package org.apache.pulsar.client.impl;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.flush.FlushConsolidationHandler;
import io.netty.handler.proxy.Socks5ProxyHandler;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import lombok.Generated;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.client.impl.conf.ClientConfigurationData;
import org.apache.pulsar.common.protocol.ByteBufPair;
import org.apache.pulsar.common.util.PulsarSslConfiguration;
import org.apache.pulsar.common.util.PulsarSslFactory;
import org.apache.pulsar.common.util.SecurityUtility;
import org.apache.pulsar.common.util.netty.NettyFutureUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-client-original-4.0.1.1.jar:org/apache/pulsar/client/impl/PulsarChannelInitializer.class */
public class PulsarChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final String TLS_HANDLER = "tls";
    private final Supplier<ClientCnx> clientCnxSupplier;
    private final boolean tlsEnabled;
    private final boolean tlsHostnameVerificationEnabled;
    private final InetSocketAddress socks5ProxyAddress;
    private final String socks5ProxyUsername;
    private final String socks5ProxyPassword;
    private final ClientConfigurationData conf;
    private final Map<String, PulsarSslFactory> pulsarSslFactoryMap;

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PulsarChannelInitializer.class);
    private static final long TLS_CERTIFICATE_CACHE_MILLIS = TimeUnit.MINUTES.toMillis(1);

    public PulsarChannelInitializer(ClientConfigurationData clientConfigurationData, Supplier<ClientCnx> supplier, ScheduledExecutorService scheduledExecutorService) throws Exception {
        this.clientCnxSupplier = supplier;
        this.tlsEnabled = clientConfigurationData.isUseTls();
        this.tlsHostnameVerificationEnabled = clientConfigurationData.isTlsHostnameVerificationEnable();
        this.socks5ProxyAddress = clientConfigurationData.getSocks5ProxyAddress();
        this.socks5ProxyUsername = clientConfigurationData.getSocks5ProxyUsername();
        this.socks5ProxyPassword = clientConfigurationData.getSocks5ProxyPassword();
        this.conf = clientConfigurationData.m7704clone();
        if (!this.tlsEnabled) {
            this.pulsarSslFactoryMap = null;
            return;
        }
        this.pulsarSslFactoryMap = new ConcurrentHashMap();
        if (scheduledExecutorService == null || clientConfigurationData.getAutoCertRefreshSeconds() <= 0) {
            return;
        }
        scheduledExecutorService.scheduleWithFixedDelay(() -> {
            refreshSslContext(clientConfigurationData);
        }, clientConfigurationData.getAutoCertRefreshSeconds(), clientConfigurationData.getAutoCertRefreshSeconds(), TimeUnit.SECONDS);
    }

