package org.apache.kafka.common.network;

import java.io.Closeable;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.SslConfigs;
import org.apache.kafka.common.config.internals.BrokerSecurityConfigs;
import org.apache.kafka.common.config.internals.ConfluentConfigs;
import org.apache.kafka.common.memory.MemoryPool;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.apache.kafka.common.security.auth.KafkaPrincipalBuilder;
import org.apache.kafka.common.security.auth.SslAuthenticationContext;
import org.apache.kafka.common.security.ssl.SslFactory;
import org.apache.kafka.common.security.ssl.SslPrincipalMapper;
import org.apache.kafka.common.utils.LogContext;
import org.apache.kafka.common.utils.Utils;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/kafka/common/network/SslChannelBuilder.class */
public class SslChannelBuilder implements ChannelBuilder, ListenerReconfigurable {
    private final ListenerName listenerName;
    private final boolean isInterBrokerListener;
    private SslFactory sslFactory;
    private Mode mode;
    private Map<String, ?> configs;
    private SslPrincipalMapper sslPrincipalMapper;
    private final Logger log;

    /* loaded from: input_file:org/apache/kafka/common/network/SslChannelBuilder$SslAuthenticator.class */
    private static class SslAuthenticator implements Authenticator {
        private final SslTransportLayer transportLayer;
        private final KafkaPrincipalBuilder principalBuilder;
        private final ListenerName listenerName;

        private SslAuthenticator(Map<String, ?> map, SslTransportLayer sslTransportLayer, ListenerName listenerName, SslPrincipalMapper sslPrincipalMapper) {
            this.transportLayer = sslTransportLayer;
            this.principalBuilder = ChannelBuilders.createPrincipalBuilder(map, sslTransportLayer, this, null, sslPrincipalMapper);
            this.listenerName = listenerName;
        }

        @Override // org.apache.kafka.common.network.Authenticator
        public void authenticate() {
        }

        @Override // org.apache.kafka.common.network.Authenticator
        public KafkaPrincipal principal() {
            InetAddress inetAddress = this.transportLayer.socketChannel().socket().getInetAddress();
            if (this.listenerName == null) {
                throw new IllegalStateException("Unexpected call to principal() when listenerName is null");
            }
            return this.principalBuilder.build(new SslAuthenticationContext(this.transportLayer.sslSession(), inetAddress, this.listenerName.value()));
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            if (this.principalBuilder instanceof Closeable) {
                Utils.closeQuietly((Closeable) this.principalBuilder, "principal builder");
            }
        }

        @Override // org.apache.kafka.common.network.Authenticator
        public boolean complete() {
            return true;
        }
    }

    public SslChannelBuilder(Mode mode, ListenerName listenerName, boolean z, LogContext logContext) {
        this.mode = mode;
        this.listenerName = listenerName;
        this.isInterBrokerListener = z;
        this.log = logContext.logger(getClass());
    }

    @Override // org.apache.kafka.common.Configurable
    public void configure(Map<String, ?> map) throws KafkaException {
        try {
            this.configs = map;
            String str = (String) map.get(BrokerSecurityConfigs.SSL_PRINCIPAL_MAPPING_RULES_CONFIG);
            if (str != null) {
                this.sslPrincipalMapper = SslPrincipalMapper.fromRules(str);
            }
            this.sslFactory = new SslFactory(this.mode, null, this.isInterBrokerListener);
            this.sslFactory.configure(this.configs);
        } catch (Exception e) {
            throw new KafkaException(e);
        }
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public Set<String> reconfigurableConfigs() {
        return SslConfigs.RECONFIGURABLE_CONFIGS;
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public void validateReconfiguration(Map<String, ?> map) {
        this.sslFactory.validateReconfiguration(map);
    }

    @Override // org.apache.kafka.common.Reconfigurable
    public void reconfigure(Map<String, ?> map) {
        this.sslFactory.reconfigure(map);
    }

    @Override // org.apache.kafka.common.network.ListenerReconfigurable
    public ListenerName listenerName() {
        return this.listenerName;
    }

    @Override // org.apache.kafka.common.network.ChannelBuilder
    public KafkaChannel buildChannel(String str, SelectionKey selectionKey, int i, MemoryPool memoryPool, ChannelMetadataRegistry channelMetadataRegistry) throws KafkaException {
        try {
            SslTransportLayer buildTransportLayer = buildTransportLayer(this.sslFactory, str, selectionKey, peerHost(selectionKey), channelMetadataRegistry);
            return new KafkaChannel(str, buildTransportLayer, () -> {
                return new SslAuthenticator(this.configs, buildTransportLayer, this.listenerName, this.sslPrincipalMapper);
            }, i, memoryPool != null ? memoryPool : MemoryPool.NONE, channelMetadataRegistry, ConfluentConfigs.buildBrokerInterceptor(this.mode, this.configs));
        } catch (Exception e) {
            this.log.info("Failed to create channel due to ", e);
            throw new KafkaException(e);
        }
    }

    @Override // org.apache.kafka.common.network.ChannelBuilder, java.lang.AutoCloseable
    public void close() {
    }

    protected SslTransportLayer buildTransportLayer(SslFactory sslFactory, String str, SelectionKey selectionKey, String str2, ChannelMetadataRegistry channelMetadataRegistry) throws IOException {
        SSLEngine createSslEngine = sslFactory.createSslEngine(str2, ((SocketChannel) selectionKey.channel()).socket().getPort());
        return SslTransportLayer.create(str, selectionKey, createSslEngine, channelMetadataRegistry, sslFactory.createCloseableSslEngine(createSslEngine));
    }

    private String peerHost(SelectionKey selectionKey) {
        return new InetSocketAddress(((SocketChannel) selectionKey.channel()).socket().getInetAddress(), 0).getHostString();
    }
}
