package org.apache.pulsar.broker.service;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.google.common.annotations.VisibleForTesting;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.flow.FlowControlHandler;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import java.net.SocketAddress;
import java.util.concurrent.TimeUnit;
import org.apache.bookkeeper.util.SafeRunnable;
import org.apache.pulsar.broker.PulsarService;
import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.common.protocol.ByteBufPair;
import org.apache.pulsar.common.protocol.OptionalProxyProtocolDecoder;
import org.apache.pulsar.common.util.NettyServerSslContextBuilder;
import org.apache.pulsar.common.util.SslContextAutoRefreshBuilder;
import org.apache.pulsar.common.util.keystoretls.KeyStoreSSLContext;
import org.apache.pulsar.common.util.keystoretls.NettySSLContextAutoRefreshBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/broker/service/PulsarChannelInitializer.class */
public class PulsarChannelInitializer extends ChannelInitializer<SocketChannel> {
    public static final String TLS_HANDLER = "tls";
    private final PulsarService pulsar;
    private final String listenerName;
    private final boolean enableTls;
    private final boolean tlsEnabledWithKeyStore;
    private SslContextAutoRefreshBuilder<SslContext> sslCtxRefresher;
    private final ServiceConfiguration brokerConf;
    private NettySSLContextAutoRefreshBuilder nettySSLContextAutoRefreshBuilder;

    @VisibleForTesting
    protected final Cache<SocketAddress, ServerCnx> connections = Caffeine.newBuilder().weakKeys().weakValues().build();
    private static final Logger log = LoggerFactory.getLogger(PulsarChannelInitializer.class);
    public static final Factory DEFAULT_FACTORY = PulsarChannelInitializer::new;

    /* loaded from: input_file:org/apache/pulsar/broker/service/PulsarChannelInitializer$Factory.class */
    public interface Factory {
        PulsarChannelInitializer newPulsarChannelInitializer(PulsarService pulsarService, PulsarChannelOptions pulsarChannelOptions) throws Exception;
    }

    /* loaded from: input_file:org/apache/pulsar/broker/service/PulsarChannelInitializer$PulsarChannelOptions.class */
    public static class PulsarChannelOptions {
        private boolean enableTLS;
        private String listenerName;

        /* loaded from: input_file:org/apache/pulsar/broker/service/PulsarChannelInitializer$PulsarChannelOptions$PulsarChannelOptionsBuilder.class */
        public static class PulsarChannelOptionsBuilder {
            private boolean enableTLS;
            private String listenerName;

            PulsarChannelOptionsBuilder() {
            }

            public PulsarChannelOptionsBuilder enableTLS(boolean z) {
                this.enableTLS = z;
                return this;
            }

            public PulsarChannelOptionsBuilder listenerName(String str) {
                this.listenerName = str;
                return this;
            }

            public PulsarChannelOptions build() {
                return new PulsarChannelOptions(this.enableTLS, this.listenerName);
            }

            public String toString() {
                return "PulsarChannelInitializer.PulsarChannelOptions.PulsarChannelOptionsBuilder(enableTLS=" + this.enableTLS + ", listenerName=" + this.listenerName + ")";
            }
        }

        PulsarChannelOptions(boolean z, String str) {
            this.enableTLS = z;
            this.listenerName = str;
        }

        public static PulsarChannelOptionsBuilder builder() {
            return new PulsarChannelOptionsBuilder();
        }

        public boolean isEnableTLS() {
            return this.enableTLS;
        }

        public String getListenerName() {
            return this.listenerName;
        }

        public void setEnableTLS(boolean z) {
            this.enableTLS = z;
        }

        public void setListenerName(String str) {
            this.listenerName = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof PulsarChannelOptions)) {
                return false;
            }
            PulsarChannelOptions pulsarChannelOptions = (PulsarChannelOptions) obj;
            if (!pulsarChannelOptions.canEqual(this) || isEnableTLS() != pulsarChannelOptions.isEnableTLS()) {
                return false;
            }
            String listenerName = getListenerName();
            String listenerName2 = pulsarChannelOptions.getListenerName();
            return listenerName == null ? listenerName2 == null : listenerName.equals(listenerName2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof PulsarChannelOptions;
        }

        public int hashCode() {
            int i = (1 * 59) + (isEnableTLS() ? 79 : 97);
            String listenerName = getListenerName();
            return (i * 59) + (listenerName == null ? 43 : listenerName.hashCode());
        }

