package com.linkedin.venice.utils;

import com.linkedin.alpini.base.ssl.SslFactory;
import com.linkedin.alpini.netty4.ssl.SSLEngineFactoryImpl;
import com.linkedin.venice.CommonConfigKeys;
import com.linkedin.venice.exceptions.VeniceException;
import com.linkedin.venice.security.DefaultSSLFactory;
import com.linkedin.venice.security.SSLConfig;
import com.linkedin.venice.security.SSLFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Properties;
import java.util.UUID;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.conscrypt.Conscrypt;

/* loaded from: input_file:com/linkedin/venice/utils/SslUtils.class */
public class SslUtils {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) SslUtils.class);
    public static final String LOCAL_PASSWORD = "dev_pass";
    public static final String LOCAL_KEYSTORE_JKS = "localhost.jks";

    public static SSLConfig getLocalSslConfig() {
        String pathForResource = getPathForResource(LOCAL_KEYSTORE_JKS);
        SSLConfig sSLConfig = new SSLConfig();
        sSLConfig.setKeyStoreFilePath(pathForResource);
        sSLConfig.setKeyStorePassword(LOCAL_PASSWORD);
        sSLConfig.setKeyStoreType("JKS");
        sSLConfig.setTrustStoreFilePath(pathForResource);
        sSLConfig.setTrustStoreFilePassword(LOCAL_PASSWORD);
        sSLConfig.setSslEnabled(true);
        return sSLConfig;
    }

    public static SSLFactory getVeniceLocalSslFactory() {
        try {
            return new DefaultSSLFactory(getVeniceLocalSslProperties());
        } catch (Exception e) {
            throw new VeniceException("Failed to build Venice local SSL factory.", e);
        }
    }

    public static Properties getVeniceLocalSslProperties() {
        String pathForResource = getPathForResource(LOCAL_KEYSTORE_JKS);
        Properties properties = new Properties();
        properties.setProperty(CommonConfigKeys.SSL_ENABLED, "true");
        properties.setProperty("ssl.keystore.type", "JKS");
        properties.setProperty("ssl.keystore.location", pathForResource);
        properties.setProperty("ssl.keystore.password", LOCAL_PASSWORD);
        properties.setProperty("ssl.truststore.type", "JKS");
        properties.setProperty("ssl.truststore.location", pathForResource);
        properties.setProperty("ssl.truststore.password", LOCAL_PASSWORD);
        properties.setProperty("ssl.key.password", LOCAL_PASSWORD);
        properties.setProperty("ssl.keymanager.algorithm", "SunX509");
        properties.setProperty("ssl.trustmanager.algorithm", "SunX509");
        properties.setProperty("ssl.secure.random.implementation", "SHA1PRNG");
        return properties;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getPathForResource(String str) {
        File file = new File(System.getProperty("java.io.tmpdir"), "venice-keys-" + UUID.randomUUID());
        file.mkdir();
        file.deleteOnExit();
        File file2 = new File(file.getAbsolutePath(), str);
        try {
            if (!file2.exists()) {
                try {
                    InputStream systemResourceAsStream = ClassLoader.getSystemResourceAsStream(str);
                    try {
                        if (systemResourceAsStream == null) {
                            throw new IllegalStateException("ClassLoader.getSystemResourceAsStream returned null resource for: " + str);
                        }
                        Files.copy(systemResourceAsStream, file2.getAbsoluteFile().toPath(), new CopyOption[0]);
                        if (systemResourceAsStream != null) {
                            systemResourceAsStream.close();
                        }
                    } catch (Throwable th) {
                        if (systemResourceAsStream != null) {
                            try {
                                systemResourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e) {
                    throw new RuntimeException("Failed to copy resource: " + str + " to tmp dir", e);
                }
            }
            return file2.getAbsolutePath();
        } finally {
            file2.deleteOnExit();
        }
    }

    public static SslFactory toAlpiniSSLFactory(SSLFactory sSLFactory) {
        return toAlpiniSSLFactory(sSLFactory, false);
    }

    public static SslFactory toAlpiniSSLFactory(SSLFactory sSLFactory, boolean z) {
        try {
            SSLEngineFactoryImpl.Config alpiniSSLConfig = toAlpiniSSLConfig(sSLFactory.getSSLConfig());
            if (z) {
                if (isConscryptAvailable()) {
                    LOGGER.info("Constructing an openssl based SSL factory");
                    alpiniSSLConfig.setSslContextProvider(Conscrypt.newProvider());
                } else {
                    LOGGER.info("Conscrypt is not available, fall back to the default SSL factory");
                }
            }
            return new SSLEngineFactoryImpl(alpiniSSLConfig);
        } catch (Exception e) {
            throw new VeniceException("Unable to create SSL factory", e);
        }
    }

    public static SSLFactory toSSLFactoryWithOpenSSLSupport(final SSLFactory sSLFactory) {
        if (isConscryptAvailable()) {
            final SslFactory alpiniSSLFactory = toAlpiniSSLFactory(sSLFactory, true);
            return new SSLFactory() { // from class: com.linkedin.venice.utils.SslUtils.1
                @Override // com.linkedin.venice.security.SSLFactory
                public SSLConfig getSSLConfig() {
                    return SSLFactory.this.getSSLConfig();
                }

                @Override // com.linkedin.venice.security.SSLFactory
                public SSLContext getSSLContext() {
                    return alpiniSSLFactory.getSSLContext();
                }

                @Override // com.linkedin.venice.security.SSLFactory
                public SSLParameters getSSLParameters() {
                    return alpiniSSLFactory.getSSLParameters();
                }

                @Override // com.linkedin.venice.security.SSLFactory
                public boolean isSslEnabled() {
                    return SSLFactory.this.isSslEnabled();
                }
            };
        }
        LOGGER.info("Conscrypt is not available, return the original ssl factory");
        return sSLFactory;
    }

    public static boolean isConscryptAvailable() {
        try {
            Conscrypt.checkAvailability();
            return true;
        } catch (UnsatisfiedLinkError e) {
            return false;
        }
    }

    public static SSLEngineFactoryImpl.Config toAlpiniSSLConfig(SSLConfig sSLConfig) {
        SSLEngineFactoryImpl.Config config = new SSLEngineFactoryImpl.Config();
        config.setSslEnabled(sSLConfig.getSslEnabled());
        config.setKeyStoreType(sSLConfig.getKeyStoreType());
        config.setKeyStoreData(sSLConfig.getKeyStoreData());
        config.setKeyStorePassword(sSLConfig.getKeyStorePassword());
        config.setKeyStoreFilePath(sSLConfig.getKeyStoreFilePath());
        config.setTrustStoreFilePath(sSLConfig.getTrustStoreFilePath());
        config.setTrustStoreFilePassword(sSLConfig.getTrustStoreFilePassword());
        return config;
    }

    public static SSLFactory getSSLFactory(Properties properties, String str) {
        return (SSLFactory) ReflectUtils.callConstructor(ReflectUtils.loadClass(str), new Class[]{ReflectUtils.loadClass(Properties.class.getName())}, new Object[]{properties});
    }

    public static Properties loadSSLConfig(String str) throws IOException {
        Properties properties = new Properties();
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                properties.load(fileInputStream);
                fileInputStream.close();
                return properties;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.error("Could not load ssl config file from path: {}", str, e);
            throw e;
        }
    }

    public static X509Certificate getX509Certificate(Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalArgumentException("Only certificates of type " + X509Certificate.class.getName() + " are supported. Received certificate of type " + certificate.getClass().getName());
    }
}
