package de.saly.es.example.tssl.netty;

import de.saly.es.example.tssl.netty.SecureNettyTransport;
import de.saly.es.example.tssl.util.ConfigConstants;
import de.saly.es.example.tssl.util.SecurityUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.elasticsearch.Version;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.lang3.StringUtils;
import org.elasticsearch.common.netty.channel.ChannelHandlerContext;
import org.elasticsearch.common.netty.channel.ChannelPipeline;
import org.elasticsearch.common.netty.channel.ChannelPipelineFactory;
import org.elasticsearch.common.netty.channel.ChannelStateEvent;
import org.elasticsearch.common.netty.channel.SimpleChannelHandler;
import org.elasticsearch.common.netty.handler.ssl.SslHandler;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.common.util.concurrent.ConcurrentCollections;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.netty.NettyTransport;

/* loaded from: input_file:de/saly/es/example/tssl/netty/SSLNettyTransport.class */
public class SSLNettyTransport extends SecureNettyTransport {
    private static final int SECURITY_SSL_TRANSPORT_NODE_SESSION_CACHE_SIZE_DEFAULT = 1000;
    private static final int SECURITY_SSL_TRANSPORT_NODE_SESSION_TIMEOUT_DEFAULT = 86400;
    private final Map<String, SSLContext> contextCache;

    /* loaded from: input_file:de/saly/es/example/tssl/netty/SSLNettyTransport$ClientSslHandler.class */
    protected static class ClientSslHandler extends SimpleChannelHandler {
        private final SSLContext serverContext;
        private final boolean hostnameVerificationEnabled;
        private final boolean hostnameVerificationResovleHostName;

        private ClientSslHandler(SSLContext sSLContext, boolean z, boolean z2) {
            this.hostnameVerificationEnabled = z;
            this.hostnameVerificationResovleHostName = z2;
            this.serverContext = sSLContext;
        }

        public void connectRequested(ChannelHandlerContext channelHandlerContext, ChannelStateEvent channelStateEvent) {
            SSLEngine createSSLEngine;
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setCipherSuites(SecurityUtil.ENABLED_SSL_CIPHERS);
            sSLParameters.setProtocols(SecurityUtil.ENABLED_SSL_PROTOCOLS);
            if (this.hostnameVerificationEnabled) {
                InetSocketAddress inetSocketAddress = (InetSocketAddress) channelStateEvent.getValue();
                createSSLEngine = this.serverContext.createSSLEngine(this.hostnameVerificationResovleHostName ? inetSocketAddress.getHostName() : inetSocketAddress.getHostString(), inetSocketAddress.getPort());
                sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            } else {
                createSSLEngine = this.serverContext.createSSLEngine();
            }
            createSSLEngine.setSSLParameters(sSLParameters);
            createSSLEngine.setUseClientMode(true);
            SslHandler sslHandler = new SslHandler(createSSLEngine);
            sslHandler.setEnableRenegotiation(true);
            channelHandlerContext.getPipeline().replace(this, "ssl_client", sslHandler);
            channelHandlerContext.sendDownstream(channelStateEvent);
        }
    }

    /* loaded from: input_file:de/saly/es/example/tssl/netty/SSLNettyTransport$SSLClientChannelPipelineFactory.class */
    protected class SSLClientChannelPipelineFactory extends SecureNettyTransport.SecureClientChannelPipelineFactory {
        private final String keystoreType;
        private final String keystoreFilePath;
        private final String keystorePassword;
        private final boolean hostnameVerificationEnabled;
        private final boolean hostnameVerificationResovleHostName;
        private final String truststoreType;
        private final String truststoreFilePath;
        private final String truststorePassword;
        private final int sslSessionCacheSize;
        private final int sslSessionTimeout;

        public SSLClientChannelPipelineFactory(NettyTransport nettyTransport, Settings settings) {
            super(nettyTransport);
            this.keystoreType = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_TYPE, System.getProperty("javax.net.ssl.keyStoreType", "JKS"));
            this.keystoreFilePath = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_FILEPATH, System.getProperty("javax.net.ssl.keyStore", null));
            this.keystorePassword = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_PASSWORD, System.getProperty("javax.net.ssl.keyStorePassword", "changeit"));
            this.truststoreType = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, System.getProperty("javax.net.ssl.trustStoreType", "JKS"));
            this.truststoreFilePath = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_FILEPATH, System.getProperty("javax.net.ssl.trustStore", null));
            this.truststorePassword = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_PASSWORD, System.getProperty("javax.net.ssl.trustStorePassword", "changeit"));
            this.sslSessionCacheSize = settings.getAsInt(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, Integer.valueOf(SSLNettyTransport.SECURITY_SSL_TRANSPORT_NODE_SESSION_CACHE_SIZE_DEFAULT)).intValue();
            this.sslSessionTimeout = settings.getAsInt(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, Integer.valueOf(SSLNettyTransport.SECURITY_SSL_TRANSPORT_NODE_SESSION_TIMEOUT_DEFAULT)).intValue();
            this.hostnameVerificationEnabled = settings.getAsBoolean(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_ENCFORCE_HOSTNAME_VERIFICATION, true).booleanValue();
            this.hostnameVerificationResovleHostName = settings.getAsBoolean(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_ENCFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME, true).booleanValue();
        }

