package org.apache.nifi.processor.util;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLContext;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-processor-utils-1.0.0-BETA.jar:org/apache/nifi/processor/util/SSLProperties.class */
public class SSLProperties {
    private static final String DEFAULT_SSL_PROTOCOL_ALGORITHM = "TLS";
    public static final PropertyDescriptor TRUSTSTORE = new PropertyDescriptor.Builder().name("Truststore Filename").description("The fully-qualified filename of the Truststore").defaultValue((String) null).addValidator(StandardValidators.FILE_EXISTS_VALIDATOR).sensitive(false).build();
    public static final PropertyDescriptor TRUSTSTORE_TYPE = new PropertyDescriptor.Builder().name("Truststore Type").description("The Type of the Truststore. Either JKS or PKCS12").allowableValues(new String[]{"JKS", "PKCS12"}).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).defaultValue((String) null).sensitive(false).build();
    public static final PropertyDescriptor TRUSTSTORE_PASSWORD = new PropertyDescriptor.Builder().name("Truststore Password").description("The password for the Truststore").defaultValue((String) null).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    public static final PropertyDescriptor KEYSTORE = new PropertyDescriptor.Builder().name("Keystore Filename").description("The fully-qualified filename of the Keystore").defaultValue((String) null).addValidator(StandardValidators.FILE_EXISTS_VALIDATOR).sensitive(false).build();
    public static final PropertyDescriptor KEYSTORE_TYPE = new PropertyDescriptor.Builder().name("Keystore Type").description("The Type of the Keystore").allowableValues(new String[]{"JKS", "PKCS12"}).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).build();
    public static final PropertyDescriptor KEYSTORE_PASSWORD = new PropertyDescriptor.Builder().name("Keystore Password").defaultValue((String) null).description("The password for the Keystore").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    private static final Set<PropertyDescriptor> KEYSTORE_DESCRIPTORS = new HashSet();
    private static final Set<PropertyDescriptor> TRUSTSTORE_DESCRIPTORS = new HashSet();

    /* loaded from: input_file:WEB-INF/lib/nifi-processor-utils-1.0.0-BETA.jar:org/apache/nifi/processor/util/SSLProperties$KeystoreValidationGroup.class */
    public enum KeystoreValidationGroup {
        KEYSTORE,
        TRUSTSTORE
    }

    public static Collection<ValidationResult> validateStore(Map<PropertyDescriptor, String> map) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(validateStore(map, KeystoreValidationGroup.KEYSTORE));
        arrayList.addAll(validateStore(map, KeystoreValidationGroup.TRUSTSTORE));
        return arrayList;
    }

    public static Collection<ValidationResult> validateStore(Map<PropertyDescriptor, String> map, KeystoreValidationGroup keystoreValidationGroup) {
        String str;
        String str2;
        String str3;
        ArrayList arrayList = new ArrayList();
        if (keystoreValidationGroup == KeystoreValidationGroup.KEYSTORE) {
            str = map.get(KEYSTORE);
            str2 = map.get(KEYSTORE_PASSWORD);
            str3 = map.get(KEYSTORE_TYPE);
        } else {
            str = map.get(TRUSTSTORE);
            str2 = map.get(TRUSTSTORE_PASSWORD);
            str3 = map.get(TRUSTSTORE_TYPE);
        }
        String str4 = keystoreValidationGroup == KeystoreValidationGroup.KEYSTORE ? "Keystore" : "Truststore";
        int countNulls = countNulls(str, str2, str3);
        if (countNulls != 3 && countNulls != 0) {
            arrayList.add(new ValidationResult.Builder().valid(false).explanation("Must set either 0 or 3 properties for " + str4).subject(str4 + " Properties").build());
        } else if (countNulls == 0) {
            File file = new File(str);
            if (file.exists() && file.canRead()) {
                try {
                    if (!CertificateUtils.isStoreValid(file.toURI().toURL(), KeystoreType.valueOf(str3), str2.toCharArray())) {
                        arrayList.add(new ValidationResult.Builder().subject(str4 + " Properties").valid(false).explanation("Invalid KeyStore Password or Type specified for file " + str).build());
                    }
                } catch (MalformedURLException e) {
                    arrayList.add(new ValidationResult.Builder().subject(str4 + " Properties").valid(false).explanation("Malformed URL from file: " + e).build());
                }
            } else {
                arrayList.add(new ValidationResult.Builder().valid(false).subject(str4 + " Properties").explanation("Cannot access file " + file.getAbsolutePath()).build());
            }
        }
        return arrayList;
    }

    private static int countNulls(Object... objArr) {
        int i = 0;
        for (Object obj : objArr) {
            if (obj == null) {
                i++;
            }
        }
        return i;
    }

    public static List<PropertyDescriptor> getKeystoreDescriptors(boolean z) {
        ArrayList arrayList = new ArrayList();
        for (PropertyDescriptor propertyDescriptor : KEYSTORE_DESCRIPTORS) {
            PropertyDescriptor.Builder required = new PropertyDescriptor.Builder().fromPropertyDescriptor(propertyDescriptor).required(z);
            if (z && propertyDescriptor.getName().equals(KEYSTORE_TYPE.getName())) {
                required.defaultValue("JKS");
            }
            arrayList.add(required.build());
        }
        return arrayList;
    }

    public static List<PropertyDescriptor> getTruststoreDescriptors(boolean z) {
        ArrayList arrayList = new ArrayList();
        for (PropertyDescriptor propertyDescriptor : TRUSTSTORE_DESCRIPTORS) {
            PropertyDescriptor.Builder required = new PropertyDescriptor.Builder().fromPropertyDescriptor(propertyDescriptor).required(z);
            if (z && propertyDescriptor.getName().equals(TRUSTSTORE_TYPE.getName())) {
                required.defaultValue("JKS");
            }
            arrayList.add(required.build());
        }
        return arrayList;
    }

    public static SSLContext createSSLContext(ProcessContext processContext, SslContextFactory.ClientAuth clientAuth) throws UnrecoverableKeyException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        return processContext.getProperty(KEYSTORE).getValue() == null ? SslContextFactory.createTrustSslContext(processContext.getProperty(TRUSTSTORE).getValue(), processContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), processContext.getProperty(TRUSTSTORE_TYPE).getValue(), DEFAULT_SSL_PROTOCOL_ALGORITHM) : processContext.getProperty(TRUSTSTORE).getValue() == null ? SslContextFactory.createSslContext(processContext.getProperty(KEYSTORE).getValue(), processContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), processContext.getProperty(KEYSTORE_TYPE).getValue(), DEFAULT_SSL_PROTOCOL_ALGORITHM) : SslContextFactory.createSslContext(processContext.getProperty(KEYSTORE).getValue(), processContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), processContext.getProperty(KEYSTORE_TYPE).getValue(), processContext.getProperty(TRUSTSTORE).getValue(), processContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), processContext.getProperty(TRUSTSTORE_TYPE).getValue(), clientAuth, DEFAULT_SSL_PROTOCOL_ALGORITHM);
    }

    static {
        KEYSTORE_DESCRIPTORS.add(KEYSTORE);
        KEYSTORE_DESCRIPTORS.add(KEYSTORE_TYPE);
        KEYSTORE_DESCRIPTORS.add(KEYSTORE_PASSWORD);
        TRUSTSTORE_DESCRIPTORS.add(TRUSTSTORE);
        TRUSTSTORE_DESCRIPTORS.add(TRUSTSTORE_TYPE);
        TRUSTSTORE_DESCRIPTORS.add(TRUSTSTORE_PASSWORD);
    }
}
