package io.gravitee.node.certificates.x509;

import io.gravitee.common.util.KeyStoreUtils;
import io.gravitee.node.api.certificate.KeyStoreProcessingException;
import io.gravitee.node.api.certificate.RefreshableX509Manager;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator.class */
public class RefreshableX509KeyManagerDelegator extends X509ExtendedKeyManager implements RefreshableX509Manager {
    private static final Logger logger = LoggerFactory.getLogger(RefreshableX509KeyManagerDelegator.class);
    static final int MAX_SNI_DOMAINS = 10000;
    private final String target;
    private final boolean sniEnabled;
    private String defaultAlias;
    private KeyManagerDataHolder dataHolder;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder.class */
    public static final class KeyManagerDataHolder extends Record {
        private final String sniFallbackAlias;
        private final Map<String, String> domainToAliasMapping;
        private final X509ExtendedKeyManager keyManager;

        KeyManagerDataHolder(String str, Map<String, String> map, X509ExtendedKeyManager x509ExtendedKeyManager) {
            this.sniFallbackAlias = str;
            this.domainToAliasMapping = map;
            this.keyManager = x509ExtendedKeyManager;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, KeyManagerDataHolder.class), KeyManagerDataHolder.class, "sniFallbackAlias;domainToAliasMapping;keyManager", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->sniFallbackAlias:Ljava/lang/String;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->domainToAliasMapping:Ljava/util/Map;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->keyManager:Ljavax/net/ssl/X509ExtendedKeyManager;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, KeyManagerDataHolder.class), KeyManagerDataHolder.class, "sniFallbackAlias;domainToAliasMapping;keyManager", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->sniFallbackAlias:Ljava/lang/String;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->domainToAliasMapping:Ljava/util/Map;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->keyManager:Ljavax/net/ssl/X509ExtendedKeyManager;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, KeyManagerDataHolder.class, Object.class), KeyManagerDataHolder.class, "sniFallbackAlias;domainToAliasMapping;keyManager", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->sniFallbackAlias:Ljava/lang/String;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->domainToAliasMapping:Ljava/util/Map;", "FIELD:Lio/gravitee/node/certificates/x509/RefreshableX509KeyManagerDelegator$KeyManagerDataHolder;->keyManager:Ljavax/net/ssl/X509ExtendedKeyManager;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String sniFallbackAlias() {
            return this.sniFallbackAlias;
        }

        public Map<String, String> domainToAliasMapping() {
            return this.domainToAliasMapping;
        }

        public X509ExtendedKeyManager keyManager() {
            return this.keyManager;
        }
    }

    public RefreshableX509KeyManagerDelegator(String str, boolean z) {
        this.target = (String) Objects.requireNonNull(str, "target cannot be null");
        this.sniEnabled = z;
    }

    public void setDefaultAlias(String str) {
        this.defaultAlias = str;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23, types: [java.util.Map] */
    public void refresh(KeyStore keyStore, char[] cArr) {
        String str;
        Objects.requireNonNull(keyStore, "cannot install null KeyStore");
        try {
            if (this.defaultAlias == null) {
                str = KeyStoreUtils.getDefaultAlias(keyStore);
            } else {
                if (!keyStore.containsAlias(this.defaultAlias)) {
                    throw new IllegalArgumentException("Invalid configuration to load keystore, default alias [%s] not present in the keystore. target: %s".formatted(this.defaultAlias, this.target));
                }
                str = this.defaultAlias;
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            this.dataHolder = new KeyManagerDataHolder(str, new ConcurrentHashMap(this.sniEnabled ? KeyStoreUtils.getCommonNamesByAlias(keyStore) : new HashMap()), (X509ExtendedKeyManager) keyManagerFactory.getKeyManagers()[0]);
            logger.info("Key store has been (re)loaded with {} entries for target: {}", Integer.valueOf(keyStore.size()), this.target);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeyStoreProcessingException("Unable to initialize key manager keystore", e);
        }
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (!this.sniEnabled) {
            return keyManagerDataHolder.sniFallbackAlias();
        }
        Optional findFirst = ((ExtendedSSLSession) sSLEngine.getHandshakeSession()).getRequestedServerNames().stream().filter(sNIServerName -> {
            return sNIServerName.getType() == 0;
        }).map(sNIServerName2 -> {
            return ((SNIHostName) sNIServerName2).getAsciiName();
        }).findFirst();
        if (!findFirst.isPresent()) {
            return keyManagerDataHolder.sniFallbackAlias();
        }
        String str2 = (String) findFirst.get();
        if (keyManagerDataHolder.domainToAliasMapping().containsKey(str2)) {
            return keyManagerDataHolder.domainToAliasMapping().get(str2);
        }
        Optional<Map.Entry<String, String>> findFirst2 = keyManagerDataHolder.domainToAliasMapping().entrySet().stream().filter(entry -> {
            return ((String) entry.getKey()).startsWith("*.");
        }).filter(entry2 -> {
            return str2.endsWith(((String) entry2.getKey()).substring(2));
        }).findFirst();
        if (!findFirst2.isPresent()) {
            cacheSniDomainAlias(str2, keyManagerDataHolder.sniFallbackAlias());
            return keyManagerDataHolder.sniFallbackAlias();
        }
        String value = findFirst2.get().getValue();
        cacheSniDomainAlias(str2, value);
        return value;
    }

    private void cacheSniDomainAlias(String str, String str2) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.domainToAliasMapping().size() < MAX_SNI_DOMAINS) {
            keyManagerDataHolder.domainToAliasMapping().put(str, str2);
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().getServerAliases(str, principalArr);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().getCertificateChain(str);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().getPrivateKey(str);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().getClientAliases(str, principalArr);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().chooseClientAlias(strArr, principalArr, socket);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        KeyManagerDataHolder keyManagerDataHolder = this.dataHolder;
        if (keyManagerDataHolder.keyManager() != null) {
            return keyManagerDataHolder.keyManager().chooseServerAlias(str, principalArr, socket);
        }
        return null;
    }

    Map<String, String> getSniDomainAliases() {
        return this.dataHolder.domainToAliasMapping();
    }
}
