package io.gravitee.node.certificates;

import com.google.common.annotations.VisibleForTesting;
import io.gravitee.common.util.KeyStoreUtils;
import io.gravitee.node.api.certificate.IdProvider;
import io.gravitee.node.api.certificate.KeyStoreEvent;
import io.gravitee.node.api.certificate.KeyStoreLoader;
import io.gravitee.node.api.certificate.KeyStoreProcessingException;
import io.gravitee.node.api.certificate.RefreshableX509Manager;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Predicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/node/certificates/AbstractKeyStoreLoaderManager.class */
public class AbstractKeyStoreLoaderManager {
    private static final Logger log = LoggerFactory.getLogger(AbstractKeyStoreLoaderManager.class);
    private final KeyStoreLoader platformKeyStoreLoader;
    protected final RefreshableX509Manager refreshableX509Manager;
    private final String name;
    private char[] mainPassword;
    private KeyStore mainKeyStore;
    private KeyStore.PasswordProtection passwordProtection;
    private String platformKeyStoreLoaderId;
    private final AtomicBoolean started = new AtomicBoolean();
    private final List<KeyStoreLoader> queued = Collections.synchronizedList(new ArrayList());
    private final Map<String, KeyStoreLoader> loaders = new ConcurrentHashMap();

    public AbstractKeyStoreLoaderManager(String str, KeyStoreLoader keyStoreLoader, RefreshableX509Manager refreshableX509Manager) {
        this.name = str;
        this.platformKeyStoreLoader = keyStoreLoader;
        this.refreshableX509Manager = refreshableX509Manager;
    }

    public synchronized void start() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (this.started.get()) {
            return;
        }
        this.mainPassword = KeyStoreUtils.passwordToCharArray(UUID.randomUUID().toString());
        this.mainKeyStore = KeyStore.getInstance("PKCS12");
        this.mainKeyStore.load(null, this.mainPassword);
        this.passwordProtection = new KeyStore.PasswordProtection(this.mainPassword);
        this.platformKeyStoreLoaderId = this.platformKeyStoreLoader.id();
        this.queued.add(this.platformKeyStoreLoader);
        this.started.set(true);
        this.queued.forEach(this::registerLoader);
        this.queued.clear();
    }

    public void stop() {
        this.loaders.values().forEach((v0) -> {
            v0.stop();
        });
    }

    public final void registerLoader(KeyStoreLoader keyStoreLoader) {
        if (!this.started.get()) {
            this.queued.add(keyStoreLoader);
            return;
        }
        log.info("Register and start new keystore loader for target: {} of type: {} with id: {}", new Object[]{this.name, keyStoreLoader.getClass().getSimpleName(), keyStoreLoader.id()});
        keyStoreLoader.setEventHandler(keyStoreEvent -> {
            synchronized (this.refreshableX509Manager) {
                if (keyStoreEvent instanceof KeyStoreEvent.LoadEvent) {
                    updateMain(keyStoreLoader, (KeyStoreEvent.LoadEvent) keyStoreEvent);
                    this.refreshableX509Manager.refresh(clone(this.mainKeyStore), this.mainPassword);
                } else if (keyStoreEvent instanceof KeyStoreEvent.UnloadEvent) {
                    removeKeyStore(((KeyStoreEvent.UnloadEvent) keyStoreEvent).loaderId());
                    this.refreshableX509Manager.refresh(clone(this.mainKeyStore), this.mainPassword);
                }
            }
        });
        this.loaders.put(keyStoreLoader.id(), keyStoreLoader);
        keyStoreLoader.start();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String scopeAlias(IdProvider idProvider, String str) {
        if (str == null) {
            return null;
        }
        return idProvider.id() + ":" + str;
    }

    private void updateMain(IdProvider idProvider, KeyStoreEvent.LoadEvent loadEvent) {
        try {
            if (!idProvider.id().equals(this.platformKeyStoreLoaderId) || this.mainKeyStore.size() <= 0) {
                addKeyStore(idProvider, loadEvent);
            } else {
                updatePlatformKeyStore(idProvider, loadEvent);
            }
        } catch (KeyStoreException e) {
            throw new KeyStoreProcessingException("cannot read keystore", e);
        }
    }

    private void updatePlatformKeyStore(IdProvider idProvider, KeyStoreEvent.LoadEvent loadEvent) {
        removeKeyStore(this::isPlatformAlias, this.platformKeyStoreLoaderId, false);
        addKeyStore(idProvider, loadEvent);
    }

    private boolean isPlatformAlias(String str) {
        return isAliasOwnedByLoader(str, this.platformKeyStoreLoaderId);
    }

    private void addKeyStore(IdProvider idProvider, KeyStoreEvent.LoadEvent loadEvent) {
        try {
            KeyStore keyStore = loadEvent.keyStore();
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                String scopeAlias = scopeAlias(idProvider, str);
                if (keyStore.isKeyEntry(str)) {
                    this.mainKeyStore.setEntry(scopeAlias, keyStore.getEntry(str, loadEvent.passwordAsProtection()), this.passwordProtection);
                } else {
                    this.mainKeyStore.setEntry(scopeAlias, keyStore.getEntry(str, null), null);
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new KeyStoreProcessingException("cannot add entry to keystore", e);
        }
    }

    private void removeKeyStore(String str) {
        removeKeyStore(str2 -> {
            return isAliasOwnedByLoader(str2, str);
        }, str, true);
    }

    private void removeKeyStore(Predicate<String> predicate, String str, boolean z) {
        try {
            try {
                for (String str2 : aliases()) {
                    if (predicate.test(str2)) {
                        this.mainKeyStore.deleteEntry(str2);
                    }
                }
            } catch (KeyStoreException e) {
                throw new KeyStoreProcessingException("could not remove entry from KeyStore", e);
            }
        } finally {
            if (z) {
                this.loaders.remove(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isAliasOwnedByLoader(String str, String str2) {
        return str.startsWith(str2);
    }

    private KeyStore clone(KeyStore keyStore) {
        try {
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
            keyStore2.load(null, this.mainPassword);
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (keyStore.isKeyEntry(str)) {
                    keyStore2.setEntry(str, keyStore.getEntry(str, this.passwordProtection), this.passwordProtection);
                } else {
                    keyStore2.setEntry(str, keyStore.getEntry(str, null), null);
                }
            }
            return keyStore2;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new IllegalArgumentException("Unable to clone keystore", e);
        }
    }

    @VisibleForTesting
    Map<String, KeyStoreLoader> loaders() {
        return Collections.unmodifiableMap(this.loaders);
    }

    @VisibleForTesting
    List<String> aliases() throws KeyStoreException {
        return Collections.unmodifiableList(Collections.list(this.mainKeyStore.aliases()));
    }
}
