package org.apache.accumulo.core.util;

import java.io.File;
import java.io.FileNotFoundException;
import java.net.URL;
import java.util.Arrays;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.thrift.transport.TSSLTransportFactory;

/* loaded from: input_file:org/apache/accumulo/core/util/SslConnectionParams.class */
public class SslConnectionParams {
    private static final Logger log = Logger.getLogger(SslConnectionParams.class);
    private boolean useJsse = false;
    private boolean clientAuth = false;
    private boolean keyStoreSet;
    private String keyStorePath;
    private String keyStorePass;
    private String keyStoreType;
    private boolean trustStoreSet;
    private String trustStorePath;
    private String trustStorePass;
    private String trustStoreType;
    private String[] cipherSuites;
    private String[] serverProtocols;
    private String clientProtocol;

    private SslConnectionParams() {
    }

    public static SslConnectionParams forConfig(AccumuloConfiguration accumuloConfiguration, boolean z) {
        if (!accumuloConfiguration.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED)) {
            return null;
        }
        SslConnectionParams sslConnectionParams = new SslConnectionParams();
        boolean z2 = accumuloConfiguration.getBoolean(Property.INSTANCE_RPC_SSL_CLIENT_AUTH);
        if (z) {
            sslConnectionParams.setClientAuth(z2);
        }
        if (accumuloConfiguration.getBoolean(Property.RPC_USE_JSSE)) {
            sslConnectionParams.setUseJsse(true);
            return sslConnectionParams;
        }
        if (!z || z2) {
            try {
                sslConnectionParams.setTrustStoreFromConf(accumuloConfiguration);
            } catch (FileNotFoundException e) {
                throw new IllegalArgumentException("Could not load configured keystore file", e);
            }
        }
        if (z || z2) {
            sslConnectionParams.setKeyStoreFromConf(accumuloConfiguration);
        }
        String str = accumuloConfiguration.get(Property.RPC_SSL_CIPHER_SUITES);
        if (null != str && !str.isEmpty()) {
            sslConnectionParams.cipherSuites = StringUtils.split(str, ',');
        }
        sslConnectionParams.serverProtocols = StringUtils.split(accumuloConfiguration.get(Property.RPC_SSL_ENABLED_PROTOCOLS), ',');
        sslConnectionParams.clientProtocol = accumuloConfiguration.get(Property.RPC_SSL_CLIENT_PROTOCOL);
        return sslConnectionParams;
    }

    private static String passwordFromConf(AccumuloConfiguration accumuloConfiguration, String str, Property property) {
        String str2 = accumuloConfiguration.get(property);
        if (str2.isEmpty()) {
            str2 = str;
        } else if (log.isTraceEnabled()) {
            log.trace("Using explicit SSL private key password from " + property.getKey());
        }
        return str2;
    }

    private static String storePathFromConf(AccumuloConfiguration accumuloConfiguration, Property property) throws FileNotFoundException {
        return findKeystore(accumuloConfiguration.getPath(property));
    }

    public void setKeyStoreFromConf(AccumuloConfiguration accumuloConfiguration) throws FileNotFoundException {
        this.keyStoreSet = true;
        this.keyStorePath = storePathFromConf(accumuloConfiguration, Property.RPC_SSL_KEYSTORE_PATH);
        this.keyStorePass = passwordFromConf(accumuloConfiguration, accumuloConfiguration.get(Property.INSTANCE_SECRET), Property.RPC_SSL_KEYSTORE_PASSWORD);
        this.keyStoreType = accumuloConfiguration.get(Property.RPC_SSL_KEYSTORE_TYPE);
    }

    public void setTrustStoreFromConf(AccumuloConfiguration accumuloConfiguration) throws FileNotFoundException {
        this.trustStoreSet = true;
        this.trustStorePath = storePathFromConf(accumuloConfiguration, Property.RPC_SSL_TRUSTSTORE_PATH);
        this.trustStorePass = passwordFromConf(accumuloConfiguration, "", Property.RPC_SSL_TRUSTSTORE_PASSWORD);
        this.trustStoreType = accumuloConfiguration.get(Property.RPC_SSL_TRUSTSTORE_TYPE);
    }

    public static SslConnectionParams forServer(AccumuloConfiguration accumuloConfiguration) {
        return forConfig(accumuloConfiguration, true);
    }

