package org.apache.flink.runtime.rpc.pekko;

import com.typesafe.config.Config;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.remote.RemoteTransportException;
import org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider;

/* loaded from: input_file:flink-rpc-akka.jar:org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.class */
public class CustomSSLEngineProvider extends ConfigSSLEngineProvider {
    private final String sslTrustStore;
    private final String sslTrustStorePassword;
    private final List<String> sslCertFingerprints;

    public CustomSSLEngineProvider(ActorSystem actorSystem) {
        super(actorSystem);
        Config config = actorSystem.settings().config().getConfig("pekko.remote.classic.netty.ssl.security");
        this.sslTrustStore = config.getString("trust-store");
        this.sslTrustStorePassword = config.getString("trust-store-password");
        this.sslCertFingerprints = config.getStringList("cert-fingerprints");
    }

    @Override // org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider
    public TrustManager[] trustManagers() {
        try {
            TrustManagerFactory trustManagerFactory = this.sslCertFingerprints.isEmpty() ? TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) : FingerprintTrustManagerFactory.builder("SHA1").fingerprints(this.sslCertFingerprints).build();
            trustManagerFactory.init(loadKeystore(this.sslTrustStore, this.sslTrustStorePassword));
            return trustManagerFactory.getTrustManagers();
        } catch (GeneralSecurityException e) {
            throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e);
        }
    }
}
