package software.netcore.unimus.ssl;

import java.io.File;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardWatchEventKinds;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.util.HashSet;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import net.unimus.common.ApplicationName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.netcore.unimus.ssl.context.ExternalCertificate;
import software.netcore.unimus.ssl.context.ExternalCertificatesWrapper;
import software.netcore.unimus.ssl.context.SslCertificateException;
import software.netcore.unimus.ssl.context.SslProperties;

/* loaded from: input_file:BOOT-INF/lib/unimus-ssl-3.10.1-STAGE.jar:software/netcore/unimus/ssl/CertificateLoader.class */
public class CertificateLoader {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateLoader.class);
    private final SslProperties sslProperties;
    private final SslFactoryProvider sslFactoryProvider;
    private final ExecutorService threadExecutor = Executors.newSingleThreadExecutor();

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init() throws SslCertificateException {
        log.info("Validating folder: '{}'", this.sslProperties.getCertFolder());
        validateProperties();
        reloadCerts();
        log.info("Starting watcher on folder: '{}'", this.sslProperties.getCertFolder());
        this.threadExecutor.submit(this::watchSilently);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void destroy() {
        this.threadExecutor.shutdownNow();
    }

    private void watchSilently() {
        try {
            startWatchingForChanges();
        } catch (IOException e) {
            log.warn("Custom certificate watcher is not able to register to dir: '{}'", this.sslProperties.getCertFolder(), e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            log.debug("Custom certificate watcher has been stopped due to ", (Throwable) e2);
        }
    }

    private void startWatchingForChanges() throws IOException, InterruptedException {
        Path path = Paths.get(this.sslProperties.getCertFolder(), new String[0]);
        WatchService newWatchService = FileSystems.getDefault().newWatchService();
        path.register(newWatchService, StandardWatchEventKinds.ENTRY_CREATE, StandardWatchEventKinds.ENTRY_MODIFY, StandardWatchEventKinds.ENTRY_DELETE);
        while (true) {
            WatchKey take = newWatchService.take();
            take.pollEvents();
            if (!take.reset()) {
                return;
            }
            while (true) {
                WatchKey poll = newWatchService.poll(500L, TimeUnit.MILLISECONDS);
                if (poll == null) {
                    break;
                }
                poll.pollEvents();
                poll.reset();
            }
            reloadCerts();
        }
    }

    private void validateProperties() throws SslCertificateException {
        File file = Paths.get(this.sslProperties.getCertFolder(), new String[0]).toFile();
        if (!file.exists()) {
            throw new SslCertificateException("Defined path: " + this.sslProperties.getCertFolder() + " does not exists");
        }
        if (!file.isDirectory()) {
            throw new SslCertificateException("Defined path: " + this.sslProperties.getCertFolder() + " is not a directory");
        }
        if (!file.canRead()) {
            throw new SslCertificateException(ApplicationName.VALUE + " does not have permission to read from " + this.sslProperties.getCertFolder());
        }
    }

    private void reloadCerts() {
        ExternalCertificatesWrapper loadCerts = loadCerts();
        if (loadCerts != null) {
            this.sslFactoryProvider.setCertificates(loadCerts);
        }
    }

    private ExternalCertificatesWrapper loadCerts() {
        try {
            File[] listFiles = new File(this.sslProperties.getCertFolder()).listFiles();
            HashSet hashSet = new HashSet();
            for (File file : listFiles) {
                hashSet.add(createCertificate(file.toPath()));
            }
            return new ExternalCertificatesWrapper(hashSet);
        } catch (Exception e) {
            log.warn("Could not read files in the folder: '{}'", this.sslProperties.getCertFolder(), e);
            return null;
        }
    }

    private ExternalCertificate createCertificate(Path path) {
        String str = null;
        String path2 = path.getFileName().toString();
        int lastIndexOf = path2.lastIndexOf(this.sslProperties.getPasswordDelimiter());
        if (lastIndexOf != -1) {
            str = path2.substring(lastIndexOf + 1, path2.lastIndexOf("."));
        }
        return new ExternalCertificate(path, str);
    }

    public CertificateLoader(SslProperties sslProperties, SslFactoryProvider sslFactoryProvider) {
        this.sslProperties = sslProperties;
        this.sslFactoryProvider = sslFactoryProvider;
    }
}
