package org.apache.pinot.core.util;

import com.google.common.base.Preconditions;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
import org.apache.pinot.common.utils.FileUploadDownloadClient;
import org.apache.pinot.core.transport.TlsConfig;
import org.apache.pinot.spi.env.PinotConfiguration;

/* loaded from: input_file:org/apache/pinot/core/util/TlsUtils.class */
public final class TlsUtils {
    private static final String ENABLED = "enabled";
    private static final String CLIENT_AUTH_ENABLED = "client.auth.enabled";
    private static final String KEYSTORE_PATH = "keystore.path";
    private static final String KEYSTORE_PASSWORD = "keystore.password";
    private static final String TRUSTSTORE_PATH = "truststore.path";
    private static final String TRUSTSTORE_PASSWORD = "truststore.password";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/pinot/core/util/TlsUtils$PinotProtocolSocketFactory.class */
    public static class PinotProtocolSocketFactory implements ProtocolSocketFactory {
        final SSLSocketFactory _sslSocketFactory;

        public PinotProtocolSocketFactory(SSLSocketFactory sSLSocketFactory) {
            this._sslSocketFactory = sSLSocketFactory;
        }

        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            return this._sslSocketFactory.createSocket(str, i, inetAddress, i2);
        }

        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2, HttpConnectionParams httpConnectionParams) throws IOException, UnknownHostException, ConnectTimeoutException {
            Preconditions.checkNotNull(httpConnectionParams);
            int connectionTimeout = httpConnectionParams.getConnectionTimeout();
            if (connectionTimeout <= 0) {
                return this._sslSocketFactory.createSocket(str, i, inetAddress, i2);
            }
            Socket createSocket = this._sslSocketFactory.createSocket();
            InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, i2);
            InetSocketAddress inetSocketAddress2 = new InetSocketAddress(str, i);
            createSocket.bind(inetSocketAddress);
            createSocket.connect(inetSocketAddress2, connectionTimeout);
            return createSocket;
        }

        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            return this._sslSocketFactory.createSocket(str, i);
        }
    }

    private TlsUtils() {
    }

    public static TlsConfig extractTlsConfig(PinotConfiguration pinotConfiguration, String str) {
        TlsConfig tlsConfig = new TlsConfig();
        if (pinotConfiguration.containsKey(key(str, CLIENT_AUTH_ENABLED))) {
            tlsConfig.setClientAuthEnabled(pinotConfiguration.getProperty(key(str, CLIENT_AUTH_ENABLED), false));
        }
        if (pinotConfiguration.containsKey(key(str, KEYSTORE_PATH))) {
            tlsConfig.setKeyStorePath(pinotConfiguration.getProperty(key(str, KEYSTORE_PATH)));
        }
        if (pinotConfiguration.containsKey(key(str, KEYSTORE_PASSWORD))) {
            tlsConfig.setKeyStorePassword(pinotConfiguration.getProperty(key(str, KEYSTORE_PASSWORD)));
        }
        if (pinotConfiguration.containsKey(key(str, TRUSTSTORE_PATH))) {
            tlsConfig.setTrustStorePath(pinotConfiguration.getProperty(key(str, TRUSTSTORE_PATH)));
        }
        if (pinotConfiguration.containsKey(key(str, TRUSTSTORE_PASSWORD))) {
            tlsConfig.setTrustStorePassword(pinotConfiguration.getProperty(key(str, TRUSTSTORE_PASSWORD)));
        }
        return tlsConfig;
    }

    public static KeyManagerFactory createKeyManagerFactory(TlsConfig tlsConfig) {
        return createKeyManagerFactory(tlsConfig.getKeyStorePath(), tlsConfig.getKeyStorePassword());
    }

    public static KeyManagerFactory createKeyManagerFactory(String str, String str2) {
        Preconditions.checkNotNull(str, "key store path must not be null");
        Preconditions.checkNotNull(str2, "key store password must not be null");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, str2.toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, str2.toCharArray());
                    return keyManagerFactory;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(String.format("Could not create key manager factory '%s'", str), e);
        }
    }

    public static TrustManagerFactory createTrustManagerFactory(TlsConfig tlsConfig) {
        return createTrustManagerFactory(tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword());
    }

    public static TrustManagerFactory createTrustManagerFactory(String str, String str2) {
        Preconditions.checkNotNull(str, "trust store path must not be null");
        Preconditions.checkNotNull(str2, "trust store password must not be null");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, str2.toCharArray());
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    return trustManagerFactory;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException(String.format("Could not create trust manager factory '%s'", str), e);
        }
    }

    public static void installDefaultSSLSocketFactory(TlsConfig tlsConfig) {
        installDefaultSSLSocketFactory(tlsConfig.getKeyStorePath(), tlsConfig.getKeyStorePassword(), tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword());
    }

    public static void installDefaultSSLSocketFactory(String str, String str2, String str3, String str4) {
        KeyManager[] keyManagerArr = null;
        if (str != null) {
            keyManagerArr = createKeyManagerFactory(str, str2).getKeyManagers();
        }
        TrustManager[] trustManagerArr = null;
        if (str3 != null) {
            trustManagerArr = createTrustManagerFactory(str3, str4).getTrustManagers();
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            Protocol.registerProtocol("https", new Protocol("https", new PinotProtocolSocketFactory(sSLContext.getSocketFactory()), 443));
            FileUploadDownloadClient.installDefaultSSLContext(sSLContext);
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Could not initialize SSL support", e);
        }
    }

    private static String key(String str, String str2) {
        return str + "." + str2;
    }
}
