package org.apache.geode.internal.net.filewatch;

import java.io.FileInputStream;
import java.net.Socket;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.InternalGemFireException;
import org.apache.geode.annotations.VisibleForTesting;
import org.apache.geode.annotations.internal.MakeNotStatic;
import org.apache.geode.internal.net.SSLConfig;
import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.util.PasswordUtil;
import org.apache.geode.logging.internal.log4j.api.LogService;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/geode/internal/net/filewatch/FileWatchingX509ExtendedKeyManager.class */
public final class FileWatchingX509ExtendedKeyManager extends X509ExtendedKeyManager {
    private static final Logger logger = LogService.getLogger();

    @MakeNotStatic
    private static final ConcurrentHashMap<PathAndAlias, FileWatchingX509ExtendedKeyManager> instances = new ConcurrentHashMap<>();
    private final AtomicReference<X509ExtendedKeyManager> keyManager = new AtomicReference<>();
    private final Path keyStorePath;
    private final String keyStoreType;
    private final String keyStorePassword;
    private final String keyStoreAlias;
    private final PollingFileWatcher fileWatcher;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/geode/internal/net/filewatch/FileWatchingX509ExtendedKeyManager$PathAndAlias.class */
    public static class PathAndAlias {
        private final Path keyStorePath;
        private final String keyStoreAlias;

        public PathAndAlias(Path path, String str) {
            this.keyStorePath = path;
            this.keyStoreAlias = str;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PathAndAlias pathAndAlias = (PathAndAlias) obj;
            return Objects.equals(this.keyStorePath, pathAndAlias.keyStorePath) && Objects.equals(this.keyStoreAlias, pathAndAlias.keyStoreAlias);
        }

        public int hashCode() {
            return Objects.hash(this.keyStorePath, this.keyStoreAlias);
        }
    }

    private FileWatchingX509ExtendedKeyManager(Path path, String str, String str2, String str3) {
        this.keyStorePath = path;
        this.keyStoreType = str;
        this.keyStorePassword = str2;
        this.keyStoreAlias = str3;
        loadKeyManager();
        this.fileWatcher = new PollingFileWatcher(this.keyStorePath, this::loadKeyManager, this::stopWatching);
    }

    public static FileWatchingX509ExtendedKeyManager newFileWatchingKeyManager(SSLConfig sSLConfig) {
        return newFileWatchingKeyManager(Paths.get(sSLConfig.getKeystore(), new String[0]), sSLConfig.getKeystoreType(), sSLConfig.getKeystorePassword(), sSLConfig.getAlias());
    }

    public static FileWatchingX509ExtendedKeyManager newFileWatchingKeyManager(Path path, String str, String str2, String str3) {
        return instances.computeIfAbsent(new PathAndAlias(path, str3), pathAndAlias -> {
            return new FileWatchingX509ExtendedKeyManager(path, str, str2, str3);
        });
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return this.keyManager.get().chooseClientAlias(strArr, principalArr, socket);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.keyManager.get().chooseEngineClientAlias(strArr, principalArr, sSLEngine);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.keyManager.get().chooseEngineServerAlias(str, principalArr, sSLEngine);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.keyManager.get().chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.get().getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManager.get().getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.get().getPrivateKey(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManager.get().getServerAliases(str, principalArr);
    }

    @VisibleForTesting
    void stopWatching() {
        this.fileWatcher.stop();
        instances.remove(new PathAndAlias(this.keyStorePath, this.keyStoreAlias), this);
    }

    @VisibleForTesting
    boolean isWatching() {
        return instances.get(new PathAndAlias(this.keyStorePath, this.keyStoreAlias)) == this;
    }

    private void loadKeyManager() {
        try {
            KeyStore keyStore = StringUtils.isEmpty(this.keyStoreType) ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance(this.keyStoreType);
            String path = this.keyStorePath.toString();
            if (StringUtils.isEmpty(path)) {
                path = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
            }
            FileInputStream fileInputStream = new FileInputStream(path);
            Throwable th = null;
            try {
                try {
                    String str = this.keyStorePassword;
                    if (str != null) {
                        if (str.trim().equals("")) {
                            String str2 = System.getenv(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD);
                            r9 = StringUtils.isEmpty(str2) ? null : PasswordUtil.decrypt("encrypted(" + str2 + ")").toCharArray();
                        } else {
                            r9 = str.toCharArray();
                        }
                    }
                    keyStore.load(fileInputStream, r9);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, r9);
                    KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                    if (r9 != null) {
                        Arrays.fill(r9, ' ');
                    }
                    for (KeyManager keyManager : keyManagers) {
                        if (keyManager instanceof X509ExtendedKeyManager) {
                            if (this.keyManager.getAndSet(new ExtendedAliasKeyManager((X509ExtendedKeyManager) keyManager, this.keyStoreAlias)) == null) {
                                logger.info("Initialized KeyManager for {}", this.keyStorePath);
                                return;
                            } else {
                                logger.info("Updated KeyManager for {}", this.keyStorePath);
                                return;
                            }
                        }
                    }
                    throw new IllegalStateException("No X509ExtendedKeyManager available");
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Exception e) {
            throw new InternalGemFireException("Unable to load KeyManager", e);
        }
    }
}
