package org.reaktivity.nukleus.tls.internal;

import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.agrona.DirectBuffer;
import org.agrona.LangUtil;
import org.agrona.MutableDirectBuffer;
import org.agrona.collections.Int2ObjectHashMap;
import org.reaktivity.nukleus.Nukleus;
import org.reaktivity.nukleus.function.CommandHandler;
import org.reaktivity.nukleus.function.MessageConsumer;
import org.reaktivity.nukleus.function.MessagePredicate;
import org.reaktivity.nukleus.route.RouteKind;
import org.reaktivity.nukleus.tls.internal.types.OctetsFW;
import org.reaktivity.nukleus.tls.internal.types.control.ErrorFW;
import org.reaktivity.nukleus.tls.internal.types.control.RouteFW;
import org.reaktivity.nukleus.tls.internal.types.control.TlsRouteExFW;
import org.reaktivity.nukleus.tls.internal.types.control.UnrouteFW;
import org.reaktivity.nukleus.tls.internal.types.control.auth.ResolveFW;
import org.reaktivity.nukleus.tls.internal.types.control.auth.ResolvedFW;
import org.reaktivity.nukleus.tls.internal.types.control.auth.UnresolveFW;
import org.reaktivity.nukleus.tls.internal.types.control.auth.UnresolvedFW;

/* loaded from: input_file:org/reaktivity/nukleus/tls/internal/TlsNukleus.class */
final class TlsNukleus implements Nukleus {
    static final String NAME = "tls";
    private static final String PROPERTY_TLS_KEYSTORE = "tls.keystore";
    private static final String PROPERTY_TLS_KEYSTORE_TYPE = "tls.keystore.type";
    private static final String PROPERTY_TLS_KEYSTORE_PASSWORD = "tls.keystore.password";
    private static final String PROPERTY_TLS_TRUSTSTORE = "tls.truststore";
    private static final String PROPERTY_TLS_TRUSTSTORE_TYPE = "tls.truststore.type";
    private static final String PROPERTY_TLS_TRUSTSTORE_PASSWORD = "tls.truststore.password";
    private static final String DEFAULT_TLS_KEYSTORE = "keys";
    private static final String DEFAULT_TLS_KEYSTORE_TYPE = "JKS";
    private static final String DEFAULT_TLS_KEYSTORE_PASSWORD = "generated";
    private static final String DEFAULT_TLS_TRUSTSTORE = "trust";
    private static final String DEFAULT_TLS_TRUSTSTORE_TYPE = "JKS";
    private static final String DEFAULT_TLS_TRUSTSTORE_PASSWORD = "generated";
    private final TlsConfiguration config;
    private final Map<RouteKind, MessagePredicate> routeHandlers;
    private final Int2ObjectHashMap<CommandHandler> commandHandlers;
    private final UnrouteFW unrouteRO = new UnrouteFW();
    private final RouteFW routeRO = new RouteFW();
    private final TlsRouteExFW tlsRouteExRO = new TlsRouteExFW();
    private final ResolveFW resolveRO = new ResolveFW();
    private final ResolvedFW.Builder resolvedRW = new ResolvedFW.Builder();
    private final UnresolveFW unresolveRO = new UnresolveFW();
    private final UnresolvedFW.Builder unresolvedRW = new UnresolvedFW.Builder();
    private final ErrorFW.Builder errorRW = new ErrorFW.Builder();
    private final Map<Long, String> storesByRouteId = new HashMap();
    private final StoreInfo[] storeInfos = new StoreInfo[256];

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsNukleus(TlsConfiguration tlsConfiguration) {
        this.config = tlsConfiguration;
        EnumMap enumMap = new EnumMap(RouteKind.class);
        enumMap.put((EnumMap) RouteKind.SERVER, (RouteKind) this::handleRoute);
        enumMap.put((EnumMap) RouteKind.CLIENT, (RouteKind) this::handleRoute);
        this.routeHandlers = enumMap;
        Int2ObjectHashMap<CommandHandler> int2ObjectHashMap = new Int2ObjectHashMap<>();
        int2ObjectHashMap.put(17, this::resolve);
        int2ObjectHashMap.put(18, this::unresolve);
        this.commandHandlers = int2ObjectHashMap;
    }

    public String name() {
        return NAME;
    }

    /* renamed from: config, reason: merged with bridge method [inline-methods] */
    public TlsConfiguration m3config() {
        return this.config;
    }

    public MessagePredicate routeHandler(RouteKind routeKind) {
        return this.routeHandlers.get(routeKind);
    }

    public CommandHandler commandHandler(int i) {
        return (CommandHandler) this.commandHandlers.get(i);
    }

