package org.apache.slider.server.services.security;

import com.google.inject.Singleton;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.text.MessageFormat;
import org.apache.commons.io.FileUtils;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.core.conf.MapOperations;
import org.apache.slider.core.exceptions.SliderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/apache/slider/server/services/security/CertificateManager.class */
public class CertificateManager {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateManager.class);
    private static final String GEN_SRVR_KEY = "openssl genrsa -des3 -passout pass:{0} -out {1}/{2} 4096 ";
    private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} -new -key {1}/{2} -out {1}/{5} -batch";
    private static final String SIGN_SRVR_CRT = "openssl ca -create_serial -out {1}/{3} -days 365 -keyfile {1}/{2} -key {0} -selfsign -extensions jdk7_ca -config {1}/ca.config -batch -infiles {1}/{5}";
    private static final String EXPRT_KSTR = "openssl pkcs12 -export -in {1}/{3} -inkey {1}/{2} -certfile {1}/{3} -out {1}/{4} -password pass:{0} -passin pass:{0} \n";
    private static final String REVOKE_AGENT_CRT = "openssl ca -config {0}/ca.config -keyfile {0}/{4} -revoke {0}/{2} -batch -passin pass:{3} -cert {0}/{5}";
    private static final String SIGN_AGENT_CRT = "openssl ca -config {0}/ca.config -in {0}/{1} -out {0}/{2} -batch -passin pass:{3} -keyfile {0}/{4} -cert {0}/{5}";
    private static final String GEN_AGENT_KEY = "openssl req -new -newkey rsa:1024 -nodes -keyout {0}/{2}.key -subj /OU={1}/CN={2} -out {0}/{2}.csr";
    private String passphrase;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/slider/server/services/security/CertificateManager$StreamConsumer.class */
    public class StreamConsumer extends Thread {
        InputStream is;
        boolean logOutput;

        StreamConsumer(InputStream inputStream, boolean z) {
            this.is = inputStream;
            this.logOutput = z;
        }

        StreamConsumer(CertificateManager certificateManager, InputStream inputStream) {
            this(inputStream, false);
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.is, Charset.forName("UTF8")));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return;
                    }
                    if (this.logOutput) {
                        CertificateManager.LOG.info(readLine);
                    }
                }
            } catch (IOException e) {
                CertificateManager.LOG.error("Error during processing of process stream", e);
            }
        }
    }

    public void initialize(MapOperations mapOperations) {
        SecurityUtils.initializeSecurityParameters(mapOperations);
        LOG.info("Initialization of root certificate");
        boolean isCertExists = isCertExists();
        LOG.info("Certificate exists:" + isCertExists);
        if (isCertExists) {
            return;
        }
        generateServerCertificate();
    }

    private boolean isCertExists() {
        String securityDir = SecurityUtils.getSecurityDir();
        File file = new File(String.valueOf(securityDir) + File.separator + SliderKeys.CRT_FILE_NAME);
        LOG.debug("srvrKstrDir = " + securityDir);
        LOG.debug("srvrCrtName = " + SliderKeys.CRT_FILE_NAME);
        LOG.debug("certFile = " + file.getAbsolutePath());
        return file.exists();
    }

    public void setPassphrase(String str) {
        this.passphrase = str;
    }

    private int runCommand(String str) throws SliderException {
        int i = -1;
        BufferedReader bufferedReader = null;
        try {
            try {
                Process exec = Runtime.getRuntime().exec(str);
                StreamConsumer streamConsumer = new StreamConsumer(exec.getInputStream(), true);
                StreamConsumer streamConsumer2 = new StreamConsumer(this, exec.getErrorStream());
                streamConsumer.start();
                streamConsumer2.start();
                try {
                    exec.waitFor();
                    SecurityUtils.logOpenSslExitCode(str, exec.exitValue());
                    i = exec.exitValue();
                    if (i != 0) {
                        throw new SliderException(i, "Error running command %s", str);
                    }
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
            } catch (IOException e3) {
                e3.printStackTrace();
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        e4.printStackTrace();
                    }
                }
            }
            return i;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
            }
            throw th;
        }
    }

    public synchronized void generateAgentCertificate(String str, String str2) {
        LOG.info("Generation of agent certificate for {}", str);
        try {
            runCommand(MessageFormat.format(GEN_AGENT_KEY, SecurityUtils.getSecurityDir(), str, str2));
            signAgentCertificate(str2);
        } catch (SliderException e) {
            LOG.error("Error generating the agent certificate", e);
        }
    }

