package org.apache.storm.security.auth.tls;

import java.net.InetAddress;
import java.security.SecureRandom;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.storm.security.auth.ThriftConnectionType;
import org.apache.storm.thrift.transport.TSSLTransportFactory;
import org.apache.storm.thrift.transport.TServerSocket;
import org.apache.storm.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/tls/ReloadableTsslTransportFactory.class */
public class ReloadableTsslTransportFactory extends TSSLTransportFactory {
    private static final Logger LOG = LoggerFactory.getLogger(ReloadableTsslTransportFactory.class);

    public static TServerSocket getServerSocket(int i, int i2, InetAddress inetAddress, ThriftConnectionType thriftConnectionType, Map<String, Object> map) throws Exception {
        return createServerSocket(createSslContext(thriftConnectionType, map).getServerSocketFactory(), i, i2, thriftConnectionType.isClientAuthRequired(map), inetAddress, thriftConnectionType);
    }

    private static SSLContext createSslContext(ThriftConnectionType thriftConnectionType, Map<String, Object> map) throws Exception {
        ReloadableX509TrustManager reloadableX509TrustManager = new ReloadableX509TrustManager(thriftConnectionType.getServerTrustStorePath(map), thriftConnectionType.getServerTrustStorePassword(map));
        ReloadableX509KeyManager reloadableX509KeyManager = new ReloadableX509KeyManager(thriftConnectionType.getServerKeyStorePath(map), thriftConnectionType.getServerKeyStorePassword(map));
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(new KeyManager[]{reloadableX509KeyManager}, new TrustManager[]{reloadableX509TrustManager}, new SecureRandom());
        return sSLContext;
    }

    private static TServerSocket createServerSocket(SSLServerSocketFactory sSLServerSocketFactory, int i, int i2, boolean z, InetAddress inetAddress, ThriftConnectionType thriftConnectionType) throws TTransportException {
        try {
            SSLServerSocket sSLServerSocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket(i, 100, inetAddress);
            sSLServerSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
            sSLServerSocket.setSoTimeout(i2);
            sSLServerSocket.setNeedClientAuth(z);
            sSLServerSocket.setWantClientAuth(z);
            return new TServerSocket(new TServerSocket.ServerSocketTransportArgs().serverSocket(sSLServerSocket).clientTimeout(i2));
        } catch (Exception e) {
            throw new TTransportException("Could not bind to port " + i, e);
        }
    }
}
