package com.hotels.styx.server.netty;

import com.hotels.styx.api.MetricRegistry;
import com.hotels.styx.server.HttpsConnectorConfig;
import io.netty.handler.ssl.OpenSslSessionContext;
import io.netty.handler.ssl.OpenSslSessionStats;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.File;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;

/* loaded from: input_file:com/hotels/styx/server/netty/SslContexts.class */
public final class SslContexts {
    private SslContexts() {
    }

    public static SslContext newSSLContext(HttpsConnectorConfig httpsConnectorConfig) {
        try {
            return (httpsConnectorConfig.isConfigured() ? sslContextFromConfiguration(httpsConnectorConfig) : sslContextFromSelfSignedCertificate(httpsConnectorConfig)).build();
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    public static SslContext newSSLContext(HttpsConnectorConfig httpsConnectorConfig, MetricRegistry metricRegistry) {
        SslContext newSSLContext = newSSLContext(httpsConnectorConfig);
        registerOpenSslStats(newSSLContext, metricRegistry);
        return newSSLContext;
    }

    private static void registerOpenSslStats(SslContext sslContext, MetricRegistry metricRegistry) {
        OpenSslSessionContext sessionContext = sslContext.sessionContext();
        if (sessionContext instanceof OpenSslSessionContext) {
            OpenSslSessionStats stats = sessionContext.stats();
            MetricRegistry scope = metricRegistry.scope("connections.openssl.session");
            stats.getClass();
            scope.register("number", stats::number);
            stats.getClass();
            scope.register("accept", stats::accept);
            stats.getClass();
            scope.register("acceptGood", stats::acceptGood);
            stats.getClass();
            scope.register("acceptRenegotiate", stats::acceptRenegotiate);
            stats.getClass();
            scope.register("hits", stats::hits);
            stats.getClass();
            scope.register("misses", stats::misses);
            stats.getClass();
            scope.register("cbHits", stats::cbHits);
            stats.getClass();
            scope.register("cacheFull", stats::cacheFull);
            stats.getClass();
            scope.register("timeouts", stats::timeouts);
        }
    }

    private static SelfSignedCertificate newSelfSignedCertificate() {
        try {
            return new SelfSignedCertificate();
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static SslContextBuilder sslContextFromSelfSignedCertificate(HttpsConnectorConfig httpsConnectorConfig) {
        SelfSignedCertificate newSelfSignedCertificate = newSelfSignedCertificate();
        return SslContextBuilder.forServer(newSelfSignedCertificate.certificate(), newSelfSignedCertificate.privateKey()).protocols(toProtocolsOrDefault(httpsConnectorConfig.protocols())).ciphers(toCiphersOrDefault(httpsConnectorConfig.ciphers())).sslProvider(SslProvider.valueOf(httpsConnectorConfig.sslProvider()));
    }

    private static SslContextBuilder sslContextFromConfiguration(HttpsConnectorConfig httpsConnectorConfig) {
        return SslContextBuilder.forServer(new File(httpsConnectorConfig.certificateFile()), new File(httpsConnectorConfig.certificateKeyFile())).sslProvider(SslProvider.valueOf(httpsConnectorConfig.sslProvider())).ciphers(toCiphersOrDefault(httpsConnectorConfig.ciphers())).sessionTimeout(TimeUnit.MILLISECONDS.toSeconds(httpsConnectorConfig.sessionTimeoutMillis())).sessionCacheSize(httpsConnectorConfig.sessionCacheSize()).protocols(toProtocolsOrDefault(httpsConnectorConfig.protocols()));
    }

    private static Iterable<String> toCiphersOrDefault(List<String> list) {
        if (list.isEmpty()) {
            return null;
        }
        return list;
    }

    private static String[] toProtocolsOrDefault(List<String> list) {
        if (list == null || list.size() <= 0) {
            return null;
        }
        return (String[]) list.toArray(new String[list.size()]);
    }
}
