package io.streamnative.pulsar.handlers.kop.utils.ssl;

import com.google.common.collect.ImmutableMap;
import io.streamnative.pulsar.handlers.kop.KafkaServiceConfiguration;
import io.streamnative.pulsar.handlers.kop.utils.MessageIdUtils;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/streamnative/pulsar/handlers/kop/utils/ssl/SSLUtils.class */
public class SSLUtils {
    private static final Logger log = LoggerFactory.getLogger(SSLUtils.class);
    public static final Map<String, String> CONFIG_NAME_MAP = ImmutableMap.builder().put("ssl.protocol", "kopSslProtocol").put("ssl.provider", "kopSslProvider").put("ssl.cipher.suites", "kopSslCipherSuites").put("ssl.enabled.protocols", "kopSslEnabledProtocols").put("ssl.keystore.type", "kopSslKeystoreType").put("ssl.keystore.location", "kopSslKeystoreLocation").put("ssl.keystore.password", "kopSslKeystorePassword").put("ssl.key.password", "kopSslKeyPassword").put("ssl.truststore.type", "kopSslTruststoreType").put("ssl.truststore.location", "kopSslTruststoreLocation").put("ssl.truststore.password", "kopSslTruststorePassword").put("ssl.keymanager.algorithm", "kopSslKeymanagerAlgorithm").put("ssl.trustmanager.algorithm", "kopSslTrustmanagerAlgorithm").put("ssl.secure.random.implementation", "kopSslSecureRandomImplementation").put("ssl.client.auth", "kopSslClientAuth").build();

    public static SslContextFactory createSslContextFactory(KafkaServiceConfiguration kafkaServiceConfiguration) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        CONFIG_NAME_MAP.forEach((str, str2) -> {
            String str = null;
            boolean z = -1;
            switch (str.hashCode()) {
                case -1623783713:
                    if (str.equals("ssl.keystore.location")) {
                        z = 5;
                        break;
                    }
                    break;
                case -1570096372:
                    if (str.equals("ssl.enabled.protocols")) {
                        z = 3;
                        break;
                    }
                    break;
                case -1394274927:
                    if (str.equals("ssl.keymanager.algorithm")) {
                        z = 11;
                        break;
                    }
                    break;
                case -1347196771:
                    if (str.equals("ssl.truststore.type")) {
                        z = 8;
                        break;
                    }
                    break;
                case -934310647:
                    if (str.equals("ssl.client.auth")) {
                        z = 14;
                        break;
                    }
                    break;
                case -807677894:
                    if (str.equals("ssl.protocol")) {
                        z = false;
                        break;
                    }
                    break;
                case -806008941:
                    if (str.equals("ssl.provider")) {
                        z = true;
                        break;
                    }
                    break;
                case -781899138:
                    if (str.equals("ssl.truststore.password")) {
                        z = 10;
                        break;
                    }
                    break;
                case -483333796:
                    if (str.equals("ssl.cipher.suites")) {
                        z = 2;
                        break;
                    }
                    break;
                case -186360408:
                    if (str.equals("ssl.secure.random.implementation")) {
                        z = 13;
                        break;
                    }
                    break;
                case -97841256:
                    if (str.equals("ssl.truststore.location")) {
                        z = 9;
                        break;
                    }
                    break;
                case 23600696:
                    if (str.equals("ssl.trustmanager.algorithm")) {
                        z = 12;
                        break;
                    }
                    break;
                case 809134572:
                    if (str.equals("ssl.key.password")) {
                        z = 7;
                        break;
                    }
                    break;
                case 1567890276:
                    if (str.equals("ssl.keystore.type")) {
                        z = 4;
                        break;
                    }
                    break;
                case 1987125701:
                    if (str.equals("ssl.keystore.password")) {
                        z = 6;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    str = kafkaServiceConfiguration.getKopSslProtocol();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslProvider();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslCipherSuites();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslEnabledProtocols();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslKeystoreType();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslKeystoreLocation();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslKeystorePassword();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslKeyPassword();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslTruststoreType();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslTruststoreLocation();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslTruststorePassword();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslKeymanagerAlgorithm();
                    break;
                case MessageIdUtils.BATCH_BITS /* 12 */:
                    str = kafkaServiceConfiguration.getKopSslTrustmanagerAlgorithm();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslSecureRandomImplementation();
                    break;
                case true:
                    str = kafkaServiceConfiguration.getKopSslClientAuth();
                    break;
                default:
                    log.error("key {} not contained in KafkaServiceConfiguration", str);
                    break;
            }
            if (str != null) {
                builder.put(str, str);
            }
        });
        return createSslContextFactory((Map<String, Object>) builder.build());
    }

