package org.apache.qpid.server.security;

import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ManagedObject(category = false)
/* loaded from: input_file:org/apache/qpid/server/security/NonJavaTrustStoreImpl.class */
public class NonJavaTrustStoreImpl extends AbstractTrustStore<NonJavaTrustStoreImpl> implements NonJavaTrustStore<NonJavaTrustStoreImpl> {
    private static final Logger LOGGER = LoggerFactory.getLogger(NonJavaTrustStoreImpl.class);

    @ManagedAttributeField(afterSet = "updateTrustManagers")
    private String _certificatesUrl;
    private volatile TrustManager[] _trustManagers;
    private X509Certificate[] _certificates;

    @ManagedObjectFactoryConstructor
    public NonJavaTrustStoreImpl(Map<String, Object> map, Broker<?> broker) {
        super(map, broker);
        this._trustManagers = new TrustManager[0];
    }

    @Override // org.apache.qpid.server.security.NonJavaTrustStore
    public String getCertificatesUrl() {
        return this._certificatesUrl;
    }

    @Override // org.apache.qpid.server.security.AbstractTrustStore
    protected TrustManager[] getTrustManagersInternal() throws GeneralSecurityException {
        TrustManager[] trustManagerArr = this._trustManagers;
        if (trustManagerArr == null || trustManagerArr.length == 0) {
            throw new IllegalStateException("Truststore " + this + " defines no trust managers");
        }
        return (TrustManager[]) Arrays.copyOf(trustManagerArr, trustManagerArr.length);
    }

    @Override // org.apache.qpid.server.model.TrustStore
    public Certificate[] getCertificates() throws GeneralSecurityException {
        X509Certificate[] x509CertificateArr = this._certificates;
        return x509CertificateArr == null ? new X509Certificate[0] : x509CertificateArr;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        validateTrustStoreAttributes(this);
    }

    @StateTransition(currentState = {State.UNINITIALIZED, State.ERRORED}, desiredState = State.ACTIVE)
    protected ListenableFuture<Void> doActivate() {
        initializeExpiryChecking();
        setState(State.ACTIVE);
        return Futures.immediateFuture((Object) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        validateTrustStoreAttributes((NonJavaTrustStore) configuredObject);
    }

    private void validateTrustStoreAttributes(NonJavaTrustStore<?> nonJavaTrustStore) {
        try {
            SSLUtil.readCertificates(getUrlFromString(nonJavaTrustStore.getCertificatesUrl()));
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalArgumentException("Cannot validate certificate(s):" + e, e);
        }
    }

    private void updateTrustManagers() {
        try {
            if (this._certificatesUrl != null) {
                X509Certificate[] readCertificates = SSLUtil.readCertificates(getUrlFromString(this._certificatesUrl));
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                int i = 1;
                for (X509Certificate x509Certificate : readCertificates) {
                    int i2 = i;
                    i++;
                    keyStore.setCertificateEntry(String.valueOf(i2), x509Certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                this._trustManagers = trustManagerFactory.getTrustManagers();
                this._certificates = readCertificates;
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new IllegalConfigurationException("Cannot load certificate(s) :" + e, e);
        }
    }

    private URL getUrlFromString(String str) throws MalformedURLException {
        URL url;
        try {
            url = new URL(str);
        } catch (MalformedURLException e) {
            url = new File(str).toURI().toURL();
        }
        return url;
    }

    static {
        Handler.register();
    }
}
