package org.wildfly.security.ssl;

import java.security.Provider;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.wildfly.common.Assert;
import org.wildfly.security.FixedSecurityFactory;
import org.wildfly.security.OneTimeSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;
import org.wildfly.security.provider.util.ProviderUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/ssl/SSLContextBuilder.class
 */
/* loaded from: input_file:BOOT-INF/lib/wildfly-elytron-ssl-1.15.5.Final.jar:org/wildfly/security/ssl/SSLContextBuilder.class */
public final class SSLContextBuilder {
    private SecurityDomain securityDomain;
    private boolean wantClientAuth;
    private boolean needClientAuth;
    private boolean authenticationOptional;
    private boolean clientMode;
    private int sessionCacheSize;
    private int sessionTimeout;
    private SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory;
    private String providerName;
    private MechanismConfigurationSelector mechanismConfigurationSelector;
    private CipherSuiteSelector cipherSuiteSelector = CipherSuiteSelector.openSslDefault();
    private ProtocolSelector protocolSelector = ProtocolSelector.DEFAULT_SELECTOR;
    private boolean useCipherSuitesOrder = true;
    private SecurityFactory<X509TrustManager> trustManagerSecurityFactory = SSLUtils.getDefaultX509TrustManagerSecurityFactory();
    private Supplier<Provider[]> providerSupplier = ProviderUtil.INSTALLED_PROVIDERS;
    private boolean wrap = true;

    public SSLContextBuilder setSecurityDomain(SecurityDomain securityDomain) {
        if (securityDomain != null && securityDomain.getEvidenceVerifySupport(X509PeerCertificateChainEvidence.class).isNotSupported()) {
            throw ElytronMessages.tls.securityDomainOfSSLContextDoesNotSupportX509();
        }
        this.securityDomain = securityDomain;
        return this;
    }

    public SSLContextBuilder setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector) {
        Assert.checkNotNullParam("cipherSuiteSelector", cipherSuiteSelector);
        this.cipherSuiteSelector = cipherSuiteSelector;
        return this;
    }

    public SSLContextBuilder setProtocolSelector(ProtocolSelector protocolSelector) {
        Assert.checkNotNullParam("protocolSelector", protocolSelector);
        this.protocolSelector = protocolSelector;
        return this;
    }

    public SSLContextBuilder setUseCipherSuitesOrder(boolean z) {
        Assert.checkNotNullParam("useCipherSuitesOrder", Boolean.valueOf(z));
        this.useCipherSuitesOrder = z;
        return this;
    }

    public SSLContextBuilder setWantClientAuth(boolean z) {
        this.wantClientAuth = z;
        return this;
    }

    public SSLContextBuilder setNeedClientAuth(boolean z) {
        this.needClientAuth = z;
        return this;
    }

    public SSLContextBuilder setAuthenticationOptional(boolean z) {
        this.authenticationOptional = z;
        return this;
    }

    public SSLContextBuilder setSessionCacheSize(int i) {
        this.sessionCacheSize = i;
        return this;
    }

    public SSLContextBuilder setSessionTimeout(int i) {
        this.sessionTimeout = i;
        return this;
    }

    public SSLContextBuilder setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> securityFactory) {
        Assert.checkNotNullParam("keyManagerSecurityFactory", securityFactory);
        this.keyManagerSecurityFactory = securityFactory;
        return this;
    }

    public SSLContextBuilder setKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) {
        Assert.checkNotNullParam("keyManager", x509ExtendedKeyManager);
        this.keyManagerSecurityFactory = new FixedSecurityFactory(x509ExtendedKeyManager);
        return this;
    }

    public SSLContextBuilder setTrustManagerSecurityFactory(SecurityFactory<X509TrustManager> securityFactory) {
        this.trustManagerSecurityFactory = (SecurityFactory) Assert.checkNotNullParam("trustManagerSecurityFactory", securityFactory);
        return this;
    }

    public SSLContextBuilder setTrustManager(X509TrustManager x509TrustManager) {
        Assert.checkNotNullParam("trustManager", x509TrustManager);
        this.trustManagerSecurityFactory = new FixedSecurityFactory(x509TrustManager);
        return this;
    }

    public SSLContextBuilder setProviderSupplier(Supplier<Provider[]> supplier) {
        Assert.checkNotNullParam("providerSupplier", supplier);
        this.providerSupplier = supplier;
        return this;
    }

    public SSLContextBuilder setProviderName(String str) {
        this.providerName = str;
        return this;
    }

