package io.quarkus.vertx.http.runtime.options;

import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.quarkus.vertx.http.runtime.ServerSslConfig;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Vertx;
import io.vertx.core.buffer.Buffer;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.net.KeyStoreOptions;
import io.vertx.core.net.PemKeyCertOptions;
import io.vertx.core.net.SSLOptions;
import java.io.IOException;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.function.Function;
import java.util.function.Supplier;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkus/vertx/http/runtime/options/TlsCertificateReloader.class */
public class TlsCertificateReloader {
    private static final List<ReloadCertificateTask> TASKS = new CopyOnWriteArrayList();
    private static final Logger LOGGER = Logger.getLogger(TlsCertificateReloader.class);

    /* loaded from: input_file:io/quarkus/vertx/http/runtime/options/TlsCertificateReloader$ReloadCertificateTask.class */
    static final class ReloadCertificateTask {
        private final long it;
        private final Supplier<CompletionStage<Boolean>> action;

        ReloadCertificateTask(long j, Supplier<CompletionStage<Boolean>> supplier) {
            this.it = j;
            this.action = supplier;
        }

        public long it() {
            return this.it;
        }

        public Supplier<CompletionStage<Boolean>> action() {
            return this.action;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj == null || obj.getClass() != getClass()) {
                return false;
            }
            ReloadCertificateTask reloadCertificateTask = (ReloadCertificateTask) obj;
            return this.it == reloadCertificateTask.it && Objects.equals(this.action, reloadCertificateTask.action);
        }

        public int hashCode() {
            return Objects.hash(Long.valueOf(this.it), this.action);
        }

        public String toString() {
            long j = this.it;
            Supplier<CompletionStage<Boolean>> supplier = this.action;
            return "ReloadCertificateTask[it=" + j + ", action=" + j + "]";
        }
    }

    public static long initCertReloadingAction(final Vertx vertx, final HttpServer httpServer, HttpServerOptions httpServerOptions, final ServerSslConfig serverSslConfig, TlsConfigurationRegistry tlsConfigurationRegistry, Optional<String> optional) {
        if (httpServerOptions == null) {
            throw new IllegalArgumentException("Unable to configure TLS reloading - The HTTP server options were not provided");
        }
        boolean z = false;
        if (optional.isPresent()) {
            z = true;
        } else if (tlsConfigurationRegistry.getDefault().isPresent() && ((TlsConfiguration) tlsConfigurationRegistry.getDefault().get()).getKeyStoreOptions() != null) {
            z = true;
        }
        SSLOptions sSLOptions = null;
        TlsConfiguration tlsConfiguration = null;
        if (z) {
            tlsConfiguration = optional.isPresent() ? (TlsConfiguration) tlsConfigurationRegistry.get(optional.get()).orElseThrow() : (TlsConfiguration) tlsConfigurationRegistry.getDefault().orElseThrow();
        } else {
            sSLOptions = httpServerOptions.getSslOptions();
            if (sSLOptions == null) {
                throw new IllegalArgumentException("Unable to configure TLS reloading - TLS/SSL is not enabled on the server");
            }
        }
        if (!serverSslConfig.certificate.reloadPeriod.isPresent()) {
            return -1L;
        }
        if (serverSslConfig.certificate.reloadPeriod.get().toMillis() < 30000) {
            throw new IllegalArgumentException("Unable to configure TLS reloading - The reload period cannot be less than 30 seconds");
        }
        long millis = serverSslConfig.certificate.reloadPeriod.get().toMillis();
        final boolean z2 = z;
        final TlsConfiguration tlsConfiguration2 = tlsConfiguration;
        final SSLOptions sSLOptions2 = sSLOptions;
        final Supplier<CompletionStage<Boolean>> supplier = new Supplier<CompletionStage<Boolean>>() { // from class: io.quarkus.vertx.http.runtime.options.TlsCertificateReloader.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public CompletionStage<Boolean> get() {
                return vertx.executeBlocking(new Callable<SSLOptions>() { // from class: io.quarkus.vertx.http.runtime.options.TlsCertificateReloader.1.3
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public SSLOptions call() throws Exception {
                        if (z2) {
                            if (tlsConfiguration2.reload()) {
                                return tlsConfiguration2.getSSLOptions();
                            }
                            return null;
                        }
                        SSLOptions reloadFileContent = TlsCertificateReloader.reloadFileContent(sSLOptions2, serverSslConfig);
                        if (reloadFileContent.equals(sSLOptions2)) {
                            return null;
                        }
                        return reloadFileContent;
                    }
                }, true).flatMap(new Function<SSLOptions, Future<Boolean>>() { // from class: io.quarkus.vertx.http.runtime.options.TlsCertificateReloader.1.2
                    @Override // java.util.function.Function
                    public Future<Boolean> apply(SSLOptions sSLOptions3) {
                        return sSLOptions3 != null ? httpServer.updateSSLOptions(sSLOptions3) : Future.succeededFuture(false);
                    }
                }).onComplete(new Handler<AsyncResult<Boolean>>() { // from class: io.quarkus.vertx.http.runtime.options.TlsCertificateReloader.1.1
                    public void handle(AsyncResult<Boolean> asyncResult) {
                        if (asyncResult.failed()) {
                            TlsCertificateReloader.LOGGER.error("Unable to reload the TLS certificate, keeping the current one.", asyncResult.cause());
                        } else if (((Boolean) asyncResult.result()).booleanValue()) {
                            TlsCertificateReloader.LOGGER.debug("TLS certificates updated");
                        }
                    }
                }).toCompletionStage();
            }
        };
        long periodic = vertx.setPeriodic(millis, new Handler<Long>() { // from class: io.quarkus.vertx.http.runtime.options.TlsCertificateReloader.2
            public void handle(Long l) {
                supplier.get();
            }
        });
        TASKS.add(new ReloadCertificateTask(periodic, supplier));
        return periodic;
    }

