package org.apache.hadoop.security.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.102-eep-920.jar:org/apache/hadoop/security/ssl/ReloadingX509KeystoreManager.class */
public class ReloadingX509KeystoreManager extends X509ExtendedKeyManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ReloadingX509TrustManager.class);
    static final String RELOAD_ERROR_MESSAGE = "Could not load keystore (keep using existing one) : ";
    private final String type;
    private final String storePassword;
    private final String keyPassword;
    private AtomicReference<X509ExtendedKeyManager> keyManagerRef = new AtomicReference<>();

    public ReloadingX509KeystoreManager(String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        this.type = str;
        this.storePassword = str3;
        this.keyPassword = str4;
        this.keyManagerRef.set(loadKeyManager(Paths.get(str2, new String[0])));
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.keyManagerRef.get().chooseEngineClientAlias(strArr, principalArr, sSLEngine);
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        return this.keyManagerRef.get().chooseEngineServerAlias(str, principalArr, sSLEngine);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        return this.keyManagerRef.get().getClientAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return this.keyManagerRef.get().chooseClientAlias(strArr, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        return this.keyManagerRef.get().getServerAliases(str, principalArr);
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        return this.keyManagerRef.get().chooseServerAlias(str, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        return this.keyManagerRef.get().getCertificateChain(str);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        return this.keyManagerRef.get().getPrivateKey(str);
    }

    public ReloadingX509KeystoreManager loadFrom(Path path) {
        try {
            this.keyManagerRef.set(loadKeyManager(path));
            return this;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private X509ExtendedKeyManager loadKeyManager(Path path) throws IOException, GeneralSecurityException {
        X509ExtendedKeyManager x509ExtendedKeyManager = null;
        KeyStore keyStore = KeyStore.getInstance(this.type);
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        try {
            keyStore.load(newInputStream, this.storePassword.toCharArray());
            if (newInputStream != null) {
                newInputStream.close();
            }
            LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
            keyManagerFactory.init(keyStore, this.keyPassword != null ? this.keyPassword.toCharArray() : null);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            int length = keyManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                KeyManager keyManager = keyManagers[i];
                if (keyManager instanceof X509ExtendedKeyManager) {
                    x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                    break;
                }
                i++;
            }
            return x509ExtendedKeyManager;
        } catch (Throwable th) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
