package com.floragunn.signals.truststore.service;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.signals.CertificatesParser;
import com.floragunn.signals.truststore.service.persistence.TruststoreData;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/signals/truststore/service/TrustManagerRegistry.class */
public class TrustManagerRegistry {
    private static final Logger log = LogManager.getLogger(TrustManagerRegistry.class);
    private final TruststoreCrudService truststoreCrudService;
    private volatile Map<String, X509ExtendedTrustManager> trustManagerMap = Collections.synchronizedMap(new HashMap());

    public TrustManagerRegistry(TruststoreCrudService truststoreCrudService) {
        this.truststoreCrudService = (TruststoreCrudService) Objects.requireNonNull(truststoreCrudService, "Truststore crud service is required");
        log.info("Truststore registry service created");
    }

    public void onTruststoreUpdate(String str, String str2) {
        log.debug("Notification about operation '{}' on truststore '{}' received.", str2, str);
        try {
            Optional<TruststoreData> findOneById = this.truststoreCrudService.findOneById(str);
            if (findOneById.isPresent()) {
                this.trustManagerMap.put(str, truststoreDataToTrustManager(findOneById.get()));
            } else {
                this.trustManagerMap.remove(str);
                log.info("Truststore with id '{}' not found. Corresponding trust manager was removed.", str);
            }
            if (log.isInfoEnabled()) {
                log.info("Trust managers available after trust store updates: '{}'", getAvailableTrustManagersIds());
            }
        } catch (CannotCreateTrustManagerException | KeyStoreException | NoSuchAlgorithmException | ConfigValidationException e) {
            if (log.isDebugEnabled()) {
                log.debug("Cannot create trust manager for truststore '{}', available trust managers '{}'.", str, getAvailableTrustManagersIds(), e);
            }
            throw new RuntimeException("Cannot update trust manager after operation '" + str2 + "' on trust store '" + str + "'.", e);
        }
    }

    public void reloadAll() {
        List<TruststoreData> loadAll = this.truststoreCrudService.loadAll();
        log.info("Loaded '{}' trust stores to init cache.", Integer.valueOf(loadAll.size()));
        HashMap hashMap = new HashMap();
        for (TruststoreData truststoreData : loadAll) {
            try {
                hashMap.put(truststoreData.getId(), truststoreDataToTrustManager(truststoreData));
            } catch (CannotCreateTrustManagerException | KeyStoreException | NoSuchAlgorithmException | ConfigValidationException e) {
                log.error("Cannot parse certificates in truststore '{}' or create trust manager. Truststore will be not available. Please check truststore data.", truststoreData.getId(), e);
            }
        }
        this.trustManagerMap = Collections.synchronizedMap(hashMap);
        if (log.isInfoEnabled()) {
            log.info("Reloaded all trust stores and created trust managers, available trust managers: '{}'", getAvailableTrustManagersIds());
        }
    }

    private X509ExtendedTrustManager truststoreDataToTrustManager(TruststoreData truststoreData) throws ConfigValidationException, KeyStoreException, NoSuchAlgorithmException, CannotCreateTrustManagerException {
        KeyStore truststore = CertificatesParser.toTruststore(truststoreData.getId(), CertificatesParser.parseCertificates(truststoreData.getPem()));
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(truststore);
        Stream stream = Arrays.stream(trustManagerFactory.getTrustManagers());
        Class<X509ExtendedTrustManager> cls = X509ExtendedTrustManager.class;
        Objects.requireNonNull(X509ExtendedTrustManager.class);
        List list = (List) stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).collect(Collectors.toList());
        if (list.size() != 1) {
            throw new CannotCreateTrustManagerException("Incorrect number of x509 trust managers: " + list.size());
        }
        return (X509ExtendedTrustManager) list.get(0);
    }

    public Optional<X509ExtendedTrustManager> findTrustManager(String str) {
        Objects.requireNonNull(str, "Truststore id must not be null");
        Optional<X509ExtendedTrustManager> ofNullable = Optional.ofNullable(this.trustManagerMap.get(str));
        log.trace("Trust manager loaded by id '{}' is '{}'.", str, ofNullable);
        return ofNullable;
    }

    private String getAvailableTrustManagersIds() {
        return (String) new HashSet(this.trustManagerMap.keySet()).stream().sorted().collect(Collectors.joining(", "));
    }
}