    @Override // io.netty.channel.ChannelInitializer
    public void initChannel(SocketChannel socketChannel) throws Exception {
        socketChannel.pipeline().addLast("consolidation", new FlushConsolidationHandler(1024, true));
        socketChannel.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.getEncoder(this.tlsEnabled));
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(5253120, 0, 4, 0, 4));
        socketChannel.pipeline().addLast("handler", this.clientCnxSupplier.get());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompletableFuture<Channel> initTls(Channel channel, InetSocketAddress inetSocketAddress) {
        Objects.requireNonNull(channel, "A channel is required");
        Objects.requireNonNull(inetSocketAddress, "A sniHost is required");
        if (!this.tlsEnabled) {
            throw new IllegalStateException("TLS is not enabled in client configuration");
        }
        CompletableFuture<Channel> completableFuture = new CompletableFuture<>();
        channel.eventLoop().execute(() -> {
            try {
                PulsarSslFactory computeIfAbsent = this.pulsarSslFactoryMap.computeIfAbsent(inetSocketAddress.getHostName(), str -> {
                    try {
                        PulsarSslFactory pulsarSslFactory = (PulsarSslFactory) Class.forName(this.conf.getSslFactoryPlugin()).getConstructor(new Class[0]).newInstance(new Object[0]);
                        pulsarSslFactory.initialize(buildSslConfiguration(this.conf, str));
                        pulsarSslFactory.createInternalSslContext();
                        return pulsarSslFactory;
                    } catch (Exception e) {
                        log.error("Unable to initialize and create the ssl context", (Throwable) e);
                        completableFuture.completeExceptionally(e);
                        return null;
                    }
                });
                if (computeIfAbsent == null) {
                    return;
                }
                SslHandler sslHandler = new SslHandler(computeIfAbsent.createClientSslEngine(channel.alloc(), inetSocketAddress.getHostName(), inetSocketAddress.getPort()));
                if (this.tlsHostnameVerificationEnabled) {
                    SecurityUtility.configureSSLHandler(sslHandler);
                }
                channel.pipeline().addFirst(TLS_HANDLER, sslHandler);
                completableFuture.complete(channel);
            } catch (Throwable th) {
                completableFuture.completeExceptionally(th);
            }
        });
        return completableFuture;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompletableFuture<Channel> initSocks5IfConfig(Channel channel) {
        CompletableFuture<Channel> completableFuture = new CompletableFuture<>();
        if (this.socks5ProxyAddress != null) {
            channel.eventLoop().execute(() -> {
                try {
                    Socks5ProxyHandler socks5ProxyHandler = new Socks5ProxyHandler(this.socks5ProxyAddress, this.socks5ProxyUsername, this.socks5ProxyPassword);
                    channel.pipeline().addFirst(socks5ProxyHandler.protocol(), (ChannelHandler) socks5ProxyHandler);
                    completableFuture.complete(channel);
                } catch (Throwable th) {
                    completableFuture.completeExceptionally(th);
                }
            });
        } else {
            completableFuture.complete(channel);
        }
        return completableFuture;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompletableFuture<Channel> initializeClientCnx(Channel channel, InetSocketAddress inetSocketAddress, InetSocketAddress inetSocketAddress2) {
        return NettyFutureUtil.toCompletableFuture(channel.eventLoop().submit(() -> {
            ClientCnx clientCnx = (ClientCnx) channel.pipeline().get("handler");
            if (clientCnx == null) {
                throw new IllegalStateException("Missing ClientCnx. This should not happen.");
            }
            if (!inetSocketAddress.equals(inetSocketAddress2)) {
                clientCnx.setTargetBroker(inetSocketAddress);
            }
            clientCnx.setRemoteHostName(inetSocketAddress2.getHostString());
            return channel;
        }));
    }

    protected PulsarSslConfiguration buildSslConfiguration(ClientConfigurationData clientConfigurationData, String str) throws PulsarClientException {
        return PulsarSslConfiguration.builder().tlsProvider(clientConfigurationData.getSslProvider()).tlsKeyStoreType(clientConfigurationData.getTlsKeyStoreType()).tlsKeyStorePath(clientConfigurationData.getTlsKeyStorePath()).tlsKeyStorePassword(clientConfigurationData.getTlsKeyStorePassword()).tlsTrustStoreType(clientConfigurationData.getTlsTrustStoreType()).tlsTrustStorePath(clientConfigurationData.getTlsTrustStorePath()).tlsTrustStorePassword(clientConfigurationData.getTlsTrustStorePassword()).tlsCiphers(clientConfigurationData.getTlsCiphers()).tlsProtocols(clientConfigurationData.getTlsProtocols()).tlsTrustCertsFilePath(clientConfigurationData.getTlsTrustCertsFilePath()).tlsCertificateFilePath(clientConfigurationData.getTlsCertificateFilePath()).tlsKeyFilePath(clientConfigurationData.getTlsKeyFilePath()).allowInsecureConnection(clientConfigurationData.isTlsAllowInsecureConnection()).requireTrustedClientCertOnConnect(false).tlsEnabledWithKeystore(clientConfigurationData.isUseKeyStoreTls()).tlsCustomParams(clientConfigurationData.getSslFactoryPluginParams()).authData(clientConfigurationData.getAuthentication().getAuthData(str)).serverMode(false).build();
    }

    protected void refreshSslContext(ClientConfigurationData clientConfigurationData) {
        this.pulsarSslFactoryMap.forEach((str, pulsarSslFactory) -> {
            try {
                try {
                    if (clientConfigurationData.isUseKeyStoreTls()) {
                        pulsarSslFactory.getInternalSslContext();
                    } else {
                        pulsarSslFactory.getInternalNettySslContext();
                    }
                } catch (Exception e) {
                    log.error("SSL Context is not initialized", (Throwable) e);
                    pulsarSslFactory.initialize(buildSslConfiguration(clientConfigurationData, str));
                }
                pulsarSslFactory.update();
            } catch (Exception e2) {
                log.error("Failed to refresh SSL context", (Throwable) e2);
            }
        });
    }

    @Generated
    public boolean isTlsEnabled() {
        return this.tlsEnabled;
    }
}
