package omm.south.server;

import java.net.InetSocketAddress;
import omm.thrift.transport.ThriftSSLTransportFactory;
import org.apache.thrift.protocol.TBinaryProtocol;
import org.apache.thrift.server.TServer;
import org.apache.thrift.server.TThreadPoolServer;
import org.apache.thrift.transport.TServerSocket;
import org.wcc.framework.AppProperties;
import org.wcc.framework.AppRuntimeException;
import org.wcc.framework.log.AppLogger;
import org.wcc.framework.util.encrypt.Crypter;
import org.wcc.framework.util.encrypt.CrypterFactory;

/* loaded from: input_file:omm/south/server/ThriftSSLServer.class */
public class ThriftSSLServer extends AbstractServer {
    private String keyStore;
    private String keySequence;
    private String trustStore;
    private String trustSequence;
    private TServerSocket serverTransport;
    private TServer server;
    private static final AppLogger LOG = AppLogger.getInstance(ThriftSSLServer.class);
    private static final String[] SSL_CIPHERS = {"TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"};
    private static final String[] SSL_PROTOCOL = {"TLS", "TLSv1", "TLSv1.1", "TLSv1.2"};
    private static String protocol = AppProperties.get("tls_protocol", "TLS");

    public ThriftSSLServer(InetSocketAddress inetSocketAddress, int i) {
        super(inetSocketAddress, i);
        this.keyStore = AppProperties.get("KeyStore");
        this.keySequence = AppProperties.get("KeySequence");
        this.trustStore = AppProperties.get("TrustStore");
        this.trustSequence = AppProperties.get("TrustSequence");
    }

    private boolean isVaildProtocol(String str) {
        if (null == str || str.trim().isEmpty()) {
            return false;
        }
        for (String str2 : SSL_PROTOCOL) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // omm.south.server.AbstractServer
    public void stop() {
        if (null != this.serverTransport) {
            this.serverTransport.close();
        }
        if (null != this.server) {
            this.server.stop();
        }
    }

    @Override // omm.south.server.AbstractServer
    protected void startServer(int i) throws ThriftServerException {
        InetSocketAddress bindAddr = getBindAddr();
        try {
            if (null == this.keyStore || null == this.keySequence) {
                throw new IllegalArgumentException("serverKeyStore or serverKeySequence is null");
            }
            if (null == this.trustStore || null == this.trustSequence) {
                throw new IllegalArgumentException("clientTrustStore or clientTrustSequence is null");
            }
            if (!isVaildProtocol(protocol)) {
                throw new IllegalArgumentException("protocol is invaild.");
            }
            Crypter crypter = CrypterFactory.getCrypter("AES_CBC");
            String decryptByRootKey = crypter.decryptByRootKey(this.keySequence);
            String decryptByRootKey2 = crypter.decryptByRootKey(this.trustSequence);
            ThriftSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new ThriftSSLTransportFactory.TSSLTransportParameters(protocol, SSL_CIPHERS, true);
            tSSLTransportParameters.setKeyStore(this.keyStore, decryptByRootKey);
            tSSLTransportParameters.setTrustStore(this.trustStore, decryptByRootKey2);
            tSSLTransportParameters.requireClientAuth(true);
            LOG.info("protocol type:" + protocol);
            this.serverTransport = ThriftSSLTransportFactory.getServerSocket(bindAddr.getPort(), getClientTimeout(), bindAddr.getAddress(), tSSLTransportParameters);
            TThreadPoolServer.Args processor = new TThreadPoolServer.Args(this.serverTransport).processor(getProcessor());
            processor.protocolFactory(new TBinaryProtocol.Factory());
            processor.maxWorkerThreads(i);
            processor.minWorkerThreads(i);
            this.server = new TThreadPoolServer(processor);
            LOG.info("SSL Thrift Startup Parameters[workThreadAmount:{}, maxReadBufferBytes:{}]", new Object[]{Integer.valueOf(i), Integer.valueOf(getMaxReadBufferBytes())});
            LOG.info("[" + getClass().getSimpleName() + "{" + bindAddr.getAddress().toString() + "," + bindAddr.getPort() + "}]server start OK");
            this.server.serve();
        } catch (Exception e) {
            LOG.error("[" + getClass().getSimpleName() + "{" + bindAddr.getAddress().toString() + "," + bindAddr.getPort() + "}]server start faild,Exception:", e);
            throw new ThriftServerException(e);
        } catch (AppRuntimeException e2) {
            LOG.error("Failed to decrypt:", e2);
            throw new ThriftServerException((Throwable) e2);
        }
    }
}