    private void generateServerCertificate() {
        LOG.info("Generation of server certificate");
        Object[] objArr = {SecurityUtils.getKeystorePass(), SecurityUtils.getSecurityDir(), SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME, SliderKeys.KEYSTORE_FILE_NAME, SliderKeys.CSR_FILE_NAME};
        try {
            runCommand(MessageFormat.format(GEN_SRVR_KEY, objArr));
            runCommand(MessageFormat.format(GEN_SRVR_REQ, objArr));
            runCommand(MessageFormat.format(SIGN_SRVR_CRT, objArr));
            runCommand(MessageFormat.format(EXPRT_KSTR, objArr));
        } catch (SliderException e) {
            LOG.error("Error generating the server certificate", e);
        }
    }

    public String getServerCert() {
        String str = null;
        try {
            str = FileUtils.readFileToString(getServerCertficateFilePath());
        } catch (IOException e) {
            LOG.error(e.getMessage());
        }
        return str;
    }

    public static File getServerCertficateFilePath() {
        return new File(String.valueOf(SecurityUtils.getSecurityDir()) + File.separator + SliderKeys.CRT_FILE_NAME);
    }

    public static File getAgentCertficateFilePath(String str) {
        return new File(String.valueOf(SecurityUtils.getSecurityDir()) + File.separator + str + ".crt");
    }

    public static File getAgentKeyFilePath(String str) {
        return new File(String.valueOf(SecurityUtils.getSecurityDir()) + File.separator + str + ".key");
    }

    public synchronized SignCertResponse signAgentCrt(String str, String str2, String str3) {
        SignCertResponse signCertResponse = new SignCertResponse();
        LOG.info("Signing of agent certificate");
        LOG.info("Verifying passphrase");
        if (!this.passphrase.equals(str3.trim())) {
            LOG.warn("Incorrect passphrase from the agent");
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage("Incorrect passphrase from the agent");
            return signCertResponse;
        }
        String securityDir = SecurityUtils.getSecurityDir();
        String keystorePass = SecurityUtils.getKeystorePass();
        String str4 = String.valueOf(str) + ".csr";
        String str5 = String.valueOf(str) + ".crt";
        Object[] objArr = {securityDir, str4, str5, keystorePass, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME};
        File file = new File(String.valueOf(securityDir) + File.separator + str5);
        if (file.exists()) {
            LOG.info("Revoking of " + str + " certificate.");
            String format = MessageFormat.format(REVOKE_AGENT_CRT, objArr);
            try {
                runCommand(format);
            } catch (SliderException e) {
                int exitCode = e.getExitCode();
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage(SecurityUtils.getOpenSslCommandResult(format, exitCode));
                return signCertResponse;
            }
        }
        try {
            FileUtils.writeStringToFile(new File(String.valueOf(securityDir) + File.separator + str4), str2);
        } catch (IOException e2) {
            e2.printStackTrace();
        }
        String format2 = MessageFormat.format(SIGN_AGENT_CRT, objArr);
        LOG.debug(SecurityUtils.hideOpenSslPassword(format2));
        try {
            runCommand(format2);
            try {
                String readFileToString = FileUtils.readFileToString(file);
                signCertResponse.setResult(SignCertResponse.OK_STATUS);
                signCertResponse.setSignedCa(readFileToString);
                return signCertResponse;
            } catch (IOException e3) {
                e3.printStackTrace();
                LOG.error("Error reading signed agent certificate");
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage("Error reading signed agent certificate");
                return signCertResponse;
            }
        } catch (SliderException e4) {
            int exitCode2 = e4.getExitCode();
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage(SecurityUtils.getOpenSslCommandResult(format2, exitCode2));
            return signCertResponse;
        }
    }

    private String signAgentCertificate(String str) throws SliderException {
        String securityDir = SecurityUtils.getSecurityDir();
        String keystorePass = SecurityUtils.getKeystorePass();
        String str2 = String.valueOf(str) + ".csr";
        String str3 = String.valueOf(str) + ".crt";
        Object[] objArr = {securityDir, str2, str3, keystorePass, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME};
        if (new File(String.valueOf(securityDir) + File.separator + str3).exists()) {
            LOG.info("Revoking of " + str + " certificate.");
            runCommand(MessageFormat.format(REVOKE_AGENT_CRT, objArr));
        }
        String format = MessageFormat.format(SIGN_AGENT_CRT, objArr);
        LOG.debug(SecurityUtils.hideOpenSslPassword(format));
        runCommand(format);
        return str3;
    }
}
