package org.neo4j.driver.internal.security;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.CompletionStage;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.neo4j.driver.ClientCertificateManager;
import org.neo4j.driver.Logger;
import org.neo4j.driver.Logging;
import org.neo4j.driver.exceptions.ClientException;
import org.neo4j.driver.internal.InternalClientCertificate;
import org.neo4j.driver.internal.pki.PemParser;
import org.neo4j.driver.internal.security.SecurityPlan;
import org.neo4j.driver.internal.util.Futures;

/* loaded from: input_file:org/neo4j/driver/internal/security/SSLContextManager.class */
class SSLContextManager {
    private final ClientCertificateManager clientCertificateManager;
    private final SecurityPlan.SSLContextSupplier sslContextSupplier;
    private final Logger logger;
    private CompletableFuture<SSLContext> sslContextFuture;
    private SSLContext sslContext;
    private Throwable throwable;

    public SSLContextManager(ClientCertificateManager clientCertificateManager, SecurityPlan.SSLContextSupplier sSLContextSupplier, Logging logging) throws NoSuchAlgorithmException, KeyManagementException {
        this.clientCertificateManager = clientCertificateManager;
        this.sslContextSupplier = sSLContextSupplier;
        this.logger = logging.getLog(getClass());
        if (clientCertificateManager == null) {
            this.sslContextFuture = CompletableFuture.completedFuture(sSLContextSupplier.get(new KeyManager[0]));
        }
    }

    public CompletionStage<SSLContext> getSSLContext() {
        return this.clientCertificateManager != null ? getSSLContextWithClientCertificate() : this.sslContextFuture;
    }

    private CompletionStage<SSLContext> getSSLContextWithClientCertificate() {
        CompletableFuture<SSLContext> completableFuture;
        CompletionStage completionStage = null;
        synchronized (this) {
            if (this.sslContextFuture == null) {
                this.sslContextFuture = new CompletableFuture<>();
                completableFuture = this.sslContextFuture;
                SSLContext sSLContext = this.sslContext;
                Throwable th = this.throwable;
                completionStage = this.clientCertificateManager.getClientCertificate().thenApply(clientCertificate -> {
                    if (clientCertificate != null) {
                        try {
                            return this.sslContextSupplier.get(createKeyManagers((InternalClientCertificate) clientCertificate));
                        } catch (Throwable th2) {
                            ClientException clientException = new ClientException("An error occured while loading client certficate.", th2);
                            this.logger.error("An error occured while loading client certficate.", clientException);
                            throw new CompletionException(clientException);
                        }
                    }
                    if (th != null) {
                        throw new CompletionException(th);
                    }
                    if (sSLContext != null) {
                        return sSLContext;
                    }
                    ClientException clientException2 = new ClientException("The initial client certificate returned by the manager must not be null.");
                    this.logger.error("The initial client certificate returned by the manager must not be null.", clientException2);
                    throw new CompletionException(clientException2);
                });
            } else {
                completableFuture = this.sslContextFuture;
            }
        }
        if (completionStage != null) {
            CompletableFuture<SSLContext> completableFuture2 = completableFuture;
            completionStage.whenComplete((sSLContext2, th2) -> {
                Throwable completionExceptionCause = Futures.completionExceptionCause(th2);
                synchronized (this) {
                    this.sslContextFuture = null;
                    this.sslContext = sSLContext2;
                    this.throwable = completionExceptionCause;
                }
                if (completionExceptionCause != null) {
                    completableFuture2.completeExceptionally(completionExceptionCause);
                } else {
                    completableFuture2.complete(this.sslContext);
                }
            });
        }
        return completableFuture;
    }

    protected KeyManager[] createKeyManagers(InternalClientCertificate internalClientCertificate) throws CertificateException, IOException, KeyException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new FileInputStream(internalClientCertificate.certificate()));
        String password = internalClientCertificate.password();
        PrivateKey privateKey = new PemParser(new FileInputStream(internalClientCertificate.privateKey())).getPrivateKey(password);
        KeyStore keyStore = KeyStore.getInstance("JKS");
        char[] charArray = password != null ? password.toCharArray() : "password".toCharArray();
        keyStore.load(null, null);
        keyStore.setKeyEntry("neo4j.javadriver.clientcert.", privateKey, charArray, (Certificate[]) generateCertificates.toArray(new Certificate[0]));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(keyStore, charArray);
        return keyManagerFactory.getKeyManagers();
    }
}
