package io.micronaut.http.server.netty.ssl;

import io.micronaut.context.annotation.Requirements;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.http.HttpVersion;
import io.micronaut.http.server.HttpServerConfiguration;
import io.micronaut.http.ssl.ServerSslConfiguration;
import io.micronaut.http.ssl.SslBuilder;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.http.ssl.SslConfigurationException;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.security.cert.CertificateException;
import java.util.Optional;
import javax.inject.Singleton;
import javax.net.ssl.SSLException;

@Requirements({@Requires(property = "micronaut.ssl.enabled", value = "true", defaultValue = "false"), @Requires(property = "micronaut.ssl.build-self-signed", value = "true", defaultValue = "false")})
@Singleton
@Internal
/* loaded from: input_file:io/micronaut/http/server/netty/ssl/SelfSignedSslBuilder.class */
public class SelfSignedSslBuilder extends SslBuilder<SslContext> implements ServerSslBuilder {
    private final ServerSslConfiguration ssl;
    private final HttpServerConfiguration serverConfiguration;

    public SelfSignedSslBuilder(HttpServerConfiguration httpServerConfiguration, ServerSslConfiguration serverSslConfiguration, ResourceResolver resourceResolver) {
        super(resourceResolver);
        this.ssl = serverSslConfiguration;
        this.serverConfiguration = httpServerConfiguration;
    }

    @Override // io.micronaut.http.server.netty.ssl.ServerSslBuilder
    public ServerSslConfiguration getSslConfiguration() {
        return this.ssl;
    }

    @Override // io.micronaut.http.server.netty.ssl.ServerSslBuilder
    public Optional<SslContext> build() {
        return build(this.ssl);
    }

    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<SslContext> build(SslConfiguration sslConfiguration) {
        return build(sslConfiguration, this.serverConfiguration.getHttpVersion());
    }

    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<SslContext> build(SslConfiguration sslConfiguration, HttpVersion httpVersion) {
        try {
            SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate();
            SslContextBuilder forServer = SslContextBuilder.forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey());
            if (httpVersion == HttpVersion.HTTP_2_0) {
                forServer.sslProvider(SslProvider.isAlpnSupported(SslProvider.OPENSSL) ? SslProvider.OPENSSL : SslProvider.JDK);
                forServer.ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE);
                forServer.applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1));
            }
            return Optional.of(forServer.build());
        } catch (CertificateException | SSLException e) {
            throw new SslConfigurationException("Encountered an error while building a self signed certificate", e);
        }
    }
}
