package io.spiffe.helper.keystore;

import io.spiffe.bundle.x509bundle.X509Bundle;
import io.spiffe.exception.SocketEndpointAddressException;
import io.spiffe.exception.WatcherException;
import io.spiffe.helper.exception.KeyStoreHelperException;
import io.spiffe.spiffeid.TrustDomain;
import io.spiffe.workloadapi.DefaultWorkloadApiClient;
import io.spiffe.workloadapi.Watcher;
import io.spiffe.workloadapi.WorkloadApiClient;
import io.spiffe.workloadapi.X509Context;
import java.io.Closeable;
import java.nio.file.Path;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.logging.Level;
import java.util.logging.Logger;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:io/spiffe/helper/keystore/KeyStoreHelper.class */
public class KeyStoreHelper implements Closeable {

    @Generated
    private static final Logger log = Logger.getLogger(KeyStoreHelper.class.getName());
    static final String DEFAULT_ALIAS = "spiffe";
    private final KeyStore keyStore;
    private final KeyStore trustStore;
    private final String keyPass;
    private final String keyAlias;
    private final WorkloadApiClient workloadApiClient;
    private volatile boolean closed;
    private volatile CountDownLatch countDownLatch;

    /* loaded from: input_file:io/spiffe/helper/keystore/KeyStoreHelper$KeyStoreOptions.class */
    public static class KeyStoreOptions {
        private Path keyStorePath;
        private Path trustStorePath;
        private KeyStoreType keyStoreType;
        private String keyStorePass;
        private String trustStorePass;
        private String keyPass;
        private String keyAlias;
        private String spiffeSocketPath;
        private WorkloadApiClient workloadApiClient;

        @Generated
        /* loaded from: input_file:io/spiffe/helper/keystore/KeyStoreHelper$KeyStoreOptions$KeyStoreOptionsBuilder.class */
        public static class KeyStoreOptionsBuilder {

            @Generated
            private Path keyStorePath;

            @Generated
            private Path trustStorePath;

            @Generated
            private String keyStorePass;

            @Generated
            private String trustStorePass;

            @Generated
            private String keyPass;

            @Generated
            private KeyStoreType keyStoreType;

            @Generated
            private String keyAlias;

            @Generated
            private WorkloadApiClient workloadApiClient;

            @Generated
            private String spiffeSocketPath;

            @Generated
            KeyStoreOptionsBuilder() {
            }

            @Generated
            public KeyStoreOptionsBuilder keyStorePath(@NonNull Path path) {
                if (path == null) {
                    throw new NullPointerException("keyStorePath is marked non-null but is null");
                }
                this.keyStorePath = path;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder trustStorePath(@NonNull Path path) {
                if (path == null) {
                    throw new NullPointerException("trustStorePath is marked non-null but is null");
                }
                this.trustStorePath = path;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder keyStorePass(@NonNull String str) {
                if (str == null) {
                    throw new NullPointerException("keyStorePass is marked non-null but is null");
                }
                this.keyStorePass = str;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder trustStorePass(@NonNull String str) {
                if (str == null) {
                    throw new NullPointerException("trustStorePass is marked non-null but is null");
                }
                this.trustStorePass = str;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder keyPass(@NonNull String str) {
                if (str == null) {
                    throw new NullPointerException("keyPass is marked non-null but is null");
                }
                this.keyPass = str;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder keyStoreType(KeyStoreType keyStoreType) {
                this.keyStoreType = keyStoreType;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder keyAlias(String str) {
                this.keyAlias = str;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder workloadApiClient(WorkloadApiClient workloadApiClient) {
                this.workloadApiClient = workloadApiClient;
                return this;
            }

            @Generated
            public KeyStoreOptionsBuilder spiffeSocketPath(String str) {
                this.spiffeSocketPath = str;
                return this;
            }

            @Generated
            public KeyStoreOptions build() {
                return new KeyStoreOptions(this.keyStorePath, this.trustStorePath, this.keyStorePass, this.trustStorePass, this.keyPass, this.keyStoreType, this.keyAlias, this.workloadApiClient, this.spiffeSocketPath);
            }

