package org.infinispan.client.hotrod.impl.transport.netty;

import io.netty.bootstrap.Bootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.JdkSslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.timeout.IdleStateHandler;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.io.File;
import java.net.SocketAddress;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.Security;
import java.util.Collections;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.function.BiConsumer;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLParameters;
import javax.security.auth.Subject;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.infinispan.client.hotrod.configuration.AuthenticationConfiguration;
import org.infinispan.client.hotrod.configuration.Configuration;
import org.infinispan.client.hotrod.configuration.SslConfiguration;
import org.infinispan.client.hotrod.impl.operations.OperationsFactory;
import org.infinispan.client.hotrod.logging.Log;
import org.infinispan.client.hotrod.logging.LogFactory;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.util.SaslUtils;
import org.infinispan.commons.util.SslContextFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/infinispan-client-hotrod-13.0.2.Final.jar:org/infinispan/client/hotrod/impl/transport/netty/ChannelInitializer.class */
public class ChannelInitializer extends io.netty.channel.ChannelInitializer<Channel> {
    private static final Log log = LogFactory.getLog(ChannelInitializer.class);
    private final Bootstrap bootstrap;
    private final SocketAddress unresolvedAddress;
    private final OperationsFactory operationsFactory;
    private final Configuration configuration;
    private final ChannelFactory channelFactory;
    private ChannelPool channelPool;
    private volatile boolean isFirstPing = true;

    /* loaded from: input_file:BOOT-INF/lib/infinispan-client-hotrod-13.0.2.Final.jar:org/infinispan/client/hotrod/impl/transport/netty/ChannelInitializer$ActivationFuture.class */
    private static class ActivationFuture extends CompletableFuture<Channel> implements ChannelFutureListener, BiConsumer<Channel, Throwable> {
        private ActivationFuture() {
        }

        @Override // io.netty.util.concurrent.GenericFutureListener
        public void operationComplete(ChannelFuture channelFuture) throws Exception {
            if (channelFuture.isSuccess()) {
                ChannelRecord.of(channelFuture.channel()).whenComplete((BiConsumer) this);
            } else {
                completeExceptionally(channelFuture.cause());
            }
        }

        @Override // java.util.function.BiConsumer
        public void accept(Channel channel, Throwable th) {
            if (th != null) {
                completeExceptionally(th);
            } else {
                complete(channel);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ChannelInitializer(Bootstrap bootstrap, SocketAddress socketAddress, OperationsFactory operationsFactory, Configuration configuration, ChannelFactory channelFactory) {
        this.bootstrap = bootstrap;
        this.unresolvedAddress = socketAddress;
        this.operationsFactory = operationsFactory;
        this.configuration = configuration;
        this.channelFactory = channelFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CompletableFuture<Channel> createChannel() {
        ChannelFuture connect = this.bootstrap.mo1395clone().connect();
        ActivationFuture activationFuture = new ActivationFuture();
        connect.addListener2((GenericFutureListener<? extends Future<? super Void>>) activationFuture);
        return activationFuture;
    }

