package io.vitess.client.grpc;

import io.grpc.CallCredentials;
import io.grpc.ClientInterceptor;
import io.grpc.LoadBalancer;
import io.grpc.LoadBalancerProvider;
import io.grpc.LoadBalancerRegistry;
import io.grpc.NameResolver;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NegotiationType;
import io.grpc.netty.NettyChannelBuilder;
import io.netty.handler.ssl.SslContextBuilder;
import io.opentracing.contrib.grpc.ClientTracingInterceptor;
import io.vitess.client.Context;
import io.vitess.client.RpcClient;
import io.vitess.client.RpcClientFactory;
import io.vitess.client.grpc.tls.TlsOptions;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.SSLException;

/* loaded from: input_file:io/vitess/client/grpc/GrpcClientFactory.class */
public class GrpcClientFactory implements RpcClientFactory {
    private RetryingInterceptorConfig config;
    private final boolean useTracing;
    private CallCredentials callCredentials;
    private String loadBalancerPolicy;
    private NameResolver.Factory nameResolverFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/vitess/client/grpc/GrpcClientFactory$PrivateKeyWrapper.class */
    public class PrivateKeyWrapper {
        private PrivateKey privateKey;
        private String password;
        private X509Certificate[] certificateChain;

        public PrivateKeyWrapper(PrivateKey privateKey, String str, Certificate[] certificateArr) {
            this.privateKey = privateKey;
            this.password = str;
            this.certificateChain = (X509Certificate[]) Arrays.copyOf(certificateArr, certificateArr.length, X509Certificate[].class);
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }

        public String getPassword() {
            return this.password;
        }

        public X509Certificate[] getCertificateChain() {
            return this.certificateChain;
        }
    }

    /* loaded from: input_file:io/vitess/client/grpc/GrpcClientFactory$VitessLoadBalancer.class */
    private class VitessLoadBalancer extends LoadBalancerProvider {
        private LoadBalancer.Factory base;

        public VitessLoadBalancer(LoadBalancer.Factory factory) {
        }

        public LoadBalancer newLoadBalancer(LoadBalancer.Helper helper) {
            return this.base.newLoadBalancer(helper);
        }

        public boolean isAvailable() {
            return true;
        }

        public int getPriority() {
            return 10;
        }

        public String getPolicyName() {
            return "vitess_lb";
        }
    }

    public GrpcClientFactory() {
        this(RetryingInterceptorConfig.noOpConfig(), true);
    }

    public GrpcClientFactory(RetryingInterceptorConfig retryingInterceptorConfig, boolean z) {
        this.config = retryingInterceptorConfig;
        this.useTracing = z;
    }

    public GrpcClientFactory setCallCredentials(CallCredentials callCredentials) {
        this.callCredentials = callCredentials;
        return this;
    }

    public GrpcClientFactory setLoadBalancerFactory(LoadBalancer.Factory factory) {
        VitessLoadBalancer vitessLoadBalancer = new VitessLoadBalancer(factory);
        LoadBalancerRegistry defaultRegistry = LoadBalancerRegistry.getDefaultRegistry();
        defaultRegistry.deregister(vitessLoadBalancer);
        defaultRegistry.register(vitessLoadBalancer);
        this.loadBalancerPolicy = "vitess_lb";
        return this;
    }

    public GrpcClientFactory setNameResolverFactory(NameResolver.Factory factory) {
        this.nameResolverFactory = factory;
        return this;
    }

    public RpcClient create(Context context, String str) {
        NettyChannelBuilder intercept = channelBuilder(str).negotiationType(NegotiationType.PLAINTEXT).intercept(getClientInterceptors());
        if (this.loadBalancerPolicy != null) {
            intercept.defaultLoadBalancingPolicy(this.loadBalancerPolicy);
        }
        if (this.nameResolverFactory != null) {
            intercept.nameResolverFactory(this.nameResolverFactory);
        }
        return this.callCredentials != null ? new GrpcClient(intercept.build(), this.callCredentials, context) : new GrpcClient(intercept.build(), context);
    }

    private ClientInterceptor[] getClientInterceptors() {
        RetryingInterceptor retryingInterceptor = new RetryingInterceptor(this.config);
        return this.useTracing ? new ClientInterceptor[]{retryingInterceptor, new ClientTracingInterceptor()} : new ClientInterceptor[]{retryingInterceptor};
    }

