package org.apache.hadoop.security.ssl;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.logging.Level;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import net.bytebuddy.ClassFileVersion;
import org.apache.hadoop.classification.VisibleForTesting;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wildfly.openssl.OpenSSLProvider;

/* loaded from: input_file:META-INF/bundled-dependencies/hadoop-common-3.4.0.jar:org/apache/hadoop/security/ssl/DelegatingSSLSocketFactory.class */
public final class DelegatingSSLSocketFactory extends SSLSocketFactory {
    private static DelegatingSSLSocketFactory instance = null;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DelegatingSSLSocketFactory.class);
    private String providerName;
    private SSLContext ctx;
    private String[] ciphers;
    private SSLChannelMode channelMode;
    private boolean openSSLProviderRegistered;

    /* loaded from: input_file:META-INF/bundled-dependencies/hadoop-common-3.4.0.jar:org/apache/hadoop/security/ssl/DelegatingSSLSocketFactory$SSLChannelMode.class */
    public enum SSLChannelMode {
        OpenSSL,
        Default,
        Default_JSSE,
        Default_JSSE_with_GCM
    }

    public static synchronized void initializeDefaultFactory(SSLChannelMode sSLChannelMode) throws IOException {
        if (instance == null) {
            instance = new DelegatingSSLSocketFactory(sSLChannelMode);
        }
    }

    @VisibleForTesting
    public static synchronized void resetDefaultFactory() {
        LOG.info("Resetting default SSL Socket Factory");
        instance = null;
    }

    public static DelegatingSSLSocketFactory getDefaultFactory() {
        return instance;
    }

    private DelegatingSSLSocketFactory(SSLChannelMode sSLChannelMode) throws IOException {
        try {
            initializeSSLContext(sSLChannelMode);
            String[] supportedCipherSuites = this.ctx.getSocketFactory().getSupportedCipherSuites();
            this.ciphers = (this.channelMode == SSLChannelMode.Default_JSSE && System.getProperty(ClassFileVersion.VersionLocator.JAVA_VERSION).startsWith("1.8")) ? alterCipherList(supportedCipherSuites) : supportedCipherSuites;
            this.providerName = this.ctx.getProvider().getName() + "-" + this.ctx.getProvider().getVersion();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new IOException(e);
        }
    }

    private void initializeSSLContext(SSLChannelMode sSLChannelMode) throws NoSuchAlgorithmException, KeyManagementException, IOException {
        LOG.debug("Initializing SSL Context to channel mode {}", sSLChannelMode);
        switch (sSLChannelMode) {
            case Default:
                try {
                    bindToOpenSSLProvider();
                    this.channelMode = SSLChannelMode.OpenSSL;
                    return;
                } catch (LinkageError | RuntimeException | NoSuchAlgorithmException e) {
                    LOG.debug("Failed to load OpenSSL. Falling back to the JSSE default.", e);
                    this.ctx = SSLContext.getDefault();
                    this.channelMode = SSLChannelMode.Default_JSSE;
                    return;
                }
            case OpenSSL:
                bindToOpenSSLProvider();
                this.channelMode = SSLChannelMode.OpenSSL;
                return;
            case Default_JSSE:
                this.ctx = SSLContext.getDefault();
                this.channelMode = SSLChannelMode.Default_JSSE;
                return;
            case Default_JSSE_with_GCM:
                this.ctx = SSLContext.getDefault();
                this.channelMode = SSLChannelMode.Default_JSSE_with_GCM;
                return;
            default:
                throw new IOException("Unknown channel mode: " + sSLChannelMode);
        }
    }

    private void bindToOpenSSLProvider() throws NoSuchAlgorithmException, KeyManagementException {
        if (!this.openSSLProviderRegistered) {
            LOG.debug("Attempting to register OpenSSL provider");
            OpenSSLProvider.register();
            this.openSSLProviderRegistered = true;
        }
        java.util.logging.Logger logger = java.util.logging.Logger.getLogger("org.wildfly.openssl.SSL");
        Level level = logger.getLevel();
        try {
            logger.setLevel(Level.WARNING);
            this.ctx = SSLContext.getInstance("openssl.TLS");
            this.ctx.init(null, null, null);
        } finally {
            logger.setLevel(level);
        }
    }

    public String getProviderName() {
        return this.providerName;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return (String[]) this.ciphers.clone();
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return (String[]) this.ciphers.clone();
    }

    public SSLChannelMode getChannelMode() {
        return this.channelMode;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket());
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket(socket, str, i, z));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket(str, i, inetAddress, i2));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket(inetAddress, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return configureSocket(this.ctx.getSocketFactory().createSocket(str, i));
    }

    private Socket configureSocket(Socket socket) {
        ((SSLSocket) socket).setEnabledCipherSuites(this.ciphers);
        return socket;
    }

    private String[] alterCipherList(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].contains("_GCM_")) {
                LOG.debug("Removed Cipher - {} from list of enabled SSLSocket ciphers", strArr[i]);
            } else {
                arrayList.add(strArr[i]);
            }
        }
        this.ciphers = (String[]) arrayList.toArray(new String[0]);
        return this.ciphers;
    }
}
