package io.helidon.common.tls;

import io.helidon.builder.api.Prototype;
import io.helidon.common.tls.TlsConfig;
import javax.net.ssl.SSLParameters;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/helidon/common/tls/TlsConfigDecorator.class */
public class TlsConfigDecorator implements Prototype.BuilderDecorator<TlsConfig.BuilderBase<?, ?>> {
    public void decorate(TlsConfig.BuilderBase<?, ?> builderBase) {
        sslParameters(builderBase);
        if (builderBase.manager().orElse(null) == null) {
            builderBase.manager(new ConfiguredTlsManager());
        }
    }

    static void sslParameters(TlsConfig.BuilderBase<?, ?> builderBase) {
        if (builderBase.sslParameters().isPresent()) {
            return;
        }
        SSLParameters sSLParameters = new SSLParameters();
        if (!builderBase.applicationProtocols().isEmpty()) {
            sSLParameters.setApplicationProtocols((String[]) builderBase.applicationProtocols().toArray(new String[0]));
        }
        if (!builderBase.enabledProtocols().isEmpty()) {
            sSLParameters.setProtocols((String[]) builderBase.enabledProtocols().toArray(new String[0]));
        }
        if (!builderBase.enabledCipherSuites().isEmpty()) {
            sSLParameters.setCipherSuites((String[]) builderBase.enabledCipherSuites().toArray(new String[0]));
        }
        if (Tls.ENDPOINT_IDENTIFICATION_NONE.equals(builderBase.endpointIdentificationAlgorithm())) {
            sSLParameters.setEndpointIdentificationAlgorithm("");
        } else {
            sSLParameters.setEndpointIdentificationAlgorithm(builderBase.endpointIdentificationAlgorithm());
        }
        switch (builderBase.clientAuth()) {
            case REQUIRED:
                sSLParameters.setNeedClientAuth(true);
                break;
            case OPTIONAL:
                sSLParameters.setWantClientAuth(true);
                break;
        }
        builderBase.sslParameters(sSLParameters);
    }
}
