package net.devh.boot.grpc.client.channelfactory;

import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.channel.epoll.EpollDomainSocketChannel;
import io.netty.channel.epoll.EpollEventLoopGroup;
import io.netty.channel.unix.DomainSocketAddress;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.InputStream;
import java.net.URI;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.SSLException;
import net.devh.boot.grpc.client.config.GrpcChannelProperties;
import net.devh.boot.grpc.client.config.GrpcChannelsProperties;
import net.devh.boot.grpc.client.config.NegotiationType;
import net.devh.boot.grpc.client.interceptor.GlobalClientInterceptorRegistry;
import net.devh.boot.grpc.common.security.KeyStoreUtils;
import net.devh.boot.grpc.common.util.GrpcUtils;
import org.springframework.core.io.Resource;

/* loaded from: input_file:net/devh/boot/grpc/client/channelfactory/NettyChannelFactory.class */
public class NettyChannelFactory extends AbstractChannelFactory<NettyChannelBuilder> {
    public NettyChannelFactory(GrpcChannelsProperties grpcChannelsProperties, GlobalClientInterceptorRegistry globalClientInterceptorRegistry, List<GrpcChannelConfigurer> list) {
        super(grpcChannelsProperties, globalClientInterceptorRegistry, list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.devh.boot.grpc.client.channelfactory.AbstractChannelFactory
    public NettyChannelBuilder newChannelBuilder(String str) {
        GrpcChannelProperties propertiesFor = getPropertiesFor(str);
        URI address = propertiesFor.getAddress();
        if (address == null) {
            String defaultScheme = getDefaultScheme();
            address = defaultScheme != null ? URI.create(defaultScheme + str) : URI.create(str);
        }
        return "unix".equals(address.getScheme()) ? NettyChannelBuilder.forAddress(new DomainSocketAddress(GrpcUtils.extractDomainSocketAddressPath(address.toString()))).channelType(EpollDomainSocketChannel.class).eventLoopGroup(new EpollEventLoopGroup()) : NettyChannelBuilder.forTarget(address.toString()).defaultLoadBalancingPolicy(propertiesFor.getDefaultLoadBalancingPolicy());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.devh.boot.grpc.client.channelfactory.AbstractChannelFactory
    public void configureSecurity(NettyChannelBuilder nettyChannelBuilder, String str) {
        GrpcChannelProperties propertiesFor = getPropertiesFor(str);
        NegotiationType negotiationType = propertiesFor.getNegotiationType();
        nettyChannelBuilder.negotiationType(of(negotiationType));
        if (negotiationType == NegotiationType.TLS) {
            GrpcChannelProperties.Security security = propertiesFor.getSecurity();
            String authorityOverride = security.getAuthorityOverride();
            if (authorityOverride != null && !authorityOverride.isEmpty()) {
                nettyChannelBuilder.overrideAuthority(authorityOverride);
            }
            SslContextBuilder forClient = GrpcSslContexts.forClient();
            configureProvidedClientCertificate(security, forClient);
            configureAcceptedServerCertificates(security, forClient);
            if (security.getCiphers() != null && !security.getCiphers().isEmpty()) {
                forClient.ciphers(security.getCiphers());
            }
            if (security.getProtocols() != null && security.getProtocols().length > 0) {
                forClient.protocols(security.getProtocols());
            }
            try {
                nettyChannelBuilder.sslContext(forClient.build());
            } catch (SSLException e) {
                throw new IllegalStateException("Failed to create ssl context for grpc client", e);
            }
        }
    }

    protected static void configureProvidedClientCertificate(GrpcChannelProperties.Security security, SslContextBuilder sslContextBuilder) {
        if (security.isClientAuthEnabled()) {
            try {
                Resource privateKey = security.getPrivateKey();
                Resource keyStore = security.getKeyStore();
                if (privateKey != null) {
                    Resource resource = (Resource) Objects.requireNonNull(security.getCertificateChain(), "certificateChain");
                    String privateKeyPassword = security.getPrivateKeyPassword();
                    InputStream inputStream = resource.getInputStream();
                    try {
                        InputStream inputStream2 = privateKey.getInputStream();
                        try {
                            sslContextBuilder.keyManager(inputStream, inputStream2, privateKeyPassword);
                            if (inputStream2 != null) {
                                inputStream2.close();
                            }
                            if (inputStream != null) {
                                inputStream.close();
                            }
                        } catch (Throwable th) {
                            if (inputStream2 != null) {
                                try {
                                    inputStream2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } finally {
                    }
                } else {
                    if (keyStore == null) {
                        throw new IllegalStateException("Neither privateKey nor keyStore configured");
                    }
                    sslContextBuilder.keyManager(KeyStoreUtils.loadKeyManagerFactory(security.getKeyStoreFormat(), keyStore, security.getKeyStorePassword()));
                }
            } catch (Exception e) {
                throw new IllegalArgumentException("Failed to create SSLContext (PK/Cert)", e);
            }
        }
    }

    protected static void configureAcceptedServerCertificates(GrpcChannelProperties.Security security, SslContextBuilder sslContextBuilder) {
        try {
            Resource trustCertCollection = security.getTrustCertCollection();
            Resource trustStore = security.getTrustStore();
            if (trustCertCollection != null) {
                InputStream inputStream = trustCertCollection.getInputStream();
                try {
                    sslContextBuilder.trustManager(inputStream);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } else if (trustStore != null) {
                sslContextBuilder.trustManager(KeyStoreUtils.loadTrustManagerFactory(security.getTrustStoreFormat(), trustStore, security.getTrustStorePassword()));
            }
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to create SSLContext (TrustStore)", e);
        }
    }

    protected static io.grpc.netty.NegotiationType of(NegotiationType negotiationType) {
        switch (negotiationType) {
            case PLAINTEXT:
                return io.grpc.netty.NegotiationType.PLAINTEXT;
            case PLAINTEXT_UPGRADE:
                return io.grpc.netty.NegotiationType.PLAINTEXT_UPGRADE;
            case TLS:
                return io.grpc.netty.NegotiationType.TLS;
            default:
                throw new IllegalArgumentException("Unsupported NegotiationType: " + negotiationType);
        }
    }
}
