package org.apache.flink.runtime.net;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import javax.annotation.Nullable;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.flink.configuration.ConfigOption;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.configuration.IllegalConfigurationException;
import org.apache.flink.configuration.SecurityOptions;
import org.apache.flink.util.Preconditions;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils.class */
public class SSLUtils {

    /* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils$ConfiguringSSLServerSocketFactory.class */
    private static class ConfiguringSSLServerSocketFactory extends ServerSocketFactory {
        private final SSLServerSocketFactory sslServerSocketFactory;
        private final String[] protocols;
        private final String[] cipherSuites;

        ConfiguringSSLServerSocketFactory(SSLServerSocketFactory sSLServerSocketFactory, String[] strArr, String[] strArr2) {
            this.sslServerSocketFactory = sSLServerSocketFactory;
            this.protocols = strArr;
            this.cipherSuites = strArr2;
        }

        @Override // javax.net.ServerSocketFactory
        public ServerSocket createServerSocket(int i) throws IOException {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket(i);
            configureServerSocket(sSLServerSocket);
            return sSLServerSocket;
        }

        @Override // javax.net.ServerSocketFactory
        public ServerSocket createServerSocket(int i, int i2) throws IOException {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket(i, i2);
            configureServerSocket(sSLServerSocket);
            return sSLServerSocket;
        }

        @Override // javax.net.ServerSocketFactory
        public ServerSocket createServerSocket(int i, int i2, InetAddress inetAddress) throws IOException {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) this.sslServerSocketFactory.createServerSocket(i, i2, inetAddress);
            configureServerSocket(sSLServerSocket);
            return sSLServerSocket;
        }

        private void configureServerSocket(SSLServerSocket sSLServerSocket) {
            sSLServerSocket.setEnabledProtocols(this.protocols);
            sSLServerSocket.setEnabledCipherSuites(this.cipherSuites);
            sSLServerSocket.setNeedClientAuth(true);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils$RestSSLContextConfigMode.class */
    public enum RestSSLContextConfigMode {
        CLIENT,
        SERVER,
        MUTUAL
    }

    public static boolean isInternalSSLEnabled(Configuration configuration) {
        return configuration.getBoolean(SecurityOptions.SSL_INTERNAL_ENABLED, configuration.getBoolean(SecurityOptions.SSL_ENABLED));
    }

    public static boolean isRestSSLEnabled(Configuration configuration) {
        return configuration.getBoolean(SecurityOptions.SSL_REST_ENABLED, configuration.getBoolean(SecurityOptions.SSL_ENABLED));
    }

    public static boolean isRestSSLAuthenticationEnabled(Configuration configuration) {
        Preconditions.checkNotNull(configuration, "sslConfig");
        return isRestSSLEnabled(configuration) && configuration.getBoolean(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED);
    }

    public static ServerSocketFactory createSSLServerSocketFactory(Configuration configuration) throws Exception {
        SSLContext createInternalSSLContext = createInternalSSLContext(configuration);
        if (createInternalSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled");
        }
        return new ConfiguringSSLServerSocketFactory(createInternalSSLContext.getServerSocketFactory(), getEnabledProtocols(configuration), getEnabledCipherSuites(configuration));
    }

    public static SocketFactory createSSLClientSocketFactory(Configuration configuration) throws Exception {
        SSLContext createInternalSSLContext = createInternalSSLContext(configuration);
        if (createInternalSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled");
        }
        return createInternalSSLContext.getSocketFactory();
    }

    public static SSLEngineFactory createInternalServerSSLEngineFactory(Configuration configuration) throws Exception {
        SSLContext createInternalSSLContext = createInternalSSLContext(configuration);
        if (createInternalSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled for internal communication.");
        }
        return new SSLEngineFactory(createInternalSSLContext, getEnabledProtocols(configuration), getEnabledCipherSuites(configuration), false, true);
    }

    public static SSLEngineFactory createInternalClientSSLEngineFactory(Configuration configuration) throws Exception {
        SSLContext createInternalSSLContext = createInternalSSLContext(configuration);
        if (createInternalSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled for internal communication.");
        }
        return new SSLEngineFactory(createInternalSSLContext, getEnabledProtocols(configuration), getEnabledCipherSuites(configuration), true, true);
    }

    public static SSLEngineFactory createRestServerSSLEngineFactory(Configuration configuration) throws Exception {
        SSLContext createRestServerSSLContext = createRestServerSSLContext(configuration);
        if (createRestServerSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled for REST endpoints.");
        }
        return new SSLEngineFactory(createRestServerSSLContext, getEnabledProtocols(configuration), getEnabledCipherSuites(configuration), false, isRestSSLAuthenticationEnabled(configuration));
    }

    public static SSLEngineFactory createRestClientSSLEngineFactory(Configuration configuration) throws Exception {
        SSLContext createRestClientSSLContext = createRestClientSSLContext(configuration);
        if (createRestClientSSLContext == null) {
            throw new IllegalConfigurationException("SSL is not enabled for REST endpoints.");
        }
        return new SSLEngineFactory(createRestClientSSLContext, getEnabledProtocols(configuration), getEnabledCipherSuites(configuration), true, isRestSSLAuthenticationEnabled(configuration));
    }

    private static String[] getEnabledProtocols(Configuration configuration) {
        Preconditions.checkNotNull(configuration, "config must not be null");
        return configuration.getString(SecurityOptions.SSL_PROTOCOL).split(",");
    }

    private static String[] getEnabledCipherSuites(Configuration configuration) {
        Preconditions.checkNotNull(configuration, "config must not be null");
        return configuration.getString(SecurityOptions.SSL_ALGORITHMS).split(",");
    }