    public static void unschedule(Vertx vertx, long j) {
        vertx.cancelTimer(j);
        for (ReloadCertificateTask reloadCertificateTask : TASKS) {
            if (reloadCertificateTask.it == j) {
                TASKS.remove(reloadCertificateTask);
                return;
            }
        }
    }

    public static CompletionStage<Void> reload() {
        CompletableFuture[] completableFutureArr = new CompletableFuture[TASKS.size()];
        for (int i = 0; i < TASKS.size(); i++) {
            completableFutureArr[i] = TASKS.get(i).action().get().toCompletableFuture();
        }
        return CompletableFuture.allOf(completableFutureArr);
    }

    private static SSLOptions reloadFileContent(SSLOptions sSLOptions, ServerSslConfig serverSslConfig) throws IOException {
        SSLOptions sSLOptions2 = new SSLOptions(sSLOptions);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Optional<List<Path>> optional = serverSslConfig.certificate.keyFiles;
        Objects.requireNonNull(arrayList);
        optional.ifPresent((v1) -> {
            r1.addAll(v1);
        });
        Optional<List<Path>> optional2 = serverSslConfig.certificate.files;
        Objects.requireNonNull(arrayList2);
        optional2.ifPresent((v1) -> {
            r1.addAll(v1);
        });
        if (!arrayList2.isEmpty() && !arrayList.isEmpty()) {
            ArrayList arrayList3 = new ArrayList();
            ArrayList arrayList4 = new ArrayList();
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                arrayList3.add(Buffer.buffer(HttpServerOptionsUtils.getFileContent((Path) it.next())));
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                arrayList4.add(Buffer.buffer(HttpServerOptionsUtils.getFileContent((Path) it2.next())));
            }
            sSLOptions2.setKeyCertOptions(new PemKeyCertOptions().setCertValues(arrayList3).setKeyValues(arrayList4));
        } else if (serverSslConfig.certificate.keyStoreFile.isPresent()) {
            KeyStoreOptions keyCertOptions = sSLOptions2.getKeyCertOptions();
            keyCertOptions.setValue(Buffer.buffer(HttpServerOptionsUtils.getFileContent(serverSslConfig.certificate.keyStoreFile.get())));
            sSLOptions2.setKeyCertOptions(keyCertOptions);
        }
        if (serverSslConfig.certificate.trustStoreFile.isPresent()) {
            KeyStoreOptions keyCertOptions2 = sSLOptions2.getKeyCertOptions();
            keyCertOptions2.setValue(Buffer.buffer(HttpServerOptionsUtils.getFileContent(serverSslConfig.certificate.trustStoreFile.get())));
            sSLOptions2.setTrustOptions(keyCertOptions2);
        }
        return sSLOptions2;
    }
}