    public SSLContextBuilder setClientMode(boolean z) {
        this.clientMode = z;
        return this;
    }

    public SSLContextBuilder setWrap(boolean z) {
        this.wrap = z;
        return this;
    }

    public SSLContextBuilder setMechanismConfigurationSelector(MechanismConfigurationSelector mechanismConfigurationSelector) {
        this.mechanismConfigurationSelector = mechanismConfigurationSelector;
        return this;
    }

    public SecurityFactory<SSLContext> build() {
        SecurityDomain securityDomain = this.securityDomain;
        CipherSuiteSelector cipherSuiteSelector = this.cipherSuiteSelector;
        ProtocolSelector protocolSelector = this.protocolSelector;
        SecurityFactory<X509TrustManager> securityFactory = this.trustManagerSecurityFactory;
        SecurityFactory<X509ExtendedKeyManager> securityFactory2 = this.keyManagerSecurityFactory;
        Supplier<Provider[]> supplier = this.providerSupplier;
        boolean z = this.clientMode;
        boolean z2 = this.authenticationOptional;
        int i = this.sessionCacheSize;
        int i2 = this.sessionTimeout;
        boolean z3 = this.wantClientAuth;
        boolean z4 = this.needClientAuth;
        boolean z5 = this.useCipherSuitesOrder;
        boolean z6 = this.wrap;
        MechanismConfigurationSelector constantSelector = this.mechanismConfigurationSelector != null ? this.mechanismConfigurationSelector : MechanismConfigurationSelector.constantSelector(MechanismConfiguration.EMPTY);
        return new OneTimeSecurityFactory(() -> {
            SSLConfiguratorImpl sSLConfiguratorImpl;
            SSLContext create = SSLUtils.createSslContextFactory(protocolSelector, supplier, this.providerName).create();
            X509KeyManager x509KeyManager = securityFactory2 == null ? null : (X509KeyManager) securityFactory2.create();
            X509TrustManager x509TrustManager = (X509TrustManager) securityFactory.create();
            boolean z7 = securityDomain != null && securityDomain.getEvidenceVerifySupport(X509PeerCertificateChainEvidence.class).mayBeSupported();
            if (ElytronMessages.tls.isTraceEnabled()) {
                ElytronMessages.tls.tracef("SSLContext initialization:%n    securityDomain = %s%n    canAuthPeers = %s%n    cipherSuiteSelector = %s%n    protocolSelector = %s%n    x509TrustManager = %s%n    x509KeyManager = %s%n    providerSupplier = %s%n    clientMode = %s%n    authenticationOptional = %s%n    sessionCacheSize = %s%n    sessionTimeout = %s%n    wantClientAuth = %s%n    needClientAuth = %s%n    useCipherSuitesOrder = %s%n    wrap = %s%n", securityDomain, Boolean.valueOf(z7), cipherSuiteSelector, protocolSelector, x509TrustManager, x509KeyManager, supplier, Boolean.valueOf(z), Boolean.valueOf(z2), Integer.valueOf(i), Integer.valueOf(i2), Boolean.valueOf(z3), Boolean.valueOf(z4), Boolean.valueOf(z5), Boolean.valueOf(z6));
            }
            KeyManager[] keyManagerArr = x509KeyManager == null ? null : new KeyManager[]{x509KeyManager};
            TrustManager[] trustManagerArr = new TrustManager[1];
            trustManagerArr[0] = z7 ? new SecurityDomainTrustManager(x509TrustManager, securityDomain, z2, constantSelector) : x509TrustManager;
            create.init(keyManagerArr, trustManagerArr, null);
            SSLSessionContext clientSessionContext = z ? create.getClientSessionContext() : create.getServerSessionContext();
            if (clientSessionContext != null) {
                if (i >= 0) {
                    clientSessionContext.setSessionCacheSize(i);
                }
                if (i2 >= 0) {
                    clientSessionContext.setSessionTimeout(i2);
                }
            }
            if (z) {
                sSLConfiguratorImpl = new SSLConfiguratorImpl(protocolSelector, cipherSuiteSelector, z5);
            } else {
                sSLConfiguratorImpl = new SSLConfiguratorImpl(protocolSelector, cipherSuiteSelector, z3 || z7, z4, z5);
            }
            return new DelegatingSSLContext(new ConfiguredSSLContextSpi(create, sSLConfiguratorImpl, z6));
        });
    }
}
