package com.floragunn.searchguard.ssl;

import com.floragunn.searchguard.ssl.util.SSLConfigConstants;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/floragunn/searchguard/ssl/ExternalSearchGuardKeyStore.class */
public class ExternalSearchGuardKeyStore implements SearchGuardKeyStore {
    private static final String EXTERNAL = "EXTERNAL";
    private static final Map<String, SSLContext> contextMap = new ConcurrentHashMap();
    private final SSLContext externalSslContext;
    private final Settings settings;

    public ExternalSearchGuardKeyStore(Settings settings) {
        this.settings = (Settings) Objects.requireNonNull(settings);
        String str = settings.get(SSLConfigConstants.SEARCHGUARD_SSL_CLIENT_EXTERNAL_CONTEXT_ID, (String) null);
        if (str == null || str.length() == 0) {
            throw new ElasticsearchException("no external ssl context id was set", new Object[0]);
        }
        this.externalSslContext = contextMap.get(str);
        if (this.externalSslContext == null) {
            throw new ElasticsearchException("no external ssl context for id " + str, new Object[0]);
        }
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public SSLEngine createHTTPSSLEngine() throws SSLException {
        throw new SSLException("not implemented");
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public SSLEngine createServerTransportSSLEngine() throws SSLException {
        throw new SSLException("not implemented");
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public SSLEngine createClientTransportSSLEngine(String str, int i) throws SSLException {
        if (str == null) {
            SSLEngine createSSLEngine = this.externalSslContext.createSSLEngine();
            createSSLEngine.setEnabledProtocols(evalSecure(createSSLEngine.getEnabledProtocols(), SSLConfigConstants.getSecureSSLProtocols(this.settings, false)));
            createSSLEngine.setEnabledCipherSuites(evalSecure(createSSLEngine.getEnabledCipherSuites(), (String[]) SSLConfigConstants.getSecureSSLCiphers(this.settings, false).toArray(new String[0])));
            createSSLEngine.setUseClientMode(true);
            return createSSLEngine;
        }
        SSLEngine createSSLEngine2 = this.externalSslContext.createSSLEngine(str, i);
        SSLParameters sSLParameters = new SSLParameters();
        sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        createSSLEngine2.setSSLParameters(sSLParameters);
        createSSLEngine2.setEnabledProtocols(evalSecure(createSSLEngine2.getEnabledProtocols(), SSLConfigConstants.getSecureSSLProtocols(this.settings, false)));
        createSSLEngine2.setEnabledCipherSuites(evalSecure(createSSLEngine2.getEnabledCipherSuites(), (String[]) SSLConfigConstants.getSecureSSLCiphers(this.settings, false).toArray(new String[0])));
        createSSLEngine2.setUseClientMode(true);
        return createSSLEngine2;
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public String getHTTPProviderName() {
        return null;
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public String getTransportServerProviderName() {
        return null;
    }

    @Override // com.floragunn.searchguard.ssl.SearchGuardKeyStore
    public String getTransportClientProviderName() {
        return EXTERNAL;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void registerExternalSslContext(String str, SSLContext sSLContext) {
        contextMap.put(Objects.requireNonNull(str), Objects.requireNonNull(sSLContext));
    }

    public static boolean hasExternalSslContext(Settings settings) {
        String str = settings.get(SSLConfigConstants.SEARCHGUARD_SSL_CLIENT_EXTERNAL_CONTEXT_ID, (String) null);
        if (str == null || str.length() == 0) {
            return false;
        }
        return contextMap.containsKey(str);
    }

    public static boolean hasExternalSslContext(String str) {
        return contextMap.containsKey(str);
    }

    public static void removeExternalSslContext(String str) {
        contextMap.remove(str);
    }

    public static void removeAllExternalSslContexts() {
        contextMap.clear();
    }

    private String[] evalSecure(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        arrayList.retainAll(Arrays.asList(strArr2));
        return (String[]) arrayList.toArray(new String[0]);
    }
}
