package com.alipay.sofa.rpc.transport.http;

import com.alipay.sofa.rpc.core.exception.SofaRpcRuntimeException;
import com.alipay.sofa.rpc.log.LogCodes;
import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;

/* loaded from: input_file:com/alipay/sofa/rpc/transport/http/SslContextBuilder.class */
public class SslContextBuilder {
    public static final boolean SSL;
    public static final String PROPERTY_CERTIFICATE_PATH = "certificate_path";
    public static final String PROPERTY_PRIVATE_KEY_PATH = "private_key_path";
    public static final String CERTIFICATE_PATH;
    public static final String PRIVATE_KEY_PATH;

    public static SslContext build() {
        SslContext sslContext;
        try {
            if (SSL) {
                SslProvider sslProvider = OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK;
                SelfSignedCer selfSignedCer = new SelfSignedCer(CERTIFICATE_PATH, PRIVATE_KEY_PATH);
                sslContext = io.netty.handler.ssl.SslContextBuilder.forServer(selfSignedCer.certificate(), selfSignedCer.privateKey()).sslProvider(sslProvider).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, "h2", ApplicationProtocolNames.HTTP_1_1)).build();
            } else {
                sslContext = null;
            }
            return sslContext;
        } catch (SofaRpcRuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new SofaRpcRuntimeException(LogCodes.getLog(LogCodes.ERROR_START_SERVER, "HTTP/2"), e2);
        }
    }

    public static SslContext buildForClient() {
        SslContext sslContext;
        try {
            if (SSL) {
                sslContext = io.netty.handler.ssl.SslContextBuilder.forClient().sslProvider(OpenSsl.isAlpnSupported() ? SslProvider.OPENSSL : SslProvider.JDK).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).trustManager(InsecureTrustManagerFactory.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, "h2", ApplicationProtocolNames.HTTP_1_1)).build();
            } else {
                sslContext = null;
            }
            return sslContext;
        } catch (SofaRpcRuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new SofaRpcRuntimeException(LogCodes.getLog(LogCodes.ERROR_START_CLIENT, "HTTP/2"), e2);
        }
    }

    static {
        SSL = System.getProperty("ssl") != null;
        CERTIFICATE_PATH = System.getProperty(PROPERTY_CERTIFICATE_PATH);
        PRIVATE_KEY_PATH = System.getProperty(PROPERTY_PRIVATE_KEY_PATH);
    }
}