            @Generated
            public String toString() {
                return "KeyStoreHelper.KeyStoreOptions.KeyStoreOptionsBuilder(keyStorePath=" + this.keyStorePath + ", trustStorePath=" + this.trustStorePath + ", keyStorePass=" + this.keyStorePass + ", trustStorePass=" + this.trustStorePass + ", keyPass=" + this.keyPass + ", keyStoreType=" + this.keyStoreType + ", keyAlias=" + this.keyAlias + ", workloadApiClient=" + this.workloadApiClient + ", spiffeSocketPath=" + this.spiffeSocketPath + ")";
            }
        }

        public KeyStoreOptions(@NonNull Path path, @NonNull Path path2, @NonNull String str, @NonNull String str2, @NonNull String str3, KeyStoreType keyStoreType, String str4, WorkloadApiClient workloadApiClient, String str5) {
            if (path == null) {
                throw new NullPointerException("keyStorePath is marked non-null but is null");
            }
            if (path2 == null) {
                throw new NullPointerException("trustStorePath is marked non-null but is null");
            }
            if (str == null) {
                throw new NullPointerException("keyStorePass is marked non-null but is null");
            }
            if (str2 == null) {
                throw new NullPointerException("trustStorePass is marked non-null but is null");
            }
            if (str3 == null) {
                throw new NullPointerException("keyPass is marked non-null but is null");
            }
            this.keyStorePath = path;
            this.trustStorePath = path2;
            this.keyStoreType = keyStoreType;
            this.keyStorePass = str;
            this.trustStorePass = str2;
            this.keyPass = str3;
            this.keyAlias = str4;
            this.workloadApiClient = workloadApiClient;
            this.spiffeSocketPath = str5;
        }

        @Generated
        public static KeyStoreOptionsBuilder builder() {
            return new KeyStoreOptionsBuilder();
        }

        @Generated
        public Path getKeyStorePath() {
            return this.keyStorePath;
        }

        @Generated
        public Path getTrustStorePath() {
            return this.trustStorePath;
        }

        @Generated
        public KeyStoreType getKeyStoreType() {
            return this.keyStoreType;
        }

        @Generated
        public String getKeyStorePass() {
            return this.keyStorePass;
        }

        @Generated
        public String getTrustStorePass() {
            return this.trustStorePass;
        }

        @Generated
        public String getKeyPass() {
            return this.keyPass;
        }

        @Generated
        public String getKeyAlias() {
            return this.keyAlias;
        }

        @Generated
        public String getSpiffeSocketPath() {
            return this.spiffeSocketPath;
        }

        @Generated
        public WorkloadApiClient getWorkloadApiClient() {
            return this.workloadApiClient;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof KeyStoreOptions)) {
                return false;
            }
            KeyStoreOptions keyStoreOptions = (KeyStoreOptions) obj;
            if (!keyStoreOptions.canEqual(this)) {
                return false;
            }
            Path keyStorePath = getKeyStorePath();
            Path keyStorePath2 = keyStoreOptions.getKeyStorePath();
            if (keyStorePath == null) {
                if (keyStorePath2 != null) {
                    return false;
                }
            } else if (!keyStorePath.equals(keyStorePath2)) {
                return false;
            }
            Path trustStorePath = getTrustStorePath();
            Path trustStorePath2 = keyStoreOptions.getTrustStorePath();
            if (trustStorePath == null) {
                if (trustStorePath2 != null) {
                    return false;
                }
            } else if (!trustStorePath.equals(trustStorePath2)) {
                return false;
            }
            KeyStoreType keyStoreType = getKeyStoreType();
            KeyStoreType keyStoreType2 = keyStoreOptions.getKeyStoreType();
            if (keyStoreType == null) {
                if (keyStoreType2 != null) {
                    return false;
                }
            } else if (!keyStoreType.equals(keyStoreType2)) {
                return false;
            }
            String keyStorePass = getKeyStorePass();
            String keyStorePass2 = keyStoreOptions.getKeyStorePass();
            if (keyStorePass == null) {
                if (keyStorePass2 != null) {
                    return false;
                }
            } else if (!keyStorePass.equals(keyStorePass2)) {
                return false;
            }
            String trustStorePass = getTrustStorePass();
            String trustStorePass2 = keyStoreOptions.getTrustStorePass();
            if (trustStorePass == null) {
                if (trustStorePass2 != null) {
                    return false;
                }
            } else if (!trustStorePass.equals(trustStorePass2)) {
                return false;
            }
            String keyPass = getKeyPass();
            String keyPass2 = keyStoreOptions.getKeyPass();
            if (keyPass == null) {
                if (keyPass2 != null) {
                    return false;
                }
            } else if (!keyPass.equals(keyPass2)) {
                return false;
            }
            String keyAlias = getKeyAlias();
            String keyAlias2 = keyStoreOptions.getKeyAlias();
            if (keyAlias == null) {
                if (keyAlias2 != null) {
                    return false;
                }
            } else if (!keyAlias.equals(keyAlias2)) {
                return false;
            }
            String spiffeSocketPath = getSpiffeSocketPath();
            String spiffeSocketPath2 = keyStoreOptions.getSpiffeSocketPath();
            if (spiffeSocketPath == null) {
                if (spiffeSocketPath2 != null) {
                    return false;
                }
            } else if (!spiffeSocketPath.equals(spiffeSocketPath2)) {
                return false;
            }
            WorkloadApiClient workloadApiClient = getWorkloadApiClient();
            WorkloadApiClient workloadApiClient2 = keyStoreOptions.getWorkloadApiClient();
            return workloadApiClient == null ? workloadApiClient2 == null : workloadApiClient.equals(workloadApiClient2);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof KeyStoreOptions;
        }

