package org.apache.shardingsphere.proxy.frontend.ssl;

import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import lombok.Generated;
import org.apache.shardingsphere.infra.config.props.ConfigurationPropertyKey;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shardingsphere/proxy/frontend/ssl/ProxySSLContext.class */
public final class ProxySSLContext {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ProxySSLContext.class);
    private static final ProxySSLContext INSTANCE = new ProxySSLContext();
    private SslContext sslContext;

    public static void init() throws SSLException {
        if (!((Boolean) ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_ENABLED)).booleanValue()) {
            log.info("Proxy frontend SSL/TLS is not enabled.");
            return;
        }
        SslContextBuilder prepareSslContextBuilder = prepareSslContextBuilder();
        String trim = ((String) ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_VERSION)).trim();
        prepareSslContextBuilder.protocols(trim.split(","));
        String trim2 = ((String) ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getProps().getValue(ConfigurationPropertyKey.PROXY_FRONTEND_SSL_CIPHER)).trim();
        if (!trim2.isEmpty()) {
            prepareSslContextBuilder.ciphers(Arrays.asList(trim2.split(",")));
        }
        INSTANCE.sslContext = prepareSslContextBuilder.build();
        log.info("Proxy frontend SSL/TLS is enabled. Supported protocols: {}", trim);
    }

    private static SslContextBuilder prepareSslContextBuilder() {
        KeyPair generateRSAKeyPair = SSLUtils.generateRSAKeyPair();
        SslContextBuilder forServer = SslContextBuilder.forServer(generateRSAKeyPair.getPrivate(), new X509Certificate[]{SSLUtils.generateSelfSignedX509Certificate(generateRSAKeyPair)});
        log.warn("RSA key pair and CA certificate are generated by ShardingSphere-Proxy and self-signed.");
        return forServer;
    }

    public static ProxySSLContext getInstance() {
        return INSTANCE;
    }

    public boolean isSSLEnabled() {
        return null != this.sslContext;
    }

    public SSLEngine newSSLEngine(ByteBufAllocator byteBufAllocator) {
        return this.sslContext.newEngine(byteBufAllocator);
    }
}