        @Override // de.saly.es.example.tssl.netty.SecureNettyTransport.SecureClientChannelPipelineFactory
        public ChannelPipeline getPipeline() throws Exception {
            ChannelPipeline pipeline = super.getPipeline();
            pipeline.addFirst("client_ssl_handler", new ClientSslHandler(SSLNettyTransport.this.createSSLContext(this.keystoreType, this.keystoreFilePath, this.keystorePassword, this.truststoreType, this.truststoreFilePath, this.truststorePassword, this.sslSessionCacheSize, this.sslSessionTimeout), this.hostnameVerificationEnabled, this.hostnameVerificationResovleHostName));
            return pipeline;
        }
    }

    /* loaded from: input_file:de/saly/es/example/tssl/netty/SSLNettyTransport$SSLServerChannelPipelineFactory.class */
    protected class SSLServerChannelPipelineFactory extends SecureNettyTransport.SecureServerChannelPipelineFactory {
        private final String keystoreType;
        private final String keystoreFilePath;
        private final String keystorePassword;
        private final boolean needClientAuth;
        private final String truststoreType;
        private final String truststoreFilePath;
        private final String truststorePassword;
        private final int sslSessionCacheSize;
        private final int sslSessionTimeout;

        public SSLServerChannelPipelineFactory(NettyTransport nettyTransport, String str, Settings settings, Settings settings2) {
            super(nettyTransport, str, settings);
            this.keystoreType = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_TYPE, System.getProperty("javax.net.ssl.keyStoreType", "JKS"));
            this.keystoreFilePath = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_FILEPATH, System.getProperty("javax.net.ssl.keyStore", null));
            this.keystorePassword = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_PASSWORD, System.getProperty("javax.net.ssl.keyStorePassword", "changeit"));
            this.truststoreType = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, System.getProperty("javax.net.ssl.trustStoreType", "JKS"));
            this.truststoreFilePath = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_FILEPATH, System.getProperty("javax.net.ssl.trustStore", null));
            this.truststorePassword = settings2.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_PASSWORD, System.getProperty("javax.net.ssl.trustStorePassword", "changeit"));
            this.sslSessionCacheSize = settings2.getAsInt(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, Integer.valueOf(SSLNettyTransport.SECURITY_SSL_TRANSPORT_NODE_SESSION_CACHE_SIZE_DEFAULT)).intValue();
            this.sslSessionTimeout = settings2.getAsInt(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_TYPE, Integer.valueOf(SSLNettyTransport.SECURITY_SSL_TRANSPORT_NODE_SESSION_TIMEOUT_DEFAULT)).intValue();
            this.needClientAuth = settings2.getAsBoolean(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_NEED_CLIENTAUTH, true).booleanValue();
        }

        @Override // de.saly.es.example.tssl.netty.SecureNettyTransport.SecureServerChannelPipelineFactory
        public ChannelPipeline getPipeline() throws Exception {
            ChannelPipeline pipeline = super.getPipeline();
            SSLEngine createSSLEngine = SSLNettyTransport.this.createSSLContext(this.keystoreType, this.keystoreFilePath, this.keystorePassword, this.truststoreType, this.truststoreFilePath, this.truststorePassword, this.sslSessionCacheSize, this.sslSessionTimeout).createSSLEngine();
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setCipherSuites(SecurityUtil.ENABLED_SSL_CIPHERS);
            sSLParameters.setProtocols(SecurityUtil.ENABLED_SSL_PROTOCOLS);
            sSLParameters.setNeedClientAuth(this.needClientAuth);
            createSSLEngine.setSSLParameters(sSLParameters);
            createSSLEngine.setUseClientMode(false);
            SslHandler sslHandler = new SslHandler(createSSLEngine);
            sslHandler.setEnableRenegotiation(true);
            pipeline.addFirst("ssl_server", sslHandler);
            return pipeline;
        }
    }

    @Inject
    public SSLNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays, Version version) {
        super(settings, threadPool, networkService, bigArrays, version);
        this.contextCache = ConcurrentCollections.newConcurrentMap();
    }

    public ChannelPipelineFactory configureClientChannelPipelineFactory() {
        this.logger.info("Node client configured for SSL", new Object[0]);
        return new SSLClientChannelPipelineFactory(this, this.settings);
    }

    public ChannelPipelineFactory configureServerChannelPipelineFactory(String str, Settings settings) {
        this.logger.info("Node server configured for SSL", new Object[0]);
        return new SSLServerChannelPipelineFactory(this, str, settings, this.settings);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLContext createSSLContext(String str, String str2, String str3, String str4, String str5, String str6, int i, int i2) throws KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException {
        if (StringUtils.isBlank(str2) || StringUtils.isBlank(str5)) {
            this.logger.error("security.ssl.transport.node.keystore.path and security.ssl.transport.node.truststore.path must be set if transport ssl is reqested.", new Object[0]);
            throw new IOException("security.ssl.transport.node.keystore.path and security.ssl.transport.node.truststore.path must be set if transport ssl is reqested.");
        }
        String str7 = str2 + str5;
        if (this.contextCache.containsKey(str7)) {
            return this.contextCache.get(str7);
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(new FileInputStream(new File(str2)), str3.toCharArray());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str3.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance(str4);
        keyStore2.load(new FileInputStream(new File(str5)), str6.toCharArray());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore2);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        sSLContext.getServerSessionContext().setSessionCacheSize(i);
        sSLContext.getServerSessionContext().setSessionTimeout(i2);
        this.contextCache.put(str7, sSLContext);
        return sSLContext;
    }
}
