package io.micronaut.http.server.netty.ssl;

import io.micronaut.context.annotation.Requirements;
import io.micronaut.context.annotation.Requires;
import io.micronaut.core.annotation.Internal;
import io.micronaut.core.io.ResourceResolver;
import io.micronaut.core.util.StringUtils;
import io.micronaut.http.ssl.ClientAuthentication;
import io.micronaut.http.ssl.ServerSslConfiguration;
import io.micronaut.http.ssl.SslBuilder;
import io.micronaut.http.ssl.SslConfiguration;
import io.micronaut.http.ssl.SslConfigurationException;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Optional;
import javax.inject.Singleton;
import javax.net.ssl.SSLException;

@Requirements({@Requires(property = "micronaut.ssl.enabled", value = StringUtils.TRUE, defaultValue = StringUtils.FALSE), @Requires(property = "micronaut.ssl.build-self-signed", value = StringUtils.FALSE, defaultValue = StringUtils.FALSE)})
@Singleton
@Internal
/* loaded from: input_file:io/micronaut/http/server/netty/ssl/CertificateProvidedSslBuilder.class */
public class CertificateProvidedSslBuilder extends SslBuilder<SslContext> implements ServerSslBuilder {
    private final ServerSslConfiguration ssl;
    private KeyStore keyStoreCache;
    private KeyStore trustStoreCache;

    public CertificateProvidedSslBuilder(ServerSslConfiguration serverSslConfiguration, ResourceResolver resourceResolver) {
        super(resourceResolver);
        this.keyStoreCache = null;
        this.trustStoreCache = null;
        this.ssl = serverSslConfiguration;
    }

    @Override // io.micronaut.http.server.netty.ssl.ServerSslBuilder
    public ServerSslConfiguration getSslConfiguration() {
        return this.ssl;
    }

    @Override // io.micronaut.http.server.netty.ssl.ServerSslBuilder
    public Optional<SslContext> build() {
        return build(this.ssl);
    }

    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<SslContext> build(SslConfiguration sslConfiguration) {
        SslContextBuilder trustManager = SslContextBuilder.forServer(getKeyManagerFactory(sslConfiguration)).trustManager(getTrustManagerFactory(sslConfiguration));
        if (sslConfiguration.getProtocols().isPresent()) {
            trustManager.protocols(sslConfiguration.getProtocols().get());
        }
        if (sslConfiguration.getCiphers().isPresent()) {
            trustManager = trustManager.ciphers(Arrays.asList(sslConfiguration.getCiphers().get()));
        }
        if (sslConfiguration.getClientAuthentication().isPresent()) {
            ClientAuthentication clientAuthentication = sslConfiguration.getClientAuthentication().get();
            if (clientAuthentication == ClientAuthentication.NEED) {
                trustManager = trustManager.clientAuth(ClientAuth.REQUIRE);
            } else if (clientAuthentication == ClientAuthentication.WANT) {
                trustManager = trustManager.clientAuth(ClientAuth.OPTIONAL);
            }
        }
        try {
            return Optional.of(trustManager.build());
        } catch (SSLException e) {
            throw new SslConfigurationException("An error occurred while setting up SSL", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<KeyStore> getTrustStore(SslConfiguration sslConfiguration) throws Exception {
        if (this.trustStoreCache == null) {
            super.getTrustStore(sslConfiguration).ifPresent(keyStore -> {
                this.trustStoreCache = keyStore;
            });
        }
        return Optional.ofNullable(this.trustStoreCache);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.micronaut.http.ssl.SslBuilder
    public Optional<KeyStore> getKeyStore(SslConfiguration sslConfiguration) throws Exception {
        if (this.keyStoreCache == null) {
            super.getKeyStore(sslConfiguration).ifPresent(keyStore -> {
                this.keyStoreCache = keyStore;
            });
        }
        return Optional.ofNullable(this.keyStoreCache);
    }
}