    public static SslConnectionParams forClient(AccumuloConfiguration accumuloConfiguration) {
        return forConfig(accumuloConfiguration, false);
    }

    private static String findKeystore(String str) throws FileNotFoundException {
        File file;
        URL resource;
        try {
            file = new File(str);
        } catch (Exception e) {
            log.warn("Exception finding keystore", e);
        }
        if (file.exists()) {
            return file.getAbsolutePath();
        }
        if (!file.isAbsolute() && (resource = SslConnectionParams.class.getClassLoader().getResource(str)) != null) {
            File file2 = new File(resource.toURI());
            if (file2.exists()) {
                return file2.getAbsolutePath();
            }
        }
        throw new FileNotFoundException("Failed to load SSL keystore from " + str);
    }

    public void setUseJsse(boolean z) {
        this.useJsse = z;
    }

    public boolean useJsse() {
        return this.useJsse;
    }

    public void setClientAuth(boolean z) {
        this.clientAuth = z;
    }

    public boolean isClientAuth() {
        return this.clientAuth;
    }

    public String[] getServerProtocols() {
        return this.serverProtocols;
    }

    public String getClientProtocol() {
        return this.clientProtocol;
    }

    public boolean isKeyStoreSet() {
        return this.keyStoreSet;
    }

    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    public String getKeyStorePass() {
        return this.keyStorePass;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    public boolean isTrustStoreSet() {
        return this.trustStoreSet;
    }

    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    public String getTrustStorePass() {
        return this.trustStorePass;
    }

    public String getTrustStoreType() {
        return this.trustStoreType;
    }

    public TSSLTransportFactory.TSSLTransportParameters getTTransportParams() {
        if (this.useJsse) {
            throw new IllegalStateException("Cannot get TTransportParams for JSEE configuration.");
        }
        TSSLTransportFactory.TSSLTransportParameters tSSLTransportParameters = new TSSLTransportFactory.TSSLTransportParameters(this.clientProtocol, this.cipherSuites);
        tSSLTransportParameters.requireClientAuth(this.clientAuth);
        if (this.keyStoreSet) {
            tSSLTransportParameters.setKeyStore(this.keyStorePath, this.keyStorePass, null, this.keyStoreType);
        }
        if (this.trustStoreSet) {
            tSSLTransportParameters.setTrustStore(this.trustStorePath, this.trustStorePass, null, this.trustStoreType);
        }
        return tSSLTransportParameters;
    }

    public int hashCode() {
        int i = (31 * ((31 * 0) + (this.clientAuth ? 0 : 1))) + (this.useJsse ? 0 : 1);
        if (this.useJsse) {
            return i;
        }
        int i2 = (31 * ((31 * i) + (this.keyStoreSet ? 0 : 1))) + (this.trustStoreSet ? 0 : 1);
        if (this.keyStoreSet) {
            i2 = (31 * i2) + this.keyStorePath.hashCode();
        }
        if (this.trustStoreSet) {
            i2 = (31 * i2) + this.trustStorePath.hashCode();
        }
        int hashCode = (31 * ((31 * i2) + this.clientProtocol.hashCode())) + Arrays.hashCode(this.serverProtocols);
        return super.hashCode();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SslConnectionParams)) {
            return false;
        }
        SslConnectionParams sslConnectionParams = (SslConnectionParams) obj;
        if (this.clientAuth != sslConnectionParams.clientAuth) {
            return false;
        }
        if (this.useJsse) {
            return sslConnectionParams.useJsse;
        }
        if (this.keyStoreSet && (!sslConnectionParams.keyStoreSet || !this.keyStorePath.equals(sslConnectionParams.keyStorePath) || !this.keyStorePass.equals(sslConnectionParams.keyStorePass) || !this.keyStoreType.equals(sslConnectionParams.keyStoreType))) {
            return false;
        }
        if ((!this.trustStoreSet || (sslConnectionParams.trustStoreSet && this.trustStorePath.equals(sslConnectionParams.trustStorePath) && this.trustStorePass.equals(sslConnectionParams.trustStorePass) && this.trustStoreType.equals(sslConnectionParams.trustStoreType))) && Arrays.equals(this.serverProtocols, sslConnectionParams.serverProtocols)) {
            return this.clientProtocol.equals(sslConnectionParams.clientProtocol);
        }
        return false;
    }
}