        @Generated
        public int hashCode() {
            Path keyStorePath = getKeyStorePath();
            int hashCode = (1 * 59) + (keyStorePath == null ? 43 : keyStorePath.hashCode());
            Path trustStorePath = getTrustStorePath();
            int hashCode2 = (hashCode * 59) + (trustStorePath == null ? 43 : trustStorePath.hashCode());
            KeyStoreType keyStoreType = getKeyStoreType();
            int hashCode3 = (hashCode2 * 59) + (keyStoreType == null ? 43 : keyStoreType.hashCode());
            String keyStorePass = getKeyStorePass();
            int hashCode4 = (hashCode3 * 59) + (keyStorePass == null ? 43 : keyStorePass.hashCode());
            String trustStorePass = getTrustStorePass();
            int hashCode5 = (hashCode4 * 59) + (trustStorePass == null ? 43 : trustStorePass.hashCode());
            String keyPass = getKeyPass();
            int hashCode6 = (hashCode5 * 59) + (keyPass == null ? 43 : keyPass.hashCode());
            String keyAlias = getKeyAlias();
            int hashCode7 = (hashCode6 * 59) + (keyAlias == null ? 43 : keyAlias.hashCode());
            String spiffeSocketPath = getSpiffeSocketPath();
            int hashCode8 = (hashCode7 * 59) + (spiffeSocketPath == null ? 43 : spiffeSocketPath.hashCode());
            WorkloadApiClient workloadApiClient = getWorkloadApiClient();
            return (hashCode8 * 59) + (workloadApiClient == null ? 43 : workloadApiClient.hashCode());
        }

        @Generated
        public String toString() {
            return "KeyStoreHelper.KeyStoreOptions(keyStorePath=" + getKeyStorePath() + ", trustStorePath=" + getTrustStorePath() + ", keyStoreType=" + getKeyStoreType() + ", keyStorePass=" + getKeyStorePass() + ", trustStorePass=" + getTrustStorePass() + ", keyPass=" + getKeyPass() + ", keyAlias=" + getKeyAlias() + ", spiffeSocketPath=" + getSpiffeSocketPath() + ", workloadApiClient=" + getWorkloadApiClient() + ")";
        }
    }

    public static KeyStoreHelper create(@NonNull KeyStoreOptions keyStoreOptions) throws SocketEndpointAddressException, KeyStoreHelperException, KeyStoreException {
        if (keyStoreOptions == null) {
            throw new NullPointerException("options is marked non-null but is null");
        }
        if (keyStoreOptions.keyStorePath.equals(keyStoreOptions.trustStorePath)) {
            throw new KeyStoreHelperException("KeyStore and TrustStore should use different files");
        }
        if (keyStoreOptions.keyStoreType == null) {
            keyStoreOptions.keyStoreType = KeyStoreType.getDefaultType();
        }
        if (StringUtils.isBlank(keyStoreOptions.keyAlias)) {
            keyStoreOptions.keyAlias = DEFAULT_ALIAS;
        }
        KeyStore createKeyStore = createKeyStore(keyStoreOptions, keyStoreOptions.keyStorePath, keyStoreOptions.keyStorePass);
        KeyStore createKeyStore2 = createKeyStore(keyStoreOptions, keyStoreOptions.trustStorePath, keyStoreOptions.trustStorePass);
        if (keyStoreOptions.workloadApiClient == null) {
            keyStoreOptions.workloadApiClient = createNewClient(keyStoreOptions.spiffeSocketPath);
        }
        return new KeyStoreHelper(createKeyStore, createKeyStore2, keyStoreOptions.keyPass, keyStoreOptions.keyAlias, keyStoreOptions.workloadApiClient);
    }

