package org.apache.pulsar.proxy.server;

import io.netty.channel.ChannelInitializer;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.handler.flush.FlushConsolidationHandler;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.ReadTimeoutHandler;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.common.protocol.OptionalProxyProtocolDecoder;
import org.apache.pulsar.common.util.PulsarSslConfiguration;
import org.apache.pulsar.common.util.PulsarSslFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/proxy/server/ServiceChannelInitializer.class */
public class ServiceChannelInitializer extends ChannelInitializer<SocketChannel> {
    private static final Logger log = LoggerFactory.getLogger(ServiceChannelInitializer.class);
    public static final String TLS_HANDLER = "tls";
    private final ProxyService proxyService;
    private final boolean enableTls;
    private final boolean tlsEnabledWithKeyStore;
    private final int brokerProxyReadTimeoutMs;
    private final int maxMessageSize;
    private PulsarSslFactory sslFactory;

    public ServiceChannelInitializer(ProxyService proxyService, ProxyConfiguration proxyConfiguration, boolean z, ScheduledExecutorService scheduledExecutorService) throws Exception {
        this.proxyService = proxyService;
        this.enableTls = z;
        this.tlsEnabledWithKeyStore = proxyConfiguration.isTlsEnabledWithKeyStore();
        this.brokerProxyReadTimeoutMs = proxyConfiguration.getBrokerProxyReadTimeoutMs();
        this.maxMessageSize = proxyConfiguration.getMaxMessageSize();
        if (z) {
            PulsarSslConfiguration buildSslConfiguration = buildSslConfiguration(proxyConfiguration);
            this.sslFactory = (PulsarSslFactory) Class.forName(proxyConfiguration.getSslFactoryPlugin()).getConstructor(new Class[0]).newInstance(new Object[0]);
            this.sslFactory.initialize(buildSslConfiguration);
            this.sslFactory.createInternalSslContext();
            if (proxyConfiguration.getTlsCertRefreshCheckDurationSec() > 0) {
                scheduledExecutorService.scheduleWithFixedDelay(this::refreshSslContext, proxyConfiguration.getTlsCertRefreshCheckDurationSec(), proxyConfiguration.getTlsCertRefreshCheckDurationSec(), TimeUnit.SECONDS);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initChannel(SocketChannel socketChannel) throws Exception {
        socketChannel.pipeline().addLast("consolidation", new FlushConsolidationHandler(1024, true));
        if (this.enableTls) {
            socketChannel.pipeline().addLast("tls", new SslHandler(this.sslFactory.createServerSslEngine(socketChannel.alloc())));
        }
        if (this.brokerProxyReadTimeoutMs > 0) {
            socketChannel.pipeline().addLast("readTimeoutHandler", new ReadTimeoutHandler(this.brokerProxyReadTimeoutMs, TimeUnit.MILLISECONDS));
        }
        if (this.proxyService.getConfiguration().isHaProxyProtocolEnabled()) {
            socketChannel.pipeline().addLast("optional-proxy-protocol-decoder", new OptionalProxyProtocolDecoder());
        }
        socketChannel.pipeline().addLast("frameDecoder", new LengthFieldBasedFrameDecoder(this.maxMessageSize + 10240, 0, 4, 0, 4));
        socketChannel.pipeline().addLast("handler", new ProxyConnection(this.proxyService, this.proxyService.getDnsAddressResolverGroup()));
    }

    protected PulsarSslConfiguration buildSslConfiguration(ProxyConfiguration proxyConfiguration) {
        return PulsarSslConfiguration.builder().tlsProvider(proxyConfiguration.getTlsProvider()).tlsKeyStoreType(proxyConfiguration.getTlsKeyStoreType()).tlsKeyStorePath(proxyConfiguration.getTlsKeyStore()).tlsKeyStorePassword(proxyConfiguration.getTlsKeyStorePassword()).tlsTrustStoreType(proxyConfiguration.getTlsTrustStoreType()).tlsTrustStorePath(proxyConfiguration.getTlsTrustStore()).tlsTrustStorePassword(proxyConfiguration.getTlsTrustStorePassword()).tlsCiphers(proxyConfiguration.getTlsCiphers()).tlsProtocols(proxyConfiguration.getTlsProtocols()).tlsTrustCertsFilePath(proxyConfiguration.getTlsTrustCertsFilePath()).tlsCertificateFilePath(proxyConfiguration.getTlsCertificateFilePath()).tlsKeyFilePath(proxyConfiguration.getTlsKeyFilePath()).allowInsecureConnection(proxyConfiguration.isTlsAllowInsecureConnection()).requireTrustedClientCertOnConnect(proxyConfiguration.isTlsRequireTrustedClientCertOnConnect()).tlsEnabledWithKeystore(proxyConfiguration.isTlsEnabledWithKeyStore()).tlsCustomParams(proxyConfiguration.getSslFactoryPluginParams()).authData((AuthenticationDataProvider) null).serverMode(true).build();
    }

    protected void refreshSslContext() {
        try {
            this.sslFactory.update();
        } catch (Exception e) {
            log.error("Failed to refresh SSL context", e);
        }
    }
}
