package org.eclipse.hono.service;

import io.netty.handler.ssl.OpenSsl;
import io.opentracing.Tracer;
import io.opentracing.noop.NoopTracerFactory;
import io.vertx.core.Future;
import io.vertx.core.Promise;
import io.vertx.core.http.ClientAuth;
import io.vertx.core.net.KeyCertOptions;
import io.vertx.core.net.NetServerOptions;
import io.vertx.core.net.OpenSSLEngineOptions;
import io.vertx.core.net.TrustOptions;
import io.vertx.ext.healthchecks.HealthCheckHandler;
import java.util.Objects;
import org.eclipse.hono.config.ServiceConfigProperties;
import org.eclipse.hono.util.ConfigurationSupportingVerticle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:org/eclipse/hono/service/AbstractServiceBase.class */
public abstract class AbstractServiceBase<T extends ServiceConfigProperties> extends ConfigurationSupportingVerticle<T> implements HealthCheckProvider {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected Tracer tracer = NoopTracerFactory.create();
    private HealthCheckServer healthCheckServer = new NoopHealthCheckServer();

    @Autowired(required = false)
    public final void setTracer(Tracer tracer) {
        this.log.info("using OpenTracing Tracer implementation [{}]", tracer.getClass().getName());
        this.tracer = (Tracer) Objects.requireNonNull(tracer);
    }

    @Autowired(required = false)
    public void setHealthCheckServer(HealthCheckServer healthCheckServer) {
        this.healthCheckServer = (HealthCheckServer) Objects.requireNonNull(healthCheckServer);
    }

    public final void start(Promise<Void> promise) {
        this.healthCheckServer.registerHealthCheckResources(this);
        startInternal().onComplete(promise);
    }

    protected Future<Void> startInternal() {
        return Future.succeededFuture();
    }

    public final void stop(Promise<Void> promise) {
        stopInternal().onComplete(promise);
    }

    protected Future<Void> stopInternal() {
        return Future.succeededFuture();
    }

    public void registerReadinessChecks(HealthCheckHandler healthCheckHandler) {
    }

    public void registerLivenessChecks(HealthCheckHandler healthCheckHandler) {
    }

    public abstract int getPortDefaultValue();

    public abstract int getInsecurePortDefaultValue();

    protected abstract int getActualPort();

    protected abstract int getActualInsecurePort();

    public final int getPort() {
        if (getActualPort() != -1) {
            return getActualPort();
        }
        if (isSecurePortEnabled()) {
            return ((ServiceConfigProperties) getConfig()).getPort(getPortDefaultValue());
        }
        return -1;
    }

    public final int getInsecurePort() {
        if (getActualInsecurePort() != -1) {
            return getActualInsecurePort();
        }
        if (isInsecurePortEnabled()) {
            return ((ServiceConfigProperties) getConfig()).getInsecurePort(getInsecurePortDefaultValue());
        }
        return -1;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Future<Void> checkPortConfiguration() {
        if (this.vertx != null) {
            this.log.info("vert.x uses native transport: {}", Boolean.valueOf(this.vertx.isNativeTransportEnabled()));
        }
        Promise promise = Promise.promise();
        if (((ServiceConfigProperties) getConfig()).getKeyCertOptions() == null) {
            if (((ServiceConfigProperties) getConfig()).getPort() >= 0) {
                this.log.warn("secure port number set but no key/certificate configured, secure port will not be opened");
            }
            if (((ServiceConfigProperties) getConfig()).isInsecurePortEnabled()) {
                promise.complete();
            } else {
                this.log.error("configuration must have at least one of key & certificate or insecure port set to start up");
                promise.fail("no ports configured");
            }
        } else if (!((ServiceConfigProperties) getConfig()).isInsecurePortEnabled()) {
            promise.complete();
        } else if (((ServiceConfigProperties) getConfig()).getPort(getPortDefaultValue()) == ((ServiceConfigProperties) getConfig()).getInsecurePort(getInsecurePortDefaultValue())) {
            this.log.error("secure and insecure ports must be configured to bind to different port numbers");
            promise.fail("secure and insecure ports configured to bind to same port number");
        } else {
            promise.complete();
        }
        return promise.future();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final int determineSecurePort() {
        int port = ((ServiceConfigProperties) getConfig()).getPort(getPortDefaultValue());
        if (port == getPortDefaultValue()) {
            this.log.info("Server uses secure standard port {}", Integer.valueOf(port));
        } else if (port == 0) {
            this.log.info("Server found secure port number configured for ephemeral port selection (port chosen automatically).");
        }
        return port;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final int determineInsecurePort() {
        int insecurePort = ((ServiceConfigProperties) getConfig()).getInsecurePort(getInsecurePortDefaultValue());
        if (insecurePort == 0) {
            this.log.info("Server found insecure port number configured for ephemeral port selection (port chosen automatically).");
        } else if (insecurePort == getInsecurePortDefaultValue()) {
            this.log.info("Server uses standard insecure port {}", Integer.valueOf(insecurePort));
        } else if (insecurePort == getPortDefaultValue()) {
            this.log.warn("Server found insecure port number configured to standard port for secure connections {}", Integer.valueOf(((ServiceConfigProperties) getConfig()).getInsecurePort()));
            this.log.warn("Possibly misconfigured?");
        }
        return insecurePort;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurePortEnabled() {
        return ((ServiceConfigProperties) getConfig()).getKeyCertOptions() != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInsecurePortEnabled() {
        return ((ServiceConfigProperties) getConfig()).isInsecurePortEnabled();
    }

