package org.infinispan.server.endpoint.subsystem;

import java.util.Map;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import org.infinispan.server.core.configuration.SslConfigurationBuilder;
import org.infinispan.server.endpoint.EndpointLogger;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;

/* loaded from: input_file:org/infinispan/server/endpoint/subsystem/EncryptableServiceHelper.class */
public class EncryptableServiceHelper {
    private EncryptableServiceHelper() {
    }

    public static void fillSecurityConfiguration(EncryptableService encryptableService, SslConfigurationBuilder sslConfigurationBuilder) throws StartException {
        SecurityRealm securityRealm;
        if (!isSecurityEnabled(encryptableService) || (securityRealm = (SecurityRealm) encryptableService.getEncryptionSecurityRealm().getValue()) == null) {
            return;
        }
        SSLContext sSLContext = securityRealm.getSSLContext();
        if (sSLContext == null) {
            throw EndpointLogger.ROOT_LOGGER.noSSLContext(encryptableService.getServerName(), securityRealm.getName());
        }
        if (sslConfigurationBuilder.ssl().create().requireClientAuth() && !securityRealm.getSupportedAuthenticationMechanisms().contains(AuthMechanism.CLIENT_CERT)) {
            throw EndpointLogger.ROOT_LOGGER.noSSLTrustStore(encryptableService.getServerName(), securityRealm.getName());
        }
        sslConfigurationBuilder.ssl().enable();
        sslConfigurationBuilder.ssl().sslContext(sSLContext);
        sslConfigurationBuilder.ssl().requireClientAuth(encryptableService.getClientAuth());
        for (Map.Entry<String, InjectedValue<SecurityRealm>> entry : encryptableService.getSniConfiguration().entrySet()) {
            sslConfigurationBuilder.ssl().sniHostName(entry.getKey()).sslContext((SSLContext) Optional.ofNullable((SecurityRealm) entry.getValue().getOptionalValue()).flatMap(securityRealm2 -> {
                return Optional.ofNullable(securityRealm2.getSSLContext());
            }).orElseGet(() -> {
                EndpointLogger.ROOT_LOGGER.noSSLContextForSni(encryptableService.getServerName());
                return sSLContext;
            }));
        }
    }

    public static boolean isSecurityEnabled(EncryptableService encryptableService) {
        return encryptableService.getEncryptionSecurityRealm().getOptionalValue() != null;
    }

    public static boolean isSniEnabled(EncryptableService encryptableService) {
        return isSecurityEnabled(encryptableService) && !encryptableService.getSniConfiguration().isEmpty();
    }
}
