package org.hyperledger.fabric.sdk;

import com.google.common.collect.ImmutableMap;
import io.grpc.ClientInterceptor;
import io.grpc.ManagedChannelBuilder;
import io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.shaded.io.grpc.netty.NegotiationType;
import io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContext;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslContextBuilder;
import io.grpc.netty.shaded.io.netty.handler.ssl.SslProvider;
import io.opentelemetry.api.OpenTelemetry;
import io.opentelemetry.instrumentation.grpc.v1_6.GrpcTelemetry;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.hyperledger.fabric.sdk.exception.CryptoException;
import org.hyperledger.fabric.sdk.helper.Config;
import org.hyperledger.fabric.sdk.helper.Utils;
import org.hyperledger.fabric.sdk.security.CryptoPrimitives;
import org.hyperledger.fabric_ca.sdk.HFCAClient;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/hyperledger/fabric/sdk/Endpoint.class */
public class Endpoint {
    private final String addr;
    private final int port;
    private final String url;
    private byte[] clientTLSCertificateDigest;
    private byte[] tlsClientCertificatePEMBytes;
    private NettyChannelBuilder channelBuilder;
    private static final Log logger = LogFactory.getLog(Endpoint.class);
    private static final String SSLPROVIDER = Config.getConfig().getDefaultSSLProvider();
    private static final String SSLNEGOTIATION = Config.getConfig().getDefaultSSLNegotiationType();
    private static final OpenTelemetry openTelemetry = Config.getConfig().getOpenTelemetry();
    private static final GrpcTelemetry grpcTelemetry = GrpcTelemetry.create(openTelemetry);
    private static final Map<String, String> CN_CACHE = Collections.synchronizedMap(new HashMap());
    private static final Pattern METHOD_PATTERN = Pattern.compile("grpc\\.NettyChannelBuilderOption\\.([^.]*)$");
    private static final Map<Class<?>, Class<?>> WRAPPERS_TO_PRIM = new ImmutableMap.Builder().put(Boolean.class, Boolean.TYPE).put(Byte.class, Byte.TYPE).put(Character.class, Character.TYPE).put(Double.class, Double.TYPE).put(Float.class, Float.TYPE).put(Integer.class, Integer.TYPE).put(Long.class, Long.TYPE).put(Short.class, Short.TYPE).put(Void.class, Void.TYPE).build();

