package org.apache.flink.kubernetes.operator.ssl;

import java.io.File;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import org.apache.flink.shaded.netty4.io.netty.buffer.ByteBufAllocator;
import org.apache.flink.shaded.netty4.io.netty.handler.codec.http2.Http2SecurityUtil;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.ApplicationProtocolNegotiator;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContext;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslContextBuilder;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SupportedCipherSuiteFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/kubernetes/operator/ssl/ReloadableSslContext.class */
public class ReloadableSslContext extends SslContext {
    private static final Logger LOG = LoggerFactory.getLogger(ReloadableSslContext.class);
    private final String keystorePath;
    private final String keystoreType;
    private final String keystorePassword;
    private volatile SslContext sslContext;

    public ReloadableSslContext(String str, String str2, String str3) throws Exception {
        this.keystorePath = str;
        this.keystoreType = str2;
        this.keystorePassword = str3;
        loadContext();
    }

    public boolean isClient() {
        return this.sslContext.isClient();
    }

    public List<String> cipherSuites() {
        return this.sslContext.cipherSuites();
    }

    public ApplicationProtocolNegotiator applicationProtocolNegotiator() {
        return this.sslContext.applicationProtocolNegotiator();
    }

    public SSLEngine newEngine(ByteBufAllocator byteBufAllocator) {
        return this.sslContext.newEngine(byteBufAllocator);
    }

    public SSLEngine newEngine(ByteBufAllocator byteBufAllocator, String str, int i) {
        return this.sslContext.newEngine(byteBufAllocator, str, i);
    }

    public SSLSessionContext sessionContext() {
        return this.sslContext.sessionContext();
    }

    public void reload() throws Exception {
        loadContext();
    }

    private void loadContext() throws Exception {
        LOG.info("Creating keystore with type: " + this.keystoreType);
        KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
        LOG.info("Loading keystore from file: " + this.keystorePath);
        InputStream newInputStream = Files.newInputStream(new File(this.keystorePath).toPath(), new OpenOption[0]);
        try {
            keyStore.load(newInputStream, this.keystorePassword.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            LOG.info("Initializing key manager with keystore and password");
            keyManagerFactory.init(keyStore, this.keystorePassword.toCharArray());
            this.sslContext = SslContextBuilder.forServer(keyManagerFactory).ciphers(Http2SecurityUtil.CIPHERS, SupportedCipherSuiteFilter.INSTANCE).build();
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