    public void run(boolean z) throws KeyStoreHelperException {
        if (isClosed()) {
            throw new IllegalStateException("KeyStoreHelper is closed");
        }
        try {
            setX509ContextWatcher(z);
        } catch (Exception e) {
            throw new KeyStoreHelperException("Error running KeyStoreHelper", e);
        }
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (!this.closed) {
            synchronized (this) {
                if (!this.closed) {
                    this.workloadApiClient.close();
                    countDown();
                    this.closed = true;
                    log.info("KeyStoreHelper is closed");
                }
            }
        }
    }

    private void countDown() {
        if (this.countDownLatch != null) {
            this.countDownLatch.countDown();
        }
    }

    private KeyStoreHelper(KeyStore keyStore, KeyStore keyStore2, String str, String str2, WorkloadApiClient workloadApiClient) {
        this.keyStore = keyStore;
        this.trustStore = keyStore2;
        this.keyPass = str;
        this.keyAlias = str2;
        this.workloadApiClient = workloadApiClient;
    }

    private static KeyStore createKeyStore(KeyStoreOptions keyStoreOptions, Path path, String str) throws KeyStoreException {
        return KeyStore.builder().keyStoreFilePath(path).keyStoreType(keyStoreOptions.keyStoreType).keyStorePassword(str).build();
    }

    private static WorkloadApiClient createNewClient(String str) throws SocketEndpointAddressException {
        return DefaultWorkloadApiClient.newClient(DefaultWorkloadApiClient.ClientOptions.builder().spiffeSocketPath(str).build());
    }

    private void setX509ContextWatcher(final boolean z) {
        this.countDownLatch = new CountDownLatch(1);
        this.workloadApiClient.watchX509Context(new Watcher<X509Context>() { // from class: io.spiffe.helper.keystore.KeyStoreHelper.1
            @Override // io.spiffe.workloadapi.Watcher
            public void onUpdate(X509Context x509Context) {
                try {
                    KeyStoreHelper.this.storeX509ContextUpdate(x509Context);
                    if (!z) {
                        KeyStoreHelper.this.countDownLatch.countDown();
                    }
                } catch (KeyStoreException e) {
                    onError(e);
                }
            }

            @Override // io.spiffe.workloadapi.Watcher
            public void onError(Throwable th) {
                KeyStoreHelper.log.log(Level.SEVERE, th.getMessage());
                KeyStoreHelper.this.countDownLatch.countDown();
                throw new WatcherException("Error processing X.509 context update", th);
            }
        });
        await(this.countDownLatch);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void storeX509ContextUpdate(X509Context x509Context) throws KeyStoreException {
        this.keyStore.storePrivateKeyEntry(PrivateKeyEntry.builder().alias(this.keyAlias).password(this.keyPass).privateKey(x509Context.getDefaultSvid().getPrivateKey()).certificateChain(x509Context.getDefaultSvid().getChainArray()).build());
        for (Map.Entry<TrustDomain, X509Bundle> entry : x509Context.getX509BundleSet().getBundles().entrySet()) {
            storeBundle(entry.getKey(), entry.getValue());
        }
        log.log(Level.INFO, "Stored X.509 context update in Java KeyStore");
    }

    private void storeBundle(TrustDomain trustDomain, X509Bundle x509Bundle) throws KeyStoreException {
        Iterator<X509Certificate> it = x509Bundle.getX509Authorities().iterator();
        while (it.hasNext()) {
            this.trustStore.storeAuthorityEntry(AuthorityEntry.builder().alias(generateAlias(trustDomain, 0)).certificate(it.next()).build());
        }
    }

    private String generateAlias(TrustDomain trustDomain, int i) {
        return trustDomain.getName().concat(".").concat(String.valueOf(i));
    }

    private boolean isClosed() {
        boolean z;
        synchronized (this) {
            z = this.closed;
        }
        return z;
    }

    private void await(CountDownLatch countDownLatch) {
        try {
            countDownLatch.await();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
    }
}