    Endpoint(String str, Properties properties) {
        logger.trace(String.format("Creating endpoint for url %s", str));
        this.url = str;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        byte[] bArr = null;
        X509Certificate[] x509CertificateArr = null;
        PrivateKey privateKey = null;
        Properties parseGrpcUrl = Utils.parseGrpcUrl(str);
        String property = parseGrpcUrl.getProperty("protocol");
        this.addr = parseGrpcUrl.getProperty("host");
        this.port = Integer.parseInt(parseGrpcUrl.getProperty("port"));
        if (properties != null) {
            AbstractMap.SimpleImmutableEntry<PrivateKey, X509Certificate[]> clientTLSProps = getClientTLSProps(properties);
            if (clientTLSProps != null) {
                x509CertificateArr = clientTLSProps.getValue();
                privateKey = clientTLSProps.getKey();
            }
            if ("grpcs".equals(property)) {
                try {
                    CryptoPrimitives cryptoPrimitives = new CryptoPrimitives();
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(64000);
                        try {
                            byte[] bArr2 = (byte[]) properties.get("pemBytes");
                            if (null != bArr2) {
                                byteArrayOutputStream.write(bArr2);
                            }
                            if (properties.containsKey("pemFile")) {
                                for (String str5 : properties.getProperty("pemFile").split("[ \t]*,[ \t]*")) {
                                    if (null != str5 && !str5.isEmpty()) {
                                        try {
                                            byteArrayOutputStream.write(Files.readAllBytes(Paths.get(str5, new String[0])));
                                        } catch (IOException e) {
                                            throw new RuntimeException(String.format("Failed to read certificate file %s", new File(str5).getAbsolutePath()), e);
                                        }
                                    }
                                }
                            }
                            bArr = byteArrayOutputStream.toByteArray();
                            logger.trace(String.format("Endpoint %s pemBytes: %s", str, Hex.encodeHexString(bArr)));
                            bArr = bArr.length == 0 ? null : bArr;
                            byteArrayOutputStream.close();
                            if (bArr == null) {
                                logger.warn(String.format("Endpoint %s is grpcs with no CA certificates", str));
                            }
                            if (null != bArr) {
                                try {
                                    str2 = properties.getProperty("hostnameOverride");
                                    if (str2 == null && "true".equals(properties.getProperty("trustServerCertificate"))) {
                                        String str6 = new String(bArr, StandardCharsets.UTF_8);
                                        str2 = CN_CACHE.get(str6);
                                        if (str2 == null) {
                                            str2 = IETFUtils.valueToString(new JcaX509CertificateHolder((X509Certificate) cryptoPrimitives.bytesToCertificate(bArr)).getSubject().getRDNs(BCStyle.CN)[0].getFirst().getValue());
                                            CN_CACHE.put(str6, str2);
                                        }
                                    }
                                } catch (Exception e2) {
                                    logger.error("Error getting Subject CN from certificate. Try setting it specifically with hostnameOverride property. " + e2.getMessage());
                                }
                            }
                            byte[] bArr3 = null;
                            byte[] bArr4 = null;
                            if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) && properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES)) {
                                throw new RuntimeException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set");
                            }
                            if (properties.containsKey(NetworkConfig.CLIENT_CERT_FILE) && properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) {
                                throw new RuntimeException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set");
                            }
                            if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) || properties.containsKey(NetworkConfig.CLIENT_CERT_FILE)) {
                                if (properties.getProperty(NetworkConfig.CLIENT_KEY_FILE) == null || properties.getProperty(NetworkConfig.CLIENT_CERT_FILE) == null) {
                                    throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_FILE, NetworkConfig.CLIENT_CERT_FILE));
                                }
                                try {
                                    logger.trace(String.format("Endpoint %s reading clientKeyFile: %s", str, properties.getProperty(NetworkConfig.CLIENT_KEY_FILE)));
                                    bArr3 = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE), new String[0]));
                                    logger.trace(String.format("Endpoint %s reading clientCertFile: %s", str, properties.getProperty(NetworkConfig.CLIENT_CERT_FILE)));
                                    bArr4 = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE), new String[0]));
                                } catch (IOException e3) {
                                    throw new RuntimeException("Failed to parse TLS client key and/or cert", e3);
                                }
                            } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES) || properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) {
                                bArr3 = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES);
                                bArr4 = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES);
                                if (bArr3 == null || bArr4 == null) {
                                    throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_BYTES, NetworkConfig.CLIENT_CERT_BYTES));
                                }
                            }
                            if (bArr3 != null && bArr4 != null) {
                                Object obj = "private key";
                                byte[] bArr5 = new byte[0];
                                try {
                                    logger.trace("client TLS private key bytes size:" + bArr3.length);
                                    logger.trace("client TLS key bytes:" + Hex.encodeHexString(bArr3));
                                    privateKey = cryptoPrimitives.bytesToPrivateKey(bArr3);
                                    logger.trace("converted TLS key.");
                                    obj = "certificate";
                                    bArr5 = bArr4;
                                    logger.trace("client TLS certificate bytes:" + Hex.encodeHexString(bArr4));
                                    x509CertificateArr = new X509Certificate[]{(X509Certificate) cryptoPrimitives.bytesToCertificate(bArr4)};
                                    logger.trace("converted client TLS certificate.");
                                    this.tlsClientCertificatePEMBytes = bArr4;
                                } catch (CryptoException e4) {
                                    logger.error(String.format("Failed endpoint %s to parse %s TLS client %s", str, obj, new String(bArr5)));
                                    throw new RuntimeException(String.format("Failed endpoint %s to parse TLS client %s", str, obj), e4);
                                }
                            }
                            str3 = properties.getProperty("sslProvider");
                            if (null == str3) {
                                str3 = SSLPROVIDER;
                                logger.trace(String.format("Endpoint %s specific SSL provider not found use global value: %s ", str, SSLPROVIDER));
                            }
                            if (!"openSSL".equals(str3) && !"JDK".equals(str3)) {
                                throw new RuntimeException(String.format("Endpoint %s property of sslProvider has to be either openSSL or JDK. value: '%s'", str, str3));
                            }
                            str4 = properties.getProperty("negotiationType");
                            if (null == str4) {
                                str4 = SSLNEGOTIATION;
                                logger.trace(String.format("Endpoint %s specific Negotiation type not found use global value: %s ", str, SSLNEGOTIATION));
                            }
                            if (!"TLS".equals(str4) && !"plainText".equals(str4)) {
                                throw new RuntimeException(String.format("Endpoint %s property of negotiationType has to be either TLS or plainText. value: '%s'", str, str4));
                            }
                        } finally {
                        }
                    } catch (IOException e5) {
                        throw new RuntimeException("Failed to read CA certificates file %s", e5);
                    }
                } catch (Exception e6) {
                    throw new RuntimeException(e6);
                }
            }
        }
        try {
            ClientInterceptor newClientInterceptor = grpcTelemetry.newClientInterceptor();
            if (property.equalsIgnoreCase("grpc")) {
                this.channelBuilder = NettyChannelBuilder.forAddress(this.addr, this.port).negotiationType(NegotiationType.PLAINTEXT).intercept(new ClientInterceptor[]{newClientInterceptor});
                addNettyBuilderProps(this.channelBuilder, properties);
            } else {
                if (!property.equalsIgnoreCase("grpcs")) {
                    throw new RuntimeException("invalid protocol: " + property);
                }
                if (bArr == null) {
                    this.channelBuilder = NettyChannelBuilder.forAddress(this.addr, this.port).intercept(new ClientInterceptor[]{newClientInterceptor});
                    addNettyBuilderProps(this.channelBuilder, properties);
                } else {
                    try {
                        logger.trace(String.format("Endpoint %s Negotiation type: '%s', SSLprovider: '%s'", str, str4, str3));
                        SslProvider sslProvider = str3.equals("openSSL") ? SslProvider.OPENSSL : SslProvider.JDK;
                        NegotiationType negotiationType = str4.equals("TLS") ? NegotiationType.TLS : NegotiationType.PLAINTEXT;
                        SslContextBuilder sslContextBuilder = getSslContextBuilder(x509CertificateArr, privateKey, sslProvider);
                        logger.trace(String.format("Endpoint %s  final server pemBytes: %s", str, Hex.encodeHexString(bArr)));
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                        try {
                            SslContext build = sslContextBuilder.trustManager(byteArrayInputStream).build();
                            byteArrayInputStream.close();
                            this.channelBuilder = NettyChannelBuilder.forAddress(this.addr, this.port).sslContext(build).negotiationType(negotiationType);
                            if (str2 != null) {
                                logger.debug(String.format("Endpoint %s, using CN overrideAuthority: '%s'", str, str2));
                                this.channelBuilder.overrideAuthority(str2);
                            }
                            addNettyBuilderProps(this.channelBuilder, properties);
                        } catch (Throwable th) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    } catch (SSLException e7) {
                        throw new RuntimeException(e7);
                    }
                }
            }
        } catch (RuntimeException e8) {
            logger.error(String.format("Endpoint %s, exception '%s'", str, e8.getMessage()), e8);
            throw e8;
        } catch (Exception e9) {
            logger.error(String.format("Endpoint %s, exception '%s'", str, e9.getMessage()), e9);
            logger.error(e9);
            throw new RuntimeException(e9);
        }
    }

