package com.huawei.fusioninsight.elasticsearch.transport.ssl;

import com.huawei.us.common.random.UsSecureRandom;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;

/* loaded from: input_file:com/huawei/fusioninsight/elasticsearch/transport/ssl/HwSSLService.class */
public class HwSSLService {
    private static final Logger logger = LogManager.getLogger(HwSSLService.class);
    private final Map<String, HwSSLConfiguration> sslConfigurations = new HashMap();
    private final Map<HwSSLConfiguration, SSLContextHolder> sslContexts = loadSSLConfigurations();
    private final HwSSLConfiguration transportSSLConfiguration;
    private final Environment env;
    private final Settings settings;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/huawei/fusioninsight/elasticsearch/transport/ssl/HwSSLService$SSLContextHolder.class */
    public final class SSLContextHolder {
        private volatile SSLContext context;
        private final KeyConfig keyConfig;
        private final TrustConfig trustConfig;
        private final HwSSLConfiguration hwSslConfiguration;

        SSLContextHolder(SSLContext sSLContext, HwSSLConfiguration hwSSLConfiguration) {
            this.context = sSLContext;
            this.hwSslConfiguration = hwSSLConfiguration;
            this.keyConfig = hwSSLConfiguration.keyConfig();
            this.trustConfig = hwSSLConfiguration.trustConfig();
        }

        SSLContext sslContext() {
            return this.context;
        }
    }

    public HwSSLService(Settings settings, Environment environment) {
        this.settings = settings;
        this.env = environment;
        this.transportSSLConfiguration = new HwSSLConfiguration(settings.getByPrefix(ClientSettings.TRANSPORT_SSL_PREFIX));
    }

    public SSLEngine createSslEngine(HwSSLConfiguration hwSSLConfiguration, String str, int i) {
        SSLEngine createSSLEngine = sslContext(hwSSLConfiguration).createSSLEngine(str, i);
        SSLParameters sSLParameters = new SSLParameters(supportedCiphers(createSSLEngine.getSupportedCipherSuites(), hwSSLConfiguration.cipherSuites(), false), (String[]) hwSSLConfiguration.supportedProtocols().toArray(Strings.EMPTY_ARRAY));
        if (hwSSLConfiguration.verificationMode().isHostnameVerificationEnabled() && str != null) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
        sSLParameters.setUseCipherSuitesOrder(true);
        hwSSLConfiguration.sslClientAuth().configure(sSLParameters);
        createSSLEngine.setSSLParameters(sSLParameters);
        return createSSLEngine;
    }

    SSLContext sslContext(HwSSLConfiguration hwSSLConfiguration) {
        return sslContextHolder(hwSSLConfiguration).sslContext();
    }

    SSLContextHolder sslContextHolder(HwSSLConfiguration hwSSLConfiguration) {
        Objects.requireNonNull(hwSSLConfiguration, "SSL Configuration cannot be null");
        SSLContextHolder sSLContextHolder = this.sslContexts.get(hwSSLConfiguration);
        if (sSLContextHolder == null) {
            throw new IllegalArgumentException("did not find a SSLContext for SSLConfiguration");
        }
        return sSLContextHolder;
    }

    String[] supportedCiphers(String[] strArr, List<String> list, boolean z) {
        ArrayList arrayList = new ArrayList(list.size());
        LinkedList linkedList = new LinkedList();
        for (String str : list) {
            boolean z2 = false;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (strArr[i].equals(str)) {
                    z2 = true;
                    arrayList.add(str);
                    break;
                }
                i++;
            }
            if (!z2) {
                linkedList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            throw new IllegalArgumentException("none of the ciphers " + Arrays.toString(list.toArray()) + " are supported by this JVM");
        }
        if (z && !linkedList.isEmpty()) {
            logger.debug("unsupported ciphers [{}] were requested but cannot be used in this JVM, however there are supported ciphers that will be used [{}]. If you are trying to use ciphers with a key length greater than 128 bits on an Oracle JVM, you will need to install the unlimited strength JCE policy files.", linkedList, arrayList);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private SSLContextHolder createSslContext(HwSSLConfiguration hwSSLConfiguration) {
        return createSslContext(hwSSLConfiguration.keyConfig().createKeyManager(this.env), hwSSLConfiguration.trustConfig().createTrustManager(this.env), hwSSLConfiguration);
    }

    private SSLContextHolder createSslContext(X509ExtendedKeyManager x509ExtendedKeyManager, X509ExtendedTrustManager x509ExtendedTrustManager, HwSSLConfiguration hwSSLConfiguration) {
        try {
            SSLContext sSLContext = SSLContext.getInstance(sslContextAlgorithm(hwSSLConfiguration.supportedProtocols()));
            sSLContext.init(new X509ExtendedKeyManager[]{x509ExtendedKeyManager}, new X509ExtendedTrustManager[]{x509ExtendedTrustManager}, UsSecureRandom.getInstance());
            supportedCiphers(sSLContext.getSupportedSSLParameters().getCipherSuites(), hwSSLConfiguration.cipherSuites(), true);
            return new SSLContextHolder(sSLContext, hwSSLConfiguration);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new ElasticsearchException("failed to initialize the SSLContext", e, new Object[0]);
        }
    }

    final Map<HwSSLConfiguration, SSLContextHolder> loadSSLConfigurations() {
        HashMap hashMap = new HashMap();
        hashMap.put(this.transportSSLConfiguration, createSslContext(this.transportSSLConfiguration));
        this.sslConfigurations.put(ClientSettings.TRANSPORT_SSL, this.transportSSLConfiguration);
        return Collections.unmodifiableMap(hashMap);
    }

    public HwSSLConfiguration getSSLConfiguration(String str) {
        if (str.endsWith(".")) {
            str = str.substring(0, str.length() - 1);
        }
        HwSSLConfiguration hwSSLConfiguration = this.sslConfigurations.get(str);
        if (hwSSLConfiguration == null) {
            logger.warn("Cannot find SSL configuration for context {}. Known contexts are: {}", str, Strings.collectionToCommaDelimitedString(this.sslConfigurations.keySet()));
        }
        return hwSSLConfiguration;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:46:0x0143, code lost:
    
        switch(r12) {
            case 0: goto L76;
            case 1: goto L76;
            default: goto L71;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:48:0x015f, code lost:
    
        r6 = "TLSv1";
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x01ab, code lost:
    
        switch(r12) {
            case 0: goto L72;
            case 1: goto L72;
            default: goto L78;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x01c4, code lost:
    
        r6 = "SSLv3";
     */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00f4 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:32:0x00f7 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:36:0x00fd A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:51:0x0165 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:66:0x01d0 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:69:0x0016 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String sslContextAlgorithm(java.util.List<java.lang.String> r5) {
        /*
            Method dump skipped, instructions count: 496
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.fusioninsight.elasticsearch.transport.ssl.HwSSLService.sslContextAlgorithm(java.util.List):java.lang.String");
    }
}
