package org.springframework.boot.web.embedded.undertow;

import io.undertow.Undertow;
import java.net.InetAddress;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.SslOptions;
import org.springframework.boot.web.server.Ssl;
import org.xnio.Options;
import org.xnio.Sequence;
import org.xnio.SslClientAuthMode;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-3.1.3.jar:org/springframework/boot/web/embedded/undertow/SslBuilderCustomizer.class */
class SslBuilderCustomizer implements UndertowBuilderCustomizer {
    private final int port;
    private final InetAddress address;
    private final Ssl.ClientAuth clientAuth;
    private final SslBundle sslBundle;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslBuilderCustomizer(int i, InetAddress inetAddress, Ssl.ClientAuth clientAuth, SslBundle sslBundle) {
        this.port = i;
        this.address = inetAddress;
        this.clientAuth = clientAuth;
        this.sslBundle = sslBundle;
    }

    @Override // org.springframework.boot.web.embedded.undertow.UndertowBuilderCustomizer
    public void customize(Undertow.Builder builder) {
        SslOptions options = this.sslBundle.getOptions();
        builder.addHttpsListener(this.port, getListenAddress(), this.sslBundle.createSslContext());
        builder.setSocketOption(Options.SSL_CLIENT_AUTH_MODE, (SslClientAuthMode) Ssl.ClientAuth.map(this.clientAuth, SslClientAuthMode.NOT_REQUESTED, SslClientAuthMode.REQUESTED, SslClientAuthMode.REQUIRED));
        if (options.getEnabledProtocols() != null) {
            builder.setSocketOption(Options.SSL_ENABLED_PROTOCOLS, Sequence.of(options.getEnabledProtocols()));
        }
        if (options.getCiphers() != null) {
            builder.setSocketOption(Options.SSL_ENABLED_CIPHER_SUITES, Sequence.of(options.getCiphers()));
        }
    }

    private String getListenAddress() {
        return this.address == null ? "0.0.0.0" : this.address.getHostAddress();
    }
}
