package org.apache.pulsar.proxy.server;

import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.ReadTimeoutHandler;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.api.AuthenticationFactory;
import org.apache.pulsar.common.protocol.OptionalProxyProtocolDecoder;
import org.apache.pulsar.common.util.NettyClientSslContextRefresher;
import org.apache.pulsar.common.util.NettyServerSslContextBuilder;
import org.apache.pulsar.common.util.SslContextAutoRefreshBuilder;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.common.util.keystoretls.NettySSLContextAutoRefreshBuilder;

/* loaded from: input_file:org/apache/pulsar/proxy/server/ServiceChannelInitializer.class */
public class ServiceChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final String TLS_HANDLER = "tls";
    private final ProxyService proxyService;
    private final boolean enableTls;
    private final boolean tlsEnabledWithKeyStore;
    private final int brokerProxyReadTimeoutMs;
    private SslContextAutoRefreshBuilder<SslContext> serverSslCtxRefresher;
    private SslContextAutoRefreshBuilder<SslContext> clientSslCtxRefresher;
    private NettySSLContextAutoRefreshBuilder serverSSLContextAutoRefreshBuilder;
    private NettySSLContextAutoRefreshBuilder clientSSLContextAutoRefreshBuilder;

    public ServiceChannelInitializer(ProxyService proxyService, ProxyConfiguration proxyConfiguration, boolean z) throws Exception {
        this.proxyService = proxyService;
        this.enableTls = z;
        this.tlsEnabledWithKeyStore = proxyConfiguration.isTlsEnabledWithKeyStore();
        this.brokerProxyReadTimeoutMs = proxyConfiguration.getBrokerProxyReadTimeoutMs();
        if (!z) {
            this.serverSslCtxRefresher = null;
        } else if (this.tlsEnabledWithKeyStore) {
            this.serverSSLContextAutoRefreshBuilder = new NettySSLContextAutoRefreshBuilder(proxyConfiguration.getTlsProvider(), proxyConfiguration.getTlsKeyStoreType(), proxyConfiguration.getTlsKeyStore(), proxyConfiguration.getTlsKeyStorePassword(), proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getTlsTrustStoreType(), proxyConfiguration.getTlsTrustStore(), proxyConfiguration.getTlsTrustStorePassword(), proxyConfiguration.isTlsRequireTrustedClientCertOnConnect(), proxyConfiguration.getTlsCiphers(), proxyConfiguration.getTlsProtocols(), proxyConfiguration.getTlsCertRefreshCheckDurationSec());
        } else {
            this.serverSslCtxRefresher = new NettyServerSslContextBuilder(proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getTlsTrustCertsFilePath(), proxyConfiguration.getTlsCertificateFilePath(), proxyConfiguration.getTlsKeyFilePath(), proxyConfiguration.getTlsCiphers(), proxyConfiguration.getTlsProtocols(), proxyConfiguration.isTlsRequireTrustedClientCertOnConnect(), proxyConfiguration.getTlsCertRefreshCheckDurationSec());
        }
        if (!proxyConfiguration.isTlsEnabledWithBroker()) {
            this.clientSslCtxRefresher = null;
            return;
        }
        AuthenticationDataProvider authData = StringUtils.isEmpty(proxyConfiguration.getBrokerClientAuthenticationPlugin()) ? null : AuthenticationFactory.create(proxyConfiguration.getBrokerClientAuthenticationPlugin(), proxyConfiguration.getBrokerClientAuthenticationParameters()).getAuthData();
        if (this.tlsEnabledWithKeyStore) {
            this.clientSSLContextAutoRefreshBuilder = new NettySSLContextAutoRefreshBuilder(proxyConfiguration.getBrokerClientSslProvider(), proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getBrokerClientTlsTrustStoreType(), proxyConfiguration.getBrokerClientTlsTrustStore(), proxyConfiguration.getBrokerClientTlsTrustStorePassword(), proxyConfiguration.getBrokerClientTlsCiphers(), proxyConfiguration.getBrokerClientTlsProtocols(), proxyConfiguration.getTlsCertRefreshCheckDurationSec(), authData);
        } else {
            this.clientSslCtxRefresher = new NettyClientSslContextRefresher(proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getBrokerClientTrustCertsFilePath(), authData, proxyConfiguration.getTlsCertRefreshCheckDurationSec());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(final SocketChannel socketChannel) throws Exception {
        if (this.serverSslCtxRefresher != null && this.enableTls) {
            SslContext sslContext = (SslContext) this.serverSslCtxRefresher.get();
            if (sslContext != null) {
                socketChannel.pipeline().addLast("tls", sslContext.newHandler(socketChannel.alloc()));
            }
        } else if (this.tlsEnabledWithKeyStore && this.serverSSLContextAutoRefreshBuilder != null) {
            socketChannel.pipeline().addLast("tls", new SslHandler(((KeyStoreSSLContext) this.serverSSLContextAutoRefreshBuilder.get()).createSSLEngine()));
        }
        if (this.brokerProxyReadTimeoutMs > 0) {
            socketChannel.pipeline().addLast("readTimeoutHandler", new ReadTimeoutHandler(this.brokerProxyReadTimeoutMs, TimeUnit.MILLISECONDS));
        }
        if (this.proxyService.getConfiguration().isHaProxyProtocolEnabled()) {
            socketChannel.pipeline().addLast("optional-proxy-protocol-decoder", new OptionalProxyProtocolDecoder());
        }
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(5253120, 0, 4, 0, 4));
        Supplier<SslHandler> supplier = null;
        if (this.clientSslCtxRefresher != null) {
            supplier = new Supplier<SslHandler>() { // from class: org.apache.pulsar.proxy.server.ServiceChannelInitializer.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.function.Supplier
                public SslHandler get() {
                    return ((SslContext) ServiceChannelInitializer.this.clientSslCtxRefresher.get()).newHandler(socketChannel.alloc());
                }
            };
        } else if (this.clientSSLContextAutoRefreshBuilder != null) {
            supplier = new Supplier<SslHandler>() { // from class: org.apache.pulsar.proxy.server.ServiceChannelInitializer.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.function.Supplier
                public SslHandler get() {
                    return new SslHandler(((KeyStoreSSLContext) ServiceChannelInitializer.this.clientSSLContextAutoRefreshBuilder.get()).createSSLEngine());
                }
            };
        }
        socketChannel.pipeline().addLast("handler", new ProxyConnection(this.proxyService, supplier));
    }
}
