package org.apache.nifi.ssl;

import java.io.File;
import java.net.MalformedURLException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.components.Validator;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.ssl.SSLContextService;

@CapabilityDescription("Standard implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application")
@Tags({"ssl", "secure", "certificate", "keystore", "truststore", "jks", "p12", "pkcs12", "pkcs"})
/* loaded from: input_file:org/apache/nifi/ssl/StandardSSLContextService.class */
public class StandardSSLContextService extends AbstractControllerService implements SSLContextService {
    private static final List<PropertyDescriptor> properties;
    private ConfigurationContext configContext;
    public static final PropertyDescriptor TRUSTSTORE = new PropertyDescriptor.Builder().name("Truststore Filename").description("The fully-qualified filename of the Truststore").defaultValue((String) null).addValidator(createFileExistsAndReadableValidator()).sensitive(false).build();
    public static final String STORE_TYPE_JKS = "JKS";
    public static final String STORE_TYPE_PKCS12 = "PKCS12";
    public static final PropertyDescriptor TRUSTSTORE_TYPE = new PropertyDescriptor.Builder().name("Truststore Type").description("The Type of the Truststore. Either JKS or PKCS12").allowableValues(new String[]{STORE_TYPE_JKS, STORE_TYPE_PKCS12}).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).build();
    public static final PropertyDescriptor TRUSTSTORE_PASSWORD = new PropertyDescriptor.Builder().name("Truststore Password").description("The password for the Truststore").defaultValue((String) null).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    public static final PropertyDescriptor KEYSTORE = new PropertyDescriptor.Builder().name("Keystore Filename").description("The fully-qualified filename of the Keystore").defaultValue((String) null).addValidator(createFileExistsAndReadableValidator()).sensitive(false).build();
    public static final PropertyDescriptor KEYSTORE_TYPE = new PropertyDescriptor.Builder().name("Keystore Type").description("The Type of the Keystore").allowableValues(new String[]{STORE_TYPE_JKS, STORE_TYPE_PKCS12}).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).build();
    public static final PropertyDescriptor KEYSTORE_PASSWORD = new PropertyDescriptor.Builder().name("Keystore Password").defaultValue((String) null).description("The password for the Keystore").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    static final PropertyDescriptor KEY_PASSWORD = new PropertyDescriptor.Builder().name("key-password").displayName("Key Password").description("The password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, then the Keystore Password will be assumed to be the same as the Key Password.").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).required(false).build();
    public static final PropertyDescriptor SSL_ALGORITHM = new PropertyDescriptor.Builder().name("SSL Protocol").defaultValue("TLS").required(false).allowableValues(buildAlgorithmAllowableValues()).description("The algorithm to use for this SSL context").addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(false).build();

    /* loaded from: input_file:org/apache/nifi/ssl/StandardSSLContextService$KeystoreValidationGroup.class */
    public enum KeystoreValidationGroup {
        KEYSTORE,
        TRUSTSTORE
    }

    @OnEnabled
    public void onConfigured(ConfigurationContext configurationContext) throws InitializationException {
        this.configContext = configurationContext;
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(validateStore(configurationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
        arrayList.addAll(validateStore(configurationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
        if (arrayList.isEmpty()) {
            if (countNulls(configurationContext.getProperty(KEYSTORE).getValue(), configurationContext.getProperty(KEYSTORE_PASSWORD).getValue(), configurationContext.getProperty(KEYSTORE_TYPE).getValue(), configurationContext.getProperty(TRUSTSTORE).getValue(), configurationContext.getProperty(TRUSTSTORE_PASSWORD).getValue(), configurationContext.getProperty(TRUSTSTORE_TYPE).getValue()) >= 4) {
                throw new InitializationException(this + " does not have the KeyStore or the TrustStore populated");
            }
            createSSLContext(SSLContextService.ClientAuth.REQUIRED);
        } else {
            StringBuilder sb = new StringBuilder(this + " is not valid due to:");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append("\n").append(((ValidationResult) it.next()).toString());
            }
            throw new InitializationException(sb.toString());
        }
    }

