package org.apache.pinot.common.utils.tls;

import java.security.KeyStore;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import nl.altindag.ssl.SSLFactory;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pinot/common/utils/tls/JvmDefaultSslContext.class */
public class JvmDefaultSslContext {
    private static final String JVM_KEY_STORE = "javax.net.ssl.keyStore";
    private static final String JVM_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
    private static final String JVM_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
    private static final String JVM_TRUST_STORE = "javax.net.ssl.trustStore";
    private static final String JVM_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
    private static final String JVM_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
    private static final Logger LOGGER = LoggerFactory.getLogger(JvmDefaultSslContext.class);
    private static volatile boolean _initialized = false;

    private JvmDefaultSslContext() {
        throw new IllegalStateException("Should not instantiate JvmDefaultSslContext");
    }

    public static synchronized void initDefaultSslContext() {
        LOGGER.info("Trying to initialize jvm default SSL context");
        if (_initialized) {
            LOGGER.info("Jvm default SSL context has already been initialized");
            return;
        }
        String property = System.getProperty(JVM_KEY_STORE);
        String property2 = System.getProperty(JVM_TRUST_STORE);
        if (TlsUtils.isKeyOrTrustStorePathNullOrHasFileScheme(property) && TlsUtils.isKeyOrTrustStorePathNullOrHasFileScheme(property2) && (StringUtils.isNotBlank(property) || StringUtils.isNotBlank(property2))) {
            SSLFactory.Builder builder = SSLFactory.builder();
            if (StringUtils.isNotBlank(property)) {
                builder.withSwappableIdentityMaterial().withSystemPropertyDerivedIdentityMaterial();
            }
            if (StringUtils.isNotBlank(property2)) {
                builder.withSwappableTrustMaterial().withSystemPropertyDerivedTrustMaterial();
            } else {
                builder.withDefaultTrustMaterial();
            }
            SSLFactory build = builder.build();
            SSLContext.setDefault(build.getSslContext());
            RenewableTlsUtils.enableAutoRenewalFromFileStoreForSSLFactory(build, (String) Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_TYPE)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElseGet(KeyStore::getDefaultType), property, (String) Optional.ofNullable(System.getProperty(JVM_KEY_STORE_PASSWORD)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElse(null), (String) Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_TYPE)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElseGet(KeyStore::getDefaultType), property2, (String) Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_PASSWORD)).map((v0) -> {
                return v0.trim();
            }).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).orElse(null), null, null, () -> {
                return false;
            });
        }
        _initialized = true;
        LOGGER.info("Successfully initialized mvm default SSL context");
    }
}
