package org.apache.hadoop.hdds.security.x509.keys;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.output.FileWriterWithEncoding;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/keys/KeyCodec.class */
public class KeyCodec {
    public static final String PRIVATE_KEY = "PRIVATE KEY";
    public static final String PUBLIC_KEY = "PUBLIC KEY";
    public static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KeyCodec.class);
    private final Path location;
    private final SecurityConfig securityConfig;
    private Set<PosixFilePermission> permissionSet;
    private Supplier<Boolean> isPosixFileSystem;

    public KeyCodec(SecurityConfig securityConfig, String str) {
        this.permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());
        this.securityConfig = securityConfig;
        this.isPosixFileSystem = KeyCodec::isPosix;
        this.location = this.securityConfig.getKeyLocation(str);
    }

    public KeyCodec(SecurityConfig securityConfig) {
        this.permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());
        this.securityConfig = securityConfig;
        this.isPosixFileSystem = KeyCodec::isPosix;
        this.location = this.securityConfig.getKeyLocation();
    }

    public KeyCodec(Configuration configuration) {
        this.permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());
        Preconditions.checkNotNull(configuration, "Config cannot be null");
        this.securityConfig = new SecurityConfig(configuration);
        this.isPosixFileSystem = KeyCodec::isPosix;
        this.location = this.securityConfig.getKeyLocation();
    }

    private static Boolean isPosix() {
        return Boolean.valueOf(FileSystems.getDefault().supportedFileAttributeViews().contains("posix"));
    }

    @VisibleForTesting
    public Set<PosixFilePermission> getPermissionSet() {
        return this.permissionSet;
    }

    public SecurityConfig getSecurityConfig() {
        return this.securityConfig;
    }

    @VisibleForTesting
    public void setIsPosixFileSystem(Supplier<Boolean> supplier) {
        this.isPosixFileSystem = supplier;
    }

    public void writeKey(KeyPair keyPair) throws IOException {
        writeKey(this.location, keyPair, this.securityConfig.getPrivateKeyFileName(), this.securityConfig.getPublicKeyFileName(), false);
    }

    public void writePrivateKey(PrivateKey privateKey) throws IOException {
        File file = Paths.get(this.location.toString(), this.securityConfig.getPrivateKeyFileName()).toFile();
        if (Files.exists(file.toPath(), new LinkOption[0])) {
            throw new IOException("Private key already exist.");
        }
        PemWriter pemWriter = new PemWriter(new FileWriterWithEncoding(file, DEFAULT_CHARSET));
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new PemObject(PRIVATE_KEY, privateKey.getEncoded()));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                Files.setPosixFilePermissions(file.toPath(), this.permissionSet);
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    public void writePublicKey(PublicKey publicKey) throws IOException {
        File file = Paths.get(this.location.toString(), this.securityConfig.getPublicKeyFileName()).toFile();
        if (Files.exists(file.toPath(), new LinkOption[0])) {
            throw new IOException("Private key already exist.");
        }
        PemWriter pemWriter = new PemWriter(new FileWriterWithEncoding(file, DEFAULT_CHARSET));
        Throwable th = null;
        try {
            try {
                pemWriter.writeObject(new PemObject(PUBLIC_KEY, publicKey.getEncoded()));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                Files.setPosixFilePermissions(file.toPath(), this.permissionSet);
            } finally {
            }
        } catch (Throwable th3) {
            if (pemWriter != null) {
                if (th != null) {
                    try {
                        pemWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemWriter.close();
                }
            }
            throw th3;
        }
    }

    public void writeKey(KeyPair keyPair, boolean z) throws IOException {
        writeKey(this.location, keyPair, this.securityConfig.getPrivateKeyFileName(), this.securityConfig.getPublicKeyFileName(), z);
    }

    public void writeKey(Path path, KeyPair keyPair, boolean z) throws IOException {
        writeKey(path, keyPair, this.securityConfig.getPrivateKeyFileName(), this.securityConfig.getPublicKeyFileName(), z);
    }

