package com.huawei.iotdb.db.ssl;

import com.huawei.hadoop.security.crypter.CrypterUtil;
import com.huawei.iotdb.rpc.ssl.SSLContextFactory;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import javax.net.ssl.KeyManagerFactory;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.security.encrypt.EncryptDecryptException;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.apache.thrift.transport.TServerSocket;
import org.apache.thrift.transport.TServerTransport;
import org.apache.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/iotdb/db/ssl/ServerSSLContextFactory.class */
public class ServerSSLContextFactory extends SSLContextFactory {
    private static final Logger LOG = LoggerFactory.getLogger(ServerSSLContextFactory.class);
    private static final CommonConfig config = CommonDescriptor.getInstance().getConfig();

    /* loaded from: input_file:com/huawei/iotdb/db/ssl/ServerSSLContextFactory$Holder.class */
    private static class Holder {
        static ServerSSLContextFactory factory = new ServerSSLContextFactory();

        private Holder() {
        }
    }

    private ServerSSLContextFactory() {
        initConfig();
    }

    public String decrypt(String str) {
        try {
            return CrypterUtil.decrypt(str);
        } catch (ExceptionInInitializerError e) {
            throw new EncryptDecryptException(e);
        }
    }

    public void setTSSLTransportParameters() {
        this.keyStoreType = getProperty(this.properties, "iotdb_ssl_keystore_type", "JKS");
        this.keyManagerAlgorithm = getProperty(this.properties, "iotdb_ssl_key_manager_algorithm", KeyManagerFactory.getDefaultAlgorithm());
        this.keyStorePassword = getProperty(this.properties, "iotdb_ssl_keystore_password");
        this.keyStorePassword = decrypt(this.keyStorePassword);
        this.keyStore = getProperty(this.properties, "iotdb_ssl_keystore");
        this.params.setKeyStore(this.keyStore, this.keyStorePassword, this.keyManagerAlgorithm, this.keyStoreType);
        LOG.info("Finished to init parameter.");
    }

    public TServerTransport getSSLServerSocket(String str, int i) throws TTransportException {
        if (!config.isEnableServerKerberos() || config.getServerKerberosQoq().equals("auth") || !sslEnable) {
            return new TServerSocket(new InetSocketAddress(str, i));
        }
        try {
            TServerSocket serverSocket = TSSLTransportFactory.getServerSocket(i, 0, InetAddress.getByName(str), this.params);
            LOG.info("Start to open ssl server socket.");
            return serverSocket;
        } catch (UnknownHostException e) {
            LOG.error("Failed to get address, server ip is {}", str, e);
            throw new TTransportException(e);
        }
    }

    public static ServerSSLContextFactory getInstance() {
        return Holder.factory;
    }
}
