package org.apache.hadoop.security.ssl;

import io.hops.security.HopsFileBasedKeyStoresFactory;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.TestRpcBase;
import org.apache.hadoop.ipc.protobuf.TestProtos;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.envVars.EnvironmentVariables;

/* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils.class */
class RpcTLSUtils {

    /* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils$MockEnvironmentVariables.class */
    protected static class MockEnvironmentVariables implements EnvironmentVariables {
        private final Map<String, String> envs = new HashMap();

        /* JADX INFO: Access modifiers changed from: protected */
        public void setEnv(String str, String str2) {
            this.envs.put(str, str2);
        }

        public String getEnv(String str) {
            return this.envs.get(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils$ParameterizedPrivilegedExceptionAction.class */
    public static abstract class ParameterizedPrivilegedExceptionAction<T> implements PrivilegedExceptionAction<T> {
        public final InetSocketAddress serverAddress;
        public final Configuration conf;
        public final String message;

        private ParameterizedPrivilegedExceptionAction(InetSocketAddress inetSocketAddress, Configuration configuration, String str) {
            this.serverAddress = inetSocketAddress;
            this.conf = configuration;
            this.message = str;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils$TLSSetup.class */
    public static class TLSSetup {
        private final String keyAlgorithm;
        private final String signatureAlgorithm;
        private final Path serverKstore;
        private final Path serverTstore;
        private final Path serverStorePasswordLocation;
        private final String serverStorePassword;
        private final Path clientKstore;
        private final Path clientTstore;
        private final Path clientPasswordLocation;
        private final String clientStorePassword;
        private final String clientUserName;

        /* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils$TLSSetup$Builder.class */
        public static class Builder {
            private String keyAlgorithm;
            private String signatureAlgorithm;
            private Path serverKstore;
            private Path serverTstore;
            private Path serverStorePasswordLocation;
            private String serverStorePassword;
            private Path clientKstore;
            private Path clientTstore;
            private Path clientPasswordLocation;
            private String clientStorePassword;
            private String clientUserName;

            public Builder setKeyAlgorithm(String str) {
                this.keyAlgorithm = str;
                return this;
            }

            public Builder setSignatureAlgorithm(String str) {
                this.signatureAlgorithm = str;
                return this;
            }

            public Builder setServerKstore(Path path) {
                this.serverKstore = path;
                return this;
            }

            public Builder setServerTstore(Path path) {
                this.serverTstore = path;
                return this;
            }

            public Builder setServerStorePasswordLocation(Path path) {
                this.serverStorePasswordLocation = path;
                return this;
            }

            public Builder setClientKstore(Path path) {
                this.clientKstore = path;
                return this;
            }

            public Builder setClientTstore(Path path) {
                this.clientTstore = path;
                return this;
            }

            public Builder setClientUserName(String str) {
                this.clientUserName = str;
                return this;
            }

            public Builder setServerStorePassword(String str) {
                this.serverStorePassword = str;
                return this;
            }

            public Builder setClientPasswordLocation(Path path) {
                this.clientPasswordLocation = path;
                return this;
            }

            public Builder setClientStorePassword(String str) {
                this.clientStorePassword = str;
                return this;
            }

            public TLSSetup build() {
                return new TLSSetup(this);
            }
        }

        private TLSSetup(Builder builder) {
            this.serverKstore = builder.serverKstore;
            this.serverTstore = builder.serverTstore;
            this.serverStorePassword = builder.serverStorePassword;
            this.serverStorePasswordLocation = builder.serverStorePasswordLocation;
            this.clientKstore = builder.clientKstore;
            this.clientTstore = builder.clientTstore;
            this.clientPasswordLocation = builder.clientPasswordLocation;
            this.clientStorePassword = builder.clientStorePassword;
            this.clientUserName = builder.clientUserName;
            this.keyAlgorithm = builder.keyAlgorithm;
            this.signatureAlgorithm = builder.signatureAlgorithm;
        }

        public Path getServerKstore() {
            return this.serverKstore;
        }

        public Path getServerTstore() {
            return this.serverTstore;
        }

        public Path getClientKstore() {
            return this.clientKstore;
        }

        public Path getClientTstore() {
            return this.clientTstore;
        }

        public String getClientUserName() {
            return this.clientUserName;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/security/ssl/RpcTLSUtils$TestCryptoMaterial.class */
    static class TestCryptoMaterial {
        private final KeyPair serverKeyPair;
        private final X509Certificate serverCertificate;
        private final KeyPair clientKeyPair;
        private final X509Certificate clientCertificate;