    private static Validator createFileExistsAndReadableValidator() {
        return new Validator() { // from class: org.apache.nifi.ssl.StandardSSLContextService.1
            public ValidationResult validate(String str, String str2, ValidationContext validationContext) {
                try {
                    File file = new File(validationContext.newPropertyValue(str2).evaluateAttributeExpressions().getValue());
                    boolean z = file.exists() && file.canRead();
                    return new ValidationResult.Builder().subject(str).input(str2).valid(z).explanation(z ? null : "File " + file + " does not exist or cannot be read").build();
                } catch (Exception e) {
                    return new ValidationResult.Builder().subject(str).input(str2).valid(false).explanation("Not a valid Expression Language value: " + e.getMessage()).build();
                }
            }
        };
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return properties;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
        arrayList.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
        if (countNulls(validationContext.getProperty(KEYSTORE).getValue(), validationContext.getProperty(KEYSTORE_PASSWORD).getValue(), validationContext.getProperty(KEYSTORE_TYPE).getValue(), validationContext.getProperty(TRUSTSTORE).getValue(), validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue(), validationContext.getProperty(TRUSTSTORE_TYPE).getValue()) >= 4) {
            arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName() + " : " + getIdentifier()).valid(false).explanation("Does not have the KeyStore or the TrustStore populated").build());
        }
        if (arrayList.isEmpty()) {
            try {
                verifySslConfig(validationContext);
            } catch (ProcessException e) {
                arrayList.add(new ValidationResult.Builder().subject(getClass().getSimpleName() + " : " + getIdentifier()).valid(false).explanation(e.getMessage()).build());
            }
        }
        return arrayList;
    }

    private void verifySslConfig(ValidationContext validationContext) throws ProcessException {
        String value = validationContext.getProperty(SSL_ALGORITHM).getValue();
        try {
            PropertyValue property = validationContext.getProperty(KEY_PASSWORD);
            char[] charArray = property.isSet() ? property.getValue().toCharArray() : null;
            if (validationContext.getProperty(KEYSTORE).getValue() == null) {
                SslContextFactory.createTrustSslContext(validationContext.getProperty(TRUSTSTORE).getValue(), validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), validationContext.getProperty(TRUSTSTORE_TYPE).getValue(), value);
            } else if (validationContext.getProperty(TRUSTSTORE).getValue() == null) {
                SslContextFactory.createSslContext(validationContext.getProperty(KEYSTORE).getValue(), validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), charArray, validationContext.getProperty(KEYSTORE_TYPE).getValue(), value);
            } else {
                SslContextFactory.createSslContext(validationContext.getProperty(KEYSTORE).getValue(), validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), charArray, validationContext.getProperty(KEYSTORE_TYPE).getValue(), validationContext.getProperty(TRUSTSTORE).getValue(), validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), validationContext.getProperty(TRUSTSTORE_TYPE).getValue(), SslContextFactory.ClientAuth.REQUIRED, value);
            }
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    public SSLContext createSSLContext(SSLContextService.ClientAuth clientAuth) throws ProcessException {
        String value = this.configContext.getProperty(SSL_ALGORITHM).getValue();
        try {
            PropertyValue property = this.configContext.getProperty(KEY_PASSWORD);
            char[] charArray = property.isSet() ? property.getValue().toCharArray() : null;
            return this.configContext.getProperty(KEYSTORE).getValue() == null ? SslContextFactory.createTrustSslContext(this.configContext.getProperty(TRUSTSTORE).getValue(), this.configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), this.configContext.getProperty(TRUSTSTORE_TYPE).getValue(), value) : this.configContext.getProperty(TRUSTSTORE).getValue() == null ? SslContextFactory.createSslContext(this.configContext.getProperty(KEYSTORE).getValue(), this.configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), charArray, this.configContext.getProperty(KEYSTORE_TYPE).getValue(), value) : SslContextFactory.createSslContext(this.configContext.getProperty(KEYSTORE).getValue(), this.configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(), charArray, this.configContext.getProperty(KEYSTORE_TYPE).getValue(), this.configContext.getProperty(TRUSTSTORE).getValue(), this.configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(), this.configContext.getProperty(TRUSTSTORE_TYPE).getValue(), SslContextFactory.ClientAuth.valueOf(clientAuth.name()), value);
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    public String getTrustStoreFile() {
        return this.configContext.getProperty(TRUSTSTORE).getValue();
    }

    public String getTrustStoreType() {
        return this.configContext.getProperty(TRUSTSTORE_TYPE).getValue();
    }

    public String getTrustStorePassword() {
        return this.configContext.getProperty(TRUSTSTORE_PASSWORD).getValue();
    }