    @Override // io.netty.channel.ChannelInitializer
    protected void initChannel(Channel channel) throws Exception {
        if (log.isTraceEnabled()) {
            log.tracef("Created channel %s", channel);
        }
        if (this.configuration.security().ssl().enabled()) {
            initSsl(channel);
        }
        AuthenticationConfiguration authentication = this.configuration.security().authentication();
        if (authentication.enabled()) {
            initAuthentication(channel, authentication);
        }
        if (this.configuration.connectionPool().minEvictableIdleTime() > 0) {
            channel.pipeline().addLast("idle-state-handler", new IdleStateHandler(0L, 0L, this.configuration.connectionPool().minEvictableIdleTime(), TimeUnit.MILLISECONDS));
        }
        channel.attr(ChannelRecord.KEY).set(new ChannelRecord(this.unresolvedAddress, this.channelPool));
        if (this.isFirstPing) {
            this.isFirstPing = false;
            channel.pipeline().addLast("initial-ping-handler", new InitialPingHandler(this.operationsFactory.newPingOperation(false)));
        } else {
            channel.pipeline().addLast("activation-handler", ActivationHandler.INSTANCE);
        }
        channel.pipeline().addLast(HeaderDecoder.NAME, new HeaderDecoder(this.operationsFactory.getCodec(), this.channelFactory, this.configuration, this.operationsFactory.getListenerNotifier()));
        if (this.configuration.connectionPool().minEvictableIdleTime() > 0) {
            channel.pipeline().addLast("idle-state-handler-provider", new IdleStateHandlerProvider(this.configuration.connectionPool().minIdle(), this.channelPool));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v35, types: [io.netty.handler.ssl.SslContext] */
    private void initSsl(Channel channel) {
        JdkSslContext jdkSslContext;
        SslConfiguration ssl = this.configuration.security().ssl();
        if (ssl.sslContext() == null) {
            SslContextBuilder forClient = SslContextBuilder.forClient();
            try {
                if (ssl.keyStoreFileName() != null) {
                    forClient.keyManager(new SslContextFactory().keyStoreFileName(ssl.keyStoreFileName()).keyStoreType(ssl.keyStoreType()).keyStorePassword(ssl.keyStorePassword()).keyAlias(ssl.keyAlias()).keyStoreCertificatePassword(ssl.keyStoreCertificatePassword()).classLoader(this.configuration.classLoader()).getKeyManagerFactory());
                }
                if (ssl.trustStoreFileName() != null) {
                    if ("pem".equalsIgnoreCase(ssl.trustStoreType())) {
                        forClient.trustManager(new File(ssl.trustStoreFileName()));
                    } else {
                        forClient.trustManager(new SslContextFactory().trustStoreFileName(ssl.trustStoreFileName()).trustStoreType(ssl.trustStoreType()).trustStorePassword(ssl.trustStorePassword()).classLoader(this.configuration.classLoader()).getTrustManagerFactory());
                    }
                }
                if (ssl.trustStorePath() != null) {
                    forClient.trustManager(new File(ssl.trustStorePath()));
                }
                if (ssl.protocol() != null) {
                    forClient.protocols(ssl.protocol());
                }
                if (ssl.ciphers() != null) {
                    forClient.ciphers(ssl.ciphers());
                }
                if (ssl.provider() != null) {
                    forClient.sslContextProvider(Security.getProvider(ssl.provider()));
                }
                jdkSslContext = forClient.build();
            } catch (Exception e) {
                throw new CacheConfigurationException(e);
            }
        } else {
            jdkSslContext = new JdkSslContext(ssl.sslContext(), true, ClientAuth.NONE);
        }
        SslHandler newHandler = jdkSslContext.newHandler(channel.alloc(), ssl.sniHostName(), -1);
        if (ssl.sniHostName() != null) {
            SSLParameters sSLParameters = newHandler.engine().getSSLParameters();
            sSLParameters.setServerNames(Collections.singletonList(new SNIHostName(ssl.sniHostName())));
            newHandler.engine().setSSLParameters(sSLParameters);
        }
        channel.pipeline().addFirst(newHandler, SslHandshakeExceptionHandler.INSTANCE);
    }

    private void initAuthentication(Channel channel, AuthenticationConfiguration authenticationConfiguration) throws PrivilegedActionException, SaslException {
        SaslClientFactory saslClientFactory = getSaslClientFactory(authenticationConfiguration);
        SslHandler sslHandler = (SslHandler) channel.pipeline().get(SslHandler.class);
        Principal localPrincipal = sslHandler != null ? sslHandler.engine().getSession().getLocalPrincipal() : null;
        String name = localPrincipal != null ? localPrincipal.getName() : null;
        channel.pipeline().addLast("auth-handler", new AuthHandler(authenticationConfiguration, authenticationConfiguration.clientSubject() != null ? (SaslClient) Subject.doAs(authenticationConfiguration.clientSubject(), () -> {
            return saslClientFactory.createSaslClient(new String[]{authenticationConfiguration.saslMechanism()}, name, "hotrod", authenticationConfiguration.serverName(), authenticationConfiguration.saslProperties(), authenticationConfiguration.callbackHandler());
        }) : saslClientFactory.createSaslClient(new String[]{authenticationConfiguration.saslMechanism()}, name, "hotrod", authenticationConfiguration.serverName(), authenticationConfiguration.saslProperties(), authenticationConfiguration.callbackHandler()), this.operationsFactory));
    }

    private SaslClientFactory getSaslClientFactory(AuthenticationConfiguration authenticationConfiguration) {
        if (log.isTraceEnabled()) {
            log.tracef("Attempting to load SaslClientFactory implementation with mech=%s, props=%s", authenticationConfiguration.saslMechanism(), authenticationConfiguration.saslProperties());
        }
        for (SaslClientFactory saslClientFactory : SaslUtils.getSaslClientFactories(getClass().getClassLoader(), true)) {
            try {
                for (String str : saslClientFactory.getMechanismNames(authenticationConfiguration.saslProperties())) {
                    if (str.equals(authenticationConfiguration.saslMechanism())) {
                        if (log.isTraceEnabled()) {
                            log.tracef("Loaded SaslClientFactory: %s", saslClientFactory.getClass().getName());
                        }
                        return saslClientFactory;
                    }
                }
            } catch (Throwable th) {
                log.tracef("Error while trying to obtain mechanism names supported by SaslClientFactory: %s", saslClientFactory.getClass().getName());
            }
        }
        throw new IllegalStateException("SaslClientFactory implementation not found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setChannelPool(ChannelPool channelPool) {
        this.channelPool = channelPool;
    }
}
