package org.apache.flink.runtime.rpc.pekko;

import com.typesafe.config.Config;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory;
import org.apache.pekko.actor.ActorSystem;
import org.apache.pekko.remote.RemoteTransportException;
import org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider;

/* loaded from: input_file:flink-rpc-akka.jar:org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.class */
public class CustomSSLEngineProvider extends ConfigSSLEngineProvider {
    private final String sslTrustStore;
    private final String sslTrustStorePassword;
    private final List<String> sslCertFingerprints;
    private final String sslKeyStoreType;
    private final String sslTrustStoreType;

    public CustomSSLEngineProvider(ActorSystem actorSystem) {
        super(actorSystem);
        Config config = actorSystem.settings().config().getConfig("pekko.remote.classic.netty.ssl.security");
        this.sslTrustStore = config.getString("trust-store");
        this.sslTrustStorePassword = config.getString("trust-store-password");
        this.sslCertFingerprints = config.getStringList("cert-fingerprints");
        this.sslKeyStoreType = config.getString("key-store-type");
        this.sslTrustStoreType = config.getString("trust-store-type");
    }

    @Override // org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider
    public TrustManager[] trustManagers() {
        try {
            TrustManagerFactory trustManagerFactory = this.sslCertFingerprints.isEmpty() ? TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) : FingerprintTrustManagerFactory.builder("SHA1").fingerprints(this.sslCertFingerprints).build();
            trustManagerFactory.init(loadKeystore(this.sslTrustStore, this.sslTrustStorePassword, this.sslTrustStoreType));
            return trustManagerFactory.getTrustManagers();
        } catch (IOException | GeneralSecurityException e) {
            throw new RemoteTransportException("Server SSL connection could not be established because SSL context could not be constructed", e);
        }
    }

    @Override // org.apache.pekko.remote.transport.netty.ConfigSSLEngineProvider
    public KeyStore loadKeystore(String str, String str2) {
        try {
            return loadKeystore(str, str2, this.sslKeyStoreType);
        } catch (IOException | GeneralSecurityException e) {
            throw new RemoteTransportException("Server SSL connection could not be established because key store could not be loaded", e);
        }
    }

    private KeyStore loadKeystore(String str, String str2, String str3) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(str3);
        InputStream newInputStream = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.load(newInputStream, str2.toCharArray());
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }
}
