package org.apache.hadoop.yarn.server.resourcemanager.security;

import io.hops.security.AbstractSecurityActions;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.server.resourcemanager.security.JWTSecurityHandler;
import org.apache.hadoop.yarn.server.resourcemanager.security.X509SecurityHandler;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/TestingRMAppSecurityActions.class */
public class TestingRMAppSecurityActions extends AbstractSecurityActions implements RMAppSecurityActions {
    private static final Logger LOG = LogManager.getLogger(TestingRMAppSecurityActions.class);
    private static final String KEY_ALGORITHM = "RSA";
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final int KEY_SIZE = 1024;
    private KeyPair caKeyPair;
    private X509Certificate caCert;
    private ContentSigner sigGen;

    public TestingRMAppSecurityActions() {
        super("TestingRMAppSecurityActions");
    }

    public X509Certificate getCaCert() {
        return this.caCert;
    }

    public void serviceInit(Configuration configuration) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM, "BC");
        keyPairGenerator.initialize(1024);
        this.caKeyPair = keyPairGenerator.genKeyPair();
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, "RootCA");
        try {
            this.sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(this.caKeyPair.getPrivate());
            this.caCert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.ONE, new Date(), new Date(System.currentTimeMillis() + 600000), x500NameBuilder.build(), this.caKeyPair.getPublic()).build(this.sigGen));
            this.caCert.checkValidity();
            this.caCert.verify(this.caKeyPair.getPublic());
            this.caCert.verify(this.caCert.getPublicKey());
        } catch (OperatorCreationException e) {
            throw new GeneralSecurityException((Throwable) e);
        }
    }

    public void serviceStart() throws Exception {
        LOG.debug("Nothing to do here");
    }

    public void serviceStop() {
        LOG.debug("Nothing to do here");
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public X509SecurityHandler.CertificateBundle sign(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException, GeneralSecurityException {
        JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest(pKCS10CertificationRequest);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(this.caCert, BigInteger.valueOf(System.currentTimeMillis()), new Date(), new Date(System.currentTimeMillis() + 50000), pKCS10CertificationRequest.getSubject(), jcaPKCS10CertificationRequest.getPublicKey());
        JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
        jcaX509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(this.caCert)).addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(jcaPKCS10CertificationRequest.getPublicKey())).addExtension(Extension.basicConstraints, true, new BasicConstraints(false)).addExtension(Extension.keyUsage, true, new KeyUsage(160));
        return new X509SecurityHandler.CertificateBundle(new JcaX509CertificateConverter().setProvider("BC").getCertificate(jcaX509v3CertificateBuilder.build(this.sigGen)), this.caCert);
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public int revoke(String str) throws IOException {
        LOG.info("Revoking certificate " + str);
        return 200;
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public String generateJWT(JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter) throws IOException {
        return RandomStringUtils.randomAlphanumeric(16);
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public void invalidateJWT(String str) throws URISyntaxException, IOException {
        LOG.info("Invalidating JWT signing key " + str);
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public String renewJWT(JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter) throws IOException {
        LOG.info("Renewing JWT " + jWTMaterialParameter.getAppUser() + "/" + jWTMaterialParameter.getApplicationId());
        return RandomStringUtils.randomAlphanumeric(16);
    }
}
