package io.micronaut.acme.ssl;

import io.micronaut.acme.events.CertificateEvent;
import io.micronaut.context.annotation.Replaces;
import io.micronaut.http.server.netty.ssl.CertificateProvidedSslBuilder;
import io.micronaut.http.server.netty.ssl.ServerSslBuilder;
import io.micronaut.http.ssl.ServerSslConfiguration;
import io.micronaut.runtime.event.annotation.EventListener;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import jakarta.inject.Singleton;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Replaces(CertificateProvidedSslBuilder.class)
/* loaded from: input_file:io/micronaut/acme/ssl/AcmeSSLContextBuilder.class */
public class AcmeSSLContextBuilder implements ServerSslBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(AcmeSSLContextBuilder.class);
    private DelegatedSslContext delegatedSslContext = new DelegatedSslContext(null);
    private final ServerSslConfiguration ssl;

    public AcmeSSLContextBuilder(ServerSslConfiguration serverSslConfiguration) {
        this.ssl = serverSslConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @EventListener
    public void onNewCertificate(CertificateEvent certificateEvent) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("New certificate received and replaced the proxied SSL context");
            }
            if (certificateEvent.isValidationCert()) {
                this.delegatedSslContext.setNewSslContext(SslContextBuilder.forServer(certificateEvent.getDomainKeyPair().getPrivate(), new X509Certificate[]{certificateEvent.getCert()}).sslProvider(SslProvider.isAlpnSupported(SslProvider.OPENSSL) ? SslProvider.OPENSSL : SslProvider.JDK).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, new String[]{"acme-tls/1"})).build());
            } else {
                this.delegatedSslContext.setNewSslContext(SslContextBuilder.forServer(certificateEvent.getDomainKeyPair().getPrivate(), certificateEvent.getFullCertificateChain()).build());
            }
        } catch (SSLException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Failed to build the SSL context", e);
            }
        }
    }

    public ServerSslConfiguration getSslConfiguration() {
        return this.ssl;
    }

    public Optional<SslContext> build() {
        return Optional.of(this.delegatedSslContext);
    }
}
