package com.yahoo.security.tls;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:com/yahoo/security/tls/TlsContext.class */
public interface TlsContext extends AutoCloseable {
    public static final Set<String> ALLOWED_CIPHER_SUITES = Set.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256");
    public static final String SSL_CONTEXT_VERSION = "TLSv1.2";
    public static final Set<String> ALLOWED_PROTOCOLS = Set.of(SSL_CONTEXT_VERSION, "TLSv1.3");

    static Set<String> getAllowedCipherSuites(SSLContext sSLContext) {
        String[] cipherSuites = sSLContext.getSupportedSSLParameters().getCipherSuites();
        Stream stream = Arrays.stream(cipherSuites);
        Set<String> set = ALLOWED_CIPHER_SUITES;
        Objects.requireNonNull(set);
        Set<String> set2 = (Set) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toSet());
        if (set2.isEmpty()) {
            throw new IllegalArgumentException(String.format("Non of the allowed ciphers are supported (allowed=%s, supported=%s)", ALLOWED_CIPHER_SUITES, Arrays.toString(cipherSuites)));
        }
        return set2;
    }

    static Set<String> getAllowedCipherSuites() {
        return getAllowedCipherSuites(defaultSslContext());
    }

    static Set<String> getAllowedProtocols(SSLContext sSLContext) {
        String[] protocols = sSLContext.getSupportedSSLParameters().getProtocols();
        Stream stream = Arrays.stream(protocols);
        Set<String> set = ALLOWED_PROTOCOLS;
        Objects.requireNonNull(set);
        Set<String> set2 = (Set) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toSet());
        if (set2.isEmpty()) {
            throw new IllegalArgumentException(String.format("Non of the allowed protocols are supported (allowed=%s, supported=%s)", ALLOWED_PROTOCOLS, Arrays.toString(protocols)));
        }
        return set2;
    }

    static Set<String> getAllowedProtocols() {
        return getAllowedProtocols(defaultSslContext());
    }

    static SSLContext defaultSslContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSL_CONTEXT_VERSION);
            sSLContext.init(null, null, null);
            return sSLContext;
        } catch (KeyManagementException e) {
            throw new IllegalStateException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    SSLContext context();

    SSLParameters parameters();

    SSLEngine createSslEngine();

    SSLEngine createSslEngine(String str, int i);

    @Override // java.lang.AutoCloseable
    default void close() {
    }
}