    @Nullable
    public static SSLContext createInternalSSLContext(Configuration configuration) throws Exception {
        Preconditions.checkNotNull(configuration, "config");
        if (!isInternalSSLEnabled(configuration)) {
            return null;
        }
        String andCheckOption = getAndCheckOption(configuration, SecurityOptions.SSL_INTERNAL_KEYSTORE, SecurityOptions.SSL_KEYSTORE);
        String andCheckOption2 = getAndCheckOption(configuration, SecurityOptions.SSL_INTERNAL_KEYSTORE_PASSWORD, SecurityOptions.SSL_KEYSTORE_PASSWORD);
        String andCheckOption3 = getAndCheckOption(configuration, SecurityOptions.SSL_INTERNAL_KEY_PASSWORD, SecurityOptions.SSL_KEY_PASSWORD);
        String andCheckOption4 = getAndCheckOption(configuration, SecurityOptions.SSL_INTERNAL_TRUSTSTORE, SecurityOptions.SSL_TRUSTSTORE);
        String andCheckOption5 = getAndCheckOption(configuration, SecurityOptions.SSL_INTERNAL_TRUSTSTORE_PASSWORD, SecurityOptions.SSL_TRUSTSTORE_PASSWORD);
        String string = configuration.getString(SecurityOptions.SSL_PROTOCOL);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream newInputStream = Files.newInputStream(new File(andCheckOption).toPath(), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, andCheckOption2.toCharArray());
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                newInputStream = Files.newInputStream(new File(andCheckOption4).toPath(), new OpenOption[0]);
                Throwable th3 = null;
                try {
                    try {
                        keyStore2.load(newInputStream, andCheckOption5.toCharArray());
                        if (newInputStream != null) {
                            if (0 != 0) {
                                try {
                                    newInputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                newInputStream.close();
                            }
                        }
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, andCheckOption3.toCharArray());
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore2);
                        SSLContext sSLContext = SSLContext.getInstance(string);
                        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                        return sSLContext;
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    @Nullable
    private static SSLContext createRestSSLContext(Configuration configuration, RestSSLContextConfigMode restSSLContextConfigMode) throws Exception {
        Preconditions.checkNotNull(configuration, "config");
        if (!isRestSSLEnabled(configuration)) {
            return null;
        }
        KeyManager[] keyManagerArr = null;
        if (restSSLContextConfigMode == RestSSLContextConfigMode.SERVER || restSSLContextConfigMode == RestSSLContextConfigMode.MUTUAL) {
            String andCheckOption = getAndCheckOption(configuration, SecurityOptions.SSL_REST_KEYSTORE, SecurityOptions.SSL_KEYSTORE);
            String andCheckOption2 = getAndCheckOption(configuration, SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, SecurityOptions.SSL_KEYSTORE_PASSWORD);
            String andCheckOption3 = getAndCheckOption(configuration, SecurityOptions.SSL_REST_KEY_PASSWORD, SecurityOptions.SSL_KEY_PASSWORD);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            InputStream newInputStream = Files.newInputStream(new File(andCheckOption).toPath(), new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    keyStore.load(newInputStream, andCheckOption2.toCharArray());
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, andCheckOption3.toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                } finally {
                }
            } catch (Throwable th3) {
                if (newInputStream != null) {
                    if (th != null) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                throw th3;
            }
        }
        TrustManager[] trustManagerArr = null;
        if (restSSLContextConfigMode == RestSSLContextConfigMode.CLIENT || restSSLContextConfigMode == RestSSLContextConfigMode.MUTUAL) {
            String andCheckOption4 = getAndCheckOption(configuration, SecurityOptions.SSL_REST_TRUSTSTORE, SecurityOptions.SSL_TRUSTSTORE);
            String andCheckOption5 = getAndCheckOption(configuration, SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, SecurityOptions.SSL_TRUSTSTORE_PASSWORD);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            InputStream newInputStream2 = Files.newInputStream(new File(andCheckOption4).toPath(), new OpenOption[0]);
            Throwable th5 = null;
            try {
                keyStore2.load(newInputStream2, andCheckOption5.toCharArray());
                if (newInputStream2 != null) {
                    if (0 != 0) {
                        try {
                            newInputStream2.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        newInputStream2.close();
                    }
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (Throwable th7) {
                if (newInputStream2 != null) {
                    if (0 != 0) {
                        try {
                            newInputStream2.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        newInputStream2.close();
                    }
                }
                throw th7;
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(configuration.getString(SecurityOptions.SSL_PROTOCOL));
        sSLContext.init(keyManagerArr, trustManagerArr, null);
        return sSLContext;
    }

    @Nullable
    public static SSLContext createRestServerSSLContext(Configuration configuration) throws Exception {
        return createRestSSLContext(configuration, isRestSSLAuthenticationEnabled(configuration) ? RestSSLContextConfigMode.MUTUAL : RestSSLContextConfigMode.SERVER);
    }

    @Nullable
    public static SSLContext createRestClientSSLContext(Configuration configuration) throws Exception {
        return createRestSSLContext(configuration, isRestSSLAuthenticationEnabled(configuration) ? RestSSLContextConfigMode.MUTUAL : RestSSLContextConfigMode.CLIENT);
    }

    private static String getAndCheckOption(Configuration configuration, ConfigOption<String> configOption, ConfigOption<String> configOption2) {
        String string = configuration.getString(configOption, configuration.getString(configOption2));
        if (string != null) {
            return string;
        }
        throw new IllegalConfigurationException("The config option " + configOption.key() + " or " + configOption2.key() + " is missing.");
    }
}
