package io.gravitee.node.certificates;

import com.sun.nio.file.SensitivityWatchEventModifier;
import io.gravitee.common.util.KeyStoreUtils;
import io.gravitee.node.api.certificate.KeyStoreBundle;
import io.gravitee.node.api.certificate.KeyStoreLoader;
import io.gravitee.node.api.certificate.KeyStoreLoaderOptions;
import java.nio.file.FileSystems;
import java.nio.file.Path;
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/node/certificates/FileKeyStoreLoader.class */
public class FileKeyStoreLoader implements KeyStoreLoader {
    private static final Logger logger = LoggerFactory.getLogger(FileKeyStoreLoader.class);
    private final KeyStoreLoaderOptions options;
    private KeyStoreBundle keyStoreBundle;
    private boolean started;
    private boolean watching;
    private final List<Consumer<KeyStoreBundle>> listeners = new ArrayList();
    private final ExecutorService executor = Executors.newSingleThreadExecutor(runnable -> {
        return new Thread(runnable, "gio.file-cert-watcher");
    });
    private List<Path> filesToWatch = new ArrayList();

    public FileKeyStoreLoader(KeyStoreLoaderOptions keyStoreLoaderOptions) {
        this.options = keyStoreLoaderOptions;
    }

    public void start() {
        logger.debug("Initializing file keystore certificates.");
        load();
        this.started = true;
        if (this.options.isWatch()) {
            startWatch();
        }
    }

    public void stop() {
        this.started = false;
        this.executor.shutdown();
    }

    private void load() {
        if (this.options.getKeyStoreType().equalsIgnoreCase("JKS") || this.options.getKeyStoreType().equalsIgnoreCase("PKCS12")) {
            this.filesToWatch = loadFromKeyStore();
        } else if (this.options.getKeyStoreType().equalsIgnoreCase("PEM")) {
            this.filesToWatch = loadFromPems();
        } else {
            if (!this.options.getKeyStoreType().equalsIgnoreCase("SELF-SIGNED")) {
                throw new IllegalArgumentException(String.format("Unsupported keystore format (%s).", this.options.getKeyStoreType()));
            }
            this.filesToWatch = loadFromSelfSigned();
        }
        if (this.keyStoreBundle != null) {
            notifyListeners(this.keyStoreBundle);
        }
    }

    private List<Path> loadFromKeyStore() {
        ArrayList arrayList = new ArrayList();
        if (this.options.getKeyStorePath() == null || this.options.getKeyStorePath().isEmpty()) {
            throw new IllegalArgumentException("A JKS/PKCS12 Keystore is missing. Unable to configure TLS.");
        }
        this.keyStoreBundle = new KeyStoreBundle(KeyStoreUtils.initFromPath(this.options.getKeyStoreType(), this.options.getKeyStorePath(), this.options.getKeyStorePassword()), this.options.getKeyStorePassword(), this.options.getDefaultAlias());
        arrayList.add(FileSystems.getDefault().getPath(this.options.getKeyStorePath(), new String[0]));
        return arrayList;
    }

    private List<Path> loadFromPems() {
        ArrayList arrayList = new ArrayList();
        if (this.options.getKeyStoreCertificates() == null || this.options.getKeyStoreCertificates().isEmpty()) {
            throw new IllegalArgumentException("A PEM Keystore is missing. Unable to configure TLS.");
        }
        List list = (List) this.options.getKeyStoreCertificates().stream().map((v0) -> {
            return v0.getCertificate();
        }).collect(Collectors.toList());
        List list2 = (List) this.options.getKeyStoreCertificates().stream().map((v0) -> {
            return v0.getPrivateKey();
        }).collect(Collectors.toList());
        this.keyStoreBundle = new KeyStoreBundle(KeyStoreUtils.initFromPems(list, list2, this.options.getKeyStorePassword()), this.options.getKeyStorePassword(), (String) null);
        list.forEach(str -> {
            arrayList.add(FileSystems.getDefault().getPath(str, new String[0]));
        });
        list2.forEach(str2 -> {
            arrayList.add(FileSystems.getDefault().getPath(str2, new String[0]));
        });
        return arrayList;
    }

    private List<Path> loadFromSelfSigned() {
        this.keyStoreBundle = null;
        return new ArrayList();
    }

    public void addListener(Consumer<KeyStoreBundle> consumer) {
        this.listeners.add(consumer);
    }

    private void startWatch() {
        this.executor.execute(() -> {
            try {
                WatchService newWatchService = FileSystems.getDefault().newWatchService();
                Iterator it = ((List) this.filesToWatch.stream().map((v0) -> {
                    return v0.getParent();
                }).distinct().collect(Collectors.toList())).iterator();
                while (it.hasNext()) {
                    ((Path) it.next()).register(newWatchService, new WatchEvent.Kind[]{StandardWatchEventKinds.ENTRY_MODIFY}, SensitivityWatchEventModifier.HIGH);
                }
                this.watching = true;
                while (this.started) {
                    WatchKey poll = newWatchService.poll(200L, TimeUnit.MILLISECONDS);
                    if (poll != null) {
                        if (poll.pollEvents().stream().map(watchEvent -> {
                            return (Path) watchEvent.context();
                        }).filter(path -> {
                            Stream<R> map = this.filesToWatch.stream().map((v0) -> {
                                return v0.getFileName();
                            });
                            Objects.requireNonNull(path);
                            return map.anyMatch((v1) -> {
                                return r1.equals(v1);
                            });
                        }).findFirst().isPresent()) {
                            load();
                        }
                        if (!poll.reset()) {
                            break;
                        }
                    }
                }
            } catch (InterruptedException e) {
                logger.info("Watch for keystore files has been stopped.");
            } catch (Exception e2) {
                logger.error("Unable to watch the keystore files.", e2);
            }
        });
    }

    private void notifyListeners(KeyStoreBundle keyStoreBundle) {
        this.listeners.forEach(consumer -> {
            consumer.accept(keyStoreBundle);
        });
    }

    public boolean isWatching() {
        return this.watching;
    }
}
