package org.jooby.internal.netty;

import com.google.common.io.Closeables;
import com.typesafe.config.Config;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.security.cert.CertificateException;
import java.util.Arrays;

/* loaded from: input_file:org/jooby/internal/netty/NettySslContext.class */
public class NettySslContext {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslContext build(Config config) throws IOException, CertificateException {
        String string = config.getString("application.tmpdir");
        boolean z = config.getBoolean("server.http2.enabled");
        SslContextBuilder forServer = SslContextBuilder.forServer(toFile(config.getString("ssl.keystore.cert"), string), toFile(config.getString("ssl.keystore.key"), string), config.hasPath("ssl.keystore.password") ? config.getString("ssl.keystore.password") : null);
        if (config.hasPath("ssl.trust.cert")) {
            forServer.trustManager(toFile(config.getString("ssl.trust.cert"), string)).clientAuth(ClientAuth.REQUIRE);
        }
        if (z) {
            return forServer.sslProvider(OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, Arrays.asList("h2", "http/1.1"))).build();
        }
        return forServer.build();
    }

    static File toFile(String str, String str2) throws IOException {
        File file = new File(str);
        if (file.exists()) {
            return file;
        }
        File file2 = new File(str2, Paths.get(str, new String[0]).getFileName().toString());
        InputStream resourceAsStream = NettyServer.class.getClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            throw new FileNotFoundException(str);
        }
        try {
            Files.copy(resourceAsStream, file2.toPath(), StandardCopyOption.REPLACE_EXISTING);
            file2.deleteOnExit();
            Closeables.close(resourceAsStream, true);
            return file2;
        } catch (Throwable th) {
            Closeables.close(resourceAsStream, true);
            throw th;
        }
    }
}