    /* renamed from: supplyElektron, reason: merged with bridge method [inline-methods] */
    public TlsElektron m2supplyElektron() {
        return new TlsElektron(this.config, this::findStore);
    }

    private boolean handleRoute(int i, DirectBuffer directBuffer, int i2, int i3) {
        boolean z = false;
        switch (i) {
            case 1:
                z = handleRoute(this.routeRO.wrap(directBuffer, i2, i2 + i3));
                break;
            case 2:
                z = handleUnroute(this.unrouteRO.wrap(directBuffer, i2, i2 + i3));
                break;
        }
        return z;
    }

    private boolean handleRoute(RouteFW routeFW) {
        OctetsFW extension = routeFW.extension();
        TlsRouteExFW tlsRouteExFW = this.tlsRouteExRO;
        Objects.requireNonNull(tlsRouteExFW);
        String asString = ((TlsRouteExFW) extension.get(tlsRouteExFW::wrap)).store().asString();
        this.storesByRouteId.put(Long.valueOf(routeFW.correlationId()), asString);
        StoreInfo newStoreInfoIfNecessary = newStoreInfoIfNecessary(asString);
        if (newStoreInfoIfNecessary != null) {
            newStoreInfoIfNecessary.routeCount++;
        }
        return newStoreInfoIfNecessary != null;
    }

    private boolean handleUnroute(UnrouteFW unrouteFW) {
        StoreInfo findStore = findStore(this.storesByRouteId.remove(Long.valueOf(unrouteFW.routeId())));
        if (findStore == null) {
            return true;
        }
        findStore.routeCount--;
        if (findStore.routeCount != 0) {
            return true;
        }
        this.storeInfos[findStore.storeIndex] = null;
        return true;
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [org.reaktivity.nukleus.tls.internal.types.control.ErrorFW$Builder] */
    /* JADX WARN: Type inference failed for: r0v18, types: [org.reaktivity.nukleus.tls.internal.types.control.auth.ResolvedFW$Builder] */
    private void resolve(DirectBuffer directBuffer, int i, int i2, MessageConsumer messageConsumer, MutableDirectBuffer mutableDirectBuffer) {
        ResolveFW wrap = this.resolveRO.wrap(directBuffer, i, i + i2);
        String asString = wrap.realm().asString();
        long j = 0;
        if (asString != null) {
            int indexOf = asString.indexOf(58);
            StoreInfo newStoreInfoIfNecessary = newStoreInfoIfNecessary(indexOf == -1 ? null : asString.substring(0, indexOf));
            if (newStoreInfoIfNecessary != null) {
                newStoreInfoIfNecessary.routeCount++;
                j = newStoreInfoIfNecessary.authorization(asString.substring(indexOf + 1));
            }
        }
        if (j != 0) {
            ResolvedFW build = this.resolvedRW.wrap2(mutableDirectBuffer, 0, mutableDirectBuffer.capacity()).correlationId(wrap.correlationId()).authorization(j).build();
            messageConsumer.accept(ResolvedFW.TYPE_ID, build.buffer(), build.offset(), build.sizeof());
        } else {
            ErrorFW build2 = this.errorRW.wrap2(mutableDirectBuffer, 0, mutableDirectBuffer.capacity()).correlationId(wrap.correlationId()).build();
            messageConsumer.accept(ErrorFW.TYPE_ID, build2.buffer(), build2.offset(), build2.sizeof());
        }
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [org.reaktivity.nukleus.tls.internal.types.control.ErrorFW$Builder] */
    /* JADX WARN: Type inference failed for: r0v17, types: [org.reaktivity.nukleus.tls.internal.types.control.auth.UnresolvedFW$Builder] */
    private void unresolve(DirectBuffer directBuffer, int i, int i2, MessageConsumer messageConsumer, MutableDirectBuffer mutableDirectBuffer) {
        UnresolveFW wrap = this.unresolveRO.wrap(directBuffer, i, i + i2);
        long authorization = wrap.authorization();
        boolean z = false;
        if (authorization != 0) {
            StoreInfo storeInfo = this.storeInfos[(int) (authorization >>> 56)];
            storeInfo.routeCount--;
            if (storeInfo.routeCount == 0) {
                this.storeInfos[storeInfo.storeIndex] = null;
            }
            z = storeInfo.unresolve(authorization);
        }
        if (z) {
            UnresolvedFW build = this.unresolvedRW.wrap2(mutableDirectBuffer, 0, mutableDirectBuffer.capacity()).correlationId(wrap.correlationId()).build();
            messageConsumer.accept(UnresolvedFW.TYPE_ID, build.buffer(), build.offset(), build.sizeof());
        } else {
            ErrorFW build2 = this.errorRW.wrap2(mutableDirectBuffer, 0, mutableDirectBuffer.capacity()).correlationId(wrap.correlationId()).build();
            messageConsumer.accept(ErrorFW.TYPE_ID, build2.buffer(), build2.offset(), build2.sizeof());
        }
    }

