package org.elasticsearch.xpack.core.ssl;

import com.unboundid.util.ssl.SSLUtil;
import java.time.LocalDate;
import java.time.ZoneId;
import java.util.function.Supplier;
import javax.net.ssl.SSLSession;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.common.logging.DeprecationLogger;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslConfigurationKeys;
import org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings;

/* loaded from: input_file:lib/x-pack-core-6.8.15.jar:org/elasticsearch/xpack/core/ssl/TLSv1DeprecationHandler.class */
public class TLSv1DeprecationHandler {
    private final String supportedProtocolsSetting;
    private final boolean shouldLogWarnings;
    private final DeprecationLogger deprecationLogger;

    public TLSv1DeprecationHandler(String str, Settings settings, Logger logger) {
        if (str.length() > 0 && !str.endsWith(SamlRealmSettings.SSL_PREFIX)) {
            throw new IllegalArgumentException("Setting prefix [" + str + "] must end in 'ssl.'");
        }
        this.supportedProtocolsSetting = str + SslConfigurationKeys.PROTOCOLS;
        this.shouldLogWarnings = !SSLConfigurationSettings.SUPPORTED_PROTOCOLS_TEMPLATE.apply(this.supportedProtocolsSetting).exists(settings);
        if (this.shouldLogWarnings) {
            this.deprecationLogger = new DeprecationLogger(logger);
        } else {
            this.deprecationLogger = null;
        }
    }

    private TLSv1DeprecationHandler(String str, boolean z, DeprecationLogger deprecationLogger) {
        this.supportedProtocolsSetting = str;
        this.shouldLogWarnings = z;
        this.deprecationLogger = deprecationLogger;
    }

    public static TLSv1DeprecationHandler disabled() {
        return new TLSv1DeprecationHandler((String) null, false, (DeprecationLogger) null);
    }

    public boolean shouldLogWarnings() {
        return this.shouldLogWarnings;
    }

    public void checkAndLog(SSLSession sSLSession, Supplier<String> supplier) {
        if (this.shouldLogWarnings && SSLUtil.SSL_PROTOCOL_TLS_1.equals(sSLSession.getProtocol())) {
            String str = supplier.get();
            this.deprecationLogger.deprecatedAndMaybeLog(LocalDate.now(ZoneId.of("UTC")) + ParameterizedMessage.ERROR_MSG_SEPARATOR + str, "a TLS v1.0 session was used for [{}], this protocol will be disabled by default in a future version. The [{}] setting can be used to control this.", str, this.supportedProtocolsSetting);
        }
    }
}
