package com.hazelcast.internal.nio.ssl;

import com.hazelcast.cluster.Address;
import com.hazelcast.config.InvalidConfigurationException;
import com.hazelcast.internal.util.StringUtil;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.nio.ssl.SSLContextFactory;
import com.hazelcast.nio.ssl.SSLEngineFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;

/* loaded from: input_file:com/hazelcast/internal/nio/ssl/SSLEngineFactoryAdaptor.class */
public class SSLEngineFactoryAdaptor implements SSLEngineFactory {
    private final ILogger logger = Logger.getLogger((Class<?>) SSLEngineFactoryAdaptor.class);
    private final SSLContextFactory sslContextFactory;
    private volatile String[] cipherSuites;
    private volatile String protocol;

    public SSLEngineFactoryAdaptor(SSLContextFactory sSLContextFactory) {
        this.sslContextFactory = sSLContextFactory;
    }

    @Override // com.hazelcast.nio.ssl.SSLEngineFactory
    public SSLEngine create(boolean z, Address address) {
        SSLContext sSLContext = this.sslContextFactory.getSSLContext();
        SSLEngine createSSLEngine = address == null ? sSLContext.createSSLEngine() : sSLContext.createSSLEngine(address.getHost(), address.getPort());
        createSSLEngine.setUseClientMode(z);
        createSSLEngine.setEnableSessionCreation(true);
        if (this.cipherSuites != null) {
            createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        }
        if (this.protocol != null) {
            String[] findEnabledProtocols = findEnabledProtocols(this.protocol, createSSLEngine.getSupportedProtocols());
            if (findEnabledProtocols.length > 0) {
                createSSLEngine.setEnabledProtocols(findEnabledProtocols);
            } else {
                this.logger.warning("Enabling SSL protocol failed. Check if configured value contains a supported value" + Arrays.toString(createSSLEngine.getSupportedProtocols()));
            }
        }
        return createSSLEngine;
    }

    @Override // com.hazelcast.nio.ssl.SSLEngineFactory
    public void init(Properties properties, boolean z) throws Exception {
        this.sslContextFactory.init(properties);
        String[] splitByComma = StringUtil.splitByComma(SSLEngineFactorySupport.getProperty(properties, "ciphersuites"), false);
        if (splitByComma != null) {
            String[] supportedCipherSuites = this.sslContextFactory.getSSLContext().createSSLEngine().getSupportedCipherSuites();
            this.cipherSuites = StringUtil.intersection(splitByComma, supportedCipherSuites);
            if (this.cipherSuites.length < 1) {
                throw new InvalidConfigurationException("No configured SSL cipher suite name is valid. Check if configured values " + Arrays.toString(splitByComma) + " contain supported values: " + Arrays.toString(supportedCipherSuites));
            }
        }
        this.protocol = SSLEngineFactorySupport.getProperty(properties, "protocol");
    }

    private String[] findEnabledProtocols(String str, String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            if (str.equals(str2) || (("TLS".equals(str) && str2.matches("TLSv1(\\.\\d+)?")) || ("SSL".equals(str) && str2.equals("SSLv3")))) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(new String[0]);
    }
}
