package org.wildfly.security.ssl;

import java.security.Provider;
import java.security.Security;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.wildfly.common.Assert;
import org.wildfly.security.FixedSecurityFactory;
import org.wildfly.security.OneTimeSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.server.CredentialDecoder;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.x500.X509CertificateCredentialDecoder;

/* loaded from: input_file:org/wildfly/security/ssl/ServerSSLContextBuilder.class */
public final class ServerSSLContextBuilder {
    private SecurityDomain securityDomain;
    private boolean requireClientAuth;
    private SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory;
    private CredentialDecoder credentialDecoder = X509CertificateCredentialDecoder.getInstance();
    private CipherSuiteSelector cipherSuiteSelector = CipherSuiteSelector.openSslDefault();
    private ProtocolSelector protocolSelector = ProtocolSelector.DEFAULT_SELECTOR;
    private Supplier<Provider[]> providerSupplier = Security::getProviders;

    public void setSecurityDomain(SecurityDomain securityDomain) {
        this.securityDomain = securityDomain;
    }

    public void setCredentialDecoder(CredentialDecoder credentialDecoder) {
        Assert.checkNotNullParam("credentialDecoder", credentialDecoder);
        this.credentialDecoder = credentialDecoder;
    }

    public void setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector) {
        Assert.checkNotNullParam("cipherSuiteSelector", cipherSuiteSelector);
        this.cipherSuiteSelector = cipherSuiteSelector;
    }

    public void setProtocolSelector(ProtocolSelector protocolSelector) {
        Assert.checkNotNullParam("protocolSelector", protocolSelector);
        this.protocolSelector = protocolSelector;
    }

    public void setRequireClientAuth(boolean z) {
        this.requireClientAuth = z;
    }

    public void setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> securityFactory) {
        Assert.checkNotNullParam("keyManagerSecurityFactory", securityFactory);
        this.keyManagerSecurityFactory = securityFactory;
    }

    public void setKeyManager(X509ExtendedKeyManager x509ExtendedKeyManager) {
        Assert.checkNotNullParam("keyManager", x509ExtendedKeyManager);
        this.keyManagerSecurityFactory = new FixedSecurityFactory(x509ExtendedKeyManager);
    }

    public void setProviderSupplier(Supplier<Provider[]> supplier) {
        Assert.checkNotNullParam("providerSupplier", supplier);
        this.providerSupplier = supplier;
    }

    public SecurityFactory<SSLContext> build() {
        SecurityDomain securityDomain = this.securityDomain;
        CipherSuiteSelector cipherSuiteSelector = this.cipherSuiteSelector;
        ProtocolSelector protocolSelector = this.protocolSelector;
        boolean z = this.requireClientAuth;
        SecurityFactory<X509ExtendedKeyManager> securityFactory = this.keyManagerSecurityFactory;
        CredentialDecoder credentialDecoder = this.credentialDecoder;
        Supplier<Provider[]> supplier = this.providerSupplier;
        return new OneTimeSecurityFactory(() -> {
            SSLContext create = SSLUtils.createSslContextFactory(protocolSelector, supplier).create();
            X509TrustManager create2 = SSLUtils.getDefaultX509TrustManagerSecurityFactory().create();
            boolean z2 = securityDomain != null;
            KeyManager[] keyManagerArr = {(KeyManager) securityFactory.create()};
            TrustManager[] trustManagerArr = new TrustManager[1];
            trustManagerArr[0] = z2 ? new SecurityDomainTrustManager(create2, securityDomain, credentialDecoder) : create2;
            create.init(keyManagerArr, trustManagerArr, null);
            return new DelegatingSSLContext(new ConfiguredSSLContextSpi(create, new ServerSSLConfigurator(protocolSelector, cipherSuiteSelector, z2, z2 && z)));
        });
    }
}
