package org.apache.ratis.netty;

import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import org.apache.ratis.security.TlsConf;
import org.apache.ratis.server.metrics.RaftServerMetricsImpl;
import org.apache.ratis.thirdparty.io.netty.channel.EventLoopGroup;
import org.apache.ratis.thirdparty.io.netty.channel.ServerChannel;
import org.apache.ratis.thirdparty.io.netty.channel.epoll.Epoll;
import org.apache.ratis.thirdparty.io.netty.channel.epoll.EpollEventLoopGroup;
import org.apache.ratis.thirdparty.io.netty.channel.epoll.EpollServerSocketChannel;
import org.apache.ratis.thirdparty.io.netty.channel.epoll.EpollSocketChannel;
import org.apache.ratis.thirdparty.io.netty.channel.nio.NioEventLoopGroup;
import org.apache.ratis.thirdparty.io.netty.channel.socket.SocketChannel;
import org.apache.ratis.thirdparty.io.netty.channel.socket.nio.NioServerSocketChannel;
import org.apache.ratis.thirdparty.io.netty.channel.socket.nio.NioSocketChannel;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContext;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslContextBuilder;
import org.apache.ratis.util.ConcurrentUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ratis/netty/NettyUtils.class */
public interface NettyUtils {
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) NettyUtils.class);

    /* loaded from: input_file:org/apache/ratis/netty/NettyUtils$Print.class */
    public static class Print {
        private static final AtomicBoolean PRINTED_EPOLL_UNAVAILABILITY_CAUSE = new AtomicBoolean();

        private Print() {
        }

        static void epollUnavailability(String str) {
            if (NettyUtils.LOG.isWarnEnabled()) {
                if (PRINTED_EPOLL_UNAVAILABILITY_CAUSE.compareAndSet(false, true)) {
                    NettyUtils.LOG.warn(str, (Throwable) new IllegalStateException("Epoll is unavailable.", Epoll.unavailabilityCause()));
                } else {
                    NettyUtils.LOG.warn(str);
                }
            }
        }
    }

    static EventLoopGroup newEventLoopGroup(String str, int i, boolean z) {
        if (z) {
            if (Epoll.isAvailable()) {
                LOG.info("Create EpollEventLoopGroup for {}; Thread size is {}.", str, Integer.valueOf(i));
                return new EpollEventLoopGroup(i, ConcurrentUtils.newThreadFactory(str + "-"));
            }
            Print.epollUnavailability("Failed to create EpollEventLoopGroup for " + str + "; fall back on NioEventLoopGroup.");
        }
        return new NioEventLoopGroup(i, ConcurrentUtils.newThreadFactory(str + "-"));
    }

    static void setTrustManager(SslContextBuilder sslContextBuilder, TlsConf.TrustManagerConf trustManagerConf) {
        if (trustManagerConf == null) {
            return;
        }
        TrustManager trustManager = trustManagerConf.getTrustManager();
        if (trustManager != null) {
            sslContextBuilder.trustManager(trustManager);
            return;
        }
        TlsConf.CertificatesConf trustCertificates = trustManagerConf.getTrustCertificates();
        if (trustCertificates.isFileBased()) {
            sslContextBuilder.trustManager(trustCertificates.getFile());
        } else {
            sslContextBuilder.trustManager(trustCertificates.get());
        }
    }

    static void setKeyManager(SslContextBuilder sslContextBuilder, TlsConf.KeyManagerConf keyManagerConf) {
        if (keyManagerConf == null) {
            return;
        }
        KeyManager keyManager = keyManagerConf.getKeyManager();
        if (keyManager != null) {
            sslContextBuilder.keyManager(keyManager);
            return;
        }
        TlsConf.PrivateKeyConf privateKey = keyManagerConf.getPrivateKey();
        TlsConf.CertificatesConf keyCertificates = keyManagerConf.getKeyCertificates();
        if (keyManagerConf.isFileBased()) {
            sslContextBuilder.keyManager(keyCertificates.getFile(), privateKey.getFile());
        } else {
            sslContextBuilder.keyManager(privateKey.get(), keyCertificates.get());
        }
    }

    static SslContextBuilder initSslContextBuilderForServer(TlsConf.KeyManagerConf keyManagerConf) {
        KeyManager keyManager = keyManagerConf.getKeyManager();
        if (keyManager != null) {
            return SslContextBuilder.forServer(keyManager);
        }
        TlsConf.PrivateKeyConf privateKey = keyManagerConf.getPrivateKey();
        TlsConf.CertificatesConf keyCertificates = keyManagerConf.getKeyCertificates();
        return keyManagerConf.isFileBased() ? SslContextBuilder.forServer(keyCertificates.getFile(), privateKey.getFile()) : SslContextBuilder.forServer(privateKey.get(), keyCertificates.get());
    }

    static SslContextBuilder initSslContextBuilderForServer(TlsConf tlsConf) {
        SslContextBuilder initSslContextBuilderForServer = initSslContextBuilderForServer(tlsConf.getKeyManager());
        if (tlsConf.isMutualTls()) {
            setTrustManager(initSslContextBuilderForServer, tlsConf.getTrustManager());
        }
        return initSslContextBuilderForServer;
    }

    static SslContext buildSslContextForServer(TlsConf tlsConf) {
        return buildSslContext(RaftServerMetricsImpl.RATIS_SERVER_METRICS, tlsConf, NettyUtils::initSslContextBuilderForServer);
    }

    static SslContextBuilder initSslContextBuilderForClient(TlsConf tlsConf) {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        setTrustManager(forClient, tlsConf.getTrustManager());
        if (tlsConf.isMutualTls()) {
            setKeyManager(forClient, tlsConf.getKeyManager());
        }
        return forClient;
    }

    static SslContext buildSslContextForClient(TlsConf tlsConf) {
        return buildSslContext("client", tlsConf, NettyUtils::initSslContextBuilderForClient);
    }

    static SslContext buildSslContext(String str, TlsConf tlsConf, Function<TlsConf, SslContextBuilder> function) {
        if (tlsConf == null) {
            return null;
        }
        try {
            SslContext build = function.apply(tlsConf).build();
            LOG.debug("buildSslContext for {} from {} returns {}", str, tlsConf, build.getClass().getName());
            return build;
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed to buildSslContext for " + str + " from " + tlsConf, e);
        }
    }

    static Class<? extends SocketChannel> getSocketChannelClass(EventLoopGroup eventLoopGroup) {
        return eventLoopGroup instanceof EpollEventLoopGroup ? EpollSocketChannel.class : NioSocketChannel.class;
    }

    static Class<? extends ServerChannel> getServerChannelClass(EventLoopGroup eventLoopGroup) {
        return eventLoopGroup instanceof EpollEventLoopGroup ? EpollServerSocketChannel.class : NioServerSocketChannel.class;
    }
}
