package io.kroxylicious.proxy.model;

import io.kroxylicious.proxy.config.TargetCluster;
import io.kroxylicious.proxy.config.tls.Tls;
import io.kroxylicious.proxy.service.ClusterNetworkAddressConfigProvider;
import io.kroxylicious.proxy.service.HostPort;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.UncheckedIOException;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/kroxylicious/proxy/model/VirtualCluster.class */
public class VirtualCluster implements ClusterNetworkAddressConfigProvider {
    private final String clusterName;
    private final TargetCluster targetCluster;
    private final Optional<Tls> tls;
    private final boolean logNetwork;
    private final boolean logFrames;
    private final ClusterNetworkAddressConfigProvider clusterNetworkAddressConfigProvider;
    private final Optional<SslContext> upstreamSslContext;
    private final Optional<SslContext> downstreamSslContext;

    public VirtualCluster(String str, TargetCluster targetCluster, ClusterNetworkAddressConfigProvider clusterNetworkAddressConfigProvider, Optional<Tls> optional, boolean z, boolean z2) {
        this.clusterName = str;
        this.tls = optional;
        this.targetCluster = targetCluster;
        this.logNetwork = z;
        this.logFrames = z2;
        this.clusterNetworkAddressConfigProvider = clusterNetworkAddressConfigProvider;
        validateTLsSettings(clusterNetworkAddressConfigProvider, optional);
        validatePortUsage(clusterNetworkAddressConfigProvider);
        this.upstreamSslContext = buildUpstreamSslContext();
        this.downstreamSslContext = buildDownstreamSslContext();
    }

    public String getClusterName() {
        return this.clusterName;
    }

    public TargetCluster targetCluster() {
        return this.targetCluster;
    }

    public ClusterNetworkAddressConfigProvider getClusterNetworkAddressConfigProvider() {
        return this.clusterNetworkAddressConfigProvider;
    }

    public boolean isLogNetwork() {
        return this.logNetwork;
    }

    public boolean isLogFrames() {
        return this.logFrames;
    }

    public boolean isUseTls() {
        return this.tls.isPresent();
    }

    public String toString() {
        return "VirtualCluster{clusterName='" + this.clusterName + "', targetCluster=" + String.valueOf(this.targetCluster) + ", tls=" + String.valueOf(this.tls) + ", logNetwork=" + this.logNetwork + ", logFrames=" + this.logFrames + ", clusterNetworkAddressConfigProvider=" + String.valueOf(this.clusterNetworkAddressConfigProvider) + ", upstreamSslContext=" + String.valueOf(this.upstreamSslContext) + ", downstreamSslContext=" + String.valueOf(this.downstreamSslContext) + "}";
    }

    public HostPort getClusterBootstrapAddress() {
        return this.clusterNetworkAddressConfigProvider.getClusterBootstrapAddress();
    }

    public HostPort getBrokerAddress(int i) throws IllegalArgumentException {
        return this.clusterNetworkAddressConfigProvider.getBrokerAddress(i);
    }

    public Optional<String> getBindAddress() {
        return this.clusterNetworkAddressConfigProvider.getBindAddress();
    }

    public boolean requiresTls() {
        return this.clusterNetworkAddressConfigProvider.requiresTls();
    }

    public Set<Integer> getExclusivePorts() {
        return this.clusterNetworkAddressConfigProvider.getExclusivePorts();
    }

    public Set<Integer> getSharedPorts() {
        return this.clusterNetworkAddressConfigProvider.getSharedPorts();
    }

    public Map<Integer, HostPort> discoveryAddressMap() {
        return this.clusterNetworkAddressConfigProvider.discoveryAddressMap();
    }

    public Integer getBrokerIdFromBrokerAddress(HostPort hostPort) {
        return this.clusterNetworkAddressConfigProvider.getBrokerIdFromBrokerAddress(hostPort);
    }

    public Optional<SslContext> getDownstreamSslContext() {
        return this.downstreamSslContext;
    }

    public Optional<SslContext> getUpstreamSslContext() {
        return this.upstreamSslContext;
    }

    private Optional<SslContext> buildDownstreamSslContext() {
        return this.tls.map(tls -> {
            try {
                return ((SslContextBuilder) Optional.of(tls.key()).map((v0) -> {
                    return v0.forServer();
                }).orElseThrow()).build();
            } catch (SSLException e) {
                throw new UncheckedIOException(e);
            }
        });
    }

    private Optional<SslContext> buildUpstreamSslContext() {
        return this.targetCluster.tls().map(tls -> {
            try {
                SslContextBuilder forClient = SslContextBuilder.forClient();
                Optional.ofNullable(tls.trust()).ifPresent(trustProvider -> {
                    trustProvider.apply(forClient);
                });
                return forClient.build();
            } catch (SSLException e) {
                throw new UncheckedIOException(e);
            }
        });
    }

    private static void validatePortUsage(ClusterNetworkAddressConfigProvider clusterNetworkAddressConfigProvider) {
        Set set = (Set) clusterNetworkAddressConfigProvider.getExclusivePorts().stream().filter(num -> {
            return clusterNetworkAddressConfigProvider.getSharedPorts().contains(num);
        }).collect(Collectors.toSet());
        if (!set.isEmpty()) {
            throw new IllegalStateException("The set of exclusive ports described by the cluster endpoint provider must be distinct from those described as shared. Intersection: " + String.valueOf(set));
        }
    }

    private static void validateTLsSettings(ClusterNetworkAddressConfigProvider clusterNetworkAddressConfigProvider, Optional<Tls> optional) {
        if (clusterNetworkAddressConfigProvider.requiresTls()) {
            if (optional.isEmpty() || !optional.get().definesKey()) {
                throw new IllegalStateException("Cluster endpoint provider requires server TLS, but this virtual cluster does not define it.");
            }
        }
    }
}
