package com.yahoo.vespa.model.container.http.ssl;

import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.ssl.impl.ConfiguredSslContextFactoryProvider;
import com.yahoo.vespa.model.VespaModel;
import java.util.List;
import java.util.Optional;

/* loaded from: input_file:com/yahoo/vespa/model/container/http/ssl/ConfiguredFilebasedSslProvider.class */
public class ConfiguredFilebasedSslProvider extends SslProvider {
    public static final String COMPONENT_ID_PREFIX = "configured-ssl-provider@";
    public static final String COMPONENT_CLASS = ConfiguredSslContextFactoryProvider.class.getName();
    private final String privateKeyPath;
    private final String certificatePath;
    private final String caCertificatePath;
    private final ConnectorConfig.Ssl.ClientAuth.Enum clientAuthentication;
    private final List<String> cipherSuites;
    private final List<String> protocolVersions;

    public ConfiguredFilebasedSslProvider(String str, String str2, String str3, String str4, String str5, List<String> list, List<String> list2) {
        super("configured-ssl-provider@", str, COMPONENT_CLASS, null);
        this.privateKeyPath = str2;
        this.certificatePath = str3;
        this.caCertificatePath = str4;
        this.clientAuthentication = mapToConfigEnum(str5);
        this.cipherSuites = list;
        this.protocolVersions = list2;
    }

    @Override // com.yahoo.vespa.model.container.http.ssl.SslProvider
    public void amendConnectorConfig(ConnectorConfig.Builder builder) {
        builder.ssl(new ConnectorConfig.Ssl.Builder().enabled(true).privateKeyFile(this.privateKeyPath).certificateFile(this.certificatePath).caCertificateFile((String) Optional.ofNullable(this.caCertificatePath).orElse(VespaModel.ROOT_CONFIGID)).clientAuth(this.clientAuthentication).enabledCipherSuites(this.cipherSuites).enabledProtocols(this.protocolVersions));
    }

    private static ConnectorConfig.Ssl.ClientAuth.Enum mapToConfigEnum(String str) {
        return "disabled".equals(str) ? ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED : "want".equals(str) ? ConnectorConfig.Ssl.ClientAuth.Enum.WANT_AUTH : "need".equals(str) ? ConnectorConfig.Ssl.ClientAuth.Enum.NEED_AUTH : ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED;
    }
}
