package org.apache.zookeeper.server.auth;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.common.ClientX509Util;
import org.apache.zookeeper.common.X509Exception;
import org.apache.zookeeper.common.X509Util;
import org.apache.zookeeper.common.ZKConfig;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.server.ServerCnxn;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/bundled-dependencies/pulsar-io-kafka-connect-adaptor-2.6.4.jar:META-INF/bundled-dependencies/zookeeper-3.5.7.jar:org/apache/zookeeper/server/auth/X509AuthenticationProvider.class
 */
/* loaded from: input_file:META-INF/bundled-dependencies/zookeeper-3.5.7.jar:org/apache/zookeeper/server/auth/X509AuthenticationProvider.class */
public class X509AuthenticationProvider implements AuthenticationProvider {
    static final String ZOOKEEPER_X509AUTHENTICATIONPROVIDER_SUPERUSER = "zookeeper.X509AuthenticationProvider.superUser";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) X509AuthenticationProvider.class);
    private final X509TrustManager trustManager;
    private final X509KeyManager keyManager;

    public X509AuthenticationProvider() throws X509Exception {
        ZKConfig zKConfig = new ZKConfig();
        ClientX509Util clientX509Util = new ClientX509Util();
        Throwable th = null;
        try {
            try {
                String property = zKConfig.getProperty(clientX509Util.getSslKeystoreLocationProperty(), "");
                String property2 = zKConfig.getProperty(clientX509Util.getSslKeystorePasswdProperty(), "");
                String property3 = zKConfig.getProperty(clientX509Util.getSslKeystoreTypeProperty());
                boolean parseBoolean = Boolean.parseBoolean(zKConfig.getProperty(clientX509Util.getSslCrlEnabledProperty()));
                boolean parseBoolean2 = Boolean.parseBoolean(zKConfig.getProperty(clientX509Util.getSslOcspEnabledProperty()));
                boolean parseBoolean3 = Boolean.parseBoolean(zKConfig.getProperty(clientX509Util.getSslHostnameVerificationEnabledProperty()));
                X509KeyManager x509KeyManager = null;
                X509TrustManager x509TrustManager = null;
                if (property.isEmpty()) {
                    LOG.warn("keystore not specified for client connection");
                } else {
                    try {
                        x509KeyManager = X509Util.createKeyManager(property, property2, property3);
                    } catch (X509Exception.KeyManagerException e) {
                        LOG.error("Failed to create key manager", (Throwable) e);
                    }
                }
                String property4 = zKConfig.getProperty(clientX509Util.getSslTruststoreLocationProperty(), "");
                String property5 = zKConfig.getProperty(clientX509Util.getSslTruststorePasswdProperty(), "");
                String property6 = zKConfig.getProperty(clientX509Util.getSslTruststoreTypeProperty());
                if (property4.isEmpty()) {
                    LOG.warn("Truststore not specified for client connection");
                } else {
                    try {
                        x509TrustManager = X509Util.createTrustManager(property4, property5, property6, parseBoolean, parseBoolean2, parseBoolean3, false);
                    } catch (X509Exception.TrustManagerException e2) {
                        LOG.error("Failed to create trust manager", (Throwable) e2);
                    }
                }
                this.keyManager = x509KeyManager;
                this.trustManager = x509TrustManager;
                if (clientX509Util != null) {
                    if (0 == 0) {
                        clientX509Util.close();
                        return;
                    }
                    try {
                        clientX509Util.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (clientX509Util != null) {
                if (th != null) {
                    try {
                        clientX509Util.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    clientX509Util.close();
                }
            }
            throw th4;
        }
    }

    public X509AuthenticationProvider(X509TrustManager x509TrustManager, X509KeyManager x509KeyManager) {
        this.trustManager = x509TrustManager;
        this.keyManager = x509KeyManager;
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public String getScheme() {
        return "x509";
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public KeeperException.Code handleAuthentication(ServerCnxn serverCnxn, byte[] bArr) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) serverCnxn.getClientCertificateChain();
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return KeeperException.Code.AUTHFAILED;
        }
        if (this.trustManager == null) {
            LOG.error("No trust manager available to authenticate session 0x{}", Long.toHexString(serverCnxn.getSessionId()));
            return KeeperException.Code.AUTHFAILED;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            this.trustManager.checkClientTrusted(x509CertificateArr, x509Certificate.getPublicKey().getAlgorithm());
            String clientId = getClientId(x509Certificate);
            if (clientId.equals(System.getProperty(ZOOKEEPER_X509AUTHENTICATIONPROVIDER_SUPERUSER))) {
                serverCnxn.addAuthInfo(new Id("super", clientId));
                LOG.info("Authenticated Id '{}' as super user", clientId);
            }
            Id id = new Id(getScheme(), clientId);
            serverCnxn.addAuthInfo(id);
            LOG.info("Authenticated Id '{}' for Scheme '{}'", id.getId(), id.getScheme());
            return KeeperException.Code.OK;
        } catch (CertificateException e) {
            LOG.error("Failed to trust certificate for session 0x" + Long.toHexString(serverCnxn.getSessionId()), (Throwable) e);
            return KeeperException.Code.AUTHFAILED;
        }
    }

    protected String getClientId(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectX500Principal().getName();
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean matches(String str, String str2) {
        return System.getProperty(ZOOKEEPER_X509AUTHENTICATIONPROVIDER_SUPERUSER) != null ? str.equals(System.getProperty(ZOOKEEPER_X509AUTHENTICATIONPROVIDER_SUPERUSER)) || str.equals(str2) : str.equals(str2);
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isAuthenticated() {
        return true;
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isValid(String str) {
        try {
            new X500Principal(str);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    public X509TrustManager getTrustManager() throws X509Exception.TrustManagerException {
        if (this.trustManager == null) {
            throw new X509Exception.TrustManagerException("No trust manager available");
        }
        return this.trustManager;
    }

    public X509KeyManager getKeyManager() throws X509Exception.KeyManagerException {
        if (this.keyManager == null) {
            throw new X509Exception.KeyManagerException("No key manager available");
        }
        return this.keyManager;
    }
}
