package org.apache.cassandra.config;

import com.datastax.bdp.security.KeyStoreUtil;
import com.datastax.dse.byos.shade.com.google.common.collect.ImmutableList;
import java.net.InetAddress;
import javax.annotation.Nonnull;
import javax.net.ssl.SSLSocketFactory;
import org.apache.cassandra.locator.IEndpointSnitch;

/* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions.class */
public abstract class EncryptionOptions {
    private final String keystore;
    private final String keystorePassword;
    private final String keystoreType;
    private final String truststore;
    private final String truststorePassword;
    private final String truststoreType;
    private final ImmutableList<String> cipherSuites;
    private final String protocol;
    private final String algorithm;
    private final boolean requireClientAuth;
    private final boolean requireEndpointVerification;

    @Deprecated
    private final String storeType;

    /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$ClientEncryptionOptions.class */
    public static class ClientEncryptionOptions extends EncryptionOptions {
        private final boolean enabled;
        private final boolean optional;

        private ClientEncryptionOptions(ClientEncryptionOptionsDto clientEncryptionOptionsDto) {
            super(clientEncryptionOptionsDto);
            this.enabled = clientEncryptionOptionsDto.enabled;
            this.optional = clientEncryptionOptionsDto.optional;
        }

        public static ClientEncryptionOptions from(@Nonnull ClientEncryptionOptionsDto clientEncryptionOptionsDto) {
            EncryptionOptions.validate(clientEncryptionOptionsDto);
            return new ClientEncryptionOptions(clientEncryptionOptionsDto);
        }

        public static ClientEncryptionOptions newDefaultInstance() {
            return from(new ClientEncryptionOptionsDto());
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public boolean isOptional() {
            return this.optional;
        }
    }

    /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$ClientEncryptionOptionsDto.class */
    public static class ClientEncryptionOptionsDto extends EncryptionOptionsDto {
        public boolean enabled;
        public boolean optional;

        public ClientEncryptionOptionsDto() {
            super("client_encryption_options");
            this.enabled = false;
            this.optional = false;
        }

        @Override // org.apache.cassandra.config.EncryptionOptions.EncryptionOptionsDto
        public /* bridge */ /* synthetic */ String getConfigAttributeName() {
            return super.getConfigAttributeName();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$EncryptionOptionsDto.class */
    public static abstract class EncryptionOptionsDto {
        private final String attributeName;
        public String keystore = "conf/.keystore";
        public String keystore_password = "cassandra";
        public String truststore = "conf/.truststore";
        public String truststore_password = "cassandra";
        public String[] cipher_suites = ((SSLSocketFactory) SSLSocketFactory.getDefault()).getDefaultCipherSuites();
        public String protocol = "TLS";
        public String algorithm = "SunX509";
        public boolean require_client_auth = false;
        public boolean require_endpoint_verification = false;

        @Deprecated
        public String store_type;
        public String keystore_type;
        public String truststore_type;

        public EncryptionOptionsDto(String str) {
            this.attributeName = str;
        }

        public String getConfigAttributeName() {
            return this.attributeName;
        }
    }

    /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$ServerEncryptionOptions.class */
    public static class ServerEncryptionOptions extends EncryptionOptions {
        private final InternodeEncryption internodeEncryption;
        public InternodeEncryption internode_encryption;

        /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$ServerEncryptionOptions$InternodeEncryption.class */
        public enum InternodeEncryption {
            all,
            none,
            dc,
            rack
        }

        private ServerEncryptionOptions(ServerEncryptionOptionsDto serverEncryptionOptionsDto) {
            super(serverEncryptionOptionsDto);
            this.internode_encryption = InternodeEncryption.none;
            this.internodeEncryption = serverEncryptionOptionsDto.internode_encryption;
        }

        public static ServerEncryptionOptions from(@Nonnull ServerEncryptionOptionsDto serverEncryptionOptionsDto) {
            EncryptionOptions.validate(serverEncryptionOptionsDto);
            return new ServerEncryptionOptions(serverEncryptionOptionsDto);
        }

        public static ServerEncryptionOptions newDefaultInstance() {
            return from(new ServerEncryptionOptionsDto());
        }

        public InternodeEncryption getInternodeEncryption() {
            return this.internodeEncryption;
        }

        public boolean shouldEncrypt(InetAddress inetAddress) {
            IEndpointSnitch endpointSnitch = DatabaseDescriptor.getEndpointSnitch();
            switch (DatabaseDescriptor.getServerEncryptionOptions().getInternodeEncryption()) {
                case none:
                    return false;
                case all:
                default:
                    return true;
                case dc:
                    return !endpointSnitch.isInLocalDatacenter(inetAddress);
                case rack:
                    return !endpointSnitch.isInLocalRack(inetAddress);
            }
        }
    }

    /* loaded from: input_file:org/apache/cassandra/config/EncryptionOptions$ServerEncryptionOptionsDto.class */
    public static class ServerEncryptionOptionsDto extends EncryptionOptionsDto {
        public ServerEncryptionOptions.InternodeEncryption internode_encryption;

        public ServerEncryptionOptionsDto() {
            super("server_encryption_options");
            this.internode_encryption = ServerEncryptionOptions.InternodeEncryption.none;
        }

        @Override // org.apache.cassandra.config.EncryptionOptions.EncryptionOptionsDto
        public /* bridge */ /* synthetic */ String getConfigAttributeName() {
            return super.getConfigAttributeName();
        }
    }

    private EncryptionOptions(EncryptionOptionsDto encryptionOptionsDto) {
        this.keystore = encryptionOptionsDto.keystore;
        this.keystorePassword = encryptionOptionsDto.keystore_password;
        this.keystoreType = encryptionOptionsDto.keystore_type;
        this.truststore = encryptionOptionsDto.truststore;
        this.truststorePassword = encryptionOptionsDto.truststore_password;
        this.truststoreType = encryptionOptionsDto.truststore_type;
        this.cipherSuites = ImmutableList.copyOf(encryptionOptionsDto.cipher_suites);
        this.protocol = encryptionOptionsDto.protocol;
        this.algorithm = encryptionOptionsDto.algorithm;
        this.requireClientAuth = encryptionOptionsDto.require_client_auth;
        this.requireEndpointVerification = encryptionOptionsDto.require_endpoint_verification;
        this.storeType = encryptionOptionsDto.store_type;
    }

    public String getKeystore() {
        return this.keystore;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getKeystoreType() {
        return this.keystoreType != null ? this.keystoreType : this.storeType;
    }

    public String getTruststore() {
        return this.truststore;
    }

    public String getTruststorePassword() {
        return this.truststorePassword;
    }

    public String getTruststoreType() {
        return this.truststoreType != null ? this.truststoreType : this.storeType;
    }

    public String[] getCipherSuites() {
        return (String[]) this.cipherSuites.toArray(new String[0]);
    }

    public String getProtocol() {
        return this.protocol;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public boolean isRequireClientAuth() {
        return this.requireClientAuth;
    }

    public boolean isRequireEndpointVerification() {
        return this.requireEndpointVerification;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validate(EncryptionOptionsDto encryptionOptionsDto) {
        if (KeyStoreUtil.isPKCS11(encryptionOptionsDto.store_type)) {
            throw new IllegalArgumentException(String.format("store_type %s is not supported. Please use keystore_type instead.", encryptionOptionsDto.store_type));
        }
        if (KeyStoreUtil.isPKCS11(encryptionOptionsDto.truststore_type)) {
            throw new IllegalArgumentException(String.format("truststore_type %s is not supported.", encryptionOptionsDto.truststore_type));
        }
    }
}
