package org.apache.nifi.security.util;

import java.io.File;
import java.net.MalformedURLException;
import java.util.Objects;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.12.0.jar:org/apache/nifi/security/util/TlsConfiguration.class */
public class TlsConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(TlsConfiguration.class);
    private static final String TLS_PROTOCOL_VERSION = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
    private static final String MASKED_PASSWORD_LOG = "********";
    private static final String NULL_LOG = "null";
    private final String keystorePath;
    private final String keystorePassword;
    private final String keyPassword;
    private final KeystoreType keystoreType;
    private final String truststorePath;
    private final String truststorePassword;
    private final KeystoreType truststoreType;
    private final String protocol;

    public TlsConfiguration() {
        this((String) null, (String) null, (String) null, "", (String) null, (String) null, "", (String) null);
    }

    public TlsConfiguration(String str, String str2, KeystoreType keystoreType, String str3, String str4, KeystoreType keystoreType2) {
        this(str, str2, str2, keystoreType, str3, str4, keystoreType2, TLS_PROTOCOL_VERSION);
    }

    public TlsConfiguration(String str, String str2, String str3, KeystoreType keystoreType, String str4, String str5, KeystoreType keystoreType2) {
        this(str, str2, str3, keystoreType, str4, str5, keystoreType2, TLS_PROTOCOL_VERSION);
    }

    public TlsConfiguration(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this(str, str2, str3, KeystoreType.isValidKeystoreType(str4) ? KeystoreType.valueOf(str4.toUpperCase()) : null, str5, str6, KeystoreType.isValidKeystoreType(str7) ? KeystoreType.valueOf(str7.toUpperCase()) : null, TLS_PROTOCOL_VERSION);
    }

    public TlsConfiguration(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        this(str, str2, str3, KeystoreType.isValidKeystoreType(str4) ? KeystoreType.valueOf(str4.toUpperCase()) : null, str5, str6, KeystoreType.isValidKeystoreType(str7) ? KeystoreType.valueOf(str7.toUpperCase()) : null, str8);
    }

    public TlsConfiguration(String str, String str2, String str3, KeystoreType keystoreType, String str4, String str5, KeystoreType keystoreType2, String str6) {
        this.keystorePath = str;
        this.keystorePassword = str2;
        this.keyPassword = str3;
        this.keystoreType = keystoreType;
        this.truststorePath = str4;
        this.truststorePassword = str5;
        this.truststoreType = keystoreType2;
        this.protocol = str6;
    }

    public TlsConfiguration(TlsConfiguration tlsConfiguration) {
        this.keystorePath = tlsConfiguration.keystorePath;
        this.keystorePassword = tlsConfiguration.keystorePassword;
        this.keyPassword = tlsConfiguration.keyPassword;
        this.keystoreType = tlsConfiguration.keystoreType;
        this.truststorePath = tlsConfiguration.truststorePath;
        this.truststorePassword = tlsConfiguration.truststorePassword;
        this.truststoreType = tlsConfiguration.truststoreType;
        this.protocol = tlsConfiguration.protocol;
    }

    public static TlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties) {
        if (niFiProperties == null) {
            throw new IllegalArgumentException("The NiFi properties cannot be null");
        }
        String property = niFiProperties.getProperty("nifi.security.keystore");
        String property2 = niFiProperties.getProperty("nifi.security.keystorePasswd");
        String property3 = niFiProperties.getProperty("nifi.security.keyPasswd");
        String property4 = niFiProperties.getProperty("nifi.security.keystoreType");
        String property5 = niFiProperties.getProperty("nifi.security.truststore");
        String property6 = niFiProperties.getProperty("nifi.security.truststorePasswd");
        String property7 = niFiProperties.getProperty("nifi.security.truststoreType");
        String str = TLS_PROTOCOL_VERSION;
        TlsConfiguration tlsConfiguration = new TlsConfiguration(property, property2, property3, property4, property5, property6, property7, str);
        if (logger.isDebugEnabled()) {
            logger.debug("Instantiating TlsConfiguration from NiFi properties: {}, {}, {}, {}, {}, {}, {}, {}", new Object[]{property, tlsConfiguration.getKeystorePasswordForLogging(), tlsConfiguration.getKeyPasswordForLogging(), property4, property5, tlsConfiguration.getTruststorePasswordForLogging(), property7, str});
        }
        return tlsConfiguration;
    }

