package org.apache.hadoop.security.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-2.7.5.0.jar:org/apache/hadoop/security/ssl/ReloadingX509TrustManager.class */
public final class ReloadingX509TrustManager implements X509TrustManager, Runnable {
    private String type;
    private File file;
    private String password;
    private long lastLoaded;
    private long reloadInterval;
    private AtomicReference<X509TrustManager> trustManagerRef = new AtomicReference<>();
    private volatile boolean running;
    private Thread reloader;
    private static final Log LOG = LogFactory.getLog(ReloadingX509TrustManager.class);
    private static final X509Certificate[] EMPTY = new X509Certificate[0];

    public ReloadingX509TrustManager(String str, String str2, String str3, long j) throws IOException, GeneralSecurityException {
        this.type = str;
        this.file = new File(str2);
        this.password = str3;
        this.trustManagerRef.set(loadTrustManager());
        this.reloadInterval = j;
    }

    public void init() {
        this.reloader = new Thread(this, "Truststore reloader thread");
        this.reloader.setDaemon(true);
        this.running = true;
        this.reloader.start();
    }

    public void destroy() {
        this.running = false;
        this.reloader.interrupt();
    }

    public long getReloadInterval() {
        return this.reloadInterval;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager = this.trustManagerRef.get();
        if (x509TrustManager == null) {
            throw new CertificateException("Unknown client chain certificate: " + x509CertificateArr[0].toString());
        }
        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager = this.trustManagerRef.get();
        if (x509TrustManager == null) {
            throw new CertificateException("Unknown server chain certificate: " + x509CertificateArr[0].toString());
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = EMPTY;
        X509TrustManager x509TrustManager = this.trustManagerRef.get();
        if (x509TrustManager != null) {
            x509CertificateArr = x509TrustManager.getAcceptedIssuers();
        }
        return x509CertificateArr;
    }

    boolean needsReload() {
        boolean z = true;
        if (!this.file.exists()) {
            this.lastLoaded = 0L;
        } else if (this.file.lastModified() == this.lastLoaded) {
            z = false;
        }
        return z;
    }

    X509TrustManager loadTrustManager() throws IOException, GeneralSecurityException {
        X509TrustManager x509TrustManager = null;
        KeyStore keyStore = KeyStore.getInstance(this.type);
        FileInputStream fileInputStream = new FileInputStream(this.file);
        try {
            keyStore.load(fileInputStream, this.password.toCharArray());
            this.lastLoaded = this.file.lastModified();
            LOG.debug("Loaded truststore '" + this.file + "'");
            fileInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            return x509TrustManager;
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        while (this.running) {
            try {
                Thread.sleep(this.reloadInterval);
            } catch (InterruptedException e) {
            }
            if (this.running && needsReload()) {
                try {
                    this.trustManagerRef.set(loadTrustManager());
                } catch (Exception e2) {
                    LOG.warn("Could not load truststore (keep using existing one) : " + e2.toString(), e2);
                }
            }
        }
    }
}
