package io.continual.http.service.framework;

import io.continual.builder.Builder;
import io.continual.util.data.StreamTools;
import io.continual.util.time.Clock;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import org.apache.catalina.connector.Connector;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/continual/http/service/framework/TomcatTlsConfig.class */
public class TomcatTlsConfig {
    private final String fKeystoreFilename;
    private final String fKeystorePassword;
    private final String fKeystorePasswordFile;
    private final String fKeystoreType;
    private final String fKeystoreAlias;
    private final boolean fScanForAlias;
    private long fLastConnectorWriteMs = 0;
    private String fCachedPassword = null;
    private long fLastPasswordFileRead = 0;
    private static final String kSetting_KeystoreFile = "file";
    private static final String kSetting_KeystoreType = "type";
    private static final String kDefault_KeystoreType = "JKS";
    private static final String kSetting_KeystoreAlias = "alias";
    private static final String kDefault_KeystoreAlias = "tomcat";
    private static final String kSetting_KeystoreAliasScan = "scanForAlias";
    private static final String kSetting_KeystorePassword = "password";
    private static final String kDefault_KeystorePassword = "changeme";
    private static final String kSetting_KeystorePasswordFile = "passwordFile";
    private static final Logger log = LoggerFactory.getLogger(TomcatTlsConfig.class);

    /* loaded from: input_file:io/continual/http/service/framework/TomcatTlsConfig$Builder.class */
    public static class Builder {
        private String fKeystoreFile = null;
        private String fLiteralPassword = null;
        private String fPasswordFile = null;
        private String fKeystoreType = TomcatTlsConfig.kDefault_KeystoreType;
        private String fKeystoreAlias = TomcatTlsConfig.kDefault_KeystoreAlias;
        private boolean fScanForAlias = false;

        public Builder fromJsonConfig(JSONObject jSONObject) throws Builder.BuildFailure {
            try {
                this.fKeystoreFile = TomcatTlsConfig.makeAbsolute(jSONObject.getString(TomcatTlsConfig.kSetting_KeystoreFile));
                if (jSONObject.has(TomcatTlsConfig.kSetting_KeystorePassword)) {
                    this.fLiteralPassword = jSONObject.getString(TomcatTlsConfig.kSetting_KeystorePassword);
                } else if (jSONObject.has(TomcatTlsConfig.kSetting_KeystorePasswordFile)) {
                    this.fPasswordFile = jSONObject.getString(TomcatTlsConfig.kSetting_KeystorePasswordFile);
                }
                this.fKeystoreType = jSONObject.optString(TomcatTlsConfig.kSetting_KeystoreType, TomcatTlsConfig.kDefault_KeystoreType);
                this.fKeystoreAlias = jSONObject.optString(TomcatTlsConfig.kSetting_KeystoreAlias, this.fKeystoreAlias);
                this.fScanForAlias = jSONObject.optBoolean(TomcatTlsConfig.kSetting_KeystoreAliasScan, this.fScanForAlias);
                return this;
            } catch (JSONException e) {
                throw new Builder.BuildFailure(e);
            }
        }

        public TomcatTlsConfig build() {
            return new TomcatTlsConfig(this);
        }
    }

    public boolean hasUpdate() {
        return new File(this.fKeystoreFilename).lastModified() > this.fLastConnectorWriteMs || (this.fKeystorePassword == null && new File(this.fKeystorePasswordFile).lastModified() > this.fLastConnectorWriteMs);
    }

    public void writeToConnector(Connector connector) {
        connector.setScheme("https");
        connector.setSecure(true);
        connector.setProperty("keystoreFile", this.fKeystoreFilename);
        connector.setProperty("keystorePass", getKeystorePassword());
        connector.setProperty("keystoreType", this.fKeystoreType);
        connector.setProperty("keyAlias", getKeystoreAlias());
        connector.setProperty("clientAuth", "false");
        connector.setProperty("sslProtocol", "TLS");
        connector.setProperty("SSLEnabled", "true");
        this.fLastConnectorWriteMs = Clock.now();
    }

    private TomcatTlsConfig(Builder builder) {
        this.fKeystoreFilename = builder.fKeystoreFile;
        this.fKeystorePassword = builder.fLiteralPassword;
        this.fKeystorePasswordFile = builder.fPasswordFile;
        this.fKeystoreType = builder.fKeystoreType;
        this.fKeystoreAlias = builder.fKeystoreAlias;
        this.fScanForAlias = builder.fScanForAlias;
    }

    private String getKeystorePassword() {
        if (this.fKeystorePassword != null) {
            return this.fKeystorePassword;
        }
        File file = new File(this.fKeystorePasswordFile);
        long lastModified = file.lastModified();
        if (this.fCachedPassword != null && lastModified <= this.fLastPasswordFileRead) {
            return this.fCachedPassword;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                this.fCachedPassword = new String(StreamTools.readBytes(fileInputStream)).trim();
                this.fLastPasswordFileRead = lastModified;
                String str = this.fCachedPassword;
                fileInputStream.close();
                return str;
            } finally {
            }
        } catch (IOException e) {
            log.warn("There was a problem trying to read {}: {}", this.fKeystorePasswordFile, e.getMessage());
            return kDefault_KeystorePassword;
        }
    }

    private String getKeystoreAlias() {
        return this.fScanForAlias ? scanKeystoreForPrivateKey() : this.fKeystoreAlias;
    }

    private static String makeAbsolute(String str) {
        if (str == null) {
            return null;
        }
        String str2 = str;
        if (!new File(str).isAbsolute()) {
            str2 = new File(FileSystems.getDefault().getPath(".", new String[0]).toAbsolutePath().toFile(), str).getAbsolutePath();
            log.info("Replacing path {} with absolute path {} .", str, str2);
        }
        return str2;
    }

    private String scanKeystoreForPrivateKey() {
        try {
            log.info("Scanning {} for its first private key...", this.fKeystoreFilename);
            KeyStore keyStore = KeyStore.getInstance(this.fKeystoreType);
            keyStore.load(new FileInputStream(this.fKeystoreFilename), getKeystorePassword().toCharArray());
            log.info("Keystore {} loaded...", this.fKeystoreFilename);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    log.info("Found private key {}.", nextElement);
                    return nextElement;
                }
            }
            return "";
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            log.warn("Exception inspecting keystore {} for alias: {}", this.fKeystoreFilename, e.getMessage());
            return "";
        }
    }
}