    public static TlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) {
        if (niFiProperties == null) {
            throw new IllegalArgumentException("The NiFi properties cannot be null");
        }
        String property = niFiProperties.getProperty("nifi.security.truststore");
        String property2 = niFiProperties.getProperty("nifi.security.truststorePasswd");
        String property3 = niFiProperties.getProperty("nifi.security.truststoreType");
        String str = TLS_PROTOCOL_VERSION;
        TlsConfiguration tlsConfiguration = new TlsConfiguration((String) null, (String) null, (String) null, (String) null, property, property2, property3, str);
        if (logger.isDebugEnabled()) {
            logger.debug("Instantiating TlsConfiguration from NiFi properties: null x4, {}, {}, {}, {}", new Object[]{property, tlsConfiguration.getTruststorePasswordForLogging(), property3, str});
        }
        return tlsConfiguration;
    }

    public static boolean isEmpty(TlsConfiguration tlsConfiguration) {
        return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
    }

    public String getKeystorePath() {
        return this.keystorePath;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public String getKeystorePasswordForLogging() {
        return maskPasswordForLog(this.keystorePassword);
    }

    public String getKeyPassword() {
        return this.keyPassword;
    }

    public String getKeyPasswordForLogging() {
        return maskPasswordForLog(this.keyPassword);
    }

    public String getFunctionalKeyPassword() {
        return StringUtils.isNotBlank(this.keyPassword) ? this.keyPassword : this.keystorePassword;
    }

    public String getFunctionalKeyPasswordForLogging() {
        return maskPasswordForLog(getFunctionalKeyPassword());
    }

    public KeystoreType getKeystoreType() {
        return this.keystoreType;
    }

    public String getTruststorePath() {
        return this.truststorePath;
    }

    public String getTruststorePassword() {
        return this.truststorePassword;
    }

    public String getTruststorePasswordForLogging() {
        return maskPasswordForLog(this.truststorePassword);
    }

    public KeystoreType getTruststoreType() {
        return this.truststoreType;
    }

    public String getProtocol() {
        return this.protocol;
    }

    public boolean isKeystorePopulated() {
        return isStorePopulated(this.keystorePath, this.keystorePassword, this.keystoreType, "keystore");
    }

    public boolean isAnyKeystorePopulated() {
        return isAnyPopulated(this.keystorePath, this.keystorePassword, this.keystoreType);
    }

    public boolean isKeystoreValid() {
        if (isStoreValid(this.keystorePath, this.keystorePassword, this.keystoreType, "keystore")) {
            return true;
        }
        if (!StringUtils.isNotBlank(this.keyPassword) || this.keystorePassword.equals(this.keyPassword)) {
            return false;
        }
        logger.debug("Simple keystore validity check failed; trying with separate key password");
        try {
            if (isKeystorePopulated()) {
                if (KeyStoreUtils.isKeyPasswordCorrect(new File(this.keystorePath).toURI().toURL(), this.keystoreType, this.keystorePassword.toCharArray(), getFunctionalKeyPassword().toCharArray())) {
                    return true;
                }
            }
            return false;
        } catch (MalformedURLException e) {
            logger.error("Encountered an error validating the keystore: " + e.getLocalizedMessage());
            return false;
        }
    }

    public boolean isTruststorePopulated() {
        return isStorePopulated(this.truststorePath, this.truststorePassword, this.truststoreType, "truststore");
    }

    public boolean isAnyTruststorePopulated() {
        return isAnyPopulated(this.truststorePath, this.truststorePassword, this.truststoreType);
    }

