package org.zodiac.server.proxy.tls;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.util.Map;
import org.zodiac.commons.util.Colls;
import org.zodiac.commons.util.Strings;
import org.zodiac.server.proxy.config.ProxyConfigOptions;
import org.zodiac.server.proxy.config.ProxyTlsOption;
import org.zodiac.server.proxy.http.config.HttpProtocolHttp20Option;
import org.zodiac.server.proxy.http.config.HttpProxyConfigOptions;
import org.zodiac.server.proxy.http.http2.Http2Exception;

/* loaded from: input_file:org/zodiac/server/proxy/tls/SelfSignedSslALPNContextFactory.class */
public class SelfSignedSslALPNContextFactory {
    private static final Map<Byte, SslContext> SSL_CONTEXT_CACHE = Colls.map();

    public static SslContext sslContext(ProxyConfigOptions proxyConfigOptions, HttpProxyConfigOptions httpProxyConfigOptions) {
        if (null == proxyConfigOptions) {
            return null;
        }
        Byte valueOf = Byte.valueOf(proxyConfigOptions.getId());
        SslContext sslContext = SSL_CONTEXT_CACHE.get(valueOf);
        if (null == sslContext) {
            synchronized (proxyConfigOptions) {
                sslContext = SSL_CONTEXT_CACHE.get(valueOf);
                if (null == sslContext) {
                    sslContext = create(proxyConfigOptions, httpProxyConfigOptions);
                    SSL_CONTEXT_CACHE.putIfAbsent(valueOf, sslContext);
                }
            }
        }
        return sslContext;
    }

    private static SslContext create(ProxyConfigOptions proxyConfigOptions, HttpProxyConfigOptions httpProxyConfigOptions) {
        try {
            ProxyTlsOption tlsOptions = proxyConfigOptions.getTlsOptions();
            String certificateFile = tlsOptions.getCertificateFile();
            boolean z = false;
            File file = null;
            if (Strings.isNotEmpty(certificateFile)) {
                file = new File(certificateFile);
                if (file.isFile()) {
                    z = true;
                }
            }
            String privateKeyFile = tlsOptions.getPrivateKeyFile();
            boolean z2 = false;
            File file2 = null;
            if (Strings.isNotEmpty(privateKeyFile)) {
                file2 = new File(privateKeyFile);
                if (file2.isFile()) {
                    z2 = true;
                }
            }
            if (!z || !z2) {
                SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
                file = selfSignedCertificate.certificate();
                file2 = selfSignedCertificate.privateKey();
            }
            String privateKeyPassword = tlsOptions.getPrivateKeyPassword();
            if (Strings.isEmpty(privateKeyPassword)) {
                privateKeyPassword = null;
            }
            return SslContextBuilder.forServer(file, file2, privateKeyPassword).clientAuth(ClientAuth.NONE).ciphers(SelfSignedSslALPNContextConstant.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, listProtocols(httpProxyConfigOptions.getProtocolOptions().getHttp20Options()))).build();
        } catch (Exception e) {
            e.printStackTrace();
            throw new Http2Exception(e.getMessage(), e);
        }
    }

    private static String[] listProtocols(HttpProtocolHttp20Option httpProtocolHttp20Option) {
        return httpProtocolHttp20Option.isEnabled() ? new String[]{"h2", "http/1.1"} : new String[]{"http/1.1"};
    }
}