    public final String getBindAddress() {
        return ((ServiceConfigProperties) getConfig()).getBindAddress();
    }

    public final String getInsecurePortBindAddress() {
        return ((ServiceConfigProperties) getConfig()).getInsecurePortBindAddress();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void addTlsTrustOptions(NetServerOptions netServerOptions) {
        TrustOptions serverTrustOptions;
        if (netServerOptions.isSsl() && netServerOptions.getTrustOptions() == null && (serverTrustOptions = getServerTrustOptions()) != null) {
            netServerOptions.setTrustOptions(serverTrustOptions).setClientAuth(ClientAuth.REQUEST);
            this.log.info("enabling client authentication using certificates [{}]", serverTrustOptions.getClass().getName());
        }
    }

    protected TrustOptions getServerTrustOptions() {
        return ((ServiceConfigProperties) getConfig()).getTrustOptions();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void addTlsKeyCertOptions(NetServerOptions netServerOptions) {
        KeyCertOptions keyCertOptions = ((ServiceConfigProperties) getConfig()).getKeyCertOptions();
        if (keyCertOptions != null) {
            netServerOptions.setSsl(true).setKeyCertOptions(keyCertOptions);
        }
        if (netServerOptions.isSsl()) {
            boolean isAvailable = OpenSsl.isAvailable();
            boolean supportsKeyManagerFactory = OpenSsl.supportsKeyManagerFactory();
            boolean z = ((ServiceConfigProperties) getConfig()).isNativeTlsRequired() || (isAvailable && supportsKeyManagerFactory);
            this.log.debug("OpenSSL [available: {}, supports KeyManagerFactory: {}]", Boolean.valueOf(isAvailable), Boolean.valueOf(supportsKeyManagerFactory));
            if (z) {
                this.log.info("using OpenSSL [version: {}] instead of JDK's default SSL engine", OpenSsl.versionString());
                netServerOptions.setSslEngineOptions(new OpenSSLEngineOptions());
            } else {
                this.log.info("using JDK's default SSL engine");
            }
            netServerOptions.getEnabledSecureTransportProtocols().forEach(str -> {
                netServerOptions.removeEnabledSecureTransportProtocol(str);
            });
            ((ServiceConfigProperties) getConfig()).getSecureProtocols().forEach(str2 -> {
                this.log.info("enabling secure protocol [{}]", str2);
                netServerOptions.addEnabledSecureTransportProtocol(str2);
            });
            netServerOptions.setSni(((ServiceConfigProperties) getConfig()).isSni());
            this.log.info("Service supports TLS ServerNameIndication: {}", Boolean.valueOf(((ServiceConfigProperties) getConfig()).isSni()));
        }
    }
}