    private StoreInfo newStoreInfoIfNecessary(String str) {
        StoreInfo findStore = findStore(str);
        if (findStore != null) {
            return findStore;
        }
        Path directory = this.config.directory();
        SSLContext sSLContext = null;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        boolean z = false;
        int nextIndex = nextIndex(str);
        try {
            String property = System.getProperty(PROPERTY_TLS_KEYSTORE_PASSWORD, "generated");
            String property2 = System.getProperty(PROPERTY_TLS_KEYSTORE, DEFAULT_TLS_KEYSTORE);
            String property3 = System.getProperty(PROPERTY_TLS_KEYSTORE_TYPE, "JKS");
            File resolve = resolve(directory, str, property2);
            KeyManager[] keyManagerArr = null;
            if (resolve.exists()) {
                KeyStore keyStore = KeyStore.getInstance(property3);
                keyStore.load(new FileInputStream(resolve), property.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(this.config.keyManagerAlgorithm());
                keyManagerFactory.init(keyStore, property.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            String property4 = System.getProperty(PROPERTY_TLS_TRUSTSTORE_PASSWORD, "generated");
            String property5 = System.getProperty(PROPERTY_TLS_TRUSTSTORE, DEFAULT_TLS_TRUSTSTORE);
            String property6 = System.getProperty(PROPERTY_TLS_TRUSTSTORE_TYPE, "JKS");
            File resolve2 = resolve(directory, str, property5);
            TrustManager[] trustManagerArr = null;
            if (resolve2.exists()) {
                z = true;
                KeyStore keyStore2 = KeyStore.getInstance(property6);
                keyStore2.load(new FileInputStream(resolve2), property4.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
                if (nextIndex == -1) {
                    return null;
                }
                Iterator it = Collections.list(keyStore2.aliases()).iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (keyStore2.isCertificateEntry(str2)) {
                        linkedHashSet.add(((X509Certificate) keyStore2.getCertificate(str2)).getSubjectX500Principal().getName());
                    }
                }
            }
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        } catch (Exception e) {
            LangUtil.rethrowUnchecked(e);
        }
        StoreInfo storeInfo = new StoreInfo(str, nextIndex, sSLContext, z, linkedHashSet);
        this.storeInfos[nextIndex] = storeInfo;
        return storeInfo;
    }

    private static File resolve(Path path, String str, String str2) {
        return str == null ? path.resolve(NAME).resolve(str2).toFile() : path.resolve(NAME).resolve("stores").resolve(str).resolve(str2).toFile();
    }

    private StoreInfo findStore(String str) {
        int abs = Math.abs(str == null ? 1 : str.hashCode());
        for (int i = 0; i < this.storeInfos.length; i++) {
            abs = (abs + i) % this.storeInfos.length;
            StoreInfo storeInfo = this.storeInfos[abs];
            if (storeInfo != null && Objects.equals(storeInfo.store, str)) {
                return storeInfo;
            }
        }
        return null;
    }

    private int nextIndex(String str) {
        int abs = Math.abs(str == null ? 1 : str.hashCode());
        for (int i = 0; i < this.storeInfos.length; i++) {
            abs = (abs + i) % this.storeInfos.length;
            if (abs != 0 && this.storeInfos[abs] == null) {
                return abs;
            }
        }
        return -1;
    }
}
