package org.apache.pulsar.proxy.server;

import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.ssl.SslContext;
import java.security.cert.X509Certificate;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.api.AuthenticationFactory;
import org.apache.pulsar.common.util.SecurityUtility;

/* loaded from: input_file:org/apache/pulsar/proxy/server/ServiceChannelInitializer.class */
public class ServiceChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final String TLS_HANDLER = "tls";
    private final ProxyService proxyService;
    private final SslContext serverSslCtx;
    private final SslContext clientSslCtx;

    public ServiceChannelInitializer(ProxyService proxyService, ProxyConfiguration proxyConfiguration, boolean z) throws Exception {
        this.proxyService = proxyService;
        if (z) {
            this.serverSslCtx = SecurityUtility.createNettySslContextForServer(true, proxyConfiguration.getTlsTrustCertsFilePath(), proxyConfiguration.getTlsCertificateFilePath(), proxyConfiguration.getTlsKeyFilePath(), proxyConfiguration.getTlsCiphers(), proxyConfiguration.getTlsProtocols(), proxyConfiguration.isTlsRequireTrustedClientCertOnConnect());
        } else {
            this.serverSslCtx = null;
        }
        if (!proxyConfiguration.isTlsEnabledWithBroker()) {
            this.clientSslCtx = null;
            return;
        }
        AuthenticationDataProvider authData = StringUtils.isEmpty(proxyConfiguration.getBrokerClientAuthenticationPlugin()) ? null : AuthenticationFactory.create(proxyConfiguration.getBrokerClientAuthenticationPlugin(), proxyConfiguration.getBrokerClientAuthenticationParameters()).getAuthData();
        if (authData == null || !authData.hasDataForTls()) {
            this.clientSslCtx = SecurityUtility.createNettySslContextForClient(proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getBrokerClientTrustCertsFilePath());
        } else {
            this.clientSslCtx = SecurityUtility.createNettySslContextForClient(proxyConfiguration.isTlsAllowInsecureConnection(), proxyConfiguration.getBrokerClientTrustCertsFilePath(), (X509Certificate[]) authData.getTlsCertificates(), authData.getTlsPrivateKey());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(SocketChannel socketChannel) throws Exception {
        if (this.serverSslCtx != null) {
            socketChannel.pipeline().addLast("tls", this.serverSslCtx.newHandler(socketChannel.alloc()));
        }
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(5242880, 0, 4, 0, 4));
        socketChannel.pipeline().addLast("handler", new ProxyConnection(this.proxyService, this.clientSslCtx));
    }
}
