package org.dcache.dss;

import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import eu.emi.security.authn.x509.X509Credential;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.dcache.gsi.ClientGsiEngine;
import org.dcache.ssl.SslContextFactory;
import org.dcache.util.CertificateFactories;

/* loaded from: input_file:org/dcache/dss/ClientGsiEngineDssContextFactory.class */
public class ClientGsiEngineDssContextFactory implements DssContextFactory {
    private final Set<String> bannedCiphers;
    private final SslContextFactory contextFactory;
    private final boolean isDelegationEnabled;
    private final boolean isDelegationLimited;
    private final X509Credential credential;
    private final CertificateFactory cf = CertificateFactories.newX509CertificateFactory();
    private final Set<String> bannedProtocols = ImmutableSet.of("SSL", "SSLv2", "SSLv2Hello", "SSLv3");

    public ClientGsiEngineDssContextFactory(SslContextFactory sslContextFactory, X509Credential x509Credential, String[] strArr, boolean z, boolean z2) {
        this.credential = x509Credential;
        this.contextFactory = sslContextFactory;
        this.isDelegationEnabled = z;
        this.isDelegationLimited = z2;
        this.bannedCiphers = ImmutableSet.copyOf(strArr);
    }

    @Override // org.dcache.dss.DssContextFactory
    public DssContext create(InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) throws IOException {
        try {
            SSLEngine createSSLEngine = ((SSLContext) this.contextFactory.getContext(SSLContext.class, this.credential)).createSSLEngine(inetSocketAddress.getHostString(), inetSocketAddress.getPort());
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            String[] strArr = (String[]) Iterables.toArray(Iterables.filter(Arrays.asList(sSLParameters.getCipherSuites()), Predicates.not(Predicates.in(this.bannedCiphers))), String.class);
            String[] strArr2 = (String[]) Iterables.toArray(Iterables.filter(Arrays.asList(sSLParameters.getProtocols()), Predicates.not(Predicates.in(this.bannedProtocols))), String.class);
            sSLParameters.setCipherSuites(strArr);
            sSLParameters.setProtocols(strArr2);
            sSLParameters.setWantClientAuth(true);
            sSLParameters.setNeedClientAuth(true);
            createSSLEngine.setSSLParameters(sSLParameters);
            return new SslEngineDssContext(new ClientGsiEngine(createSSLEngine, this.credential, this.isDelegationEnabled, this.isDelegationLimited), this.cf);
        } catch (Exception e) {
            Throwables.propagateIfPossible(e, IOException.class);
            throw new IOException("Failed to create SSL engine: " + e.getMessage(), e);
        }
    }
}
