package org.apache.flume.source;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import org.apache.flume.Context;
import org.apache.flume.FlumeException;
import org.apache.flume.util.SSLUtil;
import org.codehaus.jackson.util.MinimalPrettyPrinter;

/* loaded from: input_file:org/apache/flume/source/SslContextAwareAbstractSource.class */
public abstract class SslContextAwareAbstractSource extends AbstractSource {
    private static final String SSL_ENABLED_KEY = "ssl";
    private static final boolean SSL_ENABLED_DEFAULT_VALUE = false;
    private static final String KEYSTORE_KEY = "keystore";
    private static final String KEYSTORE_PASSWORD_KEY = "keystore-password";
    private static final String KEYSTORE_TYPE_KEY = "keystore-type";
    private static final String KEYSTORE_TYPE_DEFAULT_VALUE = "JKS";
    private static final String EXCLUDE_PROTOCOLS = "exclude-protocols";
    private static final String INCLUDE_PROTOCOLS = "include-protocols";
    private static final String EXCLUDE_CIPHER_SUITES = "exclude-cipher-suites";
    private static final String INCLUDE_CIPHER_SUITES = "include-cipher-suites";
    private String keystore;
    private String keystorePassword;
    private String keystoreType;
    private boolean sslEnabled = false;
    private final Set<String> excludeProtocols = new LinkedHashSet(Arrays.asList("SSLv3"));
    private final Set<String> includeProtocols = new LinkedHashSet();
    private final Set<String> excludeCipherSuites = new LinkedHashSet();
    private final Set<String> includeCipherSuites = new LinkedHashSet();

    public String getKeystore() {
        return this.keystore;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getKeystoreType() {
        return this.keystoreType;
    }

    public Set<String> getExcludeProtocols() {
        return this.excludeProtocols;
    }

    public Set<String> getIncludeProtocols() {
        return this.includeProtocols;
    }

    public Set<String> getExcludeCipherSuites() {
        return this.excludeCipherSuites;
    }

    public Set<String> getIncludeCipherSuites() {
        return this.includeCipherSuites;
    }

    public boolean isSslEnabled() {
        return this.sslEnabled;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void configureSsl(Context context) {
        this.sslEnabled = context.getBoolean("ssl", false).booleanValue();
        this.keystore = context.getString("keystore", SSLUtil.getGlobalKeystorePath());
        this.keystorePassword = context.getString(KEYSTORE_PASSWORD_KEY, SSLUtil.getGlobalKeystorePassword());
        this.keystoreType = context.getString(KEYSTORE_TYPE_KEY, SSLUtil.getGlobalKeystoreType("JKS"));
        parseList(context.getString("exclude-protocols", SSLUtil.getGlobalExcludeProtocols()), this.excludeProtocols);
        parseList(context.getString("include-protocols", SSLUtil.getGlobalIncludeProtocols()), this.includeProtocols);
        parseList(context.getString("exclude-cipher-suites", SSLUtil.getGlobalExcludeCipherSuites()), this.excludeCipherSuites);
        parseList(context.getString("include-cipher-suites", SSLUtil.getGlobalIncludeCipherSuites()), this.includeCipherSuites);
        if (this.sslEnabled) {
            Objects.requireNonNull(this.keystore, "keystore must be specified when SSL is enabled");
            Objects.requireNonNull(this.keystorePassword, "keystore-password must be specified when SSL is enabled");
            try {
                KeyStore.getInstance(this.keystoreType).load(new FileInputStream(this.keystore), this.keystorePassword.toCharArray());
            } catch (Exception e) {
                throw new FlumeException("Source " + getName() + " configured with invalid keystore: " + this.keystore, e);
            }
        }
    }

    private Optional<SSLContext> getSslContext() {
        if (!this.sslEnabled) {
            return Optional.empty();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
            keyStore.load(new FileInputStream(this.keystore), this.keystorePassword.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, this.keystorePassword.toCharArray());
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
            return Optional.of(sSLContext);
        } catch (Exception e) {
            throw new Error("Failed to initialize the server-side SSLContext", e);
        }
    }

    private Optional<SSLEngine> getSslEngine(boolean z) {
        return getSslContext().map(sSLContext -> {
            SSLEngine createSSLEngine = sSLContext.createSSLEngine();
            createSSLEngine.setUseClientMode(z);
            createSSLEngine.setEnabledProtocols(getFilteredProtocols(createSSLEngine.getEnabledProtocols()));
            createSSLEngine.setEnabledCipherSuites(getFilteredCipherSuites(createSSLEngine.getEnabledCipherSuites()));
            return createSSLEngine;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Supplier<Optional<SSLContext>> getSslContextSupplier() {
        return this::getSslContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Supplier<Optional<SSLEngine>> getSslEngineSupplier(boolean z) {
        return () -> {
            return getSslEngine(z);
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getFilteredProtocols(SSLParameters sSLParameters) {
        return getFilteredProtocols(sSLParameters.getProtocols());
    }

    private String[] getFilteredProtocols(String[] strArr) {
        return (String[]) Stream.of((Object[]) strArr).filter(str -> {
            return this.includeProtocols.isEmpty() || this.includeProtocols.contains(str);
        }).filter(str2 -> {
            return !this.excludeProtocols.contains(str2);
        }).toArray(i -> {
            return new String[i];
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String[] getFilteredCipherSuites(SSLParameters sSLParameters) {
        return getFilteredCipherSuites(sSLParameters.getCipherSuites());
    }

    private String[] getFilteredCipherSuites(String[] strArr) {
        return (String[]) Stream.of((Object[]) strArr).filter(str -> {
            return this.includeCipherSuites.isEmpty() || this.includeCipherSuites.contains(str);
        }).filter(str2 -> {
            return !this.excludeCipherSuites.contains(str2);
        }).toArray(i -> {
            return new String[i];
        });
    }

    private void parseList(String str, Set<String> set) {
        if (Objects.nonNull(str)) {
            set.addAll(Arrays.asList(str.split(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)));
        }
    }
}
