package org.apache.flink.runtime.net;

import java.io.File;
import java.io.FileInputStream;
import java.net.ServerSocket;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Objects;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManagerFactory;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils.class */
public class SSLUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SSLUtils.class);

    /* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils$SSLContext.class */
    public static class SSLContext {
        private final javax.net.ssl.SSLContext sslContext;
        private final int handshakeTimeoutMs;
        private final int closeNotifyFlushTimeoutMs;

        public SSLContext(javax.net.ssl.SSLContext sSLContext, int i, int i2) {
            this.sslContext = sSLContext;
            this.handshakeTimeoutMs = i;
            this.closeNotifyFlushTimeoutMs = i2;
        }

        public javax.net.ssl.SSLContext getSslContext() {
            return this.sslContext;
        }

        public int getHandshakeTimeoutMs() {
            return this.handshakeTimeoutMs;
        }

        public int getCloseNotifyFlushTimeoutMs() {
            return this.closeNotifyFlushTimeoutMs;
        }
    }

    public static boolean getSSLEnabled(Configuration configuration) {
        Preconditions.checkNotNull(configuration);
        return configuration.getBoolean(SecurityOptions.SSL_ENABLED);
    }

    public static void setSSLVerAndCipherSuites(ServerSocket serverSocket, Configuration configuration) {
        if (serverSocket instanceof SSLServerSocket) {
            String[] split = configuration.getString(SecurityOptions.SSL_PROTOCOL).split(",");
            String[] split2 = configuration.getString(SecurityOptions.SSL_ALGORITHMS).split(",");
            if (LOG.isDebugEnabled()) {
                LOG.debug("Configuring TLS version and cipher suites on SSL socket {} / {}", Arrays.toString(split), Arrays.toString(split2));
            }
            ((SSLServerSocket) serverSocket).setEnabledProtocols(split);
            ((SSLServerSocket) serverSocket).setEnabledCipherSuites(split2);
        }
    }

    public static SSLEngineFactory createServerSSLEngineFactory(Configuration configuration) throws Exception {
        return createSSLEngineFactory(configuration, false);
    }

    public static SSLEngineFactory createClientSSLEngineFactory(Configuration configuration) throws Exception {
        return createSSLEngineFactory(configuration, true);
    }

    private static SSLEngineFactory createSSLEngineFactory(Configuration configuration, boolean z) throws Exception {
        SSLContext createSSLClientContext = z ? createSSLClientContext(configuration) : createSSLServerContext(configuration);
        Preconditions.checkState(createSSLClientContext != null, "%s it not enabled", new Object[]{SecurityOptions.SSL_ENABLED.key()});
        return new SSLEngineFactory(createSSLClientContext.getSslContext(), getEnabledProtocols(configuration), getEnabledCipherSuites(configuration), z);
    }

    @Deprecated
    public static void setSSLVerAndCipherSuites(SSLEngine sSLEngine, Configuration configuration) {
        sSLEngine.setEnabledProtocols(getEnabledProtocols(configuration));
        sSLEngine.setEnabledCipherSuites(getEnabledCipherSuites(configuration));
    }

    private static String[] getEnabledProtocols(Configuration configuration) {
        Objects.requireNonNull(configuration, "config must not be null");
        return configuration.getString(SecurityOptions.SSL_PROTOCOL).split(",");
    }

    private static String[] getEnabledCipherSuites(Configuration configuration) {
        Objects.requireNonNull(configuration, "config must not be null");
        return configuration.getString(SecurityOptions.SSL_ALGORITHMS).split(",");
    }

    public static void setSSLVerifyHostname(Configuration configuration, SSLParameters sSLParameters) {
        Preconditions.checkNotNull(configuration);
        Preconditions.checkNotNull(sSLParameters);
        if (configuration.getBoolean(SecurityOptions.SSL_VERIFY_HOSTNAME)) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
    }

    @Nullable
    public static SSLContext createSSLClientContext(Configuration configuration) throws Exception {
        Preconditions.checkNotNull(configuration);
        if (!getSSLEnabled(configuration)) {
            return null;
        }
        LOG.debug("Creating client SSL context from configuration");
        String string = configuration.getString(SecurityOptions.SSL_TRUSTSTORE);
        String string2 = configuration.getString(SecurityOptions.SSL_TRUSTSTORE_PASSWORD);
        String string3 = configuration.getString(SecurityOptions.SSL_PROTOCOL);
        int integer = configuration.getInteger(SecurityOptions.SSL_SESSION_CACHE_SIZE);
        int integer2 = configuration.getInteger(SecurityOptions.SSL_SESSION_TIMEOUT);
        int integer3 = configuration.getInteger(SecurityOptions.SSL_HANDSHAKE_TIMEOUT);
        int integer4 = configuration.getInteger(SecurityOptions.SSL_CLOSE_NOTIFY_FLUSH_TIMEOUT);
        Preconditions.checkNotNull(string, SecurityOptions.SSL_TRUSTSTORE.key() + " was not configured.");
        Preconditions.checkNotNull(string2, SecurityOptions.SSL_TRUSTSTORE_PASSWORD.key() + " was not configured.");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(new File(string));
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, string2.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                javax.net.ssl.SSLContext sSLContext = javax.net.ssl.SSLContext.getInstance(string3);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                if (integer >= 0) {
                    sSLContext.getClientSessionContext().setSessionCacheSize(integer);
                }
                if (integer2 >= 0) {
                    sSLContext.getClientSessionContext().setSessionTimeout(integer2 / 1000);
                }
                return new SSLContext(sSLContext, integer3, integer4);
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    @Nullable
    public static SSLContext createSSLServerContext(Configuration configuration) throws Exception {
        Preconditions.checkNotNull(configuration);
        if (!getSSLEnabled(configuration)) {
            return null;
        }
        LOG.debug("Creating server SSL context from configuration");
        String string = configuration.getString(SecurityOptions.SSL_KEYSTORE);
        String string2 = configuration.getString(SecurityOptions.SSL_KEYSTORE_PASSWORD);
        String string3 = configuration.getString(SecurityOptions.SSL_KEY_PASSWORD);
        String string4 = configuration.getString(SecurityOptions.SSL_PROTOCOL);
        int integer = configuration.getInteger(SecurityOptions.SSL_SESSION_CACHE_SIZE);
        int integer2 = configuration.getInteger(SecurityOptions.SSL_SESSION_TIMEOUT);
        int integer3 = configuration.getInteger(SecurityOptions.SSL_HANDSHAKE_TIMEOUT);
        int integer4 = configuration.getInteger(SecurityOptions.SSL_CLOSE_NOTIFY_FLUSH_TIMEOUT);
        Preconditions.checkNotNull(string, SecurityOptions.SSL_KEYSTORE.key() + " was not configured.");
        Preconditions.checkNotNull(string2, SecurityOptions.SSL_KEYSTORE_PASSWORD.key() + " was not configured.");
        Preconditions.checkNotNull(string3, SecurityOptions.SSL_KEY_PASSWORD.key() + " was not configured.");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = new FileInputStream(new File(string));
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, string2.toCharArray());
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, string3.toCharArray());
                javax.net.ssl.SSLContext sSLContext = javax.net.ssl.SSLContext.getInstance(string4);
                sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
                if (integer >= 0) {
                    sSLContext.getServerSessionContext().setSessionCacheSize(integer);
                }
                if (integer2 >= 0) {
                    sSLContext.getServerSessionContext().setSessionTimeout(integer2 / 1000);
                }
                return new SSLContext(sSLContext, integer3, integer4);
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
