package com.hazelcast.internal.nio.ssl;

import com.hazelcast.cluster.Address;
import com.hazelcast.config.InvalidConfigurationException;
import com.hazelcast.config.SSLConfig;
import com.hazelcast.core.HazelcastException;
import com.hazelcast.internal.networking.Channel;
import com.hazelcast.internal.networking.ChannelInitializer;
import com.hazelcast.internal.util.JavaVersion;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import com.hazelcast.nio.ssl.BasicSSLContextFactory;
import com.hazelcast.nio.ssl.OpenSSLEngineFactory;
import com.hazelcast.nio.ssl.SSLContextFactory;
import com.hazelcast.nio.ssl.SSLEngineFactory;
import io.netty.handler.ssl.OpenSsl;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.concurrent.Executor;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

/* loaded from: input_file:com/hazelcast/internal/nio/ssl/AbstractTLSChannelInitializer.class */
public abstract class AbstractTLSChannelInitializer implements ChannelInitializer {
    private final SSLConfig sslConfig;
    private final String mutualAuthentication;
    private final TLSExecutor tlsExecutor;
    private final boolean validateIdentity;
    private final ILogger logger = Logger.getLogger(AbstractTLSChannelInitializer.class);
    private final SSLEngineFactory sslEngineFactory = loadSSLEngineFactory();

    public AbstractTLSChannelInitializer(SSLConfig sSLConfig, Executor executor) {
        this.sslConfig = sSLConfig;
        this.tlsExecutor = new TLSExecutor(executor);
        this.mutualAuthentication = SSLEngineFactorySupport.getProperty(sSLConfig.getProperties(), "mutualAuthentication");
        this.validateIdentity = Boolean.parseBoolean(SSLEngineFactorySupport.getProperty(sSLConfig.getProperties(), "validateIdentity"));
    }

    private SSLEngineFactory loadSSLEngineFactory() {
        Object factoryImplementation = this.sslConfig.getFactoryImplementation();
        try {
            String factoryClassName = this.sslConfig.getFactoryClassName();
            if (factoryImplementation == null && factoryClassName != null) {
                factoryImplementation = Class.forName(factoryClassName).newInstance();
            }
            if (factoryImplementation == null) {
                factoryImplementation = loadDefaultImplementation();
            }
            if (factoryImplementation instanceof SSLContextFactory) {
                factoryImplementation = new SSLEngineFactoryAdaptor((SSLContextFactory) factoryImplementation);
            }
            SSLEngineFactory sSLEngineFactory = (SSLEngineFactory) factoryImplementation;
            sSLEngineFactory.init(this.sslConfig.getProperties(), forClient());
            return sSLEngineFactory;
        } catch (HazelcastException e) {
            throw e;
        } catch (IOException e2) {
            throw new InvalidConfigurationException("Error while loading SSL engine for: " + getClass().getSimpleName(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new InvalidConfigurationException("Error while loading SSL engine for: " + getClass().getSimpleName(), e3);
        } catch (Exception e4) {
            throw new HazelcastException(e4);
        }
    }

    private Object loadDefaultImplementation() {
        if (JavaVersion.isAtLeast(JavaVersion.JAVA_11)) {
            this.logger.info("Java " + JavaVersion.CURRENT_VERSION.getMajorVersion() + " detected, default for above Java 11 upwards is " + BasicSSLContextFactory.class.getName());
            return new BasicSSLContextFactory();
        }
        if (isOpenSSLAvailable()) {
            this.logger.info("OpenSSL capability detected, defaulting to " + OpenSSLEngineFactory.class.getName());
            return new OpenSSLEngineFactory();
        }
        this.logger.info("OpenSSL capability not detected, defaulting to " + BasicSSLContextFactory.class.getName());
        return new BasicSSLContextFactory();
    }

    private boolean isOpenSSLAvailable() {
        try {
            return OpenSsl.isAvailable();
        } catch (NoClassDefFoundError e) {
            this.logger.fine("Netty OpenSSL support has not been found on the classpath.");
            return false;
        }
    }

    protected abstract boolean forClient();

    @Override // com.hazelcast.internal.networking.ChannelInitializer
    public final void initChannel(Channel channel) throws Exception {
        configChannel(channel);
        Address address = (Address) channel.attributeMap().get(Address.class);
        SSLEngine create = this.sslEngineFactory.create(channel.isClientMode(), address);
        if (this.validateIdentity && address != null) {
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            create.setSSLParameters(sSLParameters);
        }
        if ("REQUIRED".equals(this.mutualAuthentication)) {
            create.setNeedClientAuth(true);
        } else if ("OPTIONAL".equals(this.mutualAuthentication)) {
            create.setWantClientAuth(true);
        }
        create.beginHandshake();
        channel.inboundPipeline().addLast(new TLSHandshakeDecoder(create, this.tlsExecutor, channel.attributeMap()));
        initPipeline(channel);
        channel.outboundPipeline().addLast(new TLSHandshakeEncoder(create, this.tlsExecutor, channel.attributeMap()));
    }

    protected abstract void initPipeline(Channel channel);

    protected abstract void configChannel(Channel channel);
}
