package com.oracle.coherence.grpc;

import com.oracle.coherence.common.base.Exceptions;
import com.oracle.coherence.common.base.Logger;
import com.oracle.coherence.common.net.SSLSocketProvider;
import com.tangosol.coherence.config.Config;
import com.tangosol.coherence.config.builder.SocketProviderBuilder;
import com.tangosol.config.ConfigurationException;
import com.tangosol.net.SocketProviderFactory;
import com.tangosol.util.Resources;
import io.grpc.ChannelCredentials;
import io.grpc.InsecureChannelCredentials;
import io.grpc.InsecureServerCredentials;
import io.grpc.ServerCredentials;
import io.grpc.TlsServerCredentials;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettySslContextChannelCredentials;
import io.grpc.netty.NettySslContextServerCredentials;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.util.Arrays;
import javax.net.ssl.SSLException;

/* loaded from: input_file:com/oracle/coherence/grpc/CredentialsHelper.class */
public class CredentialsHelper {
    public static final String PROP_TLS_KEY = "coherence.grpc.channels.%s.tls.key";
    public static final String PROP_TLS_KEYPASS = "coherence.grpc.channels.%s.tls.password";
    public static final String PROP_TLS_KEYPASS_URI = "coherence.grpc.channels.%s.tls.password";
    public static final String PROP_TLS_CERT = "coherence.grpc.channels.%s.tls.cert";
    public static final String PROP_TLS_CA = "coherence.grpc.channels.%s.tls.ca";
    public static final String PROP_CREDENTIALS = "coherence.grpc.channels.%s.credentials";

    private CredentialsHelper() {
    }

    @Deprecated(since = "22.06.2")
    public static ServerCredentials createServerCredentials() {
        ServerCredentials build;
        String property = Config.getProperty(Requests.PROP_CREDENTIALS, Requests.CREDENTIALS_INSECURE);
        if (Requests.CREDENTIALS_INSECURE.equalsIgnoreCase(property)) {
            Logger.info("Creating gRPC server using insecure credentials");
            build = InsecureServerCredentials.create();
        } else {
            if (!Requests.CREDENTIALS_TLS.equalsIgnoreCase(property)) {
                throw new ConfigurationException("Invalid gRPC credentials type \"" + property + "\"", "Valid values are \"insecure\" or \"tls\"");
            }
            try {
                String property2 = Config.getProperty(Requests.PROP_TLS_CERT);
                String property3 = Config.getProperty(Requests.PROP_TLS_KEY);
                String property4 = Config.getProperty(Requests.PROP_TLS_CA);
                String upperCase = Config.getProperty(Requests.PROP_TLS_CLIENT_AUTH, ClientAuth.NONE.name()).toUpperCase();
                String resolveServerPassword = resolveServerPassword();
                if (property3 == null || property2 == null) {
                    throw new ConfigurationException("Invalid gRPC configuration, " + (property3 == null ? "no key file specified" : "no cert file specfied"), "When configuring gRPC TLS both the key and cert files must be configured key=\"" + property3 + "\" cert=\"" + property2 + "\"");
                }
                URL findFileOrResource = Resources.findFileOrResource(property2, (ClassLoader) null);
                if (findFileOrResource == null) {
                    throw new ConfigurationException("Cannot find configured TLS cert: " + property2, "Ensure the TLS cert exists");
                }
                URL findFileOrResource2 = Resources.findFileOrResource(property3, (ClassLoader) null);
                if (findFileOrResource2 == null) {
                    throw new ConfigurationException("Cannot find configured TLS key: " + property2, "Ensure the TLS key exists");
                }
                if (property4 == null || ClientAuth.NONE.name().equals(upperCase)) {
                    build = TlsServerCredentials.newBuilder().keyManager(findFileOrResource.openStream(), findFileOrResource2.openStream(), resolveServerPassword).build();
                } else {
                    URL findFileOrResource3 = Resources.findFileOrResource(property4, (ClassLoader) null);
                    if (findFileOrResource3 == null) {
                        throw new ConfigurationException("Cannot find configured TLS CA: " + property4, "Ensure the TLS CA exists");
                    }
                    try {
                        SslContextBuilder clientAuth = SslContextBuilder.forServer(findFileOrResource.openStream(), findFileOrResource2.openStream(), resolveServerPassword).trustManager(findFileOrResource3.openStream()).clientAuth(ClientAuth.valueOf(upperCase));
                        Logger.info("Creating gRPC server using TLS credentials. key=" + findFileOrResource2 + " cert=" + findFileOrResource + " ca=" + findFileOrResource3 + " clientAuth=" + upperCase);
                        build = NettySslContextServerCredentials.create(GrpcSslContexts.configure(clientAuth).build());
                    } catch (IllegalArgumentException e) {
                        throw new ConfigurationException("Cannot find configured TLS client auth value: " + upperCase, "Valid values are one of " + Arrays.toString(ClientAuth.values()));
                    }
                }
            } catch (IOException e2) {
                throw Exceptions.ensureRuntimeException(e2);
            }
        }
        return build;
    }

    public static ServerCredentials createServerCredentials(SocketProviderBuilder socketProviderBuilder) {
        if (socketProviderBuilder != null) {
            SocketProviderFactory.Dependencies dependencies = socketProviderBuilder.getDependencies();
            if (dependencies == null) {
                return createServerCredentials();
            }
            String id = socketProviderBuilder.getId();
            if (dependencies.getProviderType(id) == SocketProviderFactory.Dependencies.ProviderType.GRPC) {
                return InsecureServerCredentials.create();
            }
            SSLSocketProvider.Dependencies sSLDependencies = dependencies.getSSLDependencies(id);
            if (sSLDependencies != null) {
                return NettySslContextServerCredentials.create(new RefreshableSslContext(sSLDependencies.getSSLContextDependencies(), true));
            }
        }
        return createServerCredentials();
    }

