package org.infinispan.server.core.utils;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.infinispan.commons.util.SslContextFactory;
import org.infinispan.server.core.configuration.SslConfiguration;
import org.infinispan.server.core.configuration.SslEngineConfiguration;
import org.infinispan.server.core.logging.Log;

/* loaded from: input_file:org/infinispan/server/core/utils/SslUtils.class */
public class SslUtils {
    public static JdkSslContext createNettySslContext(SslConfiguration sslConfiguration, SslEngineConfiguration sslEngineConfiguration, ApplicationProtocolConfig applicationProtocolConfig) {
        return createSslContext(createJdkSslContext(sslEngineConfiguration), requireClientAuth(sslConfiguration), applicationProtocolConfig);
    }

    public static SSLContext createJdkSslContext(SslEngineConfiguration sslEngineConfiguration) {
        return sslEngineConfiguration.sslContext() != null ? sslEngineConfiguration.sslContext() : new SslContextFactory().keyStoreFileName(sslEngineConfiguration.keyStoreFileName()).keyStoreType(sslEngineConfiguration.keyStoreType()).keyStorePassword(sslEngineConfiguration.keyStorePassword()).keyAlias(sslEngineConfiguration.keyAlias()).trustStoreFileName(sslEngineConfiguration.trustStoreFileName()).trustStoreType(sslEngineConfiguration.trustStoreType()).trustStorePassword(sslEngineConfiguration.trustStorePassword()).sslProtocol(sslEngineConfiguration.protocol()).build().sslContext();
    }

    private static JdkSslContext createSslContext(SSLContext sSLContext, ClientAuth clientAuth, ApplicationProtocolConfig applicationProtocolConfig) {
        SSLEngine engine = SslContextFactory.getEngine(sSLContext, false, clientAuth == ClientAuth.REQUIRE);
        String[] enabledCipherSuites = engine.getEnabledCipherSuites();
        if (Log.SECURITY.isDebugEnabled()) {
            Log.SECURITY.debugf("SSL Engine enabled cipher suites = %s", enabledCipherSuites);
            Log.SECURITY.debugf("SSL Engine supported cipher suites = %s", engine.getSupportedCipherSuites());
            Log.SECURITY.debugf("SSL Engine enabled protocols = %s", engine.getEnabledProtocols());
            Log.SECURITY.debugf("SSL Engine supported protocols = %s", engine.getSupportedProtocols());
        }
        return new JdkSslContext(sSLContext, false, Arrays.asList(enabledCipherSuites), IdentityCipherSuiteFilter.INSTANCE, applicationProtocolConfig, clientAuth, (String[]) null, false);
    }

    private static ClientAuth requireClientAuth(SslConfiguration sslConfiguration) {
        return sslConfiguration.requireClientAuth() ? ClientAuth.REQUIRE : ClientAuth.NONE;
    }
}
