package com.hazelcast.spi.impl.securestore.impl;

import com.hazelcast.config.JavaKeyStoreSecureStoreConfig;
import com.hazelcast.instance.impl.Node;
import com.hazelcast.internal.nio.IOUtil;
import com.hazelcast.spi.impl.securestore.SecureStore;
import com.hazelcast.spi.impl.securestore.SecureStoreException;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.security.DigestInputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.annotation.Nonnull;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/hazelcast/spi/impl/securestore/impl/JavaKeyStoreSecureStore.class */
public class JavaKeyStoreSecureStore extends AbstractSecureStore {
    protected final JavaKeyStoreSecureStoreConfig config;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/hazelcast/spi/impl/securestore/impl/JavaKeyStoreSecureStore$KeyStoreWatcher.class */
    private final class KeyStoreWatcher implements Runnable {
        private final MessageDigest md;
        private byte[] lastChecksum;
        private byte[] lastKey;

        protected KeyStoreWatcher() {
            try {
                this.md = MessageDigest.getInstance("SHA-256");
                this.lastChecksum = checksum();
                this.lastKey = JavaKeyStoreSecureStore.this.retrieveCurrentEncryptionKey();
            } catch (NoSuchAlgorithmException e) {
                throw new SecureStoreException("Failed to construct a MessageDigest object", e);
            }
        }

        private byte[] checksum() {
            this.md.reset();
            byte[] bArr = new byte[1024];
            try {
                DigestInputStream digestInputStream = new DigestInputStream(Files.newInputStream(JavaKeyStoreSecureStore.this.config.getPath().toPath(), StandardOpenOption.READ), this.md);
                Throwable th = null;
                do {
                    try {
                        try {
                        } finally {
                        }
                    } catch (Throwable th2) {
                        if (digestInputStream != null) {
                            if (th != null) {
                                try {
                                    digestInputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                digestInputStream.close();
                            }
                        }
                        throw th2;
                    }
                } while (digestInputStream.read(bArr, 0, bArr.length) != -1);
                byte[] digest = this.md.digest();
                if (digestInputStream != null) {
                    if (0 != 0) {
                        try {
                            digestInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        digestInputStream.close();
                    }
                }
                return digest;
            } catch (FileNotFoundException e) {
                return null;
            } catch (IOException e2) {
                throw new SecureStoreException("Failed to calculate KeyStore file checksum", e2);
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                byte[] checksum = checksum();
                if (checksum != null && (this.lastChecksum == null || !Arrays.equals(this.lastChecksum, checksum))) {
                    JavaKeyStoreSecureStore.this.logger.fine("Java KeyStore change detected: " + JavaKeyStoreSecureStore.this.config.getPath());
                    this.lastChecksum = checksum;
                    byte[] retrieveCurrentEncryptionKey = JavaKeyStoreSecureStore.this.retrieveCurrentEncryptionKey();
                    if (retrieveCurrentEncryptionKey != null && !Arrays.equals(retrieveCurrentEncryptionKey, this.lastKey)) {
                        JavaKeyStoreSecureStore.this.logger.info("Java KeyStore encryption key change detected: " + JavaKeyStoreSecureStore.this.config.getPath());
                        JavaKeyStoreSecureStore.this.notifyEncryptionKeyListeners(retrieveCurrentEncryptionKey);
                    }
                }
            } catch (Exception e) {
                JavaKeyStoreSecureStore.this.logger.warning("Error while detecting changes in Java KeyStore: " + JavaKeyStoreSecureStore.this.config.getPath());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JavaKeyStoreSecureStore(@Nonnull JavaKeyStoreSecureStoreConfig javaKeyStoreSecureStoreConfig, @Nonnull Node node) {
        super(javaKeyStoreSecureStoreConfig.getPollingInterval(), node);
        this.config = javaKeyStoreSecureStoreConfig;
    }

    private static KeyStore loadKeyStore(JavaKeyStoreSecureStoreConfig javaKeyStoreSecureStoreConfig) {
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(javaKeyStoreSecureStoreConfig.getPath());
                KeyStore keyStore = KeyStore.getInstance(javaKeyStoreSecureStoreConfig.getType());
                keyStore.load(fileInputStream, toCharArray(javaKeyStoreSecureStoreConfig.getPassword()));
                IOUtil.closeResource(fileInputStream);
                return keyStore;
            } catch (IOException | GeneralSecurityException e) {
                throw new SecureStoreException("Failed to load Java KeyStore", e);
            }
        } catch (Throwable th) {
            IOUtil.closeResource(fileInputStream);
            throw th;
        }
    }

    @Override // com.hazelcast.spi.impl.securestore.SecureStore
    @Nonnull
    public List<byte[]> retrieveEncryptionKeys() {
        KeyStore loadKeyStore = loadKeyStore(this.config);
        try {
            Enumeration<String> aliases = loadKeyStore.aliases();
            char[] charArray = toCharArray(this.config.getPassword());
            String currentKeyAlias = this.config.getCurrentKeyAlias();
            TreeSet treeSet = new TreeSet(getComparator(currentKeyAlias));
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (loadKeyStore.isKeyEntry(nextElement) && loadKeyStore.getCertificateChain(nextElement) == null) {
                    treeSet.add(nextElement);
                }
            }
            if (currentKeyAlias != null && !treeSet.isEmpty() && !currentKeyAlias.equals(treeSet.iterator().next())) {
                throw new SecureStoreException("Current encryption key entry not found: " + currentKeyAlias);
            }
            ArrayList arrayList = new ArrayList();
            Iterator it = treeSet.iterator();
            while (it.hasNext()) {
                Key key = loadKeyStore.getKey((String) it.next(), charArray);
                if (!$assertionsDisabled && !(key instanceof SecretKey)) {
                    throw new AssertionError();
                }
                arrayList.add(key.getEncoded());
            }
            return arrayList;
        } catch (GeneralSecurityException e) {
            throw new SecureStoreException("Failed to retrieve encryption keys", e);
        }
    }

    private static Comparator<String> getComparator(String str) {
        return str == null ? Comparator.reverseOrder() : (str2, str3) -> {
            if (str.equals(str2)) {
                return -1;
            }
            if (str.equals(str3)) {
                return 1;
            }
            return str2.compareTo(str3);
        };
    }

    protected byte[] retrieveCurrentEncryptionKey() {
        List<byte[]> retrieveEncryptionKeys = retrieveEncryptionKeys();
        if (retrieveEncryptionKeys.isEmpty()) {
            return null;
        }
        return retrieveEncryptionKeys.get(0);
    }

    private static char[] toCharArray(String str) {
        if (str == null) {
            return null;
        }
        return str.toCharArray();
    }

    @Override // com.hazelcast.spi.impl.securestore.impl.AbstractSecureStore
    protected Runnable getWatcher() {
        return new KeyStoreWatcher();
    }

    @Override // com.hazelcast.spi.impl.securestore.impl.AbstractSecureStore, com.hazelcast.internal.nio.Disposable
    public /* bridge */ /* synthetic */ void dispose() {
        super.dispose();
    }

    @Override // com.hazelcast.spi.impl.securestore.impl.AbstractSecureStore, com.hazelcast.spi.impl.securestore.SecureStore
    public /* bridge */ /* synthetic */ void addEncryptionKeyListener(@Nonnull SecureStore.EncryptionKeyListener encryptionKeyListener) {
        super.addEncryptionKeyListener(encryptionKeyListener);
    }

    static {
        $assertionsDisabled = !JavaKeyStoreSecureStore.class.desiredAssertionStatus();
    }
}
