package org.apache.hadoop.yarn.server.resourcemanager.security;

import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppCertificateActions.class */
public class HopsworksRMAppCertificateActions implements RMAppCertificateActions, Configurable {
    public static final String HOPSWORKS_USER_KEY = "hops.hopsworks.user";
    public static final String HOPSWORKS_PASSWORD_KEY = "hops.hopsworks.password";
    private static final Log LOG = LogFactory.getLog(HopsworksRMAppCertificateActions.class);
    private static final Set<Integer> ACCEPTABLE_HTTP_RESPONSES = new HashSet(2);
    private Configuration conf;
    private Configuration sslConf;
    private URL hopsworksHost;
    private URL loginEndpoint;
    private URL signEndpoint;
    private URL revokeEndpoint;
    private CertificateFactory certificateFactory;

    public HopsworksRMAppCertificateActions() throws MalformedURLException, GeneralSecurityException {
        ACCEPTABLE_HTTP_RESPONSES.add(200);
        ACCEPTABLE_HTTP_RESPONSES.add(204);
    }

    public void setConf(Configuration configuration) {
        this.conf = configuration;
    }

    public Configuration getConf() {
        return this.conf;
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppCertificateActions
    public void init() throws MalformedURLException, GeneralSecurityException {
        this.hopsworksHost = new URL(this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_HOST_KEY, "http://127.0.0.1"));
        this.loginEndpoint = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_LOGIN_ENDPOINT_KEY, YarnConfiguration.DEFAULT_HOPS_HOPSWORKS_LOGIN_ENDPOINT));
        this.signEndpoint = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_SIGN_ENDPOINT_KEY, YarnConfiguration.DEFAULT_HOPS_HOPSWORKS_SIGN_ENDPOINT));
        this.revokeEndpoint = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_REVOKE_ENDPOINT_KEY, YarnConfiguration.DEFAULT_HOPS_HOPSWORKS_REVOKE_ENDPOINT));
        this.certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        this.sslConf = new Configuration(false);
        this.sslConf.addResource(this.conf.get("hadoop.ssl.server.conf", "ssl-server.xml"));
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppCertificateActions
    public X509Certificate sign(PKCS10CertificationRequest pKCS10CertificationRequest) throws URISyntaxException, IOException, GeneralSecurityException {
        CloseableHttpClient closeableHttpClient = null;
        try {
            closeableHttpClient = createHttpClient();
            login(closeableHttpClient);
            String stringifyCSR = stringifyCSR(pKCS10CertificationRequest);
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("csr", stringifyCSR);
            X509Certificate parseCertificate = parseCertificate(new JsonParser().parse(EntityUtils.toString(post(closeableHttpClient, jsonObject, this.signEndpoint.toURI(), "Hopsworks CA could not sign CSR").getEntity())).getAsJsonObject().get("pubAgentCert").getAsString());
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            return parseCertificate;
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppCertificateActions
    public int revoke(String str) throws URISyntaxException, IOException, GeneralSecurityException {
        CloseableHttpClient closeableHttpClient = null;
        try {
            closeableHttpClient = createHttpClient();
            login(closeableHttpClient);
            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("identifier", str);
            int statusCode = post(closeableHttpClient, jsonObject, this.revokeEndpoint.toURI(), "Hopsworks CA could not revoke certificate " + str).getStatusLine().getStatusCode();
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            return statusCode;
        } catch (Throwable th) {
            if (closeableHttpClient != null) {
                closeableHttpClient.close();
            }
            throw th;
        }
    }

    protected CloseableHttpClient createHttpClient() throws GeneralSecurityException, IOException {
        return HttpClients.custom().setDefaultCookieStore(new BasicCookieStore()).build();
    }

    private void login(CloseableHttpClient closeableHttpClient) throws URISyntaxException, IOException {
        checkHTTPResponseCode(closeableHttpClient.execute(RequestBuilder.post().setUri(this.loginEndpoint.toURI()).addParameter("email", this.sslConf.get(HOPSWORKS_USER_KEY)).addParameter("password", this.sslConf.get(HOPSWORKS_PASSWORD_KEY)).build()).getStatusLine().getStatusCode(), "Could not login to Hopsworks");
    }

    private CloseableHttpResponse post(CloseableHttpClient closeableHttpClient, JsonObject jsonObject, URI uri, String str) throws IOException {
        HttpPost httpPost = new HttpPost(uri);
        httpPost.setEntity(new StringEntity(jsonObject.toString()));
        httpPost.addHeader("Content-Type", "application/json");
        CloseableHttpResponse execute = closeableHttpClient.execute(httpPost);
        checkHTTPResponseCode(execute.getStatusLine().getStatusCode(), str);
        return execute;
    }

    private X509Certificate parseCertificate(String str) throws IOException, GeneralSecurityException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        Throwable th = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void checkHTTPResponseCode(int i, String str) throws IOException {
        if (!ACCEPTABLE_HTTP_RESPONSES.contains(Integer.valueOf(i))) {
            throw new IOException("HTTP error, response code " + i + " Message: " + str);
        }
    }

    private String stringifyCSR(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            try {
                PemWriter pemWriter = new PemWriter(stringWriter);
                pemWriter.writeObject(new JcaMiscPEMGenerator(pKCS10CertificationRequest).generate());
                pemWriter.flush();
                stringWriter.flush();
                pemWriter.close();
                String stringWriter2 = stringWriter.toString();
                if (stringWriter != null) {
                    if (0 != 0) {
                        try {
                            stringWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        stringWriter.close();
                    }
                }
                return stringWriter2;
            } finally {
            }
        } catch (Throwable th3) {
            if (stringWriter != null) {
                if (th != null) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    stringWriter.close();
                }
            }
            throw th3;
        }
    }
}
