package org.apache.skywalking.apm.agent.core.remote;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import org.apache.skywalking.apm.agent.core.boot.AgentPackageNotFoundException;
import org.apache.skywalking.apm.agent.core.boot.AgentPackagePath;
import org.apache.skywalking.apm.agent.core.conf.Config;
import org.apache.skywalking.apm.agent.core.logging.api.ILog;
import org.apache.skywalking.apm.agent.core.logging.api.LogManager;
import org.apache.skywalking.apm.agent.core.util.PrivateKeyUtil;
import org.apache.skywalking.apm.dependencies.io.grpc.netty.GrpcSslContexts;
import org.apache.skywalking.apm.dependencies.io.grpc.netty.NegotiationType;
import org.apache.skywalking.apm.dependencies.io.grpc.netty.NettyChannelBuilder;
import org.apache.skywalking.apm.dependencies.io.netty.handler.ssl.SslContextBuilder;
import org.apache.skywalking.apm.util.StringUtil;

/* loaded from: input_file:org/apache/skywalking/apm/agent/core/remote/TLSChannelBuilder.class */
public class TLSChannelBuilder implements ChannelBuilder<NettyChannelBuilder> {
    private static final ILog LOGGER = LogManager.getLogger((Class<?>) TLSChannelBuilder.class);

    @Override // org.apache.skywalking.apm.agent.core.remote.ChannelBuilder
    public NettyChannelBuilder build(NettyChannelBuilder nettyChannelBuilder) throws AgentPackageNotFoundException, IOException {
        File file = new File(AgentPackagePath.getPath(), Config.Agent.SSL_TRUSTED_CA_PATH);
        boolean z = file.exists() && file.isFile();
        if (Config.Agent.FORCE_TLS || z) {
            SslContextBuilder forClient = GrpcSslContexts.forClient();
            if (z) {
                String str = Config.Agent.SSL_CERT_CHAIN_PATH;
                String str2 = Config.Agent.SSL_KEY_PATH;
                if (StringUtil.isNotBlank(str) && StringUtil.isNotBlank(str2)) {
                    File file2 = new File(AgentPackagePath.getPath(), str2);
                    File file3 = new File(AgentPackagePath.getPath(), str);
                    if (file3.isFile() && file2.isFile()) {
                        FileInputStream fileInputStream = new FileInputStream(file3);
                        try {
                            InputStream loadDecryptionKey = PrivateKeyUtil.loadDecryptionKey(file2.getAbsolutePath());
                            try {
                                forClient.keyManager(fileInputStream, loadDecryptionKey);
                                if (loadDecryptionKey != null) {
                                    loadDecryptionKey.close();
                                }
                                fileInputStream.close();
                            } finally {
                            }
                        } catch (Throwable th) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } else if (!file3.isFile() || !file2.isFile()) {
                        LOGGER.warn("Failed to enable mTLS caused by cert or key cannot be found.", new Object[0]);
                    }
                }
                forClient.trustManager(file);
            }
            nettyChannelBuilder.negotiationType(NegotiationType.TLS).sslContext(forClient.build());
        }
        return nettyChannelBuilder;
    }
}
