package com.couchbase.client.dcp.transport.netty;

import com.couchbase.client.core.deps.io.netty.buffer.ByteBufAllocator;
import com.couchbase.client.core.deps.io.netty.handler.ssl.OpenSsl;
import com.couchbase.client.core.deps.io.netty.handler.ssl.SslContextBuilder;
import com.couchbase.client.core.deps.io.netty.handler.ssl.SslHandler;
import com.couchbase.client.core.deps.io.netty.handler.ssl.SslProvider;
import com.couchbase.client.dcp.Authenticator;
import com.couchbase.client.dcp.SecurityConfig;
import com.couchbase.client.dcp.config.HostAndPort;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:com/couchbase/client/dcp/transport/netty/SslHandlerFactory.class */
public class SslHandlerFactory {
    private SslHandlerFactory() {
        throw new AssertionError("not instantiable");
    }

    public static SslHandler get(ByteBufAllocator byteBufAllocator, SecurityConfig securityConfig, HostAndPort hostAndPort, Authenticator authenticator) throws Exception {
        SslContextBuilder sslProvider = SslContextBuilder.forClient().sslProvider((OpenSsl.isAvailable() && securityConfig.nativeTlsEnabled()) ? SslProvider.OPENSSL : SslProvider.JDK);
        if (securityConfig.trustManagerFactory() != null) {
            sslProvider.trustManager(securityConfig.trustManagerFactory());
        } else if (securityConfig.trustCertificates() != null && !securityConfig.trustCertificates().isEmpty()) {
            sslProvider.trustManager((X509Certificate[]) securityConfig.trustCertificates().toArray(new X509Certificate[0]));
        }
        authenticator.applyTlsProperties(sslProvider);
        SslHandler newHandler = sslProvider.build().newHandler(byteBufAllocator, hostAndPort.host(), hostAndPort.port());
        SSLEngine engine = newHandler.engine();
        SSLParameters sSLParameters = engine.getSSLParameters();
        if (securityConfig.hostnameVerificationEnabled()) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
        engine.setSSLParameters(sSLParameters);
        return newHandler;
    }
}
