package org.apache.flink.runtime.net;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.flink.configuration.ConfigConstants;
import org.apache.flink.configuration.Configuration;
import org.apache.flink.util.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/runtime/net/SSLUtils.class */
public class SSLUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SSLUtils.class);

    public static boolean getSSLEnabled(Configuration configuration) {
        Preconditions.checkNotNull(configuration);
        return configuration.getBoolean(ConfigConstants.SECURITY_SSL_ENABLED, ConfigConstants.DEFAULT_SECURITY_SSL_ENABLED);
    }

    public static void setSSLVerifyHostname(Configuration configuration, SSLParameters sSLParameters) {
        Preconditions.checkNotNull(configuration);
        Preconditions.checkNotNull(sSLParameters);
        if (configuration.getBoolean(ConfigConstants.SECURITY_SSL_VERIFY_HOSTNAME, ConfigConstants.DEFAULT_SECURITY_SSL_VERIFY_HOSTNAME)) {
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        }
    }

    public static SSLContext createSSLClientContext(Configuration configuration) throws Exception {
        Preconditions.checkNotNull(configuration);
        SSLContext sSLContext = null;
        if (getSSLEnabled(configuration)) {
            LOG.debug("Creating client SSL context from configuration");
            String string = configuration.getString(ConfigConstants.SECURITY_SSL_TRUSTSTORE, (String) null);
            String string2 = configuration.getString(ConfigConstants.SECURITY_SSL_TRUSTSTORE_PASSWORD, (String) null);
            String string3 = configuration.getString(ConfigConstants.SECURITY_SSL_PROTOCOL, ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(new File(string));
                keyStore.load(fileInputStream, string2.toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                sSLContext = SSLContext.getInstance(string3);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return sSLContext;
    }

    public static SSLContext createSSLServerContext(Configuration configuration) throws Exception {
        Preconditions.checkNotNull(configuration);
        SSLContext sSLContext = null;
        if (getSSLEnabled(configuration)) {
            LOG.debug("Creating server SSL context from configuration");
            String string = configuration.getString(ConfigConstants.SECURITY_SSL_KEYSTORE, (String) null);
            String string2 = configuration.getString(ConfigConstants.SECURITY_SSL_KEYSTORE_PASSWORD, (String) null);
            String string3 = configuration.getString(ConfigConstants.SECURITY_SSL_KEY_PASSWORD, (String) null);
            String string4 = configuration.getString(ConfigConstants.SECURITY_SSL_PROTOCOL, ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(new File(string));
                keyStore.load(fileInputStream, string2.toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, string3.toCharArray());
                sSLContext = SSLContext.getInstance(string4);
                sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return sSLContext;
    }
}
