package org.apache.nifi.ssl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.TlsPlatform;

@CapabilityDescription("Restricted implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application, but only allows a restricted set of TLS/SSL protocols to be chosen (no SSL protocols are supported). The set of protocols selectable will evolve over time as new protocols emerge and older protocols are deprecated. This service is recommended over StandardSSLContextService if a component doesn't expect to communicate with legacy systems since it is unlikely that legacy systems will support these protocols.")
@Tags({"tls", "ssl", "secure", "certificate", "keystore", "truststore", "jks", "p12", "pkcs12", "pkcs"})
/* loaded from: input_file:org/apache/nifi/ssl/StandardRestrictedSSLContextService.class */
public class StandardRestrictedSSLContextService extends StandardSSLContextService implements RestrictedSSLContextService {
    public static final PropertyDescriptor RESTRICTED_SSL_ALGORITHM = new PropertyDescriptor.Builder().name("SSL Protocol").displayName("TLS Protocol").defaultValue("TLS").required(false).allowableValues(getRestrictedProtocolAllowableValues()).description("TLS Protocol Version for encrypted connections. Supported versions depend on the specific version of Java used.").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).build();
    private static final List<PropertyDescriptor> properties;

    @Override // org.apache.nifi.ssl.StandardSSLContextService
    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return properties;
    }

    @Override // org.apache.nifi.ssl.StandardSSLContextService
    public String getSslAlgorithm() {
        return this.configContext.getProperty(RESTRICTED_SSL_ALGORITHM).getValue();
    }

    private static AllowableValue[] getRestrictedProtocolAllowableValues() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AllowableValue("TLS", "TLS", "Negotiate latest protocol version based on platform supported versions"));
        for (String str : TlsPlatform.getPreferredProtocols()) {
            arrayList.add(new AllowableValue(str, str, String.format("Require %s protocol version", str)));
        }
        return (AllowableValue[]) arrayList.toArray(new AllowableValue[arrayList.size()]);
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(KEYSTORE);
        arrayList.add(KEYSTORE_PASSWORD);
        arrayList.add(KEY_PASSWORD);
        arrayList.add(KEYSTORE_TYPE);
        arrayList.add(TRUSTSTORE);
        arrayList.add(TRUSTSTORE_PASSWORD);
        arrayList.add(TRUSTSTORE_TYPE);
        arrayList.add(RESTRICTED_SSL_ALGORITHM);
        properties = Collections.unmodifiableList(arrayList);
    }
}
