package com.tongtech.client.remoting.tls;

import com.tongtech.client.common.UtilAll;
import com.tongtech.client.utils.AESUtils;
import com.tongtech.netty.handler.ssl.OpenSsl;
import com.tongtech.netty.handler.ssl.SslContext;
import com.tongtech.netty.handler.ssl.SslContextBuilder;
import com.tongtech.netty.handler.ssl.SslProvider;
import com.tongtech.netty.handler.ssl.util.InsecureTrustManagerFactory;
import com.tongtech.slf4j.Logger;
import com.tongtech.slf4j.LoggerFactory;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;

/* loaded from: input_file:com/tongtech/client/remoting/tls/TlsHelper.class */
public class TlsHelper {
    private static Logger log = LoggerFactory.getLogger((Class<?>) TlsHelper.class);

    public static SslContext buildSslContext() throws Exception {
        SslProvider sslProvider;
        logTheFinalUsedTlsConfig();
        if (OpenSsl.isAvailable()) {
            sslProvider = SslProvider.OPENSSL;
            log.info("Using OpenSSL provider");
        } else {
            sslProvider = SslProvider.JDK;
            log.info("Using JDK SSL provider");
        }
        SslContextBuilder sslProvider2 = SslContextBuilder.forClient().sslProvider(sslProvider);
        if (!TlsSystemConfig.tlsAuthServer) {
            sslProvider2.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else if (!UtilAll.isBlank(TlsSystemConfig.tlsTrustCertPath)) {
            sslProvider2.trustManager(Files.newInputStream(Paths.get(TlsSystemConfig.tlsTrustCertPath, new String[0]), new OpenOption[0]));
        }
        return sslProvider2.keyManager(!UtilAll.isBlank(TlsSystemConfig.tlsCertPath) ? Files.newInputStream(Paths.get(TlsSystemConfig.tlsCertPath, new String[0]), new OpenOption[0]) : null, !UtilAll.isBlank(TlsSystemConfig.tlsCertPath) ? Files.newInputStream(Paths.get(TlsSystemConfig.tlsKeyPath, new String[0]), new OpenOption[0]) : null, !UtilAll.isBlank(TlsSystemConfig.tlsKeyPassword) ? AESUtils.encryptAES(TlsSystemConfig.tlsKeyPassword) : null).build();
    }

    private static void logTheFinalUsedTlsConfig() {
        log.info("Log the final used tls related configuration");
        log.info("{} = {}", TlsSystemConfig.HTP_SSL_PROTOCOLS, TlsSystemConfig.tlsProtocols);
        log.info("{} = {}", "HTP_SSL_CERTIFICATE_KEY", TlsSystemConfig.tlsKeyPath);
        log.info("{} = {}", "HTP_SSL_CERTIFICATE_PASSWORD", TlsSystemConfig.tlsKeyPassword);
        log.info("{} = {}", "HTP_SSL_CERTIFICATE", TlsSystemConfig.tlsCertPath);
        log.info("{} = {}", "HTP_SSL_VERIFY_SERVER", Boolean.valueOf(TlsSystemConfig.tlsAuthServer));
        log.info("{} = {}", "HTP_SSL_CA_CERTIFICATE", TlsSystemConfig.tlsTrustCertPath);
    }
}