    public boolean isTrustStoreConfigured() {
        return (getTrustStoreFile() == null || getTrustStorePassword() == null || getTrustStoreType() == null) ? false : true;
    }

    public String getKeyStoreFile() {
        return this.configContext.getProperty(KEYSTORE).getValue();
    }

    public String getKeyStoreType() {
        return this.configContext.getProperty(KEYSTORE_TYPE).getValue();
    }

    public String getKeyStorePassword() {
        return this.configContext.getProperty(KEYSTORE_PASSWORD).getValue();
    }

    public String getKeyPassword() {
        return this.configContext.getProperty(KEY_PASSWORD).getValue();
    }

    public boolean isKeyStoreConfigured() {
        return (getKeyStoreFile() == null || getKeyStorePassword() == null || getKeyStoreType() == null) ? false : true;
    }

    public String getSslAlgorithm() {
        return this.configContext.getProperty(SSL_ALGORITHM).getValue();
    }

    private static Collection<ValidationResult> validateStore(Map<PropertyDescriptor, String> map, KeystoreValidationGroup keystoreValidationGroup) {
        String str;
        String str2;
        String str3;
        ArrayList arrayList = new ArrayList();
        if (keystoreValidationGroup == KeystoreValidationGroup.KEYSTORE) {
            str = map.get(KEYSTORE);
            str2 = map.get(KEYSTORE_PASSWORD);
            str3 = map.get(KEYSTORE_TYPE);
        } else {
            str = map.get(TRUSTSTORE);
            str2 = map.get(TRUSTSTORE_PASSWORD);
            str3 = map.get(TRUSTSTORE_TYPE);
        }
        String str4 = keystoreValidationGroup == KeystoreValidationGroup.KEYSTORE ? "Keystore" : "Truststore";
        int countNulls = countNulls(str, str2, str3);
        if (countNulls != 3 && countNulls != 0) {
            arrayList.add(new ValidationResult.Builder().valid(false).explanation("Must set either 0 or 3 properties for " + str4).subject(str4 + " Properties").build());
        } else if (countNulls == 0) {
            File file = new File(str);
            if (file.exists() && file.canRead()) {
                try {
                    if (!CertificateUtils.isStoreValid(file.toURI().toURL(), KeystoreType.valueOf(str3), str2.toCharArray())) {
                        arrayList.add(new ValidationResult.Builder().subject(str4 + " Properties").valid(false).explanation("Invalid KeyStore Password or Type specified for file " + str).build());
                    }
                } catch (MalformedURLException e) {
                    arrayList.add(new ValidationResult.Builder().subject(str4 + " Properties").valid(false).explanation("Malformed URL from file: " + e).build());
                }
            } else {
                arrayList.add(new ValidationResult.Builder().valid(false).subject(str4 + " Properties").explanation("Cannot access file " + file.getAbsolutePath()).build());
            }
        }
        return arrayList;
    }

    private static int countNulls(Object... objArr) {
        int i = 0;
        for (Object obj : objArr) {
            if (obj == null) {
                i++;
            }
        }
        return i;
    }

    private static AllowableValue[] buildAlgorithmAllowableValues() {
        HashSet hashSet = new HashSet();
        hashSet.add("SSL");
        hashSet.add("TLS");
        try {
            hashSet.addAll(Arrays.asList(SSLContext.getDefault().createSSLEngine().getSupportedProtocols()));
        } catch (NoSuchAlgorithmException e) {
        }
        int size = hashSet.size();
        ArrayList arrayList = new ArrayList(hashSet);
        Collections.sort(arrayList);
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.add(new AllowableValue((String) it.next()));
        }
        return (AllowableValue[]) arrayList2.toArray(new AllowableValue[size]);
    }

    public String toString() {
        return "SSLContextService[id=" + getIdentifier() + "]";
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add(KEYSTORE);
        arrayList.add(KEYSTORE_PASSWORD);
        arrayList.add(KEY_PASSWORD);
        arrayList.add(KEYSTORE_TYPE);
        arrayList.add(TRUSTSTORE);
        arrayList.add(TRUSTSTORE_PASSWORD);
        arrayList.add(TRUSTSTORE_TYPE);
        arrayList.add(SSL_ALGORITHM);
        properties = Collections.unmodifiableList(arrayList);
    }
}