        public TestCryptoMaterial(KeyPair keyPair, X509Certificate x509Certificate, KeyPair keyPair2, X509Certificate x509Certificate2) {
            this.serverKeyPair = keyPair;
            this.serverCertificate = x509Certificate;
            this.clientKeyPair = keyPair2;
            this.clientCertificate = x509Certificate2;
        }

        public KeyPair getServerKeyPair() {
            return this.serverKeyPair;
        }

        public X509Certificate getServerCertificate() {
            return this.serverCertificate;
        }

        public KeyPair getClientKeyPair() {
            return this.clientKeyPair;
        }

        public X509Certificate getClientCertificate() {
            return this.clientCertificate;
        }
    }

    RpcTLSUtils() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static TestProtos.EchoResponseProto makeEchoRequest(UserGroupInformation userGroupInformation, InetSocketAddress inetSocketAddress, Configuration configuration, String str) throws Exception {
        return (TestProtos.EchoResponseProto) userGroupInformation.doAs(new ParameterizedPrivilegedExceptionAction<TestProtos.EchoResponseProto>(inetSocketAddress, configuration, str) { // from class: org.apache.hadoop.security.ssl.RpcTLSUtils.1
            @Override // java.security.PrivilegedExceptionAction
            public TestProtos.EchoResponseProto run() throws Exception {
                TestRpcBase.TestRpcService client = TestRpcBase.getClient(this.serverAddress, this.conf);
                try {
                    TestProtos.EchoResponseProto echo = client.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage(this.message).m381build());
                    if (client != null) {
                        RPC.stopProxy(client);
                    }
                    return echo;
                } catch (Throwable th) {
                    if (client != null) {
                        RPC.stopProxy(client);
                    }
                    throw th;
                }
            }
        });
    }

    public static TestCryptoMaterial setupTLSMaterial(Configuration configuration, TLSSetup tLSSetup, Class cls) throws GeneralSecurityException, IOException {
        KeyPair generateKeyPair = KeyStoreTestUtil.generateKeyPair(tLSSetup.keyAlgorithm);
        X509Certificate generateCertificate = KeyStoreTestUtil.generateCertificate("CN=Server", generateKeyPair, 60, tLSSetup.signatureAlgorithm);
        KeyStoreTestUtil.createKeyStore(tLSSetup.serverKstore.toString(), tLSSetup.serverStorePassword, "server", generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreTestUtil.createTrustStore(tLSSetup.serverTstore.toString(), tLSSetup.serverStorePassword, "server", generateCertificate);
        FileUtils.writeStringToFile(tLSSetup.serverStorePasswordLocation.toFile(), tLSSetup.serverStorePassword);
        KeyPair generateKeyPair2 = KeyStoreTestUtil.generateKeyPair(tLSSetup.keyAlgorithm);
        X509Certificate generateSignedCertificate = KeyStoreTestUtil.generateSignedCertificate("CN=" + tLSSetup.clientUserName, generateKeyPair2, 30, tLSSetup.signatureAlgorithm, generateKeyPair.getPrivate(), generateCertificate);
        KeyStoreTestUtil.createKeyStore(tLSSetup.clientKstore.toString(), tLSSetup.clientStorePassword, "client", generateKeyPair2.getPrivate(), generateSignedCertificate);
        HashMap hashMap = new HashMap(2);
        hashMap.put("client", generateSignedCertificate);
        hashMap.put("server", generateCertificate);
        KeyStoreTestUtil.createTrustStore(tLSSetup.clientTstore.toString(), tLSSetup.clientStorePassword, hashMap);
        FileUtils.writeStringToFile(tLSSetup.clientPasswordLocation.toFile(), tLSSetup.clientStorePassword);
        configuration.set("hadoop.rpc.socket.factory.class.default", "org.apache.hadoop.net.HopsSSLSocketFactory");
        configuration.setBoolean("ipc.server.ssl.enabled", true);
        configuration.set("hadoop.ssl.hostname.verifier", "ALLOW_ALL");
        configuration.set("hadoop.proxyuser." + UserGroupInformation.getCurrentUser().getUserName(), "*");
        configuration.set("hadoop.ssl.keystores.factory.class", HopsFileBasedKeyStoresFactory.class.getCanonicalName());
        configuration.set("hops.tls.superuser-material-directory", tLSSetup.serverKstore.getParent().toString());
        return new TestCryptoMaterial(generateKeyPair, generateCertificate, generateKeyPair2, generateSignedCertificate);
    }
}
