package org.apache.hadoop.hdds.security.x509.crl;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.bouncycastle.cert.X509CRLHolder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/crl/CRLCodec.class */
public class CRLCodec {
    private static final Logger LOG = LoggerFactory.getLogger(CRLCodec.class);
    private static final JcaX509CRLConverter CRL_CONVERTER = new JcaX509CRLConverter();
    private final SecurityConfig securityConfig;
    private final Path location;
    private final Set<PosixFilePermission> permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());

    public CRLCodec(SecurityConfig securityConfig) {
        this.securityConfig = securityConfig;
        this.location = securityConfig.getCertificateLocation("scm");
    }

    public static X509CRL getX509CRL(X509CRLHolder x509CRLHolder) throws CRLException {
        return CRL_CONVERTER.getCRL(x509CRLHolder);
    }

    public static String getPEMEncodedString(X509CRLHolder x509CRLHolder) throws SCMSecurityException {
        LOG.trace("Getting PEM version of a CRL.");
        try {
            return getPEMEncodedString(getX509CRL(x509CRLHolder));
        } catch (CRLException e) {
            throw new SCMSecurityException(e);
        }
    }

    public static String getPEMEncodedString(X509CRL x509crl) throws SCMSecurityException {
        try {
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th = null;
            try {
                jcaPEMWriter.writeObject(x509crl);
                if (jcaPEMWriter != null) {
                    if (0 != 0) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                return stringWriter.toString();
            } finally {
            }
        } catch (IOException e) {
            throw new SCMSecurityException("PEM Encoding failed for CRL." + x509crl.getIssuerDN().toString(), e);
        }
    }

    public static X509CRL getX509CRL(String str) throws CRLException, CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream inputStream = IOUtils.toInputStream(str, StandardCharsets.UTF_8);
        Throwable th = null;
        try {
            try {
                X509CRL x509crl = (X509CRL) certificateFactory.generateCRL(inputStream);
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                return x509crl;
            } finally {
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (th != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    public Path getLocation() {
        return this.location;
    }

    public void writeCRL(X509CRL x509crl) throws IOException {
        writeCRL(this.location.toAbsolutePath(), this.securityConfig.getCrlName(), getPEMEncodedString(x509crl), false);
    }

    public void writeCRL(X509CRLHolder x509CRLHolder, String str, boolean z) throws IOException {
        writeCRL(this.location.toAbsolutePath(), str, getPEMEncodedString(x509CRLHolder), z);
    }

    public synchronized void writeCRL(Path path, String str, String str2, boolean z) throws IOException {
        File file = Paths.get(path.toString(), str).toFile();
        if (file.exists() && !z) {
            throw new SCMSecurityException("Specified CRL file already exists.Please use force option if you want to overwrite it.");
        }
        if (!path.toFile().exists() && !path.toFile().mkdirs()) {
            LOG.error("Unable to create file path. Path: {}", path);
            throw new IOException("Creation of the directories failed." + path.toString());
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                IOUtils.write(str2, fileOutputStream, StandardCharsets.UTF_8);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                Files.setPosixFilePermissions(file.toPath(), this.permissionSet);
            } finally {
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
