package oadd.org.apache.drill.exec.ssl;

import java.util.Properties;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import oadd.io.netty.handler.ssl.SslContext;
import oadd.io.netty.handler.ssl.SslContextBuilder;
import oadd.io.netty.handler.ssl.SslProvider;
import oadd.org.apache.drill.common.config.DrillProperties;
import oadd.org.apache.drill.common.exceptions.DrillException;
import oadd.org.apache.drill.exec.memory.BufferAllocator;
import oadd.org.apache.drill.exec.ssl.SSLConfig;
import oadd.org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:oadd/org/apache/drill/exec/ssl/SSLConfigClient.class */
public class SSLConfigClient extends SSLConfig {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SSLConfigClient.class);
    private final Properties properties;
    private final Configuration hadoopConfig;
    private final String trustStoreType;
    private final String trustStorePath;
    private final String trustStorePassword;
    private final boolean disableHostVerification;
    private final boolean disableCertificateVerification;
    private final boolean useSystemTrustStore;
    private final String protocol;
    private final int handshakeTimeout;
    private final String provider;
    private final String emptyString = "";
    private final boolean userSslEnabled = getBooleanProperty(DrillProperties.ENABLE_TLS);

    public SSLConfigClient(Properties properties, Configuration configuration) throws DrillException {
        this.properties = properties;
        this.hadoopConfig = configuration;
        SSLCredentialsProvider sSLCredentialsProvider = SSLCredentialsProvider.getSSLCredentialsProvider(this::getStringProperty, this::getPasswordStringProperty, getMode(), getBooleanProperty(DrillProperties.USE_MAPR_SSL_CONFIG));
        this.trustStoreType = sSLCredentialsProvider.getTrustStoreType(DrillProperties.TRUSTSTORE_TYPE, "JKS");
        this.trustStorePath = sSLCredentialsProvider.getTrustStoreLocation(DrillProperties.TRUSTSTORE_PATH, "");
        this.trustStorePassword = sSLCredentialsProvider.getTrustStorePassword(DrillProperties.TRUSTSTORE_PASSWORD, resolveHadoopPropertyName("ssl.{0}.truststore.password", getMode()));
        this.disableHostVerification = getBooleanProperty(DrillProperties.DISABLE_HOST_VERIFICATION);
        this.disableCertificateVerification = getBooleanProperty(DrillProperties.DISABLE_CERT_VERIFICATION);
        this.useSystemTrustStore = getBooleanProperty(DrillProperties.USE_SYSTEM_TRUSTSTORE);
        this.protocol = getStringProperty(DrillProperties.TLS_PROTOCOL, "TLSv1.3");
        int intProperty = getIntProperty(DrillProperties.TLS_HANDSHAKE_TIMEOUT, 10000);
        this.handshakeTimeout = intProperty <= 0 ? 10000 : intProperty;
        this.provider = getStringProperty(DrillProperties.TLS_PROVIDER, SSLConfig.DEFAULT_SSL_PROVIDER);
    }

    private boolean getBooleanProperty(String str) {
        return this.properties != null && this.properties.containsKey(str) && this.properties.getProperty(str).compareToIgnoreCase("true") == 0;
    }

    private String getStringProperty(String str, String str2) {
        String str3 = "";
        if (this.properties != null && this.properties.containsKey(str)) {
            str3 = this.properties.getProperty(str);
        }
        if (str3.isEmpty()) {
            str3 = str2;
        }
        return str3.trim();
    }

    private String getPasswordStringProperty(String str, String str2) {
        String password = getPassword(str2);
        if (password == null) {
            password = getStringProperty(str, "");
        }
        return password;
    }

    private int getIntProperty(String str, int i) {
        String property;
        int i2 = i;
        if (this.properties != null && (property = this.properties.getProperty(str)) != null && property.length() > 0) {
            i2 = Integer.decode(property).intValue();
        }
        return i2;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public void validateKeyStore() throws DrillException {
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public SslContext initNettySslContext() throws DrillException {
        if (!this.userSslEnabled) {
            return null;
        }
        try {
            SslContext build = SslContextBuilder.forClient().sslProvider(getProvider()).trustManager(initializeTrustManagerFactory()).protocols(this.protocol).build();
            this.nettySslContext = build;
            return build;
        } catch (Exception e) {
            throw new DrillException("SSL is enabled but cannot be initialized due to the following exception: [ " + e.getMessage() + "]. ");
        }
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public SSLContext initJDKSSLContext() throws DrillException {
        if (!this.userSslEnabled) {
            return null;
        }
        try {
            TrustManagerFactory initializeTrustManagerFactory = initializeTrustManagerFactory();
            SSLContext sSLContext = SSLContext.getInstance(this.protocol);
            sSLContext.init(null, initializeTrustManagerFactory.getTrustManagers(), null);
            this.jdkSSlContext = sSLContext;
            return sSLContext;
        } catch (Exception e) {
            throw new DrillException("SSL is enabled but cannot be initialized due to the following exception: [ " + e.getMessage() + "]. ");
        }
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public SSLEngine createSSLEngine(BufferAllocator bufferAllocator, String str, int i) {
        SSLEngine createSSLEngine = super.createSSLEngine(bufferAllocator, str, i);
        if (!disableHostVerification()) {
            SSLParameters sSLParameters = createSSLEngine.getSSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            createSSLEngine.setSSLParameters(sSLParameters);
        }
        createSSLEngine.setUseClientMode(true);
        try {
            createSSLEngine.setEnableSessionCreation(true);
        } catch (Exception e) {
            logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
        }
        return createSSLEngine;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean isUserSslEnabled() {
        return this.userSslEnabled;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean isHttpsEnabled() {
        return false;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getKeyStoreType() {
        return "";
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getKeyStorePath() {
        return "";
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getKeyStorePassword() {
        return "";
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getKeyPassword() {
        return "";
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean hasTrustStorePath() {
        return !this.trustStorePath.isEmpty();
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean hasTrustStorePassword() {
        return !this.trustStorePassword.isEmpty();
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public String getProtocol() {
        return this.protocol;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public SslProvider getProvider() {
        return this.provider.equalsIgnoreCase(SSLConfig.DEFAULT_SSL_PROVIDER) ? SslProvider.JDK : SslProvider.OPENSSL;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public int getHandshakeTimeout() {
        return this.handshakeTimeout;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public SSLConfig.Mode getMode() {
        return SSLConfig.Mode.CLIENT;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean disableHostVerification() {
        return this.disableHostVerification;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean disableCertificateVerification() {
        return this.disableCertificateVerification;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean useSystemTrustStore() {
        return this.useSystemTrustStore;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    public boolean isSslValid() {
        return true;
    }

    @Override // oadd.org.apache.drill.exec.ssl.SSLConfig
    Configuration getHadoopConfig() {
        return this.hadoopConfig;
    }
}
