package org.springframework.cloud.gateway.config;

import io.grpc.ManagedChannel;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import javax.net.ssl.SSLException;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.SslBundles;
import org.springframework.cloud.gateway.config.HttpClientProperties;

/* loaded from: input_file:org/springframework/cloud/gateway/config/GrpcSslConfigurer.class */
public class GrpcSslConfigurer extends AbstractSslConfigurer<NettyChannelBuilder, ManagedChannel> {
    public GrpcSslConfigurer(HttpClientProperties.Ssl ssl, SslBundles sslBundles) {
        super(ssl, sslBundles);
    }

    @Override // org.springframework.cloud.gateway.config.AbstractSslConfigurer
    public ManagedChannel configureSsl(NettyChannelBuilder nettyChannelBuilder) throws SSLException {
        return nettyChannelBuilder.useTransportSecurity().sslContext(getSslContext()).build();
    }

    private SslContext getSslContext() throws SSLException {
        SslContextBuilder forClient = GrpcSslContexts.forClient();
        HttpClientProperties.Ssl sslProperties = getSslProperties();
        boolean isUseInsecureTrustManager = sslProperties.isUseInsecureTrustManager();
        SslBundle bundle = getBundle();
        if (isUseInsecureTrustManager) {
            forClient.trustManager(InsecureTrustManagerFactory.INSTANCE.getTrustManagers()[0]);
        }
        if (!isUseInsecureTrustManager && sslProperties.getTrustedX509Certificates().size() > 0) {
            forClient.trustManager(getTrustedX509CertificatesForTrustManager());
        } else if (bundle != null) {
            forClient.trustManager(bundle.getManagers().getTrustManagerFactory());
        }
        if (bundle != null) {
            forClient.keyManager(bundle.getManagers().getKeyManagerFactory());
        } else {
            forClient.keyManager(getKeyManagerFactory());
        }
        return forClient.build();
    }
}
