package com.linkedin.venice.hadoop.utils;

import com.linkedin.venice.exceptions.VeniceException;
import com.linkedin.venice.hadoop.VenicePushJob;
import com.linkedin.venice.hadoop.ssl.SSLConfigurator;
import com.linkedin.venice.hadoop.ssl.TempFileSSLConfigurator;
import com.linkedin.venice.hadoop.ssl.UserCredentialsFactory;
import com.linkedin.venice.security.SSLFactory;
import com.linkedin.venice.utils.SslUtils;
import com.linkedin.venice.utils.VeniceProperties;
import com.linkedin.venice.utils.lazy.Lazy;
import java.io.IOException;
import java.util.Optional;
import java.util.Properties;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/linkedin/venice/hadoop/utils/VPJSSLUtils.class */
public class VPJSSLUtils {
    private static final Logger LOGGER = LogManager.getLogger(VPJSSLUtils.class);

    public static Properties getSslProperties(VeniceProperties veniceProperties) throws IOException {
        Properties properties = new Properties();
        properties.setProperty("ssl.enabled", "true");
        properties.setProperty("security.protocol", VenicePushJob.KAFKA_SECURITY_PROTOCOL);
        veniceProperties.keySet().stream().filter(str -> {
            return str.toLowerCase().startsWith(VenicePushJob.SSL_PREFIX);
        }).forEach(str2 -> {
            properties.setProperty(str2, veniceProperties.getString(str2));
        });
        SSLConfigurator sSLConfigurator = SSLConfigurator.getSSLConfigurator(veniceProperties.getString(VenicePushJob.SSL_CONFIGURATOR_CLASS_CONFIG, TempFileSSLConfigurator.class.getName()));
        properties.putAll(sSLConfigurator.setupSSLConfig(properties, UserCredentialsFactory.getUserCredentialsFromTokenFile()));
        properties.put(VenicePushJob.SSL_CONFIGURATOR_CLASS_CONFIG, sSLConfigurator.getClass().getName());
        return properties;
    }

    public static void validateSslProperties(Properties properties) {
        for (String str : new String[]{VenicePushJob.SSL_KEY_PASSWORD_PROPERTY_NAME, VenicePushJob.SSL_KEY_STORE_PASSWORD_PROPERTY_NAME, VenicePushJob.SSL_KEY_STORE_PROPERTY_NAME, VenicePushJob.SSL_TRUST_STORE_PROPERTY_NAME}) {
            if (!properties.containsKey(str)) {
                throw new VeniceException("Miss the require ssl property name: " + str);
            }
        }
    }

    public static Optional<SSLFactory> createSSLFactory(boolean z, String str, Lazy<Properties> lazy) {
        Optional<SSLFactory> empty = Optional.empty();
        if (z) {
            LOGGER.info("Controller ACL is enabled.");
            empty = Optional.of(SslUtils.getSSLFactory((Properties) lazy.get(), str));
        }
        return empty;
    }
}
