package org.cloudfoundry.security;

import java.lang.reflect.UndeclaredThrowableException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.KeyManagerFactorySpi;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.X509ExtendedKeyManager;

/* loaded from: input_file:org/cloudfoundry/security/CloudFoundryContainerKeyManagerFactory.class */
abstract class CloudFoundryContainerKeyManagerFactory extends KeyManagerFactorySpi {
    private static final String CERTIFICATES_PROPERTY = "CF_INSTANCE_CERT";
    private static final Object MONITOR = new Object();
    private static final String PRIVATE_KEY_PROPERTY = "CF_INSTANCE_KEY";
    private static FileWatchingX509ExtendedKeyManager CACHED_CONTAINER_KEY_MANAGER;
    private final Logger logger;
    private final String algorithm;
    private final Path certificates;
    private final Path privateKey;
    private final KeyManagerFactory systemKeyManagerFactory;
    private X509ExtendedKeyManager cachedSystemKeyManager;

    /* loaded from: input_file:org/cloudfoundry/security/CloudFoundryContainerKeyManagerFactory$SunX509.class */
    public static final class SunX509 extends CloudFoundryContainerKeyManagerFactory {
        public SunX509() throws NoSuchAlgorithmException, NoSuchProviderException {
            this(CloudFoundryContainerKeyManagerFactory.getProperty(CloudFoundryContainerKeyManagerFactory.CERTIFICATES_PROPERTY), CloudFoundryContainerKeyManagerFactory.getProperty(CloudFoundryContainerKeyManagerFactory.PRIVATE_KEY_PROPERTY));
        }

        SunX509(Path path, Path path2) throws NoSuchAlgorithmException, NoSuchProviderException {
            super("SunX509", path, path2);
        }
    }

    /* loaded from: input_file:org/cloudfoundry/security/CloudFoundryContainerKeyManagerFactory$X509.class */
    public static final class X509 extends CloudFoundryContainerKeyManagerFactory {
        public X509() throws NoSuchAlgorithmException, NoSuchProviderException {
            this(CloudFoundryContainerKeyManagerFactory.getProperty(CloudFoundryContainerKeyManagerFactory.CERTIFICATES_PROPERTY), CloudFoundryContainerKeyManagerFactory.getProperty(CloudFoundryContainerKeyManagerFactory.PRIVATE_KEY_PROPERTY));
        }

        X509(Path path, Path path2) throws NoSuchAlgorithmException, NoSuchProviderException {
            super("NewSunX509", path, path2);
        }
    }

    private CloudFoundryContainerKeyManagerFactory(String str, Path path, Path path2) {
        this.logger = Logger.getLogger(getClass().getName());
        this.algorithm = str;
        this.certificates = path;
        this.privateKey = path2;
        this.systemKeyManagerFactory = getKeyManagerFactory();
        this.logger.fine(String.format("Algorithm: %s", str));
        this.logger.fine(String.format("Certificates: %s", path));
        this.logger.fine(String.format("Private Key: %s", path2));
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected final KeyManager[] engineGetKeyManagers() {
        ArrayList arrayList = new ArrayList();
        X509ExtendedKeyManager systemKeyManager = getSystemKeyManager();
        if (systemKeyManager != null) {
            arrayList.add(systemKeyManager);
        }
        FileWatchingX509ExtendedKeyManager containerKeyManager = getContainerKeyManager();
        if (containerKeyManager != null) {
            arrayList.add(containerKeyManager);
        }
        return new KeyManager[]{new DelegatingX509ExtendedKeyManager(arrayList)};
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected final void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        this.systemKeyManagerFactory.init(managerFactoryParameters);
        invalidateSystemKeyManager();
    }

    @Override // javax.net.ssl.KeyManagerFactorySpi
    protected final void engineInit(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        this.systemKeyManagerFactory.init(keyStore, cArr);
        invalidateSystemKeyManager();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Path getProperty(String str) {
        String str2 = System.getenv(str);
        if (str2 != null) {
            return Paths.get(str2, new String[0]);
        }
        return null;
    }

    private FileWatchingX509ExtendedKeyManager getContainerKeyManager() {
        FileWatchingX509ExtendedKeyManager fileWatchingX509ExtendedKeyManager;
        synchronized (MONITOR) {
            if (CACHED_CONTAINER_KEY_MANAGER == null && this.certificates != null && Files.exists(this.certificates, new LinkOption[0]) && this.privateKey != null && Files.exists(this.privateKey, new LinkOption[0])) {
                this.logger.info(String.format("Adding Key Manager for %s and %s", this.privateKey, this.certificates));
                CACHED_CONTAINER_KEY_MANAGER = new FileWatchingX509ExtendedKeyManager(this.certificates, this.privateKey, getKeyManagerFactory());
            }
            fileWatchingX509ExtendedKeyManager = CACHED_CONTAINER_KEY_MANAGER;
        }
        return fileWatchingX509ExtendedKeyManager;
    }

    private KeyManagerFactory getKeyManagerFactory() {
        try {
            return KeyManagerFactory.getInstance(this.algorithm, "SunJSSE");
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new UndeclaredThrowableException(e);
        }
    }

    private X509ExtendedKeyManager getSystemKeyManager() {
        X509ExtendedKeyManager x509ExtendedKeyManager;
        synchronized (MONITOR) {
            if (this.cachedSystemKeyManager == null) {
                KeyManager[] keyManagers = this.systemKeyManagerFactory.getKeyManagers();
                int length = keyManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    KeyManager keyManager = keyManagers[i];
                    if (keyManager instanceof X509ExtendedKeyManager) {
                        this.logger.info("Adding System Key Manager");
                        this.cachedSystemKeyManager = (X509ExtendedKeyManager) keyManager;
                        break;
                    }
                    i++;
                }
            }
            x509ExtendedKeyManager = this.cachedSystemKeyManager;
        }
        return x509ExtendedKeyManager;
    }

    private void invalidateSystemKeyManager() {
        synchronized (MONITOR) {
            this.cachedSystemKeyManager = null;
        }
    }
}
