package org.apache.cassandra.security;

import com.google.common.collect.Sets;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.util.HashSet;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cassandra.config.EncryptionOptions;
import org.apache.cassandra.io.util.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/security/SSLFactory.class */
public final class SSLFactory {
    private static final Logger logger = LoggerFactory.getLogger(SSLFactory.class);

    public static SSLServerSocket getServerSocket(EncryptionOptions encryptionOptions, InetAddress inetAddress, int i) throws IOException {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) createSSLContext(encryptionOptions).getServerSocketFactory().createServerSocket();
        sSLServerSocket.setReuseAddress(true);
        sSLServerSocket.setEnabledCipherSuites(filterCipherSuites(sSLServerSocket.getSupportedCipherSuites(), encryptionOptions.cipher_suites));
        sSLServerSocket.bind(new InetSocketAddress(inetAddress, i), 100);
        return sSLServerSocket;
    }

    public static SSLSocket getSocket(EncryptionOptions encryptionOptions, InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) createSSLContext(encryptionOptions).getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        sSLSocket.setEnabledCipherSuites(filterCipherSuites(sSLSocket.getSupportedCipherSuites(), encryptionOptions.cipher_suites));
        return sSLSocket;
    }

    public static SSLSocket getSocket(EncryptionOptions encryptionOptions, InetAddress inetAddress, int i) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) createSSLContext(encryptionOptions).getSocketFactory().createSocket(inetAddress, i);
        sSLSocket.setEnabledCipherSuites(filterCipherSuites(sSLSocket.getSupportedCipherSuites(), encryptionOptions.cipher_suites));
        return sSLSocket;
    }

    public static SSLSocket getSocket(EncryptionOptions encryptionOptions) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) createSSLContext(encryptionOptions).getSocketFactory().createSocket();
        sSLSocket.setEnabledCipherSuites(filterCipherSuites(sSLSocket.getSupportedCipherSuites(), encryptionOptions.cipher_suites));
        return sSLSocket;
    }

    private static SSLContext createSSLContext(EncryptionOptions encryptionOptions) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(encryptionOptions.truststore);
        FileInputStream fileInputStream2 = new FileInputStream(encryptionOptions.keystore);
        try {
            try {
                SSLContext sSLContext = SSLContext.getInstance(encryptionOptions.protocol);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(encryptionOptions.algorithm);
                KeyStore keyStore = KeyStore.getInstance(encryptionOptions.store_type);
                keyStore.load(fileInputStream, encryptionOptions.truststore_password.toCharArray());
                trustManagerFactory.init(keyStore);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(encryptionOptions.algorithm);
                KeyStore keyStore2 = KeyStore.getInstance(encryptionOptions.store_type);
                keyStore2.load(fileInputStream2, encryptionOptions.keystore_password.toCharArray());
                keyManagerFactory.init(keyStore2, encryptionOptions.keystore_password.toCharArray());
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                FileUtils.closeQuietly(fileInputStream);
                FileUtils.closeQuietly(fileInputStream2);
                return sSLContext;
            } catch (Exception e) {
                throw new IOException("Error creating the initializing the SSL Context", e);
            }
        } catch (Throwable th) {
            FileUtils.closeQuietly(fileInputStream);
            FileUtils.closeQuietly(fileInputStream2);
            throw th;
        }
    }

    private static String[] filterCipherSuites(String[] strArr, String[] strArr2) {
        HashSet newHashSet = Sets.newHashSet(strArr2);
        Sets.SetView intersection = Sets.intersection(Sets.newHashSet(strArr), newHashSet);
        if (newHashSet.size() > intersection.size()) {
            logger.warn("Filtering out {} as it isnt supported by the socket", StringUtils.join(Sets.difference(newHashSet, intersection), ","));
        }
        return (String[]) intersection.toArray(new String[intersection.size()]);
    }
}
