package com.yahoo.vespa.zookeeper;

import com.yahoo.cloud.config.ZookeeperServerConfig;
import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.TransportSecurityUtils;
import com.yahoo.vespa.defaults.Defaults;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;

/* loaded from: input_file:com/yahoo/vespa/zookeeper/Configurator.class */
public class Configurator {
    public static volatile boolean VespaNettyServerCnxnFactory_isSecure = false;
    private static final Logger log = Logger.getLogger(Configurator.class.getName());
    private static final String ZOOKEEPER_JMX_LOG4J_DISABLE = "zookeeper.jmx.log4j.disable";
    static final String ZOOKEEPER_JUTE_MAX_BUFFER = "jute.maxbuffer";
    private final ZookeeperServerConfig zookeeperServerConfig;
    private final Path configFilePath;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yahoo/vespa/zookeeper/Configurator$TlsClientServerConfig.class */
    public static class TlsClientServerConfig implements TlsConfig {
        TlsClientServerConfig() {
        }

        public String createConfig(VespaTlsConfig vespaTlsConfig) {
            StringBuilder append = new StringBuilder().append("client.portUnification=").append(enablePortUnification(vespaTlsConfig)).append("\n");
            Configurator.VespaNettyServerCnxnFactory_isSecure = vespaTlsConfig.tlsEnabled() && vespaTlsConfig.mixedMode() == MixedMode.DISABLED;
            appendSharedTlsConfig(append, vespaTlsConfig);
            return append.toString();
        }

        @Override // com.yahoo.vespa.zookeeper.Configurator.TlsConfig
        public String configFieldPrefix() {
            return "ssl";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yahoo/vespa/zookeeper/Configurator$TlsConfig.class */
    public interface TlsConfig {
        String configFieldPrefix();

        default void appendSharedTlsConfig(StringBuilder sb, VespaTlsConfig vespaTlsConfig) {
            vespaTlsConfig.context().ifPresent(tlsContext -> {
                sb.append(configFieldPrefix()).append(".context.supplier.class=").append(VespaSslContextProvider.class.getName()).append("\n");
                sb.append(configFieldPrefix()).append(".ciphersuites=").append((String) Arrays.stream(tlsContext.parameters().getCipherSuites()).sorted().collect(Collectors.joining(","))).append("\n");
                sb.append(configFieldPrefix()).append(".enabledProtocols=").append((String) Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(","))).append("\n");
                sb.append(configFieldPrefix()).append(".clientAuth=NEED\n");
            });
        }

        default boolean enablePortUnification(VespaTlsConfig vespaTlsConfig) {
            return vespaTlsConfig.tlsEnabled() && (vespaTlsConfig.mixedMode() == MixedMode.TLS_CLIENT_MIXED_SERVER || vespaTlsConfig.mixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yahoo/vespa/zookeeper/Configurator$TlsQuorumConfig.class */
    public static class TlsQuorumConfig implements TlsConfig {
        TlsQuorumConfig() {
        }

        public String createConfig(VespaTlsConfig vespaTlsConfig) {
            StringBuilder append = new StringBuilder().append("sslQuorum=").append(vespaTlsConfig.tlsEnabled()).append("\n").append("portUnification=").append(enablePortUnification(vespaTlsConfig)).append("\n");
            appendSharedTlsConfig(append, vespaTlsConfig);
            return append.toString();
        }

        @Override // com.yahoo.vespa.zookeeper.Configurator.TlsConfig
        public String configFieldPrefix() {
            return "ssl.quorum";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yahoo/vespa/zookeeper/Configurator$VespaTlsConfig.class */
    public static class VespaTlsConfig {
        private final TlsContext context;
        private final MixedMode mixedMode;

        VespaTlsConfig(TlsContext tlsContext, MixedMode mixedMode) {
            this.context = tlsContext;
            this.mixedMode = mixedMode;
        }

        static VespaTlsConfig fromSystem() {
            return new VespaTlsConfig((TlsContext) TransportSecurityUtils.getSystemTlsContext().orElse(null), TransportSecurityUtils.getInsecureMixedMode());
        }

        static VespaTlsConfig tlsDisabled() {
            return new VespaTlsConfig(null, MixedMode.defaultValue());
        }

        boolean tlsEnabled() {
            return this.context != null;
        }

        Optional<TlsContext> context() {
            return Optional.ofNullable(this.context);
        }

