package com.hivemq.security.ssl;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.hash.Funnel;
import com.google.common.hash.Funnels;
import com.google.common.hash.HashCode;
import com.google.common.hash.Hashing;
import com.google.common.hash.PrimitiveSink;
import com.google.inject.Inject;
import com.hivemq.bootstrap.ioc.lazysingleton.LazySingleton;
import com.hivemq.configuration.service.entity.Tls;
import com.hivemq.exceptions.UnrecoverableException;
import com.hivemq.extension.sdk.api.annotations.NotNull;
import com.hivemq.security.exception.SslException;
import com.hivemq.security.ioc.Security;
import io.netty.handler.ssl.SslContext;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Executor;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@LazySingleton
/* loaded from: input_file:com/hivemq/security/ssl/SslContextStore.class */
public class SslContextStore {

    @NotNull
    private static final Logger log = LoggerFactory.getLogger(SslContextStore.class);

    @NotNull
    private final ScheduledExecutorService executorService;

    @NotNull
    private final SslContextFactory sslContextFactory;

    @NotNull
    private final ConcurrentMap<Tls, SslContext> sslContextMap = new ConcurrentHashMap();

    @NotNull
    private final ConcurrentMap<Tls, HashCode> checksumMap = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/hivemq/security/ssl/SslContextStore$KeystoreAndTruststoreHashFunnel.class */
    public enum KeystoreAndTruststoreHashFunnel implements Funnel<Tls> {
        INSTANCE;

        public void funnel(@NotNull Tls tls, @NotNull PrimitiveSink primitiveSink) {
            funnelFile(tls.getKeystorePath(), primitiveSink);
            if (StringUtils.isNotBlank(tls.getTruststorePath())) {
                funnelFile(tls.getTruststorePath(), primitiveSink);
            }
        }

        private static void funnelFile(@NotNull String str, @NotNull PrimitiveSink primitiveSink) {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    fileInputStream.transferTo(Funnels.asOutputStream(primitiveSink));
                    fileInputStream.close();
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/hivemq/security/ssl/SslContextStore$SslContextFirstTimeRunnable.class */
    final class SslContextFirstTimeRunnable implements Runnable {

        @NotNull
        private final Tls tls;

        private SslContextFirstTimeRunnable(@NotNull Tls tls) {
            this.tls = tls;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                SslContextStore.this.checksumMap.put(this.tls, SslContextStore.hashKeystoreAndTruststore(this.tls));
                SslContextStore.this.executorService.scheduleAtFixedRate(new SslContextScheduledRunnable(this.tls), 10L, 10L, TimeUnit.SECONDS);
            } catch (Exception e) {
                SslContextStore.log.error("Could not generate initial hash of KeyStore and TrustStore", e);
                throw new UnrecoverableException();
            }
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/hivemq/security/ssl/SslContextStore$SslContextScheduledRunnable.class */
    final class SslContextScheduledRunnable implements Runnable {

        @NotNull
        private final Tls tls;

        private SslContextScheduledRunnable(@NotNull Tls tls) {
            this.tls = tls;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                HashCode hashKeystoreAndTruststore = SslContextStore.hashKeystoreAndTruststore(this.tls);
                if (!hashKeystoreAndTruststore.equals(SslContextStore.this.checksumMap.get(this.tls))) {
                    SslContextStore.this.sslContextMap.put(this.tls, SslContextStore.this.sslContextFactory.createSslContext(this.tls));
                    SslContextStore.this.checksumMap.put(this.tls, hashKeystoreAndTruststore);
                    SslContextStore.log.info("Successfully updated changed SSL Context");
                }
            } catch (SslException e) {
                SslContextStore.log.warn("Could not parse new SSL Context from changed keystore or truststore", e);
            } catch (FileNotFoundException e2) {
                SslContextStore.log.warn("Could not find keystore or truststore file", e2);
            } catch (Exception e3) {
                SslContextStore.log.warn("Scheduled SSL Context check failed", e3);
            }
        }
    }

    @Inject
    public SslContextStore(@Security @NotNull ScheduledExecutorService scheduledExecutorService, @NotNull SslContextFactory sslContextFactory) {
        this.executorService = scheduledExecutorService;
        this.sslContextFactory = sslContextFactory;
    }

    @NotNull
    public SslContext getAndInitAsync(@NotNull Tls tls) {
        return getAndInit(tls, this.executorService, sslContext -> {
        });
    }

    public void createAndInitIfAbsent(@NotNull Tls tls, @NotNull Consumer<SslContext> consumer) {
        getAndInit(tls, (v0) -> {
            v0.run();
        }, consumer);
    }

    @NotNull
    private SslContext getAndInit(@NotNull Tls tls, @NotNull Executor executor, @NotNull Consumer<SslContext> consumer) {
        return this.sslContextMap.computeIfAbsent(tls, tls2 -> {
            SslContext createSslContext = this.sslContextFactory.createSslContext(tls2);
            executor.execute(new SslContextFirstTimeRunnable(tls2));
            consumer.accept(createSslContext);
            return createSslContext;
        });
    }

    @VisibleForTesting
    @NotNull
    static HashCode hashKeystoreAndTruststore(@NotNull Tls tls) throws IOException {
        try {
            return Hashing.md5().hashObject(tls, KeystoreAndTruststoreHashFunnel.INSTANCE);
        } catch (UncheckedIOException e) {
            throw e.getCause();
        }
    }
}
