package org.apache.hadoop.security.ssl;

import com.google.common.annotations.VisibleForTesting;
import io.hops.hadoop.shaded.org.apache.commons.io.FileUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.util.BackOff;
import org.apache.hadoop.util.ExponentialBackOff;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.6-RC0.jar:org/apache/hadoop/security/ssl/ReloadingX509KeyManager.class */
public class ReloadingX509KeyManager extends X509ExtendedKeyManager {
    private final Log LOG;
    private final String type;
    private final File location;
    private final String keystorePassword;
    private final String keyPassword;
    private final File passwordFileLocation;
    private final long reloadInterval;
    private final TimeUnit reloadTimeUnit;
    private AtomicReference<X509ExtendedKeyManager> keyManagerLocalRef;
    private long lastLoadedTimestamp;
    private WeakReference<ScheduledFuture> reloader;
    private final AtomicBoolean fileExists;
    private int numberOfFailures;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.6-RC0.jar:org/apache/hadoop/security/ssl/ReloadingX509KeyManager$Reloader.class */
    public class Reloader implements Runnable {
        private final BackOff backOff;
        private long backOffTimeout;

        private Reloader() {
            this.backOffTimeout = 0L;
            this.backOff = new ExponentialBackOff.Builder().setInitialIntervalMillis(50L).setMaximumIntervalMillis(2000L).setMaximumRetries(3).build();
        }

        @Override // java.lang.Runnable
        public void run() {
            if (ReloadingX509KeyManager.this.needsReload()) {
                try {
                    TimeUnit.MILLISECONDS.sleep(this.backOffTimeout);
                    ReloadingX509KeyManager.this.keyManagerLocalRef.set(ReloadingX509KeyManager.this.loadKeyManager());
                    if (hasFailed()) {
                        ReloadingX509KeyManager.this.numberOfFailures = 0;
                        this.backOff.reset();
                        this.backOffTimeout = 0L;
                    }
                } catch (Exception e) {
                    this.backOffTimeout = this.backOff.getBackOffInMillis();
                    ReloadingX509KeyManager.access$408(ReloadingX509KeyManager.this);
                    if (this.backOffTimeout != -1) {
                        ReloadingX509KeyManager.this.LOG.warn("Could not reload Key Manager (using the old), trying again in " + this.backOffTimeout + " ms");
                    } else {
                        ReloadingX509KeyManager.this.LOG.error("Could not reload Key Manager, stop retrying", e);
                        ReloadingX509KeyManager.this.stop();
                    }
                }
            }
        }

        private boolean hasFailed() {
            return this.backOffTimeout > 0;
        }
    }

    public ReloadingX509KeyManager(String str, String str2, String str3, String str4, long j, TimeUnit timeUnit) throws GeneralSecurityException, IOException {
        this(str, str2, str3, null, str4, j, timeUnit);
    }

    public ReloadingX509KeyManager(String str, String str2, String str3, String str4, String str5, long j, TimeUnit timeUnit) throws GeneralSecurityException, IOException {
        this.LOG = LogFactory.getLog(ReloadingX509KeyManager.class);
        this.reloader = null;
        this.fileExists = new AtomicBoolean(true);
        this.numberOfFailures = 0;
        this.type = str;
        this.location = new File(str2);
        this.keystorePassword = str3;
        this.keyPassword = str5;
        if (str4 != null) {
            this.passwordFileLocation = new File(str4);
        } else {
            this.passwordFileLocation = null;
        }
        this.reloadInterval = j;
        this.reloadTimeUnit = timeUnit;
        this.keyManagerLocalRef = new AtomicReference<>(loadKeyManager());
    }

    public void init() {
        if (this.reloader == null) {
            this.reloader = new WeakReference<>(KeyManagersReloaderThreadPool.getInstance().scheduleTask(new Reloader(), this.reloadInterval, this.reloadTimeUnit));
        }
    }

    public void stop() {
        ScheduledFuture scheduledFuture;
        if (this.reloader == null || (scheduledFuture = this.reloader.get()) == null) {
            return;
        }
        scheduledFuture.cancel(true);
        this.reloader = null;
    }

    @VisibleForTesting
    public long getReloadInterval() {
        return this.reloadInterval;
    }

    @VisibleForTesting
    public TimeUnit getReloadTimeUnit() {
        return this.reloadTimeUnit;
    }

    @VisibleForTesting
    public AtomicBoolean getFileExists() {
        return this.fileExists;
    }

    public int getNumberOfFailures() {
        return this.numberOfFailures;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean needsReload() {
        if (this.location.exists()) {
            return this.location.lastModified() > this.lastLoadedTimestamp;
        }
        this.fileExists.set(false);
        return false;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.getClientAliases(str, principalArr);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.chooseClientAlias(strArr, principalArr, socket);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.getServerAliases(str, principalArr);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.chooseServerAlias(str, principalArr, socket);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.getCertificateChain(str);
        }
        return null;
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.getPrivateKey(str);
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineClientAlias(String[] strArr, Principal[] principalArr, SSLEngine sSLEngine) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.chooseEngineClientAlias(strArr, principalArr, sSLEngine);
        }
        return null;
    }

    @Override // javax.net.ssl.X509ExtendedKeyManager
    public String chooseEngineServerAlias(String str, Principal[] principalArr, SSLEngine sSLEngine) {
        X509ExtendedKeyManager x509ExtendedKeyManager = this.keyManagerLocalRef.get();
        if (x509ExtendedKeyManager != null) {
            return x509ExtendedKeyManager.chooseEngineServerAlias(str, principalArr, sSLEngine);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509ExtendedKeyManager loadKeyManager() throws GeneralSecurityException, IOException {
        String str;
        String str2;
        KeyStore keyStore = KeyStore.getInstance(this.type);
        if (this.passwordFileLocation != null) {
            str = FileUtils.readFileToString(this.passwordFileLocation).trim();
            str2 = str;
        } else {
            str = this.keystorePassword;
            str2 = this.keyPassword;
        }
        FileInputStream fileInputStream = new FileInputStream(this.location);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, str.toCharArray());
                this.lastLoadedTimestamp = this.location.lastModified();
                this.LOG.debug("Loaded keystore file: " + this.location);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
                keyManagerFactory.init(keyStore, str2.toCharArray());
                X509ExtendedKeyManager x509ExtendedKeyManager = null;
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                int length = keyManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    KeyManager keyManager = keyManagers[i];
                    if (keyManager instanceof X509ExtendedKeyManager) {
                        x509ExtendedKeyManager = (X509ExtendedKeyManager) keyManager;
                        break;
                    }
                    i++;
                }
                return x509ExtendedKeyManager;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    static /* synthetic */ int access$408(ReloadingX509KeyManager reloadingX509KeyManager) {
        int i = reloadingX509KeyManager.numberOfFailures;
        reloadingX509KeyManager.numberOfFailures = i + 1;
        return i;
    }
}