    @Deprecated(since = "22.06.2")
    public static ChannelCredentials createChannelCredentials(String str) {
        ChannelCredentials create;
        String property = getProperty(PROP_CREDENTIALS, str, Requests.CREDENTIALS_PLAINTEXT);
        if (Requests.CREDENTIALS_PLAINTEXT.equals(property)) {
            create = InsecureChannelCredentials.create();
        } else if (Requests.CREDENTIALS_INSECURE.equals(property)) {
            try {
                create = NettySslContextChannelCredentials.create(GrpcSslContexts.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).build());
            } catch (SSLException e) {
                throw Exceptions.ensureRuntimeException(e);
            }
        } else {
            if (!Requests.CREDENTIALS_TLS.equals(property)) {
                throw new ConfigurationException("Invalid credentials type for channel " + str, "Valid values are insecure tls plaintext");
            }
            try {
                SslContextBuilder forClient = SslContextBuilder.forClient();
                String property2 = getProperty(PROP_TLS_CERT, str);
                String property3 = getProperty(PROP_TLS_KEY, str);
                String property4 = getProperty(PROP_TLS_CA, str);
                String resolveChannelPassword = resolveChannelPassword(str);
                URL url = null;
                URL url2 = null;
                URL url3 = null;
                if ((property3 != null && property2 == null) || (property3 == null && property2 != null)) {
                    throw new ConfigurationException("Invalid gRPC configuration for channel \"" + str + "\", " + (property3 == null ? "no key file specified" : "no cert file specified"), "When configuring gRPC TLS both the key and cert files must be configured key=\"" + property3 + "\" cert=\"" + property2 + "\"");
                }
                if (property3 != null && property2 != null) {
                    url = Resources.findFileOrResource(property2, (ClassLoader) null);
                    if (url == null) {
                        throw new ConfigurationException("Cannot find configured TLS cert for channel \"" + str + "\": " + property2, "Ensure the TLS cert exists");
                    }
                    url2 = Resources.findFileOrResource(property3, (ClassLoader) null);
                    if (url2 == null) {
                        throw new ConfigurationException("Cannot find configured TLS key for channel \"" + str + "\": " + property2, "Ensure the TLS key exists");
                    }
                    forClient.keyManager(url.openStream(), url2.openStream(), resolveChannelPassword);
                }
                if (property4 != null) {
                    url3 = Resources.findFileOrResource(property4, (ClassLoader) null);
                    if (url3 == null) {
                        throw new ConfigurationException("Cannot find configured TLS CA: for channel \"" + str + "\": " + property4, "Ensure the TLS CA exists");
                    }
                    forClient.trustManager(url3.openStream());
                }
                SslContextBuilder configure = GrpcSslContexts.configure(forClient);
                Logger.info("Creating gRPC Channel \"" + str + "\" using TLS credentials. key=" + url2 + " cert=" + url + " ca=" + url3);
                create = NettySslContextChannelCredentials.create(configure.build());
            } catch (IOException e2) {
                throw Exceptions.ensureRuntimeException(e2);
            }
        }
        return create;
    }

    public static ChannelCredentials createChannelCredentials(String str, SocketProviderBuilder socketProviderBuilder) {
        if (socketProviderBuilder != null) {
            SocketProviderFactory.Dependencies dependencies = socketProviderBuilder.getDependencies();
            String id = socketProviderBuilder.getId();
            if (dependencies.getProviderType(id) == SocketProviderFactory.Dependencies.ProviderType.GRPC) {
                return InsecureChannelCredentials.create();
            }
            SSLSocketProvider.Dependencies sSLDependencies = dependencies.getSSLDependencies(id);
            if (sSLDependencies != null) {
                return NettySslContextChannelCredentials.create(new RefreshableSslContext(sSLDependencies.getSSLContextDependencies(), false));
            }
        }
        return createChannelCredentials(str);
    }

    private static String resolveChannelPassword(String str) throws IOException {
        return resolvePassword(String.format("coherence.grpc.channels.%s.tls.password", str), String.format("coherence.grpc.channels.%s.tls.password", str));
    }

    private static String resolveServerPassword() throws IOException {
        return resolvePassword(Requests.PROP_TLS_KEYPASS, Requests.PROP_TLS_KEYPASS_URI);
    }

    private static String resolvePassword(String str, String str2) throws IOException {
        String property = Config.getProperty(str);
        if (property != null) {
            return property;
        }
        String property2 = Config.getProperty(Requests.PROP_TLS_KEYPASS_URI);
        if (property2 == null) {
            return null;
        }
        URL findFileOrResource = Resources.findFileOrResource(property2, (ClassLoader) null);
        if (findFileOrResource == null) {
            throw new FileNotFoundException("Cannot locate password file: " + property2);
        }
        InputStream openStream = findFileOrResource.openStream();
        try {
            String readLine = new BufferedReader(new InputStreamReader(openStream)).readLine();
            if (openStream != null) {
                openStream.close();
            }
            return readLine;
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static String getProperty(String str, String str2) {
        return Config.getProperty(String.format(str, str2));
    }

    private static String getProperty(String str, String str2, String str3) {
        return Config.getProperty(String.format(str, str2), str3);
    }
}
