package org.apache.storm.messaging.netty;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.storm.Config;
import org.apache.storm.security.auth.tls.ReloadableX509KeyManager;
import org.apache.storm.security.auth.tls.ReloadableX509TrustManager;
import org.apache.storm.shade.io.netty.handler.ssl.ClientAuth;
import org.apache.storm.shade.io.netty.handler.ssl.OpenSsl;
import org.apache.storm.shade.io.netty.handler.ssl.SslContext;
import org.apache.storm.shade.io.netty.handler.ssl.SslContextBuilder;
import org.apache.storm.shade.io.netty.handler.ssl.SslProvider;
import org.apache.storm.utils.ObjectReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/messaging/netty/NettyTlsUtils.class */
public class NettyTlsUtils {
    private static final Logger LOG = LoggerFactory.getLogger(NettyTlsUtils.class);

    public static SslContext createSslContext(Map<String, Object> map, boolean z) {
        Set unmodifiableSet;
        SslContextBuilder forClient;
        if (!ObjectReader.getBoolean(map.get(Config.STORM_MESSAGING_NETTY_TLS_ENABLE), false)) {
            return null;
        }
        boolean z2 = ObjectReader.getBoolean(map.get(Config.STORM_MESSAGING_NETTY_TLS_REQUIRE_OPEN_SSL), false);
        if (z2) {
            OpenSsl.ensureAvailability();
        }
        if (map.containsKey(Config.STORM_MESSAGING_NETTY_TLS_CIPHERS)) {
            unmodifiableSet = new HashSet();
            unmodifiableSet.addAll(ObjectReader.getStrings(map.get(Config.STORM_MESSAGING_NETTY_TLS_CIPHERS)));
        } else {
            unmodifiableSet = Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList("TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_128_GCM_SHA256")));
        }
        String string = ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_SSL_PROTOCOLS), "TLSv1.3");
        try {
            if (z) {
                LOG.info("Building SSL context for Netty server");
                forClient = SslContextBuilder.forServer(new ReloadableX509KeyManager(ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_KEYSTORE_PATH)), ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_KEYSTORE_PASSWORD)))).trustManager(new ReloadableX509TrustManager(ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_TRUSTSTORE_PATH)), ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_TRUSTSTORE_PASSWORD)))).clientAuth(ClientAuth.REQUIRE);
            } else {
                LOG.info("Building SSL context for Netty client");
                String string2 = ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_CLIENT_KEYSTORE_PATH));
                String string3 = ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_CLIENT_KEYSTORE_PASSWORD));
                String string4 = ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_CLIENT_TRUSTSTORE_PATH));
                String string5 = ObjectReader.getString(map.get(Config.STORM_MESSAGING_NETTY_TLS_CLIENT_TRUSTSTORE_PASSWORD));
                forClient = SslContextBuilder.forClient();
                forClient.keyManager(new ReloadableX509KeyManager(string2, string3)).trustManager(new ReloadableX509TrustManager(string4, string5));
            }
            forClient.ciphers(unmodifiableSet).startTls(false).protocols(new String[]{string});
            if (z2) {
                forClient.sslProvider(SslProvider.OPENSSL);
            }
            return forClient.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