    public static SslContextFactory createSslContextFactory(Map<String, Object> map) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        configureSslContextFactoryKeyStore(sslContextFactory, map);
        configureSslContextFactoryTrustStore(sslContextFactory, map);
        configureSslContextFactoryAlgorithms(sslContextFactory, map);
        configureSslContextFactoryAuthentication(sslContextFactory, map);
        sslContextFactory.setEndpointIdentificationAlgorithm((String) null);
        return sslContextFactory;
    }

    protected static void configureSslContextFactoryKeyStore(SslContextFactory sslContextFactory, Map<String, Object> map) {
        sslContextFactory.setKeyStoreType((String) getOrDefault(map, "ssl.keystore.type", "JKS"));
        String str = (String) map.get("ssl.keystore.location");
        if (str != null) {
            sslContextFactory.setKeyStorePath(str);
        }
        Password password = new Password((String) map.get("ssl.keystore.password"));
        if (password != null) {
            sslContextFactory.setKeyStorePassword(password.value());
        }
        Password password2 = new Password((String) map.get("ssl.key.password"));
        if (password2 != null) {
            sslContextFactory.setKeyManagerPassword(password2.value());
        }
    }

    protected static Object getOrDefault(Map<String, Object> map, String str, Object obj) {
        return map.containsKey(str) ? map.get(str) : obj;
    }

    protected static void configureSslContextFactoryTrustStore(SslContextFactory sslContextFactory, Map<String, Object> map) {
        sslContextFactory.setTrustStoreType((String) getOrDefault(map, "ssl.truststore.type", "JKS"));
        String str = (String) map.get("ssl.truststore.location");
        if (str != null) {
            sslContextFactory.setTrustStorePath(str);
        }
        Password password = new Password((String) map.get("ssl.truststore.password"));
        if (password != null) {
            sslContextFactory.setTrustStorePassword(password.value());
        }
    }

    protected static void configureSslContextFactoryAlgorithms(SslContextFactory sslContextFactory, Map<String, Object> map) {
        Set set = (Set) getOrDefault(map, "ssl.enabled.protocols", Arrays.asList("TLSv1.2,TLSv1.1,TLSv1".split("\\s*,\\s*")));
        sslContextFactory.setIncludeProtocols((String[]) set.toArray(new String[set.size()]));
        String str = (String) map.get("ssl.provider");
        if (str != null) {
            sslContextFactory.setProvider(str);
        }
        sslContextFactory.setProtocol((String) getOrDefault(map, "ssl.protocol", "TLS"));
        Set set2 = (Set) map.get("ssl.cipher.suites");
        if (set2 != null) {
            sslContextFactory.setIncludeCipherSuites((String[]) set2.toArray(new String[set2.size()]));
        }
        sslContextFactory.setKeyManagerFactoryAlgorithm((String) getOrDefault(map, "ssl.keymanager.algorithm", SslConfigs.DEFAULT_SSL_KEYMANGER_ALGORITHM));
        String str2 = (String) map.get("ssl.secure.random.implementation");
        if (str2 != null) {
            sslContextFactory.setSecureRandomAlgorithm(str2);
        }
        sslContextFactory.setTrustManagerFactoryAlgorithm((String) getOrDefault(map, "ssl.trustmanager.algorithm", SslConfigs.DEFAULT_SSL_TRUSTMANAGER_ALGORITHM));
    }

    protected static void configureSslContextFactoryAuthentication(SslContextFactory sslContextFactory, Map<String, Object> map) {
        String str = (String) getOrDefault(map, "ssl.client.auth", "none");
        boolean z = -1;
        switch (str.hashCode()) {
            case -393139297:
                if (str.equals("required")) {
                    z = true;
                    break;
                }
                break;
            case 693933934:
                if (str.equals("requested")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                sslContextFactory.setWantClientAuth(true);
                return;
            case true:
                sslContextFactory.setNeedClientAuth(true);
                return;
            default:
                sslContextFactory.setNeedClientAuth(false);
                sslContextFactory.setWantClientAuth(false);
                return;
        }
    }

    public static SSLEngine createSslEngine(SslContextFactory sslContextFactory) throws Exception {
        sslContextFactory.start();
        SSLEngine newSSLEngine = sslContextFactory.newSSLEngine();
        newSSLEngine.setUseClientMode(false);
        return newSSLEngine;
    }
}
