package org.reaktivity.nukleus.tls.internal;

import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.agrona.DirectBuffer;
import org.agrona.LangUtil;
import org.agrona.collections.Long2ObjectHashMap;
import org.agrona.collections.MutableInteger;
import org.reaktivity.nukleus.Nukleus;
import org.reaktivity.nukleus.function.MessagePredicate;
import org.reaktivity.nukleus.internal.CopyOnWriteHashMap;
import org.reaktivity.nukleus.route.RouteKind;
import org.reaktivity.nukleus.tls.internal.types.OctetsFW;
import org.reaktivity.nukleus.tls.internal.types.control.RouteFW;
import org.reaktivity.nukleus.tls.internal.types.control.TlsRouteExFW;
import org.reaktivity.nukleus.tls.internal.types.control.UnrouteFW;

/* loaded from: input_file:org/reaktivity/nukleus/tls/internal/TlsNukleus.class */
final class TlsNukleus implements Nukleus {
    static final String NAME = "tls";
    private static final String PROPERTY_TLS_KEYSTORE = "tls.keystore";
    private static final String PROPERTY_TLS_KEYSTORE_PASSWORD = "tls.keystore.password";
    private static final String PROPERTY_TLS_TRUSTSTORE = "tls.truststore";
    private static final String PROPERTY_TLS_TRUSTSTORE_PASSWORD = "tls.truststore.password";
    private static final String DEFAULT_TLS_KEYSTORE = "keys";
    private static final String DEFAULT_TLS_KEYSTORE_PASSWORD = "generated";
    private static final String DEFAULT_TLS_TRUSTSTORE = "trust";
    private static final String DEFAULT_TLS_TRUSTSTORE_PASSWORD = "generated";
    private final TlsConfiguration config;
    private final Map<RouteKind, MessagePredicate> routeHandlers;
    private final UnrouteFW unrouteRO = new UnrouteFW();
    private final RouteFW routeRO = new RouteFW();
    private final TlsRouteExFW tlsRouteExRO = new TlsRouteExFW();
    private final Map<String, MutableInteger> routesByStore = new HashMap();
    private final Long2ObjectHashMap<String> storesByRouteId = new Long2ObjectHashMap<>();
    private final Map<String, SSLContext> contextsByStore = new CopyOnWriteHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public TlsNukleus(TlsConfiguration tlsConfiguration) {
        this.config = tlsConfiguration;
        EnumMap enumMap = new EnumMap(RouteKind.class);
        enumMap.put((EnumMap) RouteKind.SERVER, (RouteKind) this::handleRoute);
        enumMap.put((EnumMap) RouteKind.CLIENT, (RouteKind) this::handleRoute);
        this.routeHandlers = enumMap;
    }

    public String name() {
        return NAME;
    }

    /* renamed from: config, reason: merged with bridge method [inline-methods] */
    public TlsConfiguration m3config() {
        return this.config;
    }

    public MessagePredicate routeHandler(RouteKind routeKind) {
        return this.routeHandlers.get(routeKind);
    }

    /* renamed from: supplyElektron, reason: merged with bridge method [inline-methods] */
    public TlsElektron m2supplyElektron() {
        TlsConfiguration tlsConfiguration = this.config;
        Map<String, SSLContext> map = this.contextsByStore;
        Objects.requireNonNull(map);
        return new TlsElektron(tlsConfiguration, (v1) -> {
            return r3.get(v1);
        });
    }

    private boolean handleRoute(int i, DirectBuffer directBuffer, int i2, int i3) {
        switch (i) {
            case 1:
                handleRoute(this.routeRO.wrap(directBuffer, i2, i2 + i3));
                return true;
            case 2:
                handleUnroute(this.unrouteRO.wrap(directBuffer, i2, i2 + i3));
                return true;
            default:
                return true;
        }
    }

    private void handleRoute(RouteFW routeFW) {
        OctetsFW extension = routeFW.extension();
        TlsRouteExFW tlsRouteExFW = this.tlsRouteExRO;
        Objects.requireNonNull(tlsRouteExFW);
        String asString = ((TlsRouteExFW) extension.get(tlsRouteExFW::wrap)).store().asString();
        long correlationId = routeFW.correlationId();
        if (asString != null) {
            this.storesByRouteId.put(correlationId, asString);
        }
        this.routesByStore.computeIfAbsent(asString, str -> {
            return new MutableInteger();
        }).value++;
        this.contextsByStore.computeIfAbsent(asString, str2 -> {
            return initContext(this.config, asString);
        });
    }

    private void handleUnroute(UnrouteFW unrouteFW) {
        String str = (String) this.storesByRouteId.remove(unrouteFW.routeId());
        MutableInteger computeIfPresent = this.routesByStore.computeIfPresent(str, (str2, mutableInteger) -> {
            return decrement(mutableInteger);
        });
        if (computeIfPresent == null || computeIfPresent.value != 0) {
            return;
        }
        this.routesByStore.remove(str);
        this.contextsByStore.remove(str);
    }

    private MutableInteger decrement(MutableInteger mutableInteger) {
        mutableInteger.value--;
        return mutableInteger;
    }

    static SSLContext initContext(TlsConfiguration tlsConfiguration, String str) {
        Path directory = tlsConfiguration.directory();
        SSLContext sSLContext = null;
        try {
            String property = System.getProperty(PROPERTY_TLS_KEYSTORE_PASSWORD, "generated");
            File resolve = resolve(directory, str, System.getProperty(PROPERTY_TLS_KEYSTORE, DEFAULT_TLS_KEYSTORE));
            KeyManager[] keyManagerArr = null;
            if (resolve.exists()) {
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(new FileInputStream(resolve), property.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(tlsConfiguration.keyManagerAlgorithm());
                keyManagerFactory.init(keyStore, property.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            }
            String property2 = System.getProperty(PROPERTY_TLS_TRUSTSTORE_PASSWORD, "generated");
            File resolve2 = resolve(directory, str, System.getProperty(PROPERTY_TLS_TRUSTSTORE, DEFAULT_TLS_TRUSTSTORE));
            TrustManager[] trustManagerArr = null;
            if (resolve2.exists()) {
                KeyStore keyStore2 = KeyStore.getInstance("JKS");
                keyStore2.load(new FileInputStream(resolve2), property2.toCharArray());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        } catch (Exception e) {
            LangUtil.rethrowUnchecked(e);
        }
        return sSLContext;
    }

    private static File resolve(Path path, String str, String str2) {
        return str == null ? path.resolve(NAME).resolve(str2).toFile() : path.resolve(NAME).resolve("stores").resolve(str).resolve(str2).toFile();
    }
}
