package io.micronaut.http.client.ssl;

import io.micronaut.core.annotation.Internal;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.http.ssl.ClientAuthentication;
import io.micronaut.http.ssl.ClientSslConfiguration;
import io.micronaut.http.ssl.SslBuilder;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.http.ssl.SslConfigurationException;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.util.Arrays;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;

@Singleton
@Internal
/* loaded from: input_file:io/micronaut/http/client/ssl/NettyClientSslBuilder.class */
public class NettyClientSslBuilder extends SslBuilder<SslContext> {
    @Inject
    public NettyClientSslBuilder(ClientSslConfiguration clientSslConfiguration, ResourceResolver resourceResolver) {
        super(clientSslConfiguration, resourceResolver);
    }

    public NettyClientSslBuilder(SslConfiguration sslConfiguration) {
        super(sslConfiguration, new ResourceResolver());
    }

    public SslConfiguration getSslConfiguration() {
        return this.ssl;
    }

    public Optional<SslContext> build() {
        if (!this.ssl.isEnabled()) {
            return Optional.empty();
        }
        SslContextBuilder trustManager = SslContextBuilder.forClient().keyManager(getKeyManagerFactory()).trustManager(getTrustManagerFactory());
        if (this.ssl.getProtocols().isPresent()) {
            trustManager.protocols((String[]) this.ssl.getProtocols().get());
        }
        if (this.ssl.getCiphers().isPresent()) {
            trustManager = trustManager.ciphers(Arrays.asList((Object[]) this.ssl.getCiphers().get()));
        }
        if (this.ssl.getClientAuthentication().isPresent()) {
            ClientAuthentication clientAuthentication = (ClientAuthentication) this.ssl.getClientAuthentication().get();
            if (clientAuthentication == ClientAuthentication.NEED) {
                trustManager = trustManager.clientAuth(ClientAuth.REQUIRE);
            } else if (clientAuthentication == ClientAuthentication.WANT) {
                trustManager = trustManager.clientAuth(ClientAuth.OPTIONAL);
            }
        }
        try {
            return Optional.of(trustManager.build());
        } catch (SSLException e) {
            throw new SslConfigurationException("An error occurred while setting up SSL", e);
        }
    }

    protected KeyManagerFactory getKeyManagerFactory() {
        try {
            if (getKeyStore().isPresent()) {
                return super.getKeyManagerFactory();
            }
            return null;
        } catch (Exception e) {
            throw new SslConfigurationException(e);
        }
    }

    protected TrustManagerFactory getTrustManagerFactory() {
        try {
            return getTrustStore().isPresent() ? super.getTrustManagerFactory() : InsecureTrustManagerFactory.INSTANCE;
        } catch (Exception e) {
            throw new SslConfigurationException(e);
        }
    }
}
