package org.apache.pulsar.discovery.service;

import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import org.apache.pulsar.common.util.NettyServerSslContextBuilder;
import org.apache.pulsar.common.util.SslContextAutoRefreshBuilder;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.common.util.keystoretls.NettySSLContextAutoRefreshBuilder;
import org.apache.pulsar.discovery.service.server.ServiceConfig;

/* loaded from: input_file:org/apache/pulsar/discovery/service/ServiceChannelInitializer.class */
public class ServiceChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final String TLS_HANDLER = "tls";
    private final DiscoveryService discoveryService;
    private final boolean enableTls;
    private final boolean tlsEnabledWithKeyStore;
    private SslContextAutoRefreshBuilder<SslContext> sslCtxRefresher;
    private NettySSLContextAutoRefreshBuilder nettySSLContextAutoRefreshBuilder;

    public ServiceChannelInitializer(DiscoveryService discoveryService, ServiceConfig serviceConfig, boolean z) throws Exception {
        this.discoveryService = discoveryService;
        this.enableTls = z;
        this.tlsEnabledWithKeyStore = serviceConfig.isTlsEnabledWithKeyStore();
        if (!this.enableTls) {
            this.sslCtxRefresher = null;
        } else if (this.tlsEnabledWithKeyStore) {
            this.nettySSLContextAutoRefreshBuilder = new NettySSLContextAutoRefreshBuilder(serviceConfig.getTlsProvider(), serviceConfig.getTlsKeyStoreType(), serviceConfig.getTlsKeyStore(), serviceConfig.getTlsKeyStorePassword(), serviceConfig.isTlsAllowInsecureConnection(), serviceConfig.getTlsTrustStoreType(), serviceConfig.getTlsTrustStore(), serviceConfig.getTlsTrustStorePassword(), serviceConfig.isTlsRequireTrustedClientCertOnConnect(), serviceConfig.getTlsCiphers(), serviceConfig.getTlsProtocols(), serviceConfig.getTlsCertRefreshCheckDurationSec());
        } else {
            this.sslCtxRefresher = new NettyServerSslContextBuilder(serviceConfig.isTlsAllowInsecureConnection(), serviceConfig.getTlsTrustCertsFilePath(), serviceConfig.getTlsCertificateFilePath(), serviceConfig.getTlsKeyFilePath(), serviceConfig.getTlsCiphers(), serviceConfig.getTlsProtocols(), serviceConfig.isTlsRequireTrustedClientCertOnConnect(), serviceConfig.getTlsCertRefreshCheckDurationSec());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(SocketChannel socketChannel) throws Exception {
        if (this.sslCtxRefresher != null && this.enableTls) {
            if (this.tlsEnabledWithKeyStore) {
                socketChannel.pipeline().addLast("tls", new SslHandler(((KeyStoreSSLContext) this.nettySSLContextAutoRefreshBuilder.get()).createSSLEngine()));
            } else {
                SslContext sslContext = (SslContext) this.sslCtxRefresher.get();
                if (sslContext != null) {
                    socketChannel.pipeline().addLast("tls", sslContext.newHandler(socketChannel.alloc()));
                }
            }
        }
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(5253120, 0, 4, 0, 4));
        socketChannel.pipeline().addLast("handler", new ServerConnection(this.discoveryService));
    }
}
