package org.apache.hyracks.ipc.security;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.apache.hyracks.api.network.INetworkSecurityConfig;
import org.apache.hyracks.api.network.INetworkSecurityManager;
import org.apache.hyracks.api.network.ISocketChannelFactory;
import org.apache.hyracks.ipc.sockets.PlainSocketChannelFactory;
import org.apache.hyracks.ipc.sockets.SslSocketChannelFactory;

/* loaded from: input_file:org/apache/hyracks/ipc/security/NetworkSecurityManager.class */
public class NetworkSecurityManager implements INetworkSecurityManager {
    private volatile INetworkSecurityConfig config;
    private final ISocketChannelFactory sslSocketFactory = new SslSocketChannelFactory(this);
    public static final String TSL_VERSION = "TLSv1.2";

    public NetworkSecurityManager(INetworkSecurityConfig iNetworkSecurityConfig) {
        this.config = iNetworkSecurityConfig;
    }

    public SSLContext newSSLContext() {
        return newSSLContext(this.config);
    }

    public SSLEngine newSSLEngine() {
        try {
            return newSSLContext().createSSLEngine();
        } catch (Exception e) {
            throw new IllegalStateException("Failed to create SSLEngine", e);
        }
    }

    public ISocketChannelFactory getSocketChannelFactory() {
        return this.config.isSslEnabled() ? this.sslSocketFactory : PlainSocketChannelFactory.INSTANCE;
    }

    public INetworkSecurityConfig getConfiguration() {
        return this.config;
    }

    public void setConfiguration(INetworkSecurityConfig iNetworkSecurityConfig) {
        this.config = iNetworkSecurityConfig;
    }

    public static SSLContext newSSLContext(INetworkSecurityConfig iNetworkSecurityConfig) {
        try {
            char[] keyStorePassword = getKeyStorePassword(iNetworkSecurityConfig);
            KeyStore keyStore = iNetworkSecurityConfig.getKeyStore();
            if (keyStore == null) {
                keyStore = loadKeyStoreFromFile(keyStorePassword, iNetworkSecurityConfig);
            }
            String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
            keyManagerFactory.init(keyStore, keyStorePassword);
            trustManagerFactory.init(loadTrustStoreFromFile(keyStorePassword, iNetworkSecurityConfig));
            SSLContext sSLContext = SSLContext.getInstance(TSL_VERSION);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            throw new IllegalStateException("Failed to create SSLEngine", e);
        }
    }

    private static KeyStore loadKeyStoreFromFile(char[] cArr, INetworkSecurityConfig iNetworkSecurityConfig) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(iNetworkSecurityConfig.getKeyStoreFile()), cArr);
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException("failed to load key store", e);
        }
    }

    private static KeyStore loadTrustStoreFromFile(char[] cArr, INetworkSecurityConfig iNetworkSecurityConfig) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(new FileInputStream(iNetworkSecurityConfig.getTrustStoreFile()), cArr);
            return keyStore;
        } catch (Exception e) {
            throw new IllegalStateException("failed to load trust store", e);
        }
    }

    private static char[] getKeyStorePassword(INetworkSecurityConfig iNetworkSecurityConfig) {
        String keyStorePassword = iNetworkSecurityConfig.getKeyStorePassword();
        if (keyStorePassword == null || keyStorePassword.isEmpty()) {
            return null;
        }
        return keyStorePassword.toCharArray();
    }
}
