package org.mule.service.http.netty.impl.util;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.CipherSuiteFilter;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import org.mule.runtime.api.exception.MuleRuntimeException;
import org.mule.runtime.api.tls.TlsContextFactory;

/* loaded from: input_file:lib/mule-netty-http-service-0.1.2-SNAPSHOT.jar:org/mule/service/http/netty/impl/util/SslContextHelper.class */
public final class SslContextHelper {
    private SslContextHelper() {
    }

    public static SslContext sslContextForServer(TlsContextFactory tlsContextFactory) throws NoSuchAlgorithmException, KeyManagementException {
        if (tlsContextFactory == null) {
            return null;
        }
        return new JdkSslContext(tlsContextFactory.createSslContext(), false, getCiphers(tlsContextFactory), (CipherSuiteFilter) IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT, ApplicationProtocolNames.HTTP_1_1), tlsContextFactory.isTrustStoreConfigured() ? ClientAuth.REQUIRE : ClientAuth.OPTIONAL, tlsContextFactory.getEnabledProtocols(), false);
    }

    public static SslContext sslContextForClient(TlsContextFactory tlsContextFactory) {
        if (tlsContextFactory == null) {
            return null;
        }
        try {
            return new JdkSslContext(tlsContextFactory.createSslContext(), true, getCiphers(tlsContextFactory), (CipherSuiteFilter) IdentityCipherSuiteFilter.INSTANCE_DEFAULTING_TO_SUPPORTED_CIPHERS, new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT, ApplicationProtocolNames.HTTP_1_1), ClientAuth.NONE, tlsContextFactory.getEnabledProtocols(), false);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new MuleRuntimeException(e);
        }
    }

    private static Iterable<String> getCiphers(TlsContextFactory tlsContextFactory) {
        String[] enabledCipherSuites;
        if (tlsContextFactory == null || (enabledCipherSuites = tlsContextFactory.getEnabledCipherSuites()) == null) {
            return null;
        }
        return Arrays.asList(enabledCipherSuites);
    }
}
