslContextBuilder.forClient();
        if (this.certificate != null && this.privateKey != null) {
            if (StringUtils.isBlank(this.keyPassword)) {
                forClient.keyManager(this.certificate, this.privateKey);
            } else {
                forClient.keyManager(this.certificate, this.privateKey, this.keyPassword);
            }
        }
        if (this.trustCertificates != null) {
            forClient.trustManager(this.trustCertificates);
        }
        forClient.sslProvider(findSslProvider());
        return forClient.build();
    }

    public SslContextBuilder setCertificate(InputStream inputStream) {
        this.certificate = inputStream;
        return this;
    }

    public SslContextBuilder setPrivateKey(InputStream inputStream) {
        this.privateKey = inputStream;
        return this;
    }

    public SslContextBuilder setCiphers(String[] strArr) {
        this.ciphers = strArr;
        return this;
    }

    public long getHandshakeTimeoutMillis() {
        return this.handshakeTimeoutMillis;
    }

    public SslContextBuilder setHandshakeTimeoutMillis(long j) {
        this.handshakeTimeoutMillis = j;
        return this;
    }

    public String[] getEnabledProtocols() {
        return this.enabledProtocols;
    }

    public SslContextBuilder setEnabledProtocols(String[] strArr) {
        this.enabledProtocols = strArr;
        return this;
    }

    public String getKeyPassword() {
        return this.keyPassword;
    }

    public SslContextBuilder setKeyPassword(String str) {
        this.keyPassword = str;
        return this;
    }

    public InputStream getTrustCertificates() {
        return this.trustCertificates;
    }

    public SslContextBuilder setTrustCertificates(InputStream inputStream) {
        this.trustCertificates = inputStream;
        return this;
    }
}
