package io.quarkus.pulsar;

import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.quarkus.tls.runtime.keystores.ExpiryTrustOptions;
import io.smallrye.reactive.messaging.ClientCustomizer;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.net.KeyStoreOptionsBase;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.PemTrustOptions;
import io.vertx.core.net.SSLOptions;
import io.vertx.core.net.TrustOptions;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.io.ByteArrayInputStream;
import java.util.Optional;
import org.apache.pulsar.client.api.ClientBuilder;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.eclipse.microprofile.config.Config;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/pulsar/PulsarClientConfigCustomizer.class */
public class PulsarClientConfigCustomizer implements ClientCustomizer<ClientBuilder> {
    private static final Logger log = Logger.getLogger(PulsarClientConfigCustomizer.class);

    @Inject
    TlsConfigurationRegistry tlsRegistry;

    public ClientBuilder customize(String str, Config config, ClientBuilder clientBuilder) {
        Optional optionalValue = config.getOptionalValue("tls-configuration-name", String.class);
        if (optionalValue.isPresent()) {
            String str2 = (String) optionalValue.get();
            Optional optional = this.tlsRegistry.get(str2);
            if (optional.isPresent()) {
                TlsConfiguration tlsConfiguration = (TlsConfiguration) optional.get();
                SSLOptions sSLOptions = tlsConfiguration.getSSLOptions();
                clientBuilder.tlsCiphers(sSLOptions.getEnabledCipherSuites());
                clientBuilder.tlsProtocols(sSLOptions.getEnabledSecureTransportProtocols());
                clientBuilder.allowTlsInsecureConnection(false);
                PemKeyCertOptions keyStoreOptions = tlsConfiguration.getKeyStoreOptions();
                TrustOptions trustStoreOptions = tlsConfiguration.getTrustStoreOptions();
                if (trustStoreOptions instanceof ExpiryTrustOptions) {
                    trustStoreOptions = ((ExpiryTrustOptions) trustStoreOptions).unwrap();
                }
                if (keyStoreOptions instanceof PemKeyCertOptions) {
                    PemKeyCertOptions pemKeyCertOptions = keyStoreOptions;
                    if (trustStoreOptions instanceof PemTrustOptions) {
                        Buffer buffer = (Buffer) ((PemTrustOptions) trustStoreOptions).getCertValues().stream().collect(Buffer::buffer, (v0, v1) -> {
                            v0.appendBuffer(v1);
                        }, (v0, v1) -> {
                            v0.appendBuffer(v1);
                        });
                        clientBuilder.authentication(new AuthenticationTls(() -> {
                            return new ByteArrayInputStream(pemKeyCertOptions.getCertValue().getBytes());
                        }, () -> {
                            return new ByteArrayInputStream(pemKeyCertOptions.getKeyValue().getBytes());
                        }, () -> {
                            return new ByteArrayInputStream(buffer.getBytes());
                        }));
                        log.debugf("Configured PulsarClientConfiguration for channel %s with TLS configuration %s", str, str2);
                    }
                }
                if ((keyStoreOptions instanceof KeyStoreOptionsBase) && (trustStoreOptions instanceof KeyStoreOptionsBase)) {
                    clientBuilder.useKeyStoreTls(false);
                    clientBuilder.authentication(new QuarkusPulsarKeyStoreAuthentication(tlsConfiguration));
                    log.debugf("Configured PulsarClientConfiguration for channel %s with TLS configuration %s", str, str2);
                } else {
                    log.warnf("Unsupported TLS configuration for channel %s with TLS configuration %s", str, str2);
                }
            }
        }
        return clientBuilder;
    }
}
