package org.apache.storm.security.auth.tls;

import java.io.FileInputStream;
import java.net.Socket;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import org.apache.storm.daemon.common.FileWatcher;
import org.apache.storm.utils.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/tls/ReloadableX509KeyManager.class */
public class ReloadableX509KeyManager implements X509KeyManager {
    private static final Logger LOG = LoggerFactory.getLogger(ReloadableX509KeyManager.class);
    private static final String KEYSTORE_RUNTIME_FORMAT = "JKS";
    private static final String CERTIFICATE_ENTRY_FORMAT = "X.509";
    private volatile X509KeyManager keyManager;

    public ReloadableX509KeyManager(String str, String str2) throws Exception {
        this.keyManager = createKeyManager(getKeyStore(str, str2), str2);
        new FileWatcher(Paths.get(str, new String[0]), () -> {
            reloadCert(str, str2);
        }).start();
    }

    public X509KeyManager createKeyManager(KeyStore keyStore, String str) throws Exception {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        X509KeyManager x509KeyManager = null;
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        int length = keyManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            KeyManager keyManager = keyManagers[i];
            if (keyManager instanceof X509KeyManager) {
                x509KeyManager = (X509KeyManager) keyManager;
                break;
            }
            i++;
        }
        if (x509KeyManager == null) {
            throw new IllegalStateException("No x509KeyManager found");
        }
        LOG.info(" createKeyManager x509KeyManager {} ", x509KeyManager);
        return x509KeyManager;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManager.getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return this.keyManager.chooseClientAlias(strArr, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManager.getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.keyManager.chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManager.getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManager.getPrivateKey(str);
    }

    private synchronized void reloadCert(String str, String str2) {
        try {
            LOG.info("Reloading KeyManager");
            this.keyManager = createKeyManager(getKeyStore(str, str2), str2);
            LOG.info("Reloading KeyManager - Done");
        } catch (Exception e) {
            LOG.error("Error reloading KeyManager. Setting keyManager to null", e);
            this.keyManager = null;
        }
    }

    public KeyStore getKeyStore(String str, String str2) throws Exception {
        String inferKeyStoreTypeFromPath = SecurityUtils.inferKeyStoreTypeFromPath(str);
        if (inferKeyStoreTypeFromPath == null) {
            inferKeyStoreTypeFromPath = KEYSTORE_RUNTIME_FORMAT;
        }
        LOG.info("Creating keystore with keystorePath {} type {} ", str, inferKeyStoreTypeFromPath);
        KeyStore keyStore = KeyStore.getInstance(inferKeyStoreTypeFromPath);
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