    public boolean isTruststoreValid() {
        return isStoreValid(this.truststorePath, this.truststorePassword, this.truststoreType, "truststore");
    }

    public String[] getKeystorePropertiesForLogging() {
        String[] strArr = new String[4];
        strArr[0] = getKeystorePath();
        strArr[1] = getKeystorePasswordForLogging();
        strArr[2] = getFunctionalKeyPasswordForLogging();
        strArr[3] = getKeystoreType() != null ? getKeystoreType().getType() : NULL_LOG;
        return strArr;
    }

    public String[] getTruststorePropertiesForLogging() {
        String[] strArr = new String[3];
        strArr[0] = getTruststorePath();
        strArr[1] = getTruststorePasswordForLogging();
        strArr[2] = getKeystoreType() != null ? getTruststoreType().getType() : NULL_LOG;
        return strArr;
    }

    public String toString() {
        return new ToStringBuilder(this).append("keystorePath", this.keystorePath).append("keystorePassword", getKeystorePasswordForLogging()).append("keyPassword", getKeyPasswordForLogging()).append("keystoreType", this.keystoreType).append("truststorePath", this.truststorePath).append("truststorePassword", getTruststorePasswordForLogging()).append("truststoreType", this.truststoreType).append("protocol", this.protocol).toString();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        TlsConfiguration tlsConfiguration = (TlsConfiguration) obj;
        return Objects.equals(this.keystorePath, tlsConfiguration.keystorePath) && Objects.equals(this.keystorePassword, tlsConfiguration.keystorePassword) && Objects.equals(this.keyPassword, tlsConfiguration.keyPassword) && this.keystoreType == tlsConfiguration.keystoreType && Objects.equals(this.truststorePath, tlsConfiguration.truststorePath) && Objects.equals(this.truststorePassword, tlsConfiguration.truststorePassword) && this.truststoreType == tlsConfiguration.truststoreType && Objects.equals(this.protocol, tlsConfiguration.protocol);
    }

    public int hashCode() {
        return Objects.hash(this.keystorePath, this.keystorePassword, this.keyPassword, this.keystoreType, this.truststorePath, this.truststorePassword, this.truststoreType, this.protocol);
    }

    private static String maskPasswordForLog(String str) {
        return StringUtils.isNotBlank(str) ? MASKED_PASSWORD_LOG : NULL_LOG;
    }

    private boolean isAnyPopulated(String str, String str2, KeystoreType keystoreType) {
        return StringUtils.isNotBlank(str) || StringUtils.isNotBlank(str2) || keystoreType != null;
    }

    private boolean isStorePopulated(String str, String str2, KeystoreType keystoreType, String str3) {
        String keystorePasswordForLogging;
        boolean z = StringUtils.isNotBlank(str) && keystoreType != null;
        if ("truststore".equalsIgnoreCase(str3)) {
            keystorePasswordForLogging = getTruststorePasswordForLogging();
        } else {
            z = z && StringUtils.isNotBlank(str2);
            keystorePasswordForLogging = getKeystorePasswordForLogging();
        }
        if (logger.isDebugEnabled()) {
            Logger logger2 = logger;
            Object[] objArr = new Object[5];
            objArr[0] = str3;
            objArr[1] = z ? "populated" : "not populated";
            objArr[2] = str;
            objArr[3] = keystorePasswordForLogging;
            objArr[4] = keystoreType;
            logger2.debug("TLS config {} is {}: {}, {}, {}", objArr);
        }
        return z;
    }

    private boolean isStoreValid(String str, String str2, KeystoreType keystoreType, String str3) {
        try {
            if (isStorePopulated(str, str2, keystoreType, str3)) {
                if (KeyStoreUtils.isStoreValid(new File(str).toURI().toURL(), keystoreType, str2.toCharArray())) {
                    return true;
                }
            }
            return false;
        } catch (MalformedURLException e) {
            logger.error("Encountered an error validating the " + str3 + ": " + e.getLocalizedMessage());
            return false;
        }
    }
}
