package com.yahoo.vespa.hosted.node.admin.configserver;

import com.yahoo.vespa.athenz.api.AthenzIdentity;
import com.yahoo.vespa.athenz.api.AthenzService;
import com.yahoo.vespa.athenz.identity.SiaIdentityProvider;
import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier;
import com.yahoo.vespa.athenz.tls.SslContextBuilder;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

/* loaded from: input_file:com/yahoo/vespa/hosted/node/admin/configserver/SslConnectionSocketFactoryUpdater.class */
public class SslConnectionSocketFactoryUpdater implements AutoCloseable {
    private final HostnameVerifier configServerHostnameVerifier;
    private final SiaIdentityProvider sia;
    private SSLConnectionSocketFactory socketFactory;
    private final Object monitor = new Object();
    private final Set<ConfigServerApi> configServerApis = new HashSet();

    public static SslConnectionSocketFactoryUpdater createAndRefreshKeyStoreIfNeeded(SiaIdentityProvider siaIdentityProvider, AthenzIdentity athenzIdentity) {
        return new SslConnectionSocketFactoryUpdater(siaIdentityProvider, createHostnameVerifier(athenzIdentity));
    }

    SslConnectionSocketFactoryUpdater(SiaIdentityProvider siaIdentityProvider, HostnameVerifier hostnameVerifier) {
        this.configServerHostnameVerifier = hostnameVerifier;
        this.sia = siaIdentityProvider;
        if (siaIdentityProvider == null) {
            this.socketFactory = createDefaultSslConnectionSocketFactory();
        } else {
            siaIdentityProvider.addIdentityListener(this::updateSocketFactory);
            this.socketFactory = createSocketFactory(siaIdentityProvider.getIdentitySslContext());
        }
    }

    private void updateSocketFactory(SSLContext sSLContext, AthenzService athenzService) {
        synchronized (this.monitor) {
            this.socketFactory = createSocketFactory(sSLContext);
            this.configServerApis.forEach(configServerApi -> {
                configServerApi.setSSLConnectionSocketFactory(this.socketFactory);
            });
        }
    }

    public SSLConnectionSocketFactory getCurrentSocketFactory() {
        SSLConnectionSocketFactory sSLConnectionSocketFactory;
        synchronized (this.monitor) {
            sSLConnectionSocketFactory = this.socketFactory;
        }
        return sSLConnectionSocketFactory;
    }

    public void registerConfigServerApi(ConfigServerApi configServerApi) {
        synchronized (this.monitor) {
            configServerApi.setSSLConnectionSocketFactory(this.socketFactory);
            this.configServerApis.add(configServerApi);
        }
    }

    public void unregisterConfigServerApi(ConfigServerApi configServerApi) {
        synchronized (this.monitor) {
            this.configServerApis.remove(configServerApi);
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        if (this.sia != null) {
            this.sia.deconstruct();
        }
    }

    private SSLConnectionSocketFactory createSocketFactory(SSLContext sSLContext) {
        return new SSLConnectionSocketFactory(sSLContext, this.configServerHostnameVerifier);
    }

    private SSLConnectionSocketFactory createDefaultSslConnectionSocketFactory() {
        return createSocketFactory(new SslContextBuilder().build());
    }

    private static HostnameVerifier createHostnameVerifier(AthenzIdentity athenzIdentity) {
        return new AthenzIdentityVerifier(Collections.singleton(athenzIdentity));
    }
}
