package org.springframework.cloud.gateway.config;

import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.security.cert.X509Certificate;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.cloud.gateway.config.HttpClientProperties;
import reactor.netty.http.Http11SslContextSpec;
import reactor.netty.http.Http2SslContextSpec;
import reactor.netty.http.client.HttpClient;
import reactor.netty.tcp.SslProvider;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-gateway-server-3.1.4.jar:org/springframework/cloud/gateway/config/HttpClientSslConfigurer.class */
public class HttpClientSslConfigurer extends AbstractSslConfigurer<HttpClient, HttpClient> {
    private final ServerProperties serverProperties;

    public HttpClientSslConfigurer(HttpClientProperties.Ssl ssl, ServerProperties serverProperties) {
        super(ssl);
        this.serverProperties = serverProperties;
    }

    @Override // org.springframework.cloud.gateway.config.AbstractSslConfigurer
    public HttpClient configureSsl(HttpClient httpClient) {
        HttpClientProperties.Ssl sslProperties = getSslProperties();
        if ((sslProperties.getKeyStore() != null && sslProperties.getKeyStore().length() > 0) || getTrustedX509CertificatesForTrustManager().length > 0 || sslProperties.isUseInsecureTrustManager()) {
            httpClient = httpClient.secure(sslContextSpec -> {
                configureSslContext(sslProperties, sslContextSpec);
            });
        }
        return httpClient;
    }

    protected void configureSslContext(HttpClientProperties.Ssl ssl, SslProvider.SslContextSpec sslContextSpec) {
        SslProvider.ProtocolSslContextSpec forClient = this.serverProperties.getHttp2().isEnabled() ? Http2SslContextSpec.forClient() : Http11SslContextSpec.forClient();
        forClient.configure(sslContextBuilder -> {
            X509Certificate[] trustedX509CertificatesForTrustManager = getTrustedX509CertificatesForTrustManager();
            if (trustedX509CertificatesForTrustManager.length > 0) {
                setTrustManager(sslContextBuilder, trustedX509CertificatesForTrustManager);
            } else if (ssl.isUseInsecureTrustManager()) {
                setTrustManager(sslContextBuilder, InsecureTrustManagerFactory.INSTANCE);
            }
            try {
                sslContextBuilder.keyManager(getKeyManagerFactory());
            } catch (Exception e) {
                this.logger.error(e);
            }
        });
        sslContextSpec.sslContext(forClient).handshakeTimeout(ssl.getHandshakeTimeout()).closeNotifyFlushTimeout(ssl.getCloseNotifyFlushTimeout()).closeNotifyReadTimeout(ssl.getCloseNotifyReadTimeout());
    }
}
