package org.apache.geode.internal.net.filewatch;

import java.io.FileInputStream;
import java.net.Socket;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.geode.InternalGemFireException;
import org.apache.geode.annotations.VisibleForTesting;
import org.apache.geode.annotations.internal.MakeNotStatic;
import org.apache.geode.internal.net.SSLConfig;
import org.apache.geode.internal.util.PasswordUtil;
import org.apache.geode.logging.internal.log4j.api.LogService;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/geode/internal/net/filewatch/FileWatchingX509ExtendedTrustManager.class */
public final class FileWatchingX509ExtendedTrustManager extends X509ExtendedTrustManager {
    private static final Logger logger = LogService.getLogger();

    @MakeNotStatic
    private static final ConcurrentHashMap<Path, FileWatchingX509ExtendedTrustManager> instances = new ConcurrentHashMap<>();
    private final AtomicReference<X509ExtendedTrustManager> trustManager = new AtomicReference<>();
    private final Path trustStorePath;
    private final String trustStoreType;
    private final String trustStorePassword;
    private final PollingFileWatcher fileWatcher;

    private FileWatchingX509ExtendedTrustManager(Path path, String str, String str2) {
        this.trustStorePath = path;
        this.trustStoreType = str;
        this.trustStorePassword = str2;
        loadTrustManager();
        this.fileWatcher = new PollingFileWatcher(this.trustStorePath, this::loadTrustManager, this::stopWatching);
    }

    public static FileWatchingX509ExtendedTrustManager newFileWatchingTrustManager(SSLConfig sSLConfig) {
        return newFileWatchingTrustManager(Paths.get(sSLConfig.getTruststore(), new String[0]), sSLConfig.getTruststoreType(), sSLConfig.getTruststorePassword());
    }

    public static FileWatchingX509ExtendedTrustManager newFileWatchingTrustManager(Path path, String str, String str2) {
        return instances.computeIfAbsent(path, path2 -> {
            return new FileWatchingX509ExtendedTrustManager(path, str, str2);
        });
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.get().getAcceptedIssuers();
    }

    @VisibleForTesting
    void stopWatching() {
        this.fileWatcher.stop();
        instances.remove(this.trustStorePath, this);
    }

    @VisibleForTesting
    boolean isWatching() {
        return instances.get(this.trustStorePath) == this;
    }

    private void loadTrustManager() {
        try {
            KeyStore keyStore = StringUtils.isEmpty(this.trustStoreType) ? KeyStore.getInstance(KeyStore.getDefaultType()) : KeyStore.getInstance(this.trustStoreType);
            char[] cArr = null;
            FileInputStream fileInputStream = new FileInputStream(this.trustStorePath.toString());
            Throwable th = null;
            try {
                try {
                    String str = this.trustStorePassword;
                    if (str != null) {
                        if (!str.trim().equals("")) {
                            cArr = str.toCharArray();
                        } else if (!StringUtils.isEmpty(str)) {
                            cArr = PasswordUtil.decrypt("encrypted(" + str + ")").toCharArray();
                        }
                    }
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    if (cArr != null) {
                        Arrays.fill(cArr, ' ');
                    }
                    for (TrustManager trustManager : trustManagers) {
                        if (trustManager instanceof X509ExtendedTrustManager) {
                            if (this.trustManager.getAndSet((X509ExtendedTrustManager) trustManager) == null) {
                                logger.info("Initialized TrustManager for {}", this.trustStorePath);
                                return;
                            } else {
                                logger.info("Updated TrustManager for {}", this.trustStorePath);
                                return;
                            }
                        }
                    }
                    throw new IllegalStateException("No X509ExtendedTrustManager available");
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new InternalGemFireException("Unable to load TrustManager", e);
        }
    }
}
