package org.apache.hadoop.gateway.services.security.impl;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Map;
import org.apache.hadoop.gateway.GatewayMessages;
import org.apache.hadoop.gateway.GatewayResources;
import org.apache.hadoop.gateway.config.GatewayConfig;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.i18n.resources.ResourcesFactory;
import org.apache.hadoop.gateway.services.Service;
import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.hadoop.gateway.services.security.KeystoreService;
import org.apache.hadoop.gateway.services.security.KeystoreServiceException;

/* loaded from: input_file:org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.class */
public class DefaultKeystoreService extends BaseKeystoreService implements KeystoreService, Service {
    private static final String dnTemplate = "CN={0},OU=Test,O=Hadoop,L=Test,ST=Test,C=US";
    private static final String CREDENTIALS_SUFFIX = "-credentials.jceks";
    public static final String GATEWAY_KEYSTORE = "gateway.jks";
    private static final String CERT_GEN_MODE = "hadoop.gateway.cert.gen.mode";
    private static final String CERT_GEN_MODE_LOCALHOST = "localhost";
    private static final String CERT_GEN_MODE_HOSTNAME = "hostname";
    private static GatewayMessages LOG = (GatewayMessages) MessagesFactory.get(GatewayMessages.class);
    private static GatewayResources RES = (GatewayResources) ResourcesFactory.get(GatewayResources.class);
    private String signingKeystoreName = null;
    private String signingKeyAlias = null;

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        this.keyStoreDir = gatewayConfig.getGatewaySecurityDir() + File.separator + "keystores" + File.separator;
        File file = new File(this.keyStoreDir);
        if (!file.exists() && !file.mkdirs()) {
            throw new ServiceLifecycleException(RES.failedToCreateKeyStoreDirectory(file.getAbsolutePath()));
        }
        this.signingKeystoreName = gatewayConfig.getSigningKeystoreName();
        if (this.signingKeystoreName != null) {
            if (!new File(this.keyStoreDir, this.signingKeystoreName).exists()) {
                throw new ServiceLifecycleException("Configured signing keystore does not exist.");
            }
            this.signingKeyAlias = gatewayConfig.getSigningKeyAlias();
            if (this.signingKeyAlias != null) {
                try {
                    KeyStore signingKeystore = getSigningKeystore();
                    if (signingKeystore == null || signingKeystore.containsAlias(this.signingKeyAlias)) {
                    } else {
                        throw new ServiceLifecycleException("Configured signing key alias does not exist.");
                    }
                } catch (KeystoreServiceException e) {
                    throw new ServiceLifecycleException("Unable to get the configured signing keystore.", e);
                } catch (KeyStoreException e2) {
                    throw new ServiceLifecycleException("Signing keystore has not been loaded.", e2);
                }
            }
        }
    }

    public void start() throws ServiceLifecycleException {
    }

    public void stop() throws ServiceLifecycleException {
    }

    public void createKeystoreForGateway() throws KeystoreServiceException {
        createKeystore(getKeystorePath(), "JKS");
    }

    public KeyStore getKeystoreForGateway() throws KeystoreServiceException {
        return getKeystore(new File(this.keyStoreDir + GATEWAY_KEYSTORE), "JKS");
    }

    public KeyStore getSigningKeystore() throws KeystoreServiceException {
        File file;
        if (this.signingKeystoreName == null) {
            file = new File(this.keyStoreDir + GATEWAY_KEYSTORE);
        } else {
            file = new File(this.keyStoreDir + this.signingKeystoreName);
            if (!file.exists()) {
                throw new KeystoreServiceException("Configured signing keystore does not exist.");
            }
        }
        return getKeystore(file, "JKS");
    }

    public void addSelfSignedCertForGateway(String str, char[] cArr) throws KeystoreServiceException {
        addSelfSignedCertForGateway(str, cArr, null);
    }

    public void addSelfSignedCertForGateway(String str, char[] cArr, String str2) throws KeystoreServiceException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            if (str2 == null) {
                str2 = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST);
            }
            X509Certificate generateCertificate = str2.equals(CERT_GEN_MODE_HOSTNAME) ? X509CertificateUtil.generateCertificate(buildDistinguishedName(InetAddress.getLocalHost().getHostName()), generateKeyPair, 365, "SHA1withRSA") : X509CertificateUtil.generateCertificate(buildDistinguishedName(str2), generateKeyPair, 365, "SHA1withRSA");
            KeyStore keystoreForGateway = getKeystoreForGateway();
            keystoreForGateway.setKeyEntry(str, generateKeyPair.getPrivate(), cArr, new Certificate[]{generateCertificate});
            writeKeystoreToFile(keystoreForGateway, new File(this.keyStoreDir + GATEWAY_KEYSTORE));
        } catch (IOException e) {
            LOG.failedToAddSeflSignedCertForGateway(str, e);
            throw new KeystoreServiceException(e);
        } catch (NoSuchAlgorithmException e2) {
            LOG.failedToAddSeflSignedCertForGateway(str, e2);
            throw new KeystoreServiceException(e2);
        } catch (GeneralSecurityException e3) {
            LOG.failedToAddSeflSignedCertForGateway(str, e3);
            throw new KeystoreServiceException(e3);
        }
    }

