package org.apache.ignite.internal.client.io.netty;

import io.netty.bootstrap.Bootstrap;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelOption;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.SocketChannel;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.concurrent.CompletableFuture;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.ignite.client.ClientAuthenticationMode;
import org.apache.ignite.client.IgniteClientConfiguration;
import org.apache.ignite.client.IgniteClientConnectionException;
import org.apache.ignite.client.SslConfiguration;
import org.apache.ignite.internal.client.ClientMetricSource;
import org.apache.ignite.internal.client.io.ClientConnection;
import org.apache.ignite.internal.client.io.ClientConnectionMultiplexer;
import org.apache.ignite.internal.client.io.ClientConnectionStateHandler;
import org.apache.ignite.internal.client.io.ClientMessageHandler;
import org.apache.ignite.internal.client.proto.ClientMessageDecoder;
import org.apache.ignite.lang.ErrorGroups;
import org.apache.ignite.lang.IgniteException;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/ignite/internal/client/io/netty/NettyClientConnectionMultiplexer.class */
public class NettyClientConnectionMultiplexer implements ClientConnectionMultiplexer {
    private final NioEventLoopGroup workerGroup = new NioEventLoopGroup();
    private final Bootstrap bootstrap = new Bootstrap();
    private final ClientMetricSource metrics;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.ignite.internal.client.io.netty.NettyClientConnectionMultiplexer$2, reason: invalid class name */
    /* loaded from: input_file:org/apache/ignite/internal/client/io/netty/NettyClientConnectionMultiplexer$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$ignite$client$ClientAuthenticationMode = new int[ClientAuthenticationMode.values().length];

        static {
            try {
                $SwitchMap$org$apache$ignite$client$ClientAuthenticationMode[ClientAuthenticationMode.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$ignite$client$ClientAuthenticationMode[ClientAuthenticationMode.REQUIRE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$ignite$client$ClientAuthenticationMode[ClientAuthenticationMode.OPTIONAL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public NettyClientConnectionMultiplexer(ClientMetricSource clientMetricSource) {
        this.metrics = clientMetricSource;
    }

    @Override // org.apache.ignite.internal.client.io.ClientConnectionMultiplexer
    public void start(IgniteClientConfiguration igniteClientConfiguration) {
        try {
            final SslContext sslContext = setupSsl(igniteClientConfiguration.ssl());
            this.bootstrap.group(this.workerGroup);
            this.bootstrap.channel(NioSocketChannel.class);
            this.bootstrap.option(ChannelOption.TCP_NODELAY, true);
            this.bootstrap.option(ChannelOption.SO_KEEPALIVE, true);
            this.bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, Integer.valueOf((int) igniteClientConfiguration.connectTimeout()));
            this.bootstrap.handler(new ChannelInitializer<SocketChannel>() { // from class: org.apache.ignite.internal.client.io.netty.NettyClientConnectionMultiplexer.1
                public void initChannel(SocketChannel socketChannel) {
                    if (sslContext != null) {
                        socketChannel.pipeline().addFirst("ssl", sslContext.newHandler(socketChannel.alloc()));
                    }
                    socketChannel.pipeline().addLast(new ChannelHandler[]{new ClientMessageDecoder(), new NettyClientMessageHandler()});
                }
            });
        } catch (Throwable th) {
            this.workerGroup.shutdownGracefully();
            throw th;
        }
    }

    @Nullable
    private static SslContext setupSsl(@Nullable SslConfiguration sslConfiguration) {
        if (sslConfiguration == null || !sslConfiguration.enabled()) {
            return null;
        }
        try {
            SslContextBuilder trustManager = SslContextBuilder.forClient().trustManager(loadTrustManagerFactory(sslConfiguration));
            trustManager.ciphers(sslConfiguration.ciphers());
            ClientAuth nettyClientAuth = toNettyClientAuth(sslConfiguration.clientAuthenticationMode());
            if (ClientAuth.NONE != nettyClientAuth) {
                trustManager.clientAuth(nettyClientAuth).keyManager(loadKeyManagerFactory(sslConfiguration));
            }
            return trustManager.build();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new IgniteException(ErrorGroups.Client.CLIENT_SSL_CONFIGURATION_ERR, "Client SSL configuration error: " + e.getMessage(), e);
        }
    }

    private static KeyManagerFactory loadKeyManagerFactory(SslConfiguration sslConfiguration) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        if (sslConfiguration.keyStorePath() != null) {
            char[] charArray = sslConfiguration.keyStorePassword() == null ? null : sslConfiguration.keyStorePassword().toCharArray();
            keyManagerFactory.init(KeyStore.getInstance(new File(sslConfiguration.keyStorePath()), charArray), charArray);
        } else {
            keyManagerFactory.init(null, null);
        }
        return keyManagerFactory;
    }

    private static TrustManagerFactory loadTrustManagerFactory(SslConfiguration sslConfiguration) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        if (sslConfiguration.trustStorePath() != null) {
            trustManagerFactory.init(KeyStore.getInstance(new File(sslConfiguration.trustStorePath()), sslConfiguration.trustStorePassword() == null ? null : sslConfiguration.trustStorePassword().toCharArray()));
        } else {
            trustManagerFactory.init((KeyStore) null);
        }
        return trustManagerFactory;
    }

    private static ClientAuth toNettyClientAuth(ClientAuthenticationMode clientAuthenticationMode) {
        switch (AnonymousClass2.$SwitchMap$org$apache$ignite$client$ClientAuthenticationMode[clientAuthenticationMode.ordinal()]) {
            case 1:
                return ClientAuth.NONE;
            case 2:
                return ClientAuth.REQUIRE;
            case IgniteClientConfiguration.DFLT_RECONNECT_THROTTLING_RETRIES /* 3 */:
                return ClientAuth.OPTIONAL;
            default:
                throw new IllegalArgumentException("Client authentication type is not supported");
        }
    }

    @Override // org.apache.ignite.internal.client.io.ClientConnectionMultiplexer
    public void stop() {
        this.workerGroup.shutdownGracefully();
    }

    @Override // org.apache.ignite.internal.client.io.ClientConnectionMultiplexer
    public CompletableFuture<ClientConnection> openAsync(InetSocketAddress inetSocketAddress, ClientMessageHandler clientMessageHandler, ClientConnectionStateHandler clientConnectionStateHandler) throws IgniteClientConnectionException {
        CompletableFuture<ClientConnection> completableFuture = new CompletableFuture<>();
        this.bootstrap.connect(inetSocketAddress).addListener(future -> {
            if (!future.isSuccess()) {
                Throwable cause = future.cause();
                completableFuture.completeExceptionally(new IgniteClientConnectionException(ErrorGroups.Client.CONNECTION_ERR, "Client failed to connect: " + cause.getMessage(), cause));
                return;
            }
            this.metrics.connectionsEstablishedIncrement();
            this.metrics.connectionsActiveIncrement();
            ChannelFuture channelFuture = (ChannelFuture) future;
            channelFuture.channel().closeFuture().addListener(future -> {
                this.metrics.connectionsActiveDecrement();
            });
            completableFuture.complete(new NettyClientConnection(channelFuture.channel(), clientMessageHandler, clientConnectionStateHandler, this.metrics));
        });
        return completableFuture;
    }
}