        public String toString() {
            return "PulsarChannelInitializer.PulsarChannelOptions(enableTLS=" + isEnableTLS() + ", listenerName=" + getListenerName() + ")";
        }
    }

    public PulsarChannelInitializer(PulsarService pulsarService, PulsarChannelOptions pulsarChannelOptions) throws Exception {
        this.pulsar = pulsarService;
        this.listenerName = pulsarChannelOptions.getListenerName();
        this.enableTls = pulsarChannelOptions.isEnableTLS();
        ServiceConfiguration configuration = pulsarService.getConfiguration();
        this.tlsEnabledWithKeyStore = configuration.isTlsEnabledWithKeyStore();
        if (!this.enableTls) {
            this.sslCtxRefresher = null;
        } else if (this.tlsEnabledWithKeyStore) {
            this.nettySSLContextAutoRefreshBuilder = new NettySSLContextAutoRefreshBuilder(configuration.getTlsProvider(), configuration.getTlsKeyStoreType(), configuration.getTlsKeyStore(), configuration.getTlsKeyStorePassword(), configuration.isTlsAllowInsecureConnection(), configuration.getTlsTrustStoreType(), configuration.getTlsTrustStore(), configuration.getTlsTrustStorePassword(), configuration.isTlsRequireTrustedClientCertOnConnect(), configuration.getTlsCiphers(), configuration.getTlsProtocols(), configuration.getTlsCertRefreshCheckDurationSec());
        } else {
            this.sslCtxRefresher = new NettyServerSslContextBuilder(configuration.getTlsProvider() != null ? SslProvider.valueOf(configuration.getTlsProvider()) : null, configuration.isTlsAllowInsecureConnection(), configuration.getTlsTrustCertsFilePath(), configuration.getTlsCertificateFilePath(), configuration.getTlsKeyFilePath(), configuration.getTlsCiphers(), configuration.getTlsProtocols(), configuration.isTlsRequireTrustedClientCertOnConnect(), configuration.getTlsCertRefreshCheckDurationSec());
        }
        this.brokerConf = pulsarService.getConfiguration();
        pulsarService.getExecutor().scheduleAtFixedRate(SafeRunnable.safeRun(this::refreshAuthenticationCredentials), pulsarService.getConfig().getAuthenticationRefreshCheckSeconds(), pulsarService.getConfig().getAuthenticationRefreshCheckSeconds(), TimeUnit.SECONDS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(SocketChannel socketChannel) throws Exception {
        if (this.enableTls) {
            if (this.tlsEnabledWithKeyStore) {
                socketChannel.pipeline().addLast(TLS_HANDLER, new SslHandler(((KeyStoreSSLContext) this.nettySSLContextAutoRefreshBuilder.get()).createSSLEngine()));
            } else {
                socketChannel.pipeline().addLast(TLS_HANDLER, ((SslContext) this.sslCtxRefresher.get()).newHandler(socketChannel.alloc()));
            }
            socketChannel.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.COPYING_ENCODER);
        } else {
            socketChannel.pipeline().addLast("ByteBufPairEncoder", ByteBufPair.ENCODER);
        }
        if (this.pulsar.getConfiguration().isHaProxyProtocolEnabled()) {
            socketChannel.pipeline().addLast("optional-proxy-protocol-decoder", new OptionalProxyProtocolDecoder());
        }
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(this.brokerConf.getMaxMessageSize() + 10240, 0, 4, 0, 4));
        socketChannel.pipeline().addLast("flowController", new FlowControlHandler());
        ServerCnx newServerCnx = newServerCnx(this.pulsar, this.listenerName);
        socketChannel.pipeline().addLast("handler", newServerCnx);
        this.connections.put(socketChannel.remoteAddress(), newServerCnx);
    }

    private void refreshAuthenticationCredentials() {
        this.connections.asMap().values().forEach(serverCnx -> {
            try {
                serverCnx.refreshAuthenticationCredentials();
            } catch (Throwable th) {
                log.warn("[{}] Failed to refresh auth credentials", serverCnx.clientAddress());
            }
        });
    }

    @VisibleForTesting
    protected ServerCnx newServerCnx(PulsarService pulsarService, String str) throws Exception {
        return new ServerCnx(pulsarService, str);
    }
}