    private PKCS8EncodedKeySpec readKey(Path path, String str) throws IOException {
        PemReader pemReader = new PemReader(new StringReader(FileUtils.readFileToString(Paths.get(path.toString(), str).toFile(), DEFAULT_CHARSET)));
        Throwable th = null;
        try {
            byte[] content = pemReader.readPemObject().getContent();
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pemReader.close();
                }
            }
            return new PKCS8EncodedKeySpec(content);
        } catch (Throwable th3) {
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemReader.close();
                }
            }
            throw th3;
        }
    }

    public PrivateKey readPrivateKey(Path path, String str) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return KeyFactory.getInstance(this.securityConfig.getKeyAlgo()).generatePrivate(readKey(path, str));
    }

    public PublicKey readPublicKey() throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return readPublicKey(this.location.toAbsolutePath(), this.securityConfig.getPublicKeyFileName());
    }

    public PublicKey readPublicKey(Path path, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException {
        return KeyFactory.getInstance(this.securityConfig.getKeyAlgo()).generatePublic(new X509EncodedKeySpec(readKey(path, str).getEncoded()));
    }

    public PrivateKey readPrivateKey() throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return readPrivateKey(this.location.toAbsolutePath(), this.securityConfig.getPrivateKeyFileName());
    }

    private synchronized void writeKey(Path path, KeyPair keyPair, String str, String str2, boolean z) throws IOException {
        Throwable th;
        checkPreconditions(path);
        File file = Paths.get(this.location.toString(), str).toFile();
        File file2 = Paths.get(this.location.toString(), str2).toFile();
        checkKeyFile(file, z, file2);
        PemWriter pemWriter = new PemWriter(new FileWriterWithEncoding(file, DEFAULT_CHARSET));
        Throwable th2 = null;
        try {
            try {
                pemWriter.writeObject(new PemObject(PRIVATE_KEY, keyPair.getPrivate().getEncoded()));
                if (pemWriter != null) {
                    if (0 != 0) {
                        try {
                            pemWriter.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        pemWriter.close();
                    }
                }
                pemWriter = new PemWriter(new FileWriterWithEncoding(file2, DEFAULT_CHARSET));
                th = null;
            } finally {
            }
            try {
                try {
                    pemWriter.writeObject(new PemObject(PUBLIC_KEY, keyPair.getPublic().getEncoded()));
                    if (pemWriter != null) {
                        if (0 != 0) {
                            try {
                                pemWriter.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            pemWriter.close();
                        }
                    }
                    Files.setPosixFilePermissions(file.toPath(), this.permissionSet);
                    Files.setPosixFilePermissions(file2.toPath(), this.permissionSet);
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    private void checkKeyFile(File file, boolean z, File file2) throws IOException {
        if (file.exists() && z && !file.delete()) {
            throw new IOException("Unable to delete private key file.");
        }
        if (file2.exists() && z && !file2.delete()) {
            throw new IOException("Unable to delete public key file.");
        }
        if (file.exists()) {
            throw new IOException("Private Key file already exists.");
        }
        if (file2.exists()) {
            throw new IOException("Public Key file already exists.");
        }
    }

    private void checkPreconditions(Path path) throws IOException {
        Preconditions.checkNotNull(path, "Base path cannot be null");
        if (!this.isPosixFileSystem.get().booleanValue()) {
            LOG.error("Keys cannot be stored securely without POSIX file system support for now.");
            throw new IOException("Unsupported File System for pem file.");
        }
        if (Files.exists(path, new LinkOption[0])) {
            Files.setPosixFilePermissions(path, this.permissionSet);
        } else if (path.toFile().mkdirs()) {
            Files.setPosixFilePermissions(path, this.permissionSet);
        } else {
            LOG.error("Unable to create the directory for the location. Location: {}", path);
            throw new IOException("Unable to create the directory for the location. Location:" + path);
        }
    }
}
