package com.dajudge.proxybase;

import com.dajudge.proxybase.certs.Filesystem;
import com.dajudge.proxybase.certs.KeyStoreManager;
import com.dajudge.proxybase.certs.ReloadingKeyStoreManager;
import com.dajudge.proxybase.config.UpstreamSslConfig;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslHandler;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Optional;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;

/* loaded from: input_file:com/dajudge/proxybase/UpstreamSslHandlerFactory.class */
public class UpstreamSslHandlerFactory {
    public static ChannelHandler createUpstreamSslHandler(UpstreamSslConfig upstreamSslConfig, Supplier<Long> supplier, Filesystem filesystem) {
        return createUpstreamSslHandler(upstreamSslConfig.isClientAuthRequired(), (Optional<KeyStoreManager>) upstreamSslConfig.getTrustStore().map(keyStoreConfig -> {
            return ReloadingKeyStoreManager.createReloader(keyStoreConfig, supplier, filesystem);
        }), (KeyStoreManager) ReloadingKeyStoreManager.createReloader(upstreamSslConfig.getKeyStore(), supplier, filesystem));
    }

    public static ChannelHandler createUpstreamSslHandler(boolean z, Optional<KeyStoreManager> optional, KeyStoreManager keyStoreManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(SslUtils.createKeyManagers(keyStoreManager), SslUtils.createTrustManagers(optional), null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            createSSLEngine.setNeedClientAuth(z);
            return new SslHandler(createSSLEngine);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Failed to initialize upstream SSL handler", e);
        }
    }
}
