package com.hivemq.security.ssl;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.hash.HashCode;
import com.google.common.hash.Hasher;
import com.google.common.hash.Hashing;
import com.google.inject.Inject;
import com.hivemq.configuration.service.entity.Tls;
import com.hivemq.exceptions.UnrecoverableException;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.security.exception.SslException;
import com.hivemq.security.ioc.Security;
import io.netty.handler.ssl.SslContext;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/hivemq/security/ssl/SslContextStore.class */
public class SslContextStore {

    @NotNull
    private static final Logger log = LoggerFactory.getLogger(SslContextStore.class);
    private static final int BUF_LEN = 1024;

    @NotNull
    final Map<Tls, SslContext> sslContextMap = new ConcurrentHashMap();

    @NotNull
    final Map<Tls, HashCode> checksumMap = new ConcurrentHashMap();

    @NotNull
    final ScheduledExecutorService executorService;

    @NotNull
    final SslUtil sslUtil;

    @VisibleForTesting
    /* loaded from: input_file:com/hivemq/security/ssl/SslContextStore$SslContextFirstTimeRunnable.class */
    static class SslContextFirstTimeRunnable implements Runnable {

        @NotNull
        private final Tls tls;

        @NotNull
        private final Map<Tls, SslContext> sslContextMap;

        @NotNull
        private final Map<Tls, HashCode> checksumMap;
        private final int interval;

        @NotNull
        private final ScheduledExecutorService executorService;

        @NotNull
        private final SslUtil sslUtil;

        SslContextFirstTimeRunnable(@NotNull Tls tls, @NotNull Map<Tls, SslContext> map, @NotNull Map<Tls, HashCode> map2, int i, @NotNull ScheduledExecutorService scheduledExecutorService, @NotNull SslUtil sslUtil) {
            this.tls = tls;
            this.sslContextMap = map;
            this.checksumMap = map2;
            this.interval = i;
            this.executorService = scheduledExecutorService;
            this.sslUtil = sslUtil;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.checksumMap.put(this.tls, SslContextStore.hashTrustAndKeyStore(this.tls));
                this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
            } catch (IOException e) {
                SslContextStore.log.error("Could not generate initial hash of KeyStore and TrustStore", e);
                throw new UnrecoverableException();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:com/hivemq/security/ssl/SslContextStore$SslContextScheduledRunnable.class */
    public static class SslContextScheduledRunnable implements Runnable {

        @NotNull
        private final Tls tls;

        @NotNull
        private final Map<Tls, SslContext> sslContextMap;

        @NotNull
        private final Map<Tls, HashCode> checksumMap;
        private final int interval;

        @NotNull
        private final ScheduledExecutorService executorService;

        @NotNull
        private final SslUtil sslUtil;

        SslContextScheduledRunnable(@NotNull Tls tls, @NotNull Map<Tls, SslContext> map, @NotNull Map<Tls, HashCode> map2, int i, @NotNull ScheduledExecutorService scheduledExecutorService, @NotNull SslUtil sslUtil) {
            this.tls = tls;
            this.sslContextMap = map;
            this.checksumMap = map2;
            this.interval = i;
            this.executorService = scheduledExecutorService;
            this.sslUtil = sslUtil;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                try {
                    try {
                        try {
                            HashCode hashTrustAndKeyStore = SslContextStore.hashTrustAndKeyStore(this.tls);
                            if (!hashTrustAndKeyStore.equals(this.checksumMap.get(this.tls))) {
                                this.sslContextMap.put(this.tls, this.sslUtil.createSslServerContext(this.sslUtil.createKeyManagerFactory(this.tls.getKeystoreType(), this.tls.getKeystorePath(), this.tls.getKeystorePassword(), this.tls.getPrivateKeyPassword()), (this.tls.getTruststorePath() == null || StringUtils.isBlank(this.tls.getTruststorePath())) ? null : this.sslUtil.createTrustManagerFactory(this.tls.getTruststoreType(), this.tls.getTruststorePath(), this.tls.getTruststorePassword()), this.tls.getCipherSuites(), this.tls.getProtocols()));
                                this.checksumMap.put(this.tls, hashTrustAndKeyStore);
                                SslContextStore.log.info("Successfully updated changed SSL Context");
                            }
                            this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
                        } catch (Exception e) {
                            SslContextStore.log.warn("Scheduled SSL Context check failed", e);
                            this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
                        }
                    } catch (FileNotFoundException e2) {
                        SslContextStore.log.warn("Could not find keystore or truststore file", e2);
                        this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
                    }
                } catch (SslException | SSLException e3) {
                    SslContextStore.log.warn("Could not parse new SSL Context from changed keystore or truststore", e3);
                    this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
                }
            } catch (Throwable th) {
                this.executorService.schedule(new SslContextScheduledRunnable(this.tls, this.sslContextMap, this.checksumMap, this.interval, this.executorService, this.sslUtil), this.interval, TimeUnit.SECONDS);
                throw th;
            }
        }
    }

    @Inject
    public SslContextStore(@Security @NotNull ScheduledExecutorService scheduledExecutorService, @NotNull SslUtil sslUtil) {
        this.executorService = scheduledExecutorService;
        this.sslUtil = sslUtil;
    }

    public boolean contains(@NotNull Tls tls) {
        return this.sslContextMap.containsKey(tls);
    }

    public boolean contains(@NotNull SslContext sslContext) {
        return this.sslContextMap.containsValue(sslContext);
    }

    public SslContext get(@NotNull Tls tls) {
        return this.sslContextMap.get(tls);
    }

    public void put(@NotNull Tls tls, @NotNull SslContext sslContext) {
        this.sslContextMap.put(tls, sslContext);
        this.executorService.schedule(new SslContextFirstTimeRunnable(tls, this.sslContextMap, this.checksumMap, 10, this.executorService, this.sslUtil), 0L, TimeUnit.SECONDS);
    }

    public void remove(@NotNull Tls tls) {
        this.sslContextMap.remove(tls);
    }

    public void putAtStart(@NotNull Tls tls, @NotNull SslContext sslContext) {
        this.sslContextMap.put(tls, sslContext);
        new SslContextFirstTimeRunnable(tls, this.sslContextMap, this.checksumMap, 10, this.executorService, this.sslUtil).run();
    }

    @VisibleForTesting
    static HashCode hashTrustAndKeyStore(@NotNull Tls tls) throws IOException {
        Hasher newHasher = Hashing.md5().newHasher();
        hashStore(new File(tls.getKeystorePath()), newHasher);
        if (tls.getTruststorePath() != null && !StringUtils.isBlank(tls.getTruststorePath())) {
            hashStore(new File(tls.getTruststorePath()), newHasher);
        }
        return newHasher.hash();
    }

    @VisibleForTesting
    static void hashStore(@NotNull File file, @NotNull Hasher hasher) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            byte[] bArr = new byte[BUF_LEN];
            while (fileInputStream.read(bArr) != -1) {
                hasher.putBytes(bArr);
                Arrays.fill(bArr, (byte) 0);
            }
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