    private String buildDistinguishedName(String str) {
        return new MessageFormat(dnTemplate).format(new String[]{str});
    }

    public void createCredentialStoreForCluster(String str) throws KeystoreServiceException {
        createKeystore(this.keyStoreDir + str + CREDENTIALS_SUFFIX, "JCEKS");
    }

    public boolean isCredentialStoreForClusterAvailable(String str) throws KeystoreServiceException {
        try {
            return isKeystoreAvailable(new File(this.keyStoreDir + str + CREDENTIALS_SUFFIX), "JCEKS");
        } catch (IOException e) {
            throw new KeystoreServiceException(e);
        } catch (KeyStoreException e2) {
            throw new KeystoreServiceException(e2);
        }
    }

    public boolean isKeystoreForGatewayAvailable() throws KeystoreServiceException {
        try {
            return isKeystoreAvailable(new File(this.keyStoreDir + GATEWAY_KEYSTORE), "JKS");
        } catch (IOException e) {
            throw new KeystoreServiceException(e);
        } catch (KeyStoreException e2) {
            throw new KeystoreServiceException(e2);
        }
    }

    public Key getKeyForGateway(String str, char[] cArr) throws KeystoreServiceException {
        Key key = null;
        KeyStore keystoreForGateway = getKeystoreForGateway();
        if (cArr == null) {
            cArr = this.masterService.getMasterSecret();
            LOG.assumingKeyPassphraseIsMaster();
        }
        if (keystoreForGateway != null) {
            try {
                key = keystoreForGateway.getKey(str, cArr);
            } catch (KeyStoreException e) {
                LOG.failedToGetKeyForGateway(str, e);
            } catch (NoSuchAlgorithmException e2) {
                LOG.failedToGetKeyForGateway(str, e2);
            } catch (UnrecoverableKeyException e3) {
                LOG.failedToGetKeyForGateway(str, e3);
            }
        }
        return key;
    }

    public Key getSigningKey(String str, char[] cArr) throws KeystoreServiceException {
        Key key = null;
        KeyStore signingKeystore = getSigningKeystore();
        if (cArr == null) {
            cArr = this.masterService.getMasterSecret();
            LOG.assumingKeyPassphraseIsMaster();
        }
        if (signingKeystore != null) {
            try {
                key = signingKeystore.getKey(str, cArr);
            } catch (KeyStoreException e) {
                LOG.failedToGetKeyForGateway(str, e);
            } catch (NoSuchAlgorithmException e2) {
                LOG.failedToGetKeyForGateway(str, e2);
            } catch (UnrecoverableKeyException e3) {
                LOG.failedToGetKeyForGateway(str, e3);
            }
        }
        return key;
    }

    public KeyStore getCredentialStoreForCluster(String str) throws KeystoreServiceException {
        return getKeystore(new File(this.keyStoreDir + str + CREDENTIALS_SUFFIX), "JCEKS");
    }

    public void addCredentialForCluster(String str, String str2, String str3) throws KeystoreServiceException {
        KeyStore credentialStoreForCluster = getCredentialStoreForCluster(str);
        addCredential(str2, str3, credentialStoreForCluster);
        try {
            writeKeystoreToFile(credentialStoreForCluster, new File(this.keyStoreDir + str + CREDENTIALS_SUFFIX));
        } catch (IOException e) {
            LOG.failedToAddCredentialForCluster(str, e);
        } catch (KeyStoreException e2) {
            LOG.failedToAddCredentialForCluster(str, e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.failedToAddCredentialForCluster(str, e3);
        } catch (CertificateException e4) {
            LOG.failedToAddCredentialForCluster(str, e4);
        }
    }

    public char[] getCredentialForCluster(String str, String str2) throws KeystoreServiceException {
        char[] cArr = null;
        KeyStore credentialStoreForCluster = getCredentialStoreForCluster(str);
        if (credentialStoreForCluster != null) {
            try {
                Key key = credentialStoreForCluster.getKey(str2, this.masterService.getMasterSecret());
                if (key != null) {
                    cArr = new String(key.getEncoded()).toCharArray();
                }
            } catch (KeyStoreException e) {
                LOG.failedToGetCredentialForCluster(str, e);
            } catch (NoSuchAlgorithmException e2) {
                LOG.failedToGetCredentialForCluster(str, e2);
            } catch (UnrecoverableKeyException e3) {
                LOG.failedToGetCredentialForCluster(str, e3);
            }
        }
        return cArr;
    }

    public void removeCredentialForCluster(String str, String str2) throws KeystoreServiceException {
        KeyStore credentialStoreForCluster = getCredentialStoreForCluster(str);
        removeCredential(str2, credentialStoreForCluster);
        try {
            writeKeystoreToFile(credentialStoreForCluster, new File(this.keyStoreDir + str + CREDENTIALS_SUFFIX));
        } catch (IOException e) {
            LOG.failedToRemoveCredentialForCluster(str, e);
        } catch (KeyStoreException e2) {
            LOG.failedToRemoveCredentialForCluster(str, e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.failedToRemoveCredentialForCluster(str, e3);
        } catch (CertificateException e4) {
            LOG.failedToRemoveCredentialForCluster(str, e4);
        }
    }

    public String getKeystorePath() {
        return this.keyStoreDir + GATEWAY_KEYSTORE;
    }
}
