package org.apache.pulsar.common.util;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/pulsar-common-2.8.0.1.1.27.jar:org/apache/pulsar/common/util/TrustManagerProxy.class */
public class TrustManagerProxy extends X509ExtendedTrustManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) TrustManagerProxy.class);
    private volatile X509ExtendedTrustManager trustManager;
    private FileModifiedTimeUpdater certFile;

    public TrustManagerProxy(String str, int i, ScheduledExecutorService scheduledExecutorService) {
        this.certFile = new FileModifiedTimeUpdater(str);
        try {
            updateTrustManager();
            scheduledExecutorService.scheduleWithFixedDelay(() -> {
                updateTrustManagerSafely();
            }, i, i, TimeUnit.SECONDS);
        } catch (IOException | CertificateException e) {
            log.warn("Failed to load cert {}, {}", this.certFile, e.getMessage());
            throw new IllegalArgumentException(e);
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            log.warn("Failed to init trust-store", e2);
            throw new IllegalArgumentException(e2);
        }
    }

    private void updateTrustManagerSafely() {
        try {
            updateTrustManager();
        } catch (Exception e) {
            log.warn("Failed to init trust-store {}", this.certFile.getFileName(), e);
        }
    }

    private void updateTrustManager() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, FileNotFoundException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(this.certFile.getFileName());
        try {
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
            String name = x509Certificate.getSubjectX500Principal().getName();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null);
            keyStore.setCertificateEntry(name, x509Certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.trustManager = (X509ExtendedTrustManager) trustManagerFactory.getTrustManagers()[0];
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustManager.getAcceptedIssuers();
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        this.trustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
    }
}
