package org.infinispan.server.configuration.security;

import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.util.Properties;
import java.util.function.Supplier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.attributes.AttributeDefinition;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.commons.configuration.attributes.ConfigurationElement;
import org.infinispan.commons.io.FileWatcher;
import org.infinispan.commons.util.ReloadingX509TrustManager;
import org.infinispan.commons.util.SslContextFactory;
import org.infinispan.configuration.parsing.ParseUtils;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.Attribute;
import org.infinispan.server.configuration.Element;
import org.infinispan.server.configuration.ServerConfigurationSerializer;
import org.infinispan.server.security.KeyStoreUtils;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.keystore.KeyStoreUtil;
import org.wildfly.security.provider.util.ProviderUtil;
import org.wildfly.security.ssl.SSLContextBuilder;

/* loaded from: input_file:org/infinispan/server/configuration/security/TrustStoreConfiguration.class */
public class TrustStoreConfiguration extends ConfigurationElement<TrustStoreConfiguration> {
    static final AttributeDefinition<Supplier<CredentialSource>> PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, (Object) null, Supplier.class).serializer(ServerConfigurationSerializer.CREDENTIAL).build();
    static final AttributeDefinition<String> PATH = AttributeDefinition.builder(Attribute.PATH, (Object) null, String.class).build();
    static final AttributeDefinition<String> RELATIVE_TO = AttributeDefinition.builder(Attribute.RELATIVE_TO, Server.INFINISPAN_SERVER_CONFIG_PATH, String.class).autoPersist(false).build();
    static final AttributeDefinition<String> PROVIDER = AttributeDefinition.builder(Attribute.PROVIDER, (Object) null, String.class).build();
    static final AttributeDefinition<String> TYPE = AttributeDefinition.builder(Attribute.TYPE, (Object) null, String.class).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AttributeSet attributeDefinitionSet() {
        return new AttributeSet(TrustStoreConfiguration.class, new AttributeDefinition[]{PATH, RELATIVE_TO, PROVIDER, PASSWORD, TYPE});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TrustStoreConfiguration(AttributeSet attributeSet) {
        super(Element.TRUSTSTORE, attributeSet, new ConfigurationElement[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore trustStore(Provider[] providerArr, Properties properties) {
        String resolvePath = ParseUtils.resolvePath((String) this.attributes.attribute(PATH).get(), properties.getProperty((String) this.attributes.attribute(RELATIVE_TO).get()));
        String str = (String) this.attributes.attribute(PROVIDER).get();
        String str2 = (String) this.attributes.attribute(TYPE).get();
        if (resolvePath == null) {
            try {
                return KeyStoreUtils.buildFilelessKeyStore(providerArr, str, str2);
            } catch (IOException | GeneralSecurityException e) {
                throw new CacheConfigurationException(e);
            }
        }
        char[] resolvePassword = CredentialStoresConfiguration.resolvePassword((org.infinispan.commons.configuration.attributes.Attribute<Supplier<CredentialSource>>) this.attributes.attribute(PASSWORD));
        try {
            FileInputStream fileInputStream = new FileInputStream(resolvePath);
            try {
                KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(() -> {
                    return providerArr;
                }, str, fileInputStream, resolvePath, resolvePassword);
                fileInputStream.close();
                return loadKeyStore;
            } finally {
            }
        } catch (IOException | KeyStoreException e2) {
            throw new CacheConfigurationException(e2);
        }
    }

    public void build(SSLContextBuilder sSLContextBuilder, Properties properties) {
        ReloadingX509TrustManager trustManagerFromStore;
        if (this.attributes.isModified()) {
            Provider[] discoverSecurityProviders = SslContextFactory.discoverSecurityProviders(Thread.currentThread().getContextClassLoader());
            if (this.attributes.attribute(PATH).isNull()) {
                try {
                    String str = (String) this.attributes.attribute(PROVIDER).get();
                    trustManagerFromStore = trustManagerFromStore(KeyStoreUtils.buildFilelessKeyStore(discoverSecurityProviders, str, (String) this.attributes.attribute(TYPE).get()), discoverSecurityProviders, str);
                } catch (IOException | GeneralSecurityException e) {
                    throw new RuntimeException(e);
                }
            } else {
                String str2 = (String) this.attributes.attribute(PROVIDER).get();
                String resolvePath = ParseUtils.resolvePath((String) this.attributes.attribute(PATH).get(), properties.getProperty((String) this.attributes.attribute(RELATIVE_TO).get()));
                FileWatcher fileWatcher = (FileWatcher) properties.get(Server.INFINISPAN_FILE_WATCHER);
                if (fileWatcher == null) {
                    try {
                        trustManagerFromStore = trustManagerFromStore(trustStore(discoverSecurityProviders, properties), discoverSecurityProviders, str2);
                    } catch (GeneralSecurityException e2) {
                        throw new RuntimeException(e2);
                    }
                } else {
                    trustManagerFromStore = new ReloadingX509TrustManager(fileWatcher, Paths.get(resolvePath, new String[0]), path -> {
                        try {
                            return trustManagerFromStore(trustStore(discoverSecurityProviders, properties), discoverSecurityProviders, str2);
                        } catch (GeneralSecurityException e3) {
                            throw new RuntimeException(e3);
                        }
                    });
                }
            }
            sSLContextBuilder.setTrustManager(trustManagerFromStore);
        }
    }

    private X509ExtendedTrustManager trustManagerFromStore(KeyStore keyStore, Provider[] providerArr, String str) throws GeneralSecurityException {
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        Provider findProvider = ProviderUtil.findProvider(providerArr, str, KeyManagerFactory.class, defaultAlgorithm);
        TrustManagerFactory trustManagerFactory = findProvider != null ? TrustManagerFactory.getInstance(defaultAlgorithm, findProvider) : TrustManagerFactory.getInstance(defaultAlgorithm);
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509ExtendedTrustManager) {
                return (X509ExtendedTrustManager) trustManager;
            }
        }
        throw Server.log.noDefaultTrustManager();
    }
}
