package com.huawei.es.security.ssl;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/huawei/es/security/ssl/HwSecurityConstants.class */
public final class HwSecurityConstants {
    public static final String SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE = "security.ssl.http.enable_openssl_if_available";
    public static final String SECURITY_SSL_HTTP_ENABLED = "security.ssl.http.enabled";
    public static final boolean SECURITY_SSL_HTTP_ENABLED_DEFAULT = false;
    public static final long MIN_SSL_VERSION = 268443648;
    public static final String SECURITY_SSL_HTTP_CLIENTAUTH_MODE = "security.ssl.http.clientauth_mode";
    public static final String SECURITY_SSL_HTTP_KEYSTORE_ALIAS = "security.ssl.http.keystore_alias";
    public static final String SECURITY_SSL_HTTP_KEYSTORE_FILEPATH = "security.ssl.http.keystore_filepath";
    public static final String SECURITY_SSL_HTTP_PEMKEY_FILEPATH = "security.ssl.http.pemkey_filepath";
    public static final String SECURITY_SSL_HTTP_PEMKEY_CONF = "security.ssl.http.pemkey_password";
    public static final String SECURITY_SSL_HTTP_PEMCERT_FILEPATH = "security.ssl.http.pemcert_filepath";
    public static final String SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH = "security.ssl.http.pemtrustedcas_filepath";
    public static final String SECURITY_SSL_HTTP_KEYSTORE_CONF = "security.ssl.http.keystore_password";
    public static final String SECURITY_SSL_HTTP_KEYSTORE_TYPE = "security.ssl.http.keystore_type";
    public static final String SECURITY_SSL_HTTP_TRUSTSTORE_ALIAS = "security.ssl.http.truststore_alias";
    public static final String SECURITY_SSL_HTTP_TRUSTSTORE_FILEPATH = "security.ssl.http.truststore_filepath";
    public static final String SECURITY_SSL_HTTP_TRUSTSTORE_CONF = "security.ssl.http.truststore_password";
    public static final String SECURITY_SSL_HTTP_TRUSTSTORE_TYPE = "security.ssl.http.truststore_type";
    public static final String SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE = "security.ssl.transport.enable_openssl_if_available";
    public static final String SECURITY_SSL_TRANSPORT_ENABLED = "security.ssl.transport.enabled";
    public static final boolean SECURITY_SSL_TRANSPORT_ENABLED_DEFAULT = true;
    public static final String SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION = "security.ssl.transport.enforce_hostname_verification";
    public static final String SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME = "security.ssl.transport.resolve_hostname";
    public static final String SECURITY_SSL_TRANSPORT_KEYSTORE_ALIAS = "security.ssl.transport.keystore_alias";
    public static final String SECURITY_SSL_TRANSPORT_KEYSTORE_FILEPATH = "security.ssl.transport.keystore_filepath";
    public static final String SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH = "security.ssl.transport.pemkey_filepath";
    public static final String SECURITY_SSL_TRANSPORT_PEMKEY_CONF = "security.ssl.transport.pemkey_password";
    public static final String SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH = "security.ssl.transport.pemcert_filepath";
    public static final String SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH = "security.ssl.transport.pemtrustedcas_filepath";
    public static final String SECURITY_SSL_TRANSPORT_KEYSTORE_CONF = "security.ssl.transport.keystore_password";
    public static final String SECURITY_SSL_TRANSPORT_KEYSTORE_TYPE = "security.ssl.transport.keystore_type";
    public static final String SECURITY_SSL_TRANSPORT_TRUSTSTORE_ALIAS = "security.ssl.transport.truststore_alias";
    public static final String SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH = "security.ssl.transport.truststore_filepath";
    public static final String SECURITY_SSL_TRANSPORT_TRUSTSTORE_CONF = "security.ssl.transport.truststore_password";
    public static final String SECURITY_SSL_TRANSPORT_TRUSTSTORE_TYPE = "security.ssl.transport.truststore_type";
    public static final String SECURITY_SSL_TRANSPORT_ENABLED_CIPHERS = "security.ssl.transport.enabled_ciphers";
    public static final String SECURITY_SSL_TRANSPORT_ENABLED_PROTOCOLS = "security.ssl.transport.enabled_protocols";
    public static final String SECURITY_SSL_HTTP_ENABLED_CIPHERS = "security.ssl.http.enabled_ciphers";
    public static final String SECURITY_SSL_HTTP_ENABLED_PROTOCOLS = "security.ssl.http.enabled_protocols";
    private static final String[] SECURE_SSL_PROTOCOLS = {"TLSv1.2"};
    private static final String[] SECURE_SSL_CIPHERS = {"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"};

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] getSecureSslProtocols(Settings settings, boolean z) {
        List list = null;
        if (settings != null) {
            list = z ? settings.getAsList(SECURITY_SSL_HTTP_ENABLED_PROTOCOLS, Collections.emptyList()) : settings.getAsList(SECURITY_SSL_TRANSPORT_ENABLED_PROTOCOLS, Collections.emptyList());
        }
        return (list == null || list.size() <= 0) ? (String[]) SECURE_SSL_PROTOCOLS.clone() : (String[]) list.toArray(new String[0]);
    }

    public static final List<String> getSecureSslCiphers(Settings settings, boolean z) {
        List<String> list = null;
        if (settings != null) {
            list = z ? settings.getAsList(SECURITY_SSL_HTTP_ENABLED_CIPHERS, Collections.emptyList()) : settings.getAsList(SECURITY_SSL_TRANSPORT_ENABLED_CIPHERS, Collections.emptyList());
        }
        return (list == null || list.size() <= 0) ? Collections.unmodifiableList(Arrays.asList(SECURE_SSL_CIPHERS)) : list;
    }

    private HwSecurityConstants() {
    }
}