        MixedMode mixedMode() {
            return this.mixedMode;
        }
    }

    public Configurator(ZookeeperServerConfig zookeeperServerConfig) {
        log.log(Level.FINE, zookeeperServerConfig.toString());
        this.zookeeperServerConfig = zookeeperServerConfig;
        this.configFilePath = makeAbsolutePath(zookeeperServerConfig.zooKeeperConfigFile());
        System.setProperty(ZOOKEEPER_JMX_LOG4J_DISABLE, "true");
        System.setProperty("zookeeper.snapshot.trust.empty", Boolean.valueOf(zookeeperServerConfig.trustEmptySnapshot()).toString());
        System.setProperty(ZOOKEEPER_JUTE_MAX_BUFFER, Integer.valueOf(zookeeperServerConfig.juteMaxBuffer()).toString());
        System.setProperty("zookeeper.authProvider.x509", "com.yahoo.vespa.zookeeper.VespaMtlsAuthenticationProvider");
        System.setProperty("zookeeper.globalOutstandingLimit", "1000");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeConfigToDisk() {
        writeConfigToDisk(VespaTlsConfig.fromSystem());
    }

    void writeConfigToDisk(VespaTlsConfig vespaTlsConfig) {
        this.configFilePath.toFile().getParentFile().mkdirs();
        try {
            writeZooKeeperConfigFile(this.zookeeperServerConfig, vespaTlsConfig);
            writeMyIdFile(this.zookeeperServerConfig);
        } catch (IOException e) {
            throw new RuntimeException("Error writing zookeeper config", e);
        }
    }

    private void writeZooKeeperConfigFile(ZookeeperServerConfig zookeeperServerConfig, VespaTlsConfig vespaTlsConfig) throws IOException {
        FileWriter fileWriter = new FileWriter(this.configFilePath.toFile());
        try {
            fileWriter.write(transformConfigToString(zookeeperServerConfig, vespaTlsConfig));
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private String transformConfigToString(ZookeeperServerConfig zookeeperServerConfig, VespaTlsConfig vespaTlsConfig) {
        StringBuilder sb = new StringBuilder();
        sb.append("tickTime=").append(zookeeperServerConfig.tickTime()).append("\n");
        sb.append("initLimit=").append(zookeeperServerConfig.initLimit()).append("\n");
        sb.append("syncLimit=").append(zookeeperServerConfig.syncLimit()).append("\n");
        sb.append("maxClientCnxns=").append(zookeeperServerConfig.maxClientConnections()).append("\n");
        sb.append("snapCount=").append(zookeeperServerConfig.snapshotCount()).append("\n");
        sb.append("dataDir=").append(Defaults.getDefaults().underVespaHome(zookeeperServerConfig.dataDir())).append("\n");
        sb.append("autopurge.purgeInterval=").append(zookeeperServerConfig.autopurge().purgeInterval()).append("\n");
        sb.append("autopurge.snapRetainCount=").append(zookeeperServerConfig.autopurge().snapRetainCount()).append("\n");
        sb.append("4lw.commands.whitelist=conf,cons,crst,dirs,dump,envi,mntr,ruok,srst,srvr,stat,wchs").append("\n");
        sb.append("admin.enableServer=false").append("\n");
        sb.append("serverCnxnFactory=org.apache.zookeeper.server.VespaNettyServerCnxnFactory").append("\n");
        sb.append("quorumListenOnAllIPs=true").append("\n");
        sb.append("standaloneEnabled=false").append("\n");
        sb.append("reconfigEnabled=true").append("\n");
        sb.append("skipACL=yes").append("\n");
        ensureThisServerIsRepresented(zookeeperServerConfig.myid(), zookeeperServerConfig.server());
        zookeeperServerConfig.server().forEach(server -> {
            addServerToCfg(sb, server, zookeeperServerConfig.clientPort());
        });
        sb.append(new TlsQuorumConfig().createConfig(vespaTlsConfig));
        sb.append(new TlsClientServerConfig().createConfig(vespaTlsConfig));
        return sb.toString();
    }

    private void writeMyIdFile(ZookeeperServerConfig zookeeperServerConfig) throws IOException {
        FileWriter fileWriter = new FileWriter(Defaults.getDefaults().underVespaHome(zookeeperServerConfig.myidFile()));
        try {
            fileWriter.write(zookeeperServerConfig.myid() + "\n");
            fileWriter.close();
        } catch (Throwable th) {
            try {
                fileWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void ensureThisServerIsRepresented(int i, List<ZookeeperServerConfig.Server> list) {
        boolean z = false;
        Iterator<ZookeeperServerConfig.Server> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (i == it.next().id()) {
                z = true;
                break;
            }
        }
        if (!z) {
            throw new RuntimeException("No id in zookeeper server list that corresponds to my id (" + i + ")");
        }
    }

    private void addServerToCfg(StringBuilder sb, ZookeeperServerConfig.Server server, int i) {
        sb.append("server.").append(server.id()).append("=").append(server.hostname()).append(":").append(server.quorumPort()).append(":").append(server.electionPort());
        if (server.joining()) {
            sb.append(":").append("observer");
        }
        sb.append(";").append(i).append("\n");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<String> zookeeperServerHostnames(ZookeeperServerConfig zookeeperServerConfig) {
        return (List) zookeeperServerConfig.server().stream().map((v0) -> {
            return v0.hostname();
        }).distinct().collect(Collectors.toList());
    }

    Path makeAbsolutePath(String str) {
        Path path = Paths.get(str, new String[0]);
        return path.isAbsolute() ? path : Paths.get(Defaults.getDefaults().underVespaHome(str), new String[0]);
    }
}