    protected NettyChannelBuilder channelBuilder(String str) {
        return NettyChannelBuilder.forTarget(str);
    }

    public RpcClient createTls(Context context, String str, TlsOptions tlsOptions) {
        SslContextBuilder forClient = GrpcSslContexts.forClient();
        KeyStore loadKeyStore = loadKeyStore(tlsOptions.getTrustStore(), tlsOptions.getTrustStorePassword());
        if (loadKeyStore == null) {
            throw new RuntimeException("Could not load trustStore");
        }
        forClient.trustManager(tlsOptions.getTrustAlias() == null ? loadCertCollection(loadKeyStore) : loadCertCollectionForAlias(loadKeyStore, tlsOptions.getTrustAlias()));
        KeyStore loadKeyStore2 = loadKeyStore(tlsOptions.getKeyStore(), tlsOptions.getKeyStorePassword());
        if (loadKeyStore2 != null) {
            PrivateKeyWrapper loadPrivateKeyEntry = tlsOptions.getKeyAlias() == null ? loadPrivateKeyEntry(loadKeyStore2, tlsOptions.getKeyStorePassword(), tlsOptions.getKeyPassword()) : loadPrivateKeyEntryForAlias(loadKeyStore2, tlsOptions.getKeyAlias(), tlsOptions.getKeyStorePassword(), tlsOptions.getKeyPassword());
            if (loadPrivateKeyEntry == null) {
                throw new RuntimeException("Could not retrieve private key and certificate chain from keyStore");
            }
            forClient.keyManager(loadPrivateKeyEntry.getPrivateKey(), loadPrivateKeyEntry.getPassword(), loadPrivateKeyEntry.getCertificateChain());
        }
        try {
            return new GrpcClient(channelBuilder(str).negotiationType(NegotiationType.TLS).sslContext(forClient.build()).intercept(getClientInterceptors()).build(), context);
        } catch (SSLException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStore loadKeyStore(File file, String str) {
        if (file == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(Constants.KEYSTORE_TYPE);
            char[] charArray = str == null ? null : str.toCharArray();
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            return null;
        }
    }

    private X509Certificate[] loadCertCollectionForAlias(KeyStore keyStore, String str) {
        if (keyStore == null) {
            return null;
        }
        try {
            return new X509Certificate[]{(X509Certificate) keyStore.getCertificate(str)};
        } catch (ClassCastException | KeyStoreException e) {
            return null;
        }
    }

    private X509Certificate[] loadCertCollection(KeyStore keyStore) {
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate[] loadCertCollectionForAlias = loadCertCollectionForAlias(keyStore, aliases.nextElement());
                if (loadCertCollectionForAlias != null) {
                    return loadCertCollectionForAlias;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            return null;
        }
    }

    private PrivateKeyWrapper loadPrivateKeyEntryForAlias(KeyStore keyStore, String str, String str2, String str3) {
        char[] charArray;
        if (keyStore == null || str == null) {
            return null;
        }
        try {
            if (!keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
                return null;
            }
            if (str3 == null) {
                charArray = null;
            } else {
                try {
                    charArray = str3.toCharArray();
                } catch (KeyStoreException | NoSuchAlgorithmException e) {
                    return null;
                } catch (UnrecoverableEntryException e2) {
                    try {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(str2 == null ? null : str2.toCharArray()));
                        return new PrivateKeyWrapper(privateKeyEntry.getPrivateKey(), str3, privateKeyEntry.getCertificateChain());
                    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e3) {
                        return null;
                    }
                }
            }
            KeyStore.PrivateKeyEntry privateKeyEntry2 = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(charArray));
            return new PrivateKeyWrapper(privateKeyEntry2.getPrivateKey(), str3, privateKeyEntry2.getCertificateChain());
        } catch (KeyStoreException e4) {
            return null;
        }
    }

    private PrivateKeyWrapper loadPrivateKeyEntry(KeyStore keyStore, String str, String str2) {
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                PrivateKeyWrapper loadPrivateKeyEntryForAlias = loadPrivateKeyEntryForAlias(keyStore, aliases.nextElement(), str, str2);
                if (loadPrivateKeyEntryForAlias != null) {
                    return loadPrivateKeyEntryForAlias;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            return null;
        }
    }
}
