package com.amazon.opendistroforelasticsearch.security.ssl.transport;

import com.amazon.opendistroforelasticsearch.security.support.ConfigConstants;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.common.settings.ClusterSettings;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/amazon/opendistroforelasticsearch/security/ssl/transport/OpenDistroSSLConfig.class */
public class OpenDistroSSLConfig {
    public static final Setting<Boolean> SSL_DUAL_MODE_SETTING = Setting.boolSetting(ConfigConstants.OPENDISTRO_SECURITY_CONFIG_SSL_DUAL_MODE_ENABLED, false, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Dynamic});
    private static final Logger logger = LogManager.getLogger(OpenDistroSSLConfig.class);
    private final boolean sslOnly;
    private volatile boolean dualModeEnabled;

    public OpenDistroSSLConfig(boolean z, boolean z2) {
        this.sslOnly = z;
        this.dualModeEnabled = z2;
        if (this.dualModeEnabled && !this.sslOnly) {
            logger.warn("opendistro_security_config.ssl_dual_mode_enabled is enabled but opendistro_security.ssl_only mode is disabled. SSL Dual mode is supported only when security plugin is in ssl_only mode");
        }
        logger.info("SSL dual mode is {}", isDualModeEnabled() ? "enabled" : "disabled");
    }

    public OpenDistroSSLConfig(Settings settings) {
        this(settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_SSL_ONLY, false).booleanValue(), settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_CONFIG_SSL_DUAL_MODE_ENABLED, false).booleanValue());
    }

    public void registerClusterSettingsChangeListener(ClusterSettings clusterSettings) {
        clusterSettings.addSettingsUpdateConsumer(SSL_DUAL_MODE_SETTING, bool -> {
            logger.info("Detected change in settings, cluster setting for SSL dual mode is {}", bool.booleanValue() ? "enabled" : "disabled");
            setDualModeEnabled(bool.booleanValue());
        });
    }

    private void setDualModeEnabled(boolean z) {
        this.dualModeEnabled = z;
    }

    public boolean isDualModeEnabled() {
        return this.sslOnly && this.dualModeEnabled;
    }

    public boolean isSslOnlyMode() {
        return this.sslOnly;
    }
}
