package io.nity.grpc.server.autoconfigure;

import io.grpc.ServerBuilder;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.nity.grpc.server.GrpcService;
import io.nity.grpc.server.context.LocalRunningGrpcPort;
import java.io.File;
import java.net.InetSocketAddress;
import javax.net.ssl.SSLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({GrpcServerProperties.class})
@Configuration
@ConditionalOnBean(annotation = {GrpcService.class})
/* loaded from: input_file:io/nity/grpc/server/autoconfigure/GrpcServerBuilderTlsConfiguration.class */
public class GrpcServerBuilderTlsConfiguration {
    private static final Logger log = LoggerFactory.getLogger(GrpcServerBuilderTlsConfiguration.class);

    @LocalRunningGrpcPort
    private int port;

    @Autowired
    private GrpcServerProperties serverProperties;

    @ConditionalOnProperty(value = {"grpc.server.model"}, havingValue = GrpcServerProperties.SERVER_MODEL_TLS)
    @Bean
    public ServerBuilder getServerBuilder() throws SSLException {
        String host = this.serverProperties.getHost();
        String certChainFilePath = this.serverProperties.getCertChainFilePath();
        String privateKeyFilePath = this.serverProperties.getPrivateKeyFilePath();
        if (!StringUtils.hasText(host)) {
            log.error("please config required property [host] for Tls model");
            throw new RuntimeException("Failed to create Tls Server");
        }
        if (!StringUtils.hasText(certChainFilePath)) {
            log.error("please config required property [certChainFilePath] for Tls model");
            throw new RuntimeException("Failed to create Tls Server");
        }
        if (!StringUtils.hasText(privateKeyFilePath)) {
            log.error("please config required property [privateKeyFilePath] for Tls model");
            throw new RuntimeException("Failed to create Tls Server");
        }
        log.info("gRPC Server will run with tls");
        log.info("gRPC Server will listen on {}:{}", host, Integer.valueOf(this.port));
        NettyServerBuilder forAddress = NettyServerBuilder.forAddress(new InetSocketAddress(host, this.port));
        forAddress.sslContext(buildSslContext(certChainFilePath, privateKeyFilePath, null));
        return forAddress;
    }

    private SslContext buildSslContext(String str, String str2, String str3) throws SSLException {
        File file = new File(str);
        File file2 = new File(str2);
        log.info("loading certChainFile:{}", file.getAbsolutePath());
        log.info("loading privateKeyFile:{}", file2.getAbsolutePath());
        SslContextBuilder forServer = SslContextBuilder.forServer(file, file2);
        if (str3 != null) {
            File file3 = new File(str3);
            log.info("loading trustCertCollectionFile:{}", file3.getAbsolutePath());
            forServer.trustManager(file3);
            forServer.clientAuth(ClientAuth.REQUIRE);
        }
        forServer.protocols(new String[]{"TLSv1.2"});
        return GrpcSslContexts.configure(forServer, SslProvider.OPENSSL).build();
    }
}