    SslContextBuilder getSslContextBuilder(X509Certificate[] x509CertificateArr, PrivateKey privateKey, SslProvider sslProvider) {
        SslContextBuilder configure = GrpcSslContexts.configure(SslContextBuilder.forClient(), sslProvider);
        if (privateKey == null || x509CertificateArr == null) {
            logger.debug(String.format("Endpoint %s with no ssl context", this.url));
        } else {
            configure = configure.keyManager(privateKey, x509CertificateArr);
        }
        return configure;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getClientTLSCertificateDigest() {
        if (this.tlsClientCertificatePEMBytes != null && this.clientTLSCertificateDigest == null) {
            byte[] decode = Base64.getDecoder().decode(new String(this.tlsClientCertificatePEMBytes, StandardCharsets.UTF_8).replaceAll("-+[ \t]*(BEGIN|END)[ \t]+CERTIFICATE[ \t]*-+", HFCAClient.DEFAULT_PROFILE_NAME).replaceAll("\\s", HFCAClient.DEFAULT_PROFILE_NAME).trim());
            SHA256Digest sHA256Digest = new SHA256Digest();
            this.clientTLSCertificateDigest = new byte[sHA256Digest.getDigestSize()];
            sHA256Digest.update(decode, 0, decode.length);
            sHA256Digest.doFinal(this.clientTLSCertificateDigest, 0);
        }
        return this.clientTLSCertificateDigest;
    }

