package org.apache.pulsar.client.impl.auth;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.function.Supplier;
import org.apache.pulsar.client.api.AuthenticationDataProvider;
import org.apache.pulsar.client.impl.PulsarChannelInitializer;
import org.apache.pulsar.common.util.FileModifiedTimeUpdater;
import org.apache.pulsar.common.util.SecurityUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-client-original-3.0.3.jar:org/apache/pulsar/client/impl/auth/AuthenticationDataTls.class */
public class AuthenticationDataTls implements AuthenticationDataProvider {
    private static final long serialVersionUID = 1;
    protected X509Certificate[] tlsCertificates;
    protected PrivateKey tlsPrivateKey;
    private transient FileModifiedTimeUpdater certFile;
    private transient FileModifiedTimeUpdater keyFile;
    private transient InputStream certStream;
    private transient InputStream keyStream;

    @SuppressFBWarnings(value = {"SE_TRANSIENT_FIELD_NOT_RESTORED"}, justification = "Using custom serializer which Findbugs can't detect")
    private transient Supplier<ByteArrayInputStream> certStreamProvider;

    @SuppressFBWarnings(value = {"SE_TRANSIENT_FIELD_NOT_RESTORED"}, justification = "Using custom serializer which Findbugs can't detect")
    private transient Supplier<ByteArrayInputStream> keyStreamProvider;

    @SuppressFBWarnings(value = {"SE_TRANSIENT_FIELD_NOT_RESTORED"}, justification = "Using custom serializer which Findbugs can't detect")
    private transient Supplier<ByteArrayInputStream> trustStoreStreamProvider;
    private static final Map<String, String> headers = Collections.singletonMap(AuthenticationDataProvider.PULSAR_AUTH_METHOD_NAME, PulsarChannelInitializer.TLS_HANDLER);
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationDataTls.class);

    public AuthenticationDataTls(String str, String str2) throws KeyManagementException {
        if (str == null) {
            throw new IllegalArgumentException("certFilePath must not be null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("keyFilePath must not be null");
        }
        this.certFile = new FileModifiedTimeUpdater(str);
        this.keyFile = new FileModifiedTimeUpdater(str2);
        this.tlsCertificates = SecurityUtility.loadCertificatesFromPemFile(str);
        this.tlsPrivateKey = SecurityUtility.loadPrivateKeyFromPemFile(str2);
    }

    public AuthenticationDataTls(Supplier<ByteArrayInputStream> supplier, Supplier<ByteArrayInputStream> supplier2) throws KeyManagementException {
        this(supplier, supplier2, null);
    }

    public AuthenticationDataTls(Supplier<ByteArrayInputStream> supplier, Supplier<ByteArrayInputStream> supplier2, Supplier<ByteArrayInputStream> supplier3) throws KeyManagementException {
        if (supplier == null || supplier.get() == null) {
            throw new IllegalArgumentException("certStream provider or stream must not be null");
        }
        if (supplier2 == null || supplier2.get() == null) {
            throw new IllegalArgumentException("keyStream provider or stream must not be null");
        }
        this.certStreamProvider = supplier;
        this.keyStreamProvider = supplier2;
        this.trustStoreStreamProvider = supplier3;
        this.certStream = supplier.get();
        this.keyStream = supplier2.get();
        this.tlsCertificates = SecurityUtility.loadCertificatesFromPemStream(this.certStream);
        this.tlsPrivateKey = SecurityUtility.loadPrivateKeyFromPemStream(this.keyStream);
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public boolean hasDataForTls() {
        return true;
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public Set<Map.Entry<String, String>> getHttpHeaders() {
        return headers.entrySet();
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public Certificate[] getTlsCertificates() {
        if (this.certFile != null && this.certFile.checkAndRefresh()) {
            try {
                this.tlsCertificates = SecurityUtility.loadCertificatesFromPemFile(this.certFile.getFileName());
            } catch (KeyManagementException e) {
                LOG.error("Unable to refresh authData for cert {}: ", this.certFile.getFileName(), e);
            }
        } else if (this.certStreamProvider != null && this.certStreamProvider.get() != null && !this.certStreamProvider.get().equals(this.certStream)) {
            try {
                this.certStream = this.certStreamProvider.get();
                this.tlsCertificates = SecurityUtility.loadCertificatesFromPemStream(this.certStream);
            } catch (KeyManagementException e2) {
                LOG.error("Unable to refresh authData from cert stream ", (Throwable) e2);
            }
        }
        return this.tlsCertificates;
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public PrivateKey getTlsPrivateKey() {
        if (this.keyFile != null && this.keyFile.checkAndRefresh()) {
            try {
                this.tlsPrivateKey = SecurityUtility.loadPrivateKeyFromPemFile(this.keyFile.getFileName());
            } catch (KeyManagementException e) {
                LOG.error("Unable to refresh authData for cert {}: ", this.keyFile.getFileName(), e);
            }
        } else if (this.keyStreamProvider != null && this.keyStreamProvider.get() != null && !this.keyStreamProvider.get().equals(this.keyStream)) {
            try {
                this.keyStream = this.keyStreamProvider.get();
                this.tlsPrivateKey = SecurityUtility.loadPrivateKeyFromPemStream(this.keyStream);
            } catch (KeyManagementException e2) {
                LOG.error("Unable to refresh authData from key stream ", (Throwable) e2);
            }
        }
        return this.tlsPrivateKey;
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public InputStream getTlsTrustStoreStream() {
        if (this.trustStoreStreamProvider != null) {
            return this.trustStoreStreamProvider.get();
        }
        return null;
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public String getTlsCerificateFilePath() {
        if (this.certFile != null) {
            return this.certFile.getFileName();
        }
        return null;
    }

    @Override // org.apache.pulsar.client.api.AuthenticationDataProvider
    public String getTlsPrivateKeyFilePath() {
        if (this.keyFile != null) {
            return this.keyFile.getFileName();
        }
        return null;
    }
}
