package org.apache.qpid.server.security;

import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.qpid.server.consumer.ConsumerImpl;
import org.apache.qpid.server.consumer.ConsumerTarget;
import org.apache.qpid.server.filter.FilterManager;
import org.apache.qpid.server.message.MessageSource;
import org.apache.qpid.server.message.ServerMessage;
import org.apache.qpid.server.message.internal.InternalMessage;
import org.apache.qpid.server.message.internal.InternalMessageHeader;
import org.apache.qpid.server.model.ConfigurationChangeListener;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.virtualhost.AbstractSystemMessageSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/TrustStoreMessageSource.class */
public class TrustStoreMessageSource extends AbstractSystemMessageSource implements MessageSource {
    private static final Logger LOGGER = LoggerFactory.getLogger(TrustStoreMessageSource.class);
    private final TrustStore<?> _trustStore;
    private final AtomicReference<Set<Certificate>> _certCache;
    private final VirtualHost<?, ?, ?> _virtualHost;

    public TrustStoreMessageSource(TrustStore<?> trustStore, VirtualHost<?, ?, ?> virtualHost) {
        super(getSourceNameFromTrustStore(trustStore), virtualHost);
        this._certCache = new AtomicReference<>();
        this._virtualHost = virtualHost;
        this._trustStore = trustStore;
        this._trustStore.addChangeListener(new ConfigurationChangeListener() { // from class: org.apache.qpid.server.security.TrustStoreMessageSource.1
            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void stateChanged(ConfiguredObject<?> configuredObject, State state, State state2) {
                if (state2 == State.ACTIVE) {
                    TrustStoreMessageSource.this.updateCertCache();
                }
            }

            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void childAdded(ConfiguredObject<?> configuredObject, ConfiguredObject<?> configuredObject2) {
            }

            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void childRemoved(ConfiguredObject<?> configuredObject, ConfiguredObject<?> configuredObject2) {
            }

            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void attributeSet(ConfiguredObject<?> configuredObject, String str, Object obj, Object obj2) {
                TrustStoreMessageSource.this.updateCertCache();
            }

            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void bulkChangeStart(ConfiguredObject<?> configuredObject) {
            }

            @Override // org.apache.qpid.server.model.ConfigurationChangeListener
            public void bulkChangeEnd(ConfiguredObject<?> configuredObject) {
            }
        });
        if (this._trustStore.getState() == State.ACTIVE) {
            updateCertCache();
        }
    }

    @Override // org.apache.qpid.server.virtualhost.AbstractSystemMessageSource, org.apache.qpid.server.message.MessageSource
    public AbstractSystemMessageSource.Consumer addConsumer(ConsumerTarget consumerTarget, FilterManager filterManager, Class<? extends ServerMessage> cls, String str, EnumSet<ConsumerImpl.Option> enumSet) throws MessageSource.ExistingExclusiveConsumer, MessageSource.ExistingConsumerPreventsExclusive, MessageSource.ConsumerAccessRefused {
        AbstractSystemMessageSource.Consumer addConsumer = super.addConsumer(consumerTarget, filterManager, cls, str, enumSet);
        addConsumer.send(createMessage());
        consumerTarget.queueEmpty();
        return addConsumer;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateCertCache() {
        this._certCache.set(populateCertCache());
        if (getConsumers().isEmpty()) {
            return;
        }
        sendMessageToConsumers();
    }

    private void sendMessageToConsumers() {
        InternalMessage createMessage = createMessage();
        Iterator it = new ArrayList(getConsumers()).iterator();
        while (it.hasNext()) {
            ((AbstractSystemMessageSource.Consumer) it.next()).send(createMessage);
        }
    }

    private InternalMessage createMessage() {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : this._certCache.get()) {
            try {
                arrayList.add(certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                LOGGER.error("Could not encode certificate of type " + certificate.getType(), e);
            }
        }
        return InternalMessage.createListMessage(this._virtualHost.getMessageStore(), new InternalMessageHeader(Collections.emptyMap(), null, 0L, null, null, UUID.randomUUID().toString(), null, null, (byte) 4, System.currentTimeMillis(), 0L, null, null), arrayList);
    }

    private Set<Certificate> populateCertCache() {
        try {
            HashSet hashSet = new HashSet();
            for (Certificate certificate : this._trustStore.getCertificates()) {
                hashSet.add(certificate);
            }
            return hashSet;
        } catch (GeneralSecurityException e) {
            LOGGER.error("Cannot read trust managers from truststore " + this._trustStore.getName(), e);
            return Collections.emptySet();
        }
    }

    public static String getSourceNameFromTrustStore(TrustStore<?> trustStore) {
        return "$certificates/" + trustStore.getName();
    }

    @Override // org.apache.qpid.server.virtualhost.AbstractSystemMessageSource, org.apache.qpid.server.message.MessageSource
    public /* bridge */ /* synthetic */ ConsumerImpl addConsumer(ConsumerTarget consumerTarget, FilterManager filterManager, Class cls, String str, EnumSet enumSet) throws MessageSource.ExistingExclusiveConsumer, MessageSource.ExistingConsumerPreventsExclusive, MessageSource.ConsumerAccessRefused {
        return addConsumer(consumerTarget, filterManager, (Class<? extends ServerMessage>) cls, str, (EnumSet<ConsumerImpl.Option>) enumSet);
    }
}
