package org.apache.hadoop.hive.common.auth;

import io.hops.security.HopsFileBasedKeyStoresFactory;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/common/auth/HopsTLSTSocketFactory.class */
public class HopsTLSTSocketFactory {
    private static final Logger LOG = LoggerFactory.getLogger(HiveAuthUtils.class);

    /* loaded from: input_file:org/apache/hadoop/hive/common/auth/HopsTLSTSocketFactory$HopsTLSTransportParams.class */
    public static class HopsTLSTransportParams {
        protected int clientTimeout;
        protected InetSocketAddress ifAddress;
        protected List<String> excludeCiphers;
        protected String[] enabledProtocols;
        protected boolean clientAuth;
    }

    public static TServerSocket getServerSocket(Configuration configuration, HopsTLSTransportParams hopsTLSTransportParams) throws TTransportException {
        return createServer(createSSLContext(configuration, hopsTLSTransportParams).getServerSocketFactory(), hopsTLSTransportParams);
    }

    private static SSLContext createSSLContext(Configuration configuration, HopsTLSTransportParams hopsTLSTransportParams) throws TTransportException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            HopsFileBasedKeyStoresFactory hopsFileBasedKeyStoresFactory = new HopsFileBasedKeyStoresFactory();
            hopsFileBasedKeyStoresFactory.setConf(configuration);
            hopsFileBasedKeyStoresFactory.setSystemConf(configuration);
            hopsFileBasedKeyStoresFactory.init(SSLFactory.Mode.SERVER);
            sSLContext.init(hopsFileBasedKeyStoresFactory.getKeyManagers(), hopsFileBasedKeyStoresFactory.getTrustManagers(), null);
            sSLContext.getDefaultSSLParameters().setProtocols(hopsTLSTransportParams.enabledProtocols);
            return sSLContext;
        } catch (Exception e) {
            throw new TTransportException("Error creating the transport", e);
        }
    }

    private static TServerSocket createServer(SSLServerSocketFactory sSLServerSocketFactory, HopsTLSTransportParams hopsTLSTransportParams) throws TTransportException {
        try {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket(hopsTLSTransportParams.ifAddress.getPort(), 100, hopsTLSTransportParams.ifAddress.getAddress());
            sSLServerSocket.setSoTimeout(hopsTLSTransportParams.clientTimeout);
            sSLServerSocket.setNeedClientAuth(hopsTLSTransportParams.clientAuth);
            disableExcludedCiphers(sSLServerSocket, hopsTLSTransportParams);
            return new TServerSocket(new TServerSocket.ServerSocketTransportArgs().serverSocket(sSLServerSocket));
        } catch (Exception e) {
            throw new TTransportException("Could not bind to port " + hopsTLSTransportParams.ifAddress.getPort(), e);
        }
    }

    private static void disableExcludedCiphers(SSLServerSocket sSLServerSocket, HopsTLSTransportParams hopsTLSTransportParams) {
        ArrayList arrayList = new ArrayList(Arrays.asList(sSLServerSocket.getEnabledCipherSuites()));
        for (String str : hopsTLSTransportParams.excludeCiphers) {
            if (arrayList.contains(str)) {
                arrayList.remove(str);
                LOG.debug("Disabling cipher suite {}.", str);
            }
        }
        sSLServerSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
    }
}
