package io.quarkus.grpc.runtime.supports;

import io.quarkus.grpc.runtime.config.TlsClientConfig;
import io.vertx.core.net.JksOptions;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.PfxOptions;
import io.vertx.core.net.TCPSSLOptions;
import java.util.Iterator;

/* loaded from: input_file:io/quarkus/grpc/runtime/supports/SSLConfigHelper.class */
public class SSLConfigHelper {
    public static void configurePemTrustOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.PemTrustCertConfiguration pemTrustCertConfiguration) {
        if (!pemTrustCertConfiguration.certs.isPresent() || pemTrustCertConfiguration.certs.get().isEmpty()) {
            return;
        }
        ensureTrustOptionsNotSet(tCPSSLOptions);
        tCPSSLOptions.setTrustOptions(toPemTrustOptions(pemTrustCertConfiguration));
    }

    private static PemTrustOptions toPemTrustOptions(TlsClientConfig.PemTrustCertConfiguration pemTrustCertConfiguration) {
        PemTrustOptions pemTrustOptions = new PemTrustOptions();
        if (pemTrustCertConfiguration.certs.isPresent()) {
            Iterator<String> it = pemTrustCertConfiguration.certs.get().iterator();
            while (it.hasNext()) {
                pemTrustOptions.addCertPath(it.next());
            }
        }
        return pemTrustOptions;
    }

    public static void configureJksTrustOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.JksConfiguration jksConfiguration) {
        if (jksConfiguration.path.isPresent()) {
            ensureTrustOptionsNotSet(tCPSSLOptions);
            tCPSSLOptions.setTrustOptions(toJksOptions(jksConfiguration));
        }
    }

    private static JksOptions toJksOptions(TlsClientConfig.JksConfiguration jksConfiguration) {
        JksOptions jksOptions = new JksOptions();
        if (jksConfiguration.path.isPresent()) {
            jksOptions.setPath(jksConfiguration.path.get());
        }
        if (jksConfiguration.password.isPresent()) {
            jksOptions.setPassword(jksConfiguration.password.get());
        }
        return jksOptions;
    }

    public static void configurePfxTrustOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.PfxConfiguration pfxConfiguration) {
        if (pfxConfiguration.path.isPresent()) {
            ensureTrustOptionsNotSet(tCPSSLOptions);
            tCPSSLOptions.setTrustOptions(toPfxOptions(pfxConfiguration));
        }
    }

    private static PfxOptions toPfxOptions(TlsClientConfig.PfxConfiguration pfxConfiguration) {
        PfxOptions pfxOptions = new PfxOptions();
        if (pfxConfiguration.path.isPresent()) {
            pfxOptions.setPath(pfxConfiguration.path.get());
        }
        if (pfxConfiguration.password.isPresent()) {
            pfxOptions.setPassword(pfxConfiguration.password.get());
        }
        return pfxOptions;
    }

    private static void ensureTrustOptionsNotSet(TCPSSLOptions tCPSSLOptions) {
        if (tCPSSLOptions.getTrustOptions() != null) {
            throw new IllegalArgumentException("Trust options have already been set");
        }
    }

    public static void configurePemKeyCertOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.PemKeyCertConfiguration pemKeyCertConfiguration) {
        if (!pemKeyCertConfiguration.certs.isPresent() || pemKeyCertConfiguration.certs.get().isEmpty() || !pemKeyCertConfiguration.keys.isPresent() || pemKeyCertConfiguration.keys.get().isEmpty()) {
            return;
        }
        ensureKeyCertOptionsNotSet(tCPSSLOptions);
        tCPSSLOptions.setKeyCertOptions(toPemKeyCertOptions(pemKeyCertConfiguration));
    }

    private static KeyCertOptions toPemKeyCertOptions(TlsClientConfig.PemKeyCertConfiguration pemKeyCertConfiguration) {
        PemKeyCertOptions pemKeyCertOptions = new PemKeyCertOptions();
        if (pemKeyCertConfiguration.certs.isPresent()) {
            Iterator<String> it = pemKeyCertConfiguration.certs.get().iterator();
            while (it.hasNext()) {
                pemKeyCertOptions.addCertPath(it.next());
            }
        }
        if (pemKeyCertConfiguration.keys.isPresent()) {
            Iterator<String> it2 = pemKeyCertConfiguration.keys.get().iterator();
            while (it2.hasNext()) {
                pemKeyCertOptions.addKeyPath(it2.next());
            }
        }
        return pemKeyCertOptions;
    }

    public static void configureJksKeyCertOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.JksConfiguration jksConfiguration) {
        if (jksConfiguration.path.isPresent()) {
            ensureKeyCertOptionsNotSet(tCPSSLOptions);
            tCPSSLOptions.setKeyCertOptions(toJksOptions(jksConfiguration));
        }
    }

    public static void configurePfxKeyCertOptions(TCPSSLOptions tCPSSLOptions, TlsClientConfig.PfxConfiguration pfxConfiguration) {
        if (pfxConfiguration.path.isPresent()) {
            ensureKeyCertOptionsNotSet(tCPSSLOptions);
            tCPSSLOptions.setKeyCertOptions(toPfxOptions(pfxConfiguration));
        }
    }

    private static void ensureKeyCertOptionsNotSet(TCPSSLOptions tCPSSLOptions) {
        if (tCPSSLOptions.getKeyCertOptions() != null) {
            throw new IllegalArgumentException("Key cert options have already been set");
        }
    }

    private SSLConfigHelper() {
    }
}
