package reactor.netty.http.client;

import io.netty.handler.codec.http2.Http2SecurityUtil;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ApplicationProtocolNames;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.util.function.Consumer;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import reactor.netty.tcp.SslProvider;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/reactor-netty-http-1.0.4.jar:reactor/netty/http/client/HttpClientSecure.class */
public final class HttpClientSecure {
    static final Consumer<? super SslHandler> DEFAULT_HOSTNAME_VERIFICATION = sslHandler -> {
        SSLEngine engine = sslHandler.engine();
        SSLParameters sSLParameters = engine.getSSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        engine.setSSLParameters(sSLParameters);
    };
    static final SslProvider HTTP2_SSL_PROVIDER;
    static final SslProvider DEFAULT_HTTP_SSL_PROVIDER;
    static final SslProvider DEFAULT_HTTP2_SSL_PROVIDER;

    private HttpClientSecure() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslProvider defaultSslProvider(HttpClientConfig httpClientConfig) {
        return httpClientConfig.checkProtocol(2) ? DEFAULT_HTTP2_SSL_PROVIDER : DEFAULT_HTTP_SSL_PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean hasDefaultSslProvider(HttpClientConfig httpClientConfig) {
        return DEFAULT_HTTP_SSL_PROVIDER == httpClientConfig.sslProvider || DEFAULT_HTTP2_SSL_PROVIDER == httpClientConfig.sslProvider;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SslProvider sslProvider(SslProvider sslProvider) {
        return SslProvider.addHandlerConfigurator(sslProvider, DEFAULT_HOSTNAME_VERIFICATION);
    }

    static {
        SslProvider sslProvider;
        try {
            sslProvider = SslProvider.builder().sslContext(SslContextBuilder.forClient().sslProvider(io.netty.handler.ssl.SslProvider.isAlpnSupported(io.netty.handler.ssl.SslProvider.OPENSSL) ? io.netty.handler.ssl.SslProvider.OPENSSL : io.netty.handler.ssl.SslProvider.JDK).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).applicationProtocolConfig(new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, ApplicationProtocolNames.HTTP_2, ApplicationProtocolNames.HTTP_1_1))).defaultConfiguration(SslProvider.DefaultConfigurationType.H2).build();
        } catch (Exception e) {
            sslProvider = null;
        }
        HTTP2_SSL_PROVIDER = sslProvider;
        DEFAULT_HTTP_SSL_PROVIDER = SslProvider.addHandlerConfigurator(SslProvider.defaultClientProvider(), DEFAULT_HOSTNAME_VERIFICATION);
        DEFAULT_HTTP2_SSL_PROVIDER = SslProvider.addHandlerConfigurator(HTTP2_SSL_PROVIDER, DEFAULT_HOSTNAME_VERIFICATION);
    }
}