    private void addNettyBuilderProps(NettyChannelBuilder nettyChannelBuilder, Properties properties) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
        if (properties == null) {
            return;
        }
        for (Map.Entry entry : properties.entrySet()) {
            Object key = entry.getKey();
            if (key != null) {
                Matcher matcher = METHOD_PATTERN.matcher(String.valueOf(key));
                String str = null;
                if (matcher.matches() && matcher.groupCount() == 1) {
                    str = matcher.group(1).trim();
                }
                if (null != str && !"forAddress".equals(str) && !"build".equals(str)) {
                    Object value = entry.getValue();
                    Object[] objArr = !(value instanceof Object[]) ? new Object[]{value} : (Object[]) value;
                    Class[] clsArr = new Class[objArr.length];
                    for (int i = 0; i < objArr.length; i++) {
                        Object obj = objArr[i];
                        if (null == obj) {
                            clsArr[i] = Object.class;
                        } else {
                            Class<?> cls = WRAPPERS_TO_PRIM.get(obj.getClass());
                            if (null != cls) {
                                clsArr[i] = cls;
                            } else {
                                Class<?> cls2 = obj.getClass();
                                Class<?> enclosingClass = cls2.getEnclosingClass();
                                if (null != enclosingClass && enclosingClass.isEnum()) {
                                    cls2 = enclosingClass;
                                }
                                clsArr[i] = cls2;
                            }
                        }
                    }
                    Utils.invokeMethod(nettyChannelBuilder, str, clsArr, objArr);
                    if (logger.isTraceEnabled()) {
                        logger.trace(String.format("Endpoint with url: %s set managed channel builder method %s (%s) ", this.url, str, Arrays.toString(objArr)));
                    }
                }
            }
        }
    }

    AbstractMap.SimpleImmutableEntry<PrivateKey, X509Certificate[]> getClientTLSProps(Properties properties) {
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) && properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES)) {
            throw new RuntimeException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set");
        }
        if (properties.containsKey(NetworkConfig.CLIENT_CERT_FILE) && properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) {
            throw new RuntimeException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set");
        }
        if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) || properties.containsKey(NetworkConfig.CLIENT_CERT_FILE)) {
            if (properties.getProperty(NetworkConfig.CLIENT_KEY_FILE) == null || properties.getProperty(NetworkConfig.CLIENT_CERT_FILE) == null) {
                throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_FILE, NetworkConfig.CLIENT_CERT_FILE));
            }
            try {
                logger.trace(String.format("Endpoint %s reading clientKeyFile: %s", this.url, new File(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE)).getAbsolutePath()));
                bArr = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE), new String[0]));
                logger.trace(String.format("Endpoint %s reading clientCertFile: %s", this.url, new File(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE)).getAbsolutePath()));
                bArr2 = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE), new String[0]));
            } catch (IOException e) {
                throw new RuntimeException("Failed to parse TLS client key and/or cert", e);
            }
        } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES) || properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) {
            bArr = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES);
            bArr2 = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES);
            if (bArr == null || bArr2 == null) {
                throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_BYTES, NetworkConfig.CLIENT_CERT_BYTES));
            }
        }
        if (bArr == null || bArr2 == null) {
            return null;
        }
        byte[] bArr3 = new byte[0];
        try {
            try {
                CryptoPrimitives cryptoPrimitives = new CryptoPrimitives();
                logger.trace("client TLS private key bytes size:" + bArr.length);
                logger.trace("client TLS key bytes:" + Hex.encodeHexString(bArr));
                PrivateKey bytesToPrivateKey = cryptoPrimitives.bytesToPrivateKey(bArr);
                logger.trace("converted TLS key.");
                logger.trace("client TLS certificate bytes:" + Hex.encodeHexString(bArr2));
                X509Certificate[] x509CertificateArr = {(X509Certificate) cryptoPrimitives.bytesToCertificate(bArr2)};
                logger.trace("converted client TLS certificate.");
                this.tlsClientCertificatePEMBytes = bArr2;
                return new AbstractMap.SimpleImmutableEntry<>(bytesToPrivateKey, x509CertificateArr);
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (CryptoException e3) {
            logger.error(String.format("Failed endpoint %s to parse %s TLS client %s", this.url, "private key", new String(bArr3)));
            throw new RuntimeException(String.format("Failed endpoint %s to parse TLS client %s", this.url, "private key"), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ManagedChannelBuilder<?> getChannelBuilder() {
        return this.channelBuilder;
    }

    String getHost() {
        return this.addr;
    }

    int getPort() {
        return this.port;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Endpoint createEndpoint(String str, Properties properties) {
        return new Endpoint(str, properties);
    }
}
