package com.dajudge.proxybase;

import com.dajudge.proxybase.certs.Filesystem;
import com.dajudge.proxybase.certs.KeyStoreManager;
import com.dajudge.proxybase.certs.ReloadingKeyStoreManager;
import com.dajudge.proxybase.config.DownstreamSslConfig;
import com.dajudge.proxybase.config.Endpoint;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/dajudge/proxybase/DownstreamSslHandlerFactory.class */
public class DownstreamSslHandlerFactory {
    public static Function<Channel, ChannelHandler> createDownstreamSslHandler(DownstreamSslConfig downstreamSslConfig, Endpoint endpoint, Supplier<Long> supplier, Filesystem filesystem) {
        return createDownstreamSslHandler(downstreamSslConfig.isHostnameVerificationEnabled() ? new HttpClientHostnameCheck(endpoint.getHost()) : HostnameCheck.NULL_VERIFIER, (KeyStoreManager) ReloadingKeyStoreManager.createReloader(downstreamSslConfig.getTrustStore(), supplier, filesystem), (Optional<KeyStoreManager>) downstreamSslConfig.getKeyStore().map(keyStoreConfig -> {
            return ReloadingKeyStoreManager.createReloader(keyStoreConfig, supplier, filesystem);
        }), (Optional<Endpoint>) Optional.of(endpoint));
    }

    public static Function<Channel, ChannelHandler> createDownstreamSslHandler(HostnameCheck hostnameCheck, KeyStoreManager keyStoreManager, Optional<KeyStoreManager> optional, Optional<Endpoint> optional2) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            HostCheckingTrustManager hostCheckingTrustManager = new HostCheckingTrustManager(SslUtils.createTrustManagers(keyStoreManager), hostnameCheck);
            sSLContext.init(SslUtils.createKeyManagers(optional), new X509TrustManager[]{hostCheckingTrustManager}, null);
            ((SSLEngine) optional2.map(endpoint -> {
                return sSLContext.createSSLEngine(endpoint.getHost(), endpoint.getPort());
            }).orElse(sSLContext.createSSLEngine())).setUseClientMode(true);
            SslContext build = SslContextBuilder.forClient().keyManager(SslUtils.createKeyManagerFactory(optional)).trustManager(hostCheckingTrustManager).build();
            return optional2.isPresent() ? channel -> {
                Endpoint endpoint2 = (Endpoint) optional2.get();
                return build.newHandler(channel.alloc(), endpoint2.getHost(), endpoint2.getPort());
            } : channel2 -> {
                return build.newHandler(channel2.alloc());
            };
        } catch (KeyManagementException | NoSuchAlgorithmException | SSLException e) {
            throw new RuntimeException("Failed to initialize downstream SSL handler", e);
        }
    }
}
