package org.opendaylight.netconf.sal.connect.util;

import com.google.common.collect.Sets;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.netconf.client.SslHandlerFactory;
import org.opendaylight.netconf.sal.connect.netconf.sal.NetconfKeystoreAdapter;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240223.connection.parameters.protocol.Specification;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240223.connection.parameters.protocol.specification.TlsCase;

/* loaded from: input_file:org/opendaylight/netconf/sal/connect/util/SslHandlerFactoryImpl.class */
public final class SslHandlerFactoryImpl implements SslHandlerFactory {
    private final NetconfKeystoreAdapter keystoreAdapter;
    private final Specification specification;

    public SslHandlerFactoryImpl(NetconfKeystoreAdapter netconfKeystoreAdapter) {
        this(netconfKeystoreAdapter, null);
    }

    public SslHandlerFactoryImpl(NetconfKeystoreAdapter netconfKeystoreAdapter, Specification specification) {
        this.keystoreAdapter = (NetconfKeystoreAdapter) Objects.requireNonNull(netconfKeystoreAdapter);
        this.specification = specification;
    }

    @Override // org.opendaylight.netconf.client.SslHandlerFactory
    public SslHandler createSslHandler() {
        return createSslHandler(Set.of());
    }

    @Override // org.opendaylight.netconf.client.SslHandlerFactory
    public SslHandler createSslHandler(Set<String> set) {
        String[] strArr;
        try {
            KeyStore javaKeyStore = this.keystoreAdapter.getJavaKeyStore(set);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(javaKeyStore, "".toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(javaKeyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(true);
            String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
            Specification specification = this.specification;
            if (specification instanceof TlsCase) {
                TlsCase tlsCase = (TlsCase) specification;
                HashSet newHashSet = Sets.newHashSet(supportedProtocols);
                newHashSet.removeAll(tlsCase.getTls().getExcludedVersions());
                strArr = (String[]) newHashSet.toArray(new String[0]);
            } else {
                if (this.specification != null) {
                    throw new IllegalArgumentException("Cannot get TLS specification from: " + this.specification);
                }
                strArr = supportedProtocols;
            }
            createSSLEngine.setEnabledProtocols(strArr);
            createSSLEngine.setEnabledCipherSuites(createSSLEngine.getSupportedCipherSuites());
            createSSLEngine.setEnableSessionCreation(true);
            return new SslHandler(createSSLEngine);
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }
}
