package org.cloudfoundry.security;

import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.net.Socket;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/cloudfoundry/security/FileWatchingX509ExtendedTrustManager.class */
public final class FileWatchingX509ExtendedTrustManager extends X509ExtendedTrustManager {
    private final Path certificates;
    private final TrustManagerFactory trustManagerFactory;
    private final Logger logger = Logger.getLogger(getClass().getName());
    private final AtomicReference<X509ExtendedTrustManager> trustManager = new AtomicReference<>();

    /* loaded from: input_file:org/cloudfoundry/security/FileWatchingX509ExtendedTrustManager$FileWatcherCallback.class */
    private class FileWatcherCallback implements Runnable {
        private FileWatcherCallback() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (FileWatchingX509ExtendedTrustManager.this.trustManager.getAndSet(FileWatchingX509ExtendedTrustManager.this.getTrustManager(FileWatchingX509ExtendedTrustManager.this.getKeyStore())) == null) {
                FileWatchingX509ExtendedTrustManager.this.logger.info(String.format("Initialized TrustManager for %s", FileWatchingX509ExtendedTrustManager.this.certificates));
            } else {
                FileWatchingX509ExtendedTrustManager.this.logger.info(String.format("Updated TrustManager for %s", FileWatchingX509ExtendedTrustManager.this.certificates));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FileWatchingX509ExtendedTrustManager(Path path, TrustManagerFactory trustManagerFactory) {
        this.certificates = path;
        this.trustManagerFactory = trustManagerFactory;
        new FileWatcher(this.certificates, new FileWatcherCallback()).watch();
        if (this.trustManager.compareAndSet(null, getTrustManager(getKeyStore()))) {
            this.logger.info(String.format("Initialized TrustManager for %s", this.certificates));
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.get().checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.get().checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.get().getAcceptedIssuers();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore getKeyStore() {
        try {
            KeyStore identity = KeyStoreEntryCollector.identity();
            Iterator<X509Certificate> it = X509CertificateFactory.generate(this.certificates).iterator();
            while (it.hasNext()) {
                KeyStoreEntryCollector.accumulate(identity, it.next());
            }
            return identity;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new UndeclaredThrowableException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509ExtendedTrustManager getTrustManager(KeyStore keyStore) {
        try {
            this.trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : this.trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            throw new IllegalStateException("No X509ExtendedTrustManager available");
        } catch (KeyStoreException e) {
            throw new UndeclaredThrowableException(e);
        }
    }
}
