package org.apache.hudi.org.apache.hadoop.hbase;

import com.huawei.hadoop.hbase.security.HBaseSecurityConfig;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import org.apache.hudi.org.apache.hbase.thirdparty.io.netty.handler.ssl.SslProtocols;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hudi/org/apache/hadoop/hbase/SslRMIServerSocketFactorySecure.class */
public class SslRMIServerSocketFactorySecure extends SslRMIServerSocketFactory {
    private static final Logger LOG = LoggerFactory.getLogger(SslRMIServerSocketFactorySecure.class);
    private List<String> enabledProtocols;

    public SslRMIServerSocketFactorySecure() {
        this.enabledProtocols = null;
        this.enabledProtocols = Arrays.asList(HBaseConfiguration.create().getStrings(HBaseSecurityConfig.SSL_ENABLED_PROTOCOLS, new String[]{HBaseSecurityConfig.DEFAULT_SSL_ENABLED_PROTOCOLS}));
        if (this.enabledProtocols.contains(SslProtocols.TLS_v1) || this.enabledProtocols.contains(SslProtocols.TLS_v1_1)) {
            LOG.warn("Unsecure TLSv1 or TLSv1.1 is used for SSL Protocol. Suggested to use more secure protocols.");
        }
    }

    public ServerSocket createServerSocket(int i) throws IOException {
        return new ServerSocket(i) { // from class: org.apache.hudi.org.apache.hadoop.hbase.SslRMIServerSocketFactorySecure.1
            @Override // java.net.ServerSocket
            public Socket accept() throws IOException {
                Socket accept = super.accept();
                SSLSocket sSLSocket = (SSLSocket) ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket(accept, accept.getInetAddress().getHostName(), accept.getPort(), true);
                sSLSocket.setUseClientMode(false);
                sSLSocket.setNeedClientAuth(false);
                ArrayList arrayList = new ArrayList();
                for (String str : sSLSocket.getEnabledProtocols()) {
                    if (!str.contains(SslProtocols.SSL_v3) && SslRMIServerSocketFactorySecure.this.enabledProtocols.contains(str)) {
                        arrayList.add(str);
                    }
                }
                sSLSocket.setEnabledProtocols((String[]) arrayList.toArray(new String[arrayList.size()]));
                return sSLSocket;
            }
        };
    }
}
