package com.datastax.bdp.node.transport;

import com.datastax.bdp.transport.common.DseReloadableTrustManagerProvider;
import io.netty.handler.ssl.SslHandler;
import java.io.IOException;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.EncryptionOptions;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.security.SSLFactory;

/* loaded from: input_file:com/datastax/bdp/node/transport/SSLOptions.class */
public class SSLOptions {
    public final SSLContext sslContext;
    public final String[] cipherSuites;
    public final boolean requireClientAuth;

    public SSLOptions(SSLContext sSLContext, String[] strArr, boolean z) {
        this.sslContext = sSLContext;
        this.cipherSuites = strArr;
        this.requireClientAuth = z;
    }

    public final SslHandler createServerSslHandler() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        createSSLEngine.setNeedClientAuth(this.requireClientAuth);
        return new SslHandler(createSSLEngine);
    }

    public final SslHandler createClientSslHandler() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        createSSLEngine.setUseClientMode(true);
        createSSLEngine.setEnabledCipherSuites(this.cipherSuites);
        return new SslHandler(createSSLEngine);
    }

    public static Optional<SSLOptions> getDefaultForInterNode() {
        EncryptionOptions.ServerEncryptionOptions serverEncryptionOptions = DatabaseDescriptor.getServerEncryptionOptions();
        return serverEncryptionOptions.internode_encryption != EncryptionOptions.ServerEncryptionOptions.InternodeEncryption.none ? Optional.of(getDefault(serverEncryptionOptions)) : Optional.empty();
    }

    public static Optional<SSLOptions> getDefaultForRPC() {
        EncryptionOptions.ClientEncryptionOptions clientEncryptionOptions = DatabaseDescriptor.getClientEncryptionOptions();
        return clientEncryptionOptions.enabled ? Optional.of(getDefault(clientEncryptionOptions)) : Optional.empty();
    }

    public static SSLOptions getDefault(EncryptionOptions encryptionOptions) {
        try {
            DseReloadableTrustManagerProvider.maybeInstall();
            return new SSLOptions(SSLFactory.createSSLContext(encryptionOptions, true), encryptionOptions.cipher_suites, encryptionOptions.require_client_auth);
        } catch (IOException e) {
            throw new ConfigurationException("Failed to initialize SSL", e);
        }
    }
}
