package org.apache.zookeeper.common;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.CipherSuiteFilter;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContext;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.zookeeper.common.X509Util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zookeeper/common/SSLContextAndOptions.class */
public class SSLContextAndOptions {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SSLContextAndOptions.class);
    private final X509Util x509Util;
    private final String[] enabledProtocols;
    private final String[] cipherSuites;
    private final List<String> cipherSuitesAsList;
    private final X509Util.ClientAuth clientAuth;
    private final SSLContext sslContext;
    private final int handshakeDetectionTimeoutMillis;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SSLContextAndOptions(X509Util x509Util, ZKConfig zKConfig, SSLContext sSLContext) {
        this.x509Util = (X509Util) Objects.requireNonNull(x509Util);
        this.sslContext = (SSLContext) Objects.requireNonNull(sSLContext);
        this.enabledProtocols = getEnabledProtocols((ZKConfig) Objects.requireNonNull(zKConfig), sSLContext);
        String[] cipherSuites = getCipherSuites(zKConfig);
        this.cipherSuites = cipherSuites;
        this.cipherSuitesAsList = Collections.unmodifiableList(Arrays.asList(cipherSuites));
        this.clientAuth = getClientAuth(zKConfig);
        this.handshakeDetectionTimeoutMillis = getHandshakeDetectionTimeoutMillis(zKConfig);
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }

    public SSLSocket createSSLSocket() throws IOException {
        return configureSSLSocket((SSLSocket) this.sslContext.getSocketFactory().createSocket(), true);
    }

    public SSLSocket createSSLSocket(Socket socket, byte[] bArr) throws IOException {
        return configureSSLSocket((bArr == null || bArr.length <= 0) ? (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, (String) null, socket.getPort(), true) : (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, new ByteArrayInputStream(bArr), true), false);
    }

    public SSLServerSocket createSSLServerSocket() throws IOException {
        return configureSSLServerSocket((SSLServerSocket) this.sslContext.getServerSocketFactory().createServerSocket());
    }

    public SSLServerSocket createSSLServerSocket(int i) throws IOException {
        return configureSSLServerSocket((SSLServerSocket) this.sslContext.getServerSocketFactory().createServerSocket(i));
    }

    public SslContext createNettyJdkSslContext(SSLContext sSLContext, boolean z) {
        return new JdkSslContext(sSLContext, z, (Iterable<String>) this.cipherSuitesAsList, (CipherSuiteFilter) IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, z ? X509Util.ClientAuth.NONE.toNettyClientAuth() : this.clientAuth.toNettyClientAuth(), this.enabledProtocols, false);
    }

    public int getHandshakeDetectionTimeoutMillis() {
        return this.handshakeDetectionTimeoutMillis;
    }

    private SSLSocket configureSSLSocket(SSLSocket sSLSocket, boolean z) {
        SSLParameters sSLParameters = sSLSocket.getSSLParameters();
        configureSslParameters(sSLParameters, z);
        sSLSocket.setSSLParameters(sSLParameters);
        sSLSocket.setUseClientMode(z);
        return sSLSocket;
    }

    private SSLServerSocket configureSSLServerSocket(SSLServerSocket sSLServerSocket) {
        SSLParameters sSLParameters = sSLServerSocket.getSSLParameters();
        configureSslParameters(sSLParameters, false);
        sSLServerSocket.setSSLParameters(sSLParameters);
        sSLServerSocket.setUseClientMode(false);
        return sSLServerSocket;
    }

    private void configureSslParameters(SSLParameters sSLParameters, boolean z) {
        if (this.cipherSuites != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Setup cipher suites for {} socket: {}", z ? "client" : "server", Arrays.toString(this.cipherSuites));
            }
            sSLParameters.setCipherSuites(this.cipherSuites);
        }
        if (this.enabledProtocols != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Setup enabled protocols for {} socket: {}", z ? "client" : "server", Arrays.toString(this.enabledProtocols));
            }
            sSLParameters.setProtocols(this.enabledProtocols);
        }
        if (z) {
            return;
        }
        switch (this.clientAuth) {
            case NEED:
                sSLParameters.setNeedClientAuth(true);
                return;
            case WANT:
                sSLParameters.setWantClientAuth(true);
                return;
            default:
                sSLParameters.setNeedClientAuth(false);
                return;
        }
    }

    private String[] getEnabledProtocols(ZKConfig zKConfig, SSLContext sSLContext) {
        String property = zKConfig.getProperty(this.x509Util.getSslEnabledProtocolsProperty());
        return property == null ? new String[]{sSLContext.getProtocol()} : property.split(com.amazonaws.util.StringUtils.COMMA_SEPARATOR);
    }

    private String[] getCipherSuites(ZKConfig zKConfig) {
        String property = zKConfig.getProperty(this.x509Util.getSslCipherSuitesProperty());
        return property == null ? X509Util.getDefaultCipherSuites() : property.split(com.amazonaws.util.StringUtils.COMMA_SEPARATOR);
    }

    private X509Util.ClientAuth getClientAuth(ZKConfig zKConfig) {
        return X509Util.ClientAuth.fromPropertyValue(zKConfig.getProperty(this.x509Util.getSslClientAuthProperty()));
    }

    private int getHandshakeDetectionTimeoutMillis(ZKConfig zKConfig) {
        int parseInt;
        String property = zKConfig.getProperty(this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty());
        if (property == null) {
            parseInt = 5000;
        } else {
            parseInt = Integer.parseInt(property);
            if (parseInt < 1) {
                LOG.warn("Invalid value for {}: {}, using the default value of {}", this.x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), Integer.valueOf(parseInt), 5000);
                parseInt = 5000;
            }
        }
        return parseInt;
    }
}
