package org.apache.james.protocols.netty;

import com.google.common.annotations.VisibleForTesting;
import io.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.james.protocols.api.ClientAuth;

/* loaded from: input_file:org/apache/james/protocols/netty/Encryption.class */
public interface Encryption {

    /* loaded from: input_file:org/apache/james/protocols/netty/Encryption$Factory.class */
    public interface Factory {
        Encryption create() throws Exception;
    }

    /* loaded from: input_file:org/apache/james/protocols/netty/Encryption$LegacyJavaEncryption.class */
    public static class LegacyJavaEncryption implements Encryption {
        private final SSLContext context;
        private final boolean starttls;
        private final String[] enabledCipherSuites;
        private final String[] enabledProtocols;
        private final ClientAuth clientAuth;

        private LegacyJavaEncryption(SSLContext sSLContext, boolean z, String[] strArr, String[] strArr2, ClientAuth clientAuth) {
            this.context = sSLContext;
            this.starttls = z;
            this.enabledCipherSuites = strArr;
            this.enabledProtocols = strArr2;
            this.clientAuth = clientAuth;
        }

        public SSLContext getContext() {
            return this.context;
        }

        @Override // org.apache.james.protocols.netty.Encryption
        public boolean isStartTLS() {
            return this.starttls;
        }

        @Override // org.apache.james.protocols.netty.Encryption
        public boolean supportsEncryption() {
            return this.context != null;
        }

        @Override // org.apache.james.protocols.netty.Encryption
        public String[] getEnabledCipherSuites() {
            return this.enabledCipherSuites;
        }

        @Override // org.apache.james.protocols.netty.Encryption
        public ClientAuth getClientAuth() {
            return this.clientAuth;
        }

        private SSLEngine createSSLEngine() {
            SSLEngine createSSLEngine = this.context.createSSLEngine();
            String[] strArr = (String[]) ArrayUtils.clone(this.enabledCipherSuites);
            String[] strArr2 = (String[]) ArrayUtils.clone(this.enabledProtocols);
            if (strArr != null && strArr.length > 0) {
                createSSLEngine.setEnabledCipherSuites(strArr);
            }
            if (strArr2 != null && strArr2.length > 0) {
                createSSLEngine.setEnabledProtocols(strArr2);
            }
            if (ClientAuth.NEED.equals(this.clientAuth)) {
                createSSLEngine.setNeedClientAuth(true);
            }
            if (ClientAuth.WANT.equals(this.clientAuth)) {
                createSSLEngine.setWantClientAuth(true);
            }
            return createSSLEngine;
        }

        @Override // org.apache.james.protocols.netty.Encryption
        public SslHandler sslHandler() {
            SSLEngine createSSLEngine = createSSLEngine();
            createSSLEngine.setUseClientMode(false);
            return new SslHandler(createSSLEngine);
        }
    }

    @VisibleForTesting
    static Encryption createTls(SSLContext sSLContext) {
        return createTls(sSLContext, null, null, ClientAuth.NONE);
    }

    static Encryption createTls(SSLContext sSLContext, String[] strArr, String[] strArr2, ClientAuth clientAuth) {
        return new LegacyJavaEncryption(sSLContext, false, strArr, strArr2, clientAuth);
    }

    @VisibleForTesting
    static Encryption createStartTls(SSLContext sSLContext) {
        return createStartTls(sSLContext, null, null, ClientAuth.NONE);
    }

    static Encryption createStartTls(SSLContext sSLContext, String[] strArr, String[] strArr2, ClientAuth clientAuth) {
        return new LegacyJavaEncryption(sSLContext, true, strArr, strArr2, clientAuth);
    }

    boolean isStartTLS();

    boolean supportsEncryption();

    String[] getEnabledCipherSuites();

    ClientAuth getClientAuth();

    SslHandler sslHandler();
}
