package com.facebook.presto.jdbc.internal.com.facebook.airlift.security;

import com.facebook.presto.jdbc.internal.com.facebook.airlift.log.Logger;
import com.facebook.presto.jdbc.internal.com.facebook.airlift.security.pem.PemReader;
import com.facebook.presto.jdbc.internal.guava.base.Preconditions;
import com.facebook.presto.jdbc.internal.guava.hash.HashCode;
import com.facebook.presto.jdbc.internal.guava.hash.Hashing;
import com.facebook.presto.jdbc.internal.guava.io.Files;
import com.facebook.presto.jdbc.internal.io.airlift.units.Duration;
import com.facebook.presto.jdbc.internal.javax.annotation.concurrent.GuardedBy;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/facebook/presto/jdbc/internal/com/facebook/airlift/security/ReloadableSslContext.class */
public final class ReloadableSslContext implements Supplier<SSLContext> {
    private static final Logger log = Logger.get((Class<?>) ReloadableSslContext.class);
    private final FileWatch trustCertificatesFileWatch;
    private final FileWatch clientCertificatesFileWatch;
    private final AtomicReference<SSLContext> sslContext = new AtomicReference<>(loadSslContext());
    private final Duration sslContextRefreshTime;

    @GuardedBy("this")
    private Thread sslContextRefreshThread;

    @GuardedBy("this")
    private volatile boolean started;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/facebook/presto/jdbc/internal/com/facebook/airlift/security/ReloadableSslContext$FileWatch.class */
    public static final class FileWatch {
        private final File file;
        private long lastModified = -1;
        private long length = -1;
        private HashCode hashCode = Hashing.sha256().hashBytes(new byte[0]);

        public FileWatch(File file) throws IOException {
            this.file = (File) Objects.requireNonNull(file, "file is null");
            updateState();
        }

        public File getFile() {
            return this.file;
        }

        public boolean updateState() throws IOException {
            long lastModified = this.file.lastModified();
            long length = this.file.length();
            if (this.lastModified == lastModified && this.length == length) {
                return false;
            }
            this.lastModified = lastModified;
            this.length = length;
            HashCode hash = Files.asByteSource(this.file).hash(Hashing.sha256());
            if (Objects.equals(this.hashCode, hash)) {
                return false;
            }
            this.hashCode = hash;
            return true;
        }
    }

    public ReloadableSslContext(File file, File file2, Duration duration) throws IOException, GeneralSecurityException {
        this.trustCertificatesFileWatch = new FileWatch((File) Objects.requireNonNull(file, "trustCertificatesFile is null"));
        this.clientCertificatesFileWatch = new FileWatch((File) Objects.requireNonNull(file2, "clientCertificatesFile is null"));
        this.sslContextRefreshTime = (Duration) Objects.requireNonNull(duration, "sslContextRefreshTime is null");
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.function.Supplier
    public SSLContext get() {
        Preconditions.checkState(this.started, "ReloadableSslContext must be in the started state");
        return this.sslContext.get();
    }

    public synchronized void start() {
        Preconditions.checkState(!this.started, "already started");
        refresh();
        this.sslContextRefreshThread = new Thread(this::run, "SSLContext Refresh Thread");
        this.sslContextRefreshThread.setDaemon(true);
        this.sslContextRefreshThread.start();
        this.started = true;
    }

    public synchronized void stop() {
        Preconditions.checkState(this.started, "must be started");
        this.sslContextRefreshThread.interrupt();
        this.sslContextRefreshThread = null;
        this.started = false;
    }

    private synchronized void refresh() {
        try {
            if (this.trustCertificatesFileWatch.updateState() || this.clientCertificatesFileWatch.updateState()) {
                this.sslContext.set(loadSslContext());
            }
        } catch (IOException | RuntimeException | GeneralSecurityException e) {
            log.error(e, "Unable to reload SSL context");
        }
    }

    private void run() {
        while (!Thread.currentThread().isInterrupted()) {
            try {
                refresh();
                Thread.sleep(this.sslContextRefreshTime.toMillis());
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                return;
            }
        }
    }

    private SSLContext loadSslContext() throws IOException, GeneralSecurityException {
        KeyStore loadTrustStore = PemReader.loadTrustStore(this.trustCertificatesFileWatch.getFile());
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(loadTrustStore);
        KeyStore loadKeyStore = PemReader.loadKeyStore(this.clientCertificatesFileWatch.getFile(), this.clientCertificatesFileWatch.getFile(), Optional.empty());
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(loadKeyStore, new char[0]);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);
        return sSLContext;
    }
}
