package org.opendaylight.netconf.client.mdsal.impl;

import com.google.common.collect.Sets;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.netconf.client.SslHandlerFactory;

/* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/SslHandlerFactoryImpl.class */
final class SslHandlerFactoryImpl implements SslHandlerFactory {
    private final DefaultSslHandlerFactoryProvider keyStoreProvider;
    private final Set<String> excludedVersions;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SslHandlerFactoryImpl(DefaultSslHandlerFactoryProvider defaultSslHandlerFactoryProvider, Set<String> set) {
        this.keyStoreProvider = (DefaultSslHandlerFactoryProvider) Objects.requireNonNull(defaultSslHandlerFactoryProvider);
        this.excludedVersions = (Set) Objects.requireNonNull(set);
    }

    @Override // org.opendaylight.netconf.client.SslHandlerFactory
    public SslHandler createSslHandler(Set<String> set) {
        String[] strArr;
        try {
            KeyStore javaKeyStore = this.keyStoreProvider.getJavaKeyStore(set);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(javaKeyStore, "".toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(javaKeyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(true);
            String[] supportedProtocols = createSSLEngine.getSupportedProtocols();
            if (this.excludedVersions.isEmpty()) {
                strArr = supportedProtocols;
            } else {
                HashSet newHashSet = Sets.newHashSet(supportedProtocols);
                newHashSet.removeAll(this.excludedVersions);
                strArr = (String[]) newHashSet.toArray(new String[0]);
            }
            createSSLEngine.setEnabledProtocols(strArr);
            createSSLEngine.setEnabledCipherSuites(createSSLEngine.getSupportedCipherSuites());
            createSSLEngine.setEnableSessionCreation(true);
            return new SslHandler(createSSLEngine);
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }
}
