package reactor.netty.http.client;

import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.util.Objects;
import java.util.function.Consumer;
import javax.annotation.Nullable;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import reactor.netty.tcp.SslProvider;
import reactor.netty.tcp.TcpClient;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/reactor-netty-0.9.1.RELEASE.jar:reactor/netty/http/client/HttpClientSecure.class */
public final class HttpClientSecure extends HttpClientOperator {
    final SslProvider sslProvider;
    static final Consumer<? super SslHandler> DEFAULT_HOSTNAME_VERIFICATION = sslHandler -> {
        SSLEngine engine = sslHandler.engine();
        SSLParameters sSLParameters = engine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        engine.setSSLParameters(sSLParameters);
    };
    static final SslProvider DEFAULT_HTTP_SSL_PROVIDER = SslProvider.addHandlerConfigurator(SslProvider.defaultClientProvider(), DEFAULT_HOSTNAME_VERIFICATION);
    static final SslContext DEFAULT_CLIENT_HTTP2_CONTEXT;
    static final Consumer<SslProvider.SslContextSpec> SSL_DEFAULT_SPEC_HTTP2;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpClient secure(HttpClient httpClient, Consumer<? super SslProvider.SslContextSpec> consumer) {
        Objects.requireNonNull(consumer, "sslProviderBuilder");
        SslProvider.SslContextSpec builder = SslProvider.builder();
        consumer.accept(builder);
        return new HttpClientSecure(httpClient, ((SslProvider.Builder) builder).build());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClientSecure(HttpClient httpClient, @Nullable SslProvider sslProvider) {
        super(httpClient);
        this.sslProvider = sslProvider;
    }

    @Override // reactor.netty.http.client.HttpClientOperator, reactor.netty.http.client.HttpClient
    protected TcpClient tcpConfiguration() {
        return this.sslProvider == null ? this.source.tcpConfiguration().secure(DEFAULT_HTTP_SSL_PROVIDER) : this.source.tcpConfiguration().secure(SslProvider.addHandlerConfigurator(this.sslProvider, DEFAULT_HOSTNAME_VERIFICATION));
    }

    static {
        SslContext sslContext;
        try {
            sslContext = SslContextBuilder.forClient().sslProvider(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ? io.netty.handler.ssl.SslProvider.OPENSSL : io.netty.handler.ssl.SslProvider.JDK).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1)).build();
        } catch (Exception e) {
            sslContext = null;
        }
        DEFAULT_CLIENT_HTTP2_CONTEXT = sslContext;
        SSL_DEFAULT_SPEC_HTTP2 = sslContextSpec -> {
            sslContextSpec.sslContext(DEFAULT_CLIENT_HTTP2_CONTEXT);
        };
    }
}
