package org.apache.hadoop.yarn.server.resourcemanager.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.google.gson.FieldNamingPolicy;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.nimbusds.jwt.JWTParser;
import io.hops.util.YarnAPIStorageFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.util.BackOff;
import org.apache.hadoop.util.ExponentialBackOff;
import org.apache.hadoop.yarn.conf.YarnConfiguration;
import org.apache.hadoop.yarn.server.resourcemanager.security.JWTSecurityHandler;
import org.apache.hadoop.yarn.server.resourcemanager.security.X509SecurityHandler;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicHeader;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemWriter;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppSecurityActions.class */
public class HopsworksRMAppSecurityActions implements RMAppSecurityActions, Configurable {
    public static final String REVOKE_CERT_ID_PARAM = "certId";
    protected static final int MAX_CONNECTIONS_PER_ROUTE = 50;
    private static final String AUTH_HEADER_CONTENT = "Bearer %s";
    private final AtomicReference<Header> authHeader;
    private final Gson jsonParser;
    private Configuration conf;
    private Configuration sslConf;
    private URL hopsworksHost;
    private URL signEndpoint;
    private String revokePath;
    private CertificateFactory certificateFactory;
    private URL jwtGeneratePath;
    private URL jwtInvalidatePath;
    private URL jwtRenewPath;
    private URL serviceJWTRenewPath;
    private URL serviceJWTInvalidatePath;
    private long serviceJWTValidityPeriodSeconds;
    private String masterToken;
    private LocalDateTime masterTokenExpiration;
    private String[] renewalTokens;
    private final ExecutorService tokenRenewer;
    public static final Pattern JWT_PATTERN = Pattern.compile("^Bearer\\s(.+)");
    private static final Log LOG = LogFactory.getLog(HopsworksRMAppSecurityActions.class);
    private static final Set<Integer> ACCEPTABLE_HTTP_RESPONSES = new HashSet(2);
    private static final Pattern SUBJECT_USERNAME = Pattern.compile("^(.+)(?>_{2})(.+)$");
    private boolean x509Configured = false;
    private boolean jwtConfigured = false;
    private PoolingHttpClientConnectionManager httpConnectionManager = null;
    protected CloseableHttpClient httpClient = null;

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppSecurityActions$CSRDTO.class */
    private class CSRDTO {
        private String csr;
        private String signedCert;
        private String intermediateCaCert;
        private String rootCaCert;

        private CSRDTO() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppSecurityActions$JWTDTO.class */
    public class JWTDTO {
        private String token;
        private String subject;
        private String keyName;
        private String audiences;
        private Boolean renewable;
        private Integer expLeeway;
        private Date expiresAt;
        private Date nbf;

        protected JWTDTO() {
        }

        public String getToken() {
            return this.token;
        }

        public void setToken(String str) {
            this.token = str;
        }

        public String getSubject() {
            return this.subject;
        }

        public void setSubject(String str) {
            this.subject = str;
        }

        public String getKeyName() {
            return this.keyName;
        }

        public void setKeyName(String str) {
            this.keyName = str;
        }

        public String getAudiences() {
            return this.audiences;
        }

        public void setAudiences(String str) {
            this.audiences = str;
        }

        public Boolean getRenewable() {
            return this.renewable;
        }

        public void setRenewable(Boolean bool) {
            this.renewable = bool;
        }

        public Integer getExpLeeway() {
            return this.expLeeway;
        }

        public void setExpLeeway(Integer num) {
            this.expLeeway = num;
        }

        public Date getExpiresAt() {
            return this.expiresAt;
        }

        public void setExpiresAt(Date date) {
            this.expiresAt = date;
        }

        public Date getNbf() {
            return this.nbf;
        }

        public void setNbf(Date date) {
            this.nbf = date;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppSecurityActions$ServiceTokenDTO.class */
    public class ServiceTokenDTO {
        private JWTDTO jwt;
        private String[] renewTokens;

        protected ServiceTokenDTO() {
        }

        public JWTDTO getJwt() {
            return this.jwt;
        }

        public void setJwt(JWTDTO jwtdto) {
            this.jwt = jwtdto;
        }

        public String[] getRenewTokens() {
            return this.renewTokens;
        }

        public void setRenewTokens(String[] strArr) {
            this.renewTokens = strArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/HopsworksRMAppSecurityActions$TokenRenewer.class */
    public class TokenRenewer implements Runnable {
        private final BackOff backoff;
        private final long sleepPeriodSeconds;

        private TokenRenewer() {
            this.backoff = new ExponentialBackOff.Builder().setInitialIntervalMillis(1000L).setMaximumIntervalMillis(7000L).setMultiplier(2.0d).setMaximumRetries(Math.max(1, HopsworksRMAppSecurityActions.this.renewalTokens.length)).build();
            this.sleepPeriodSeconds = HopsworksRMAppSecurityActions.this.serviceJWTValidityPeriodSeconds / 2;
        }

        /* JADX WARN: Code restructure failed: missing block: B:12:0x00bf, code lost:
        
            r6.this$0.invalidateServiceJWT(r0);
         */
        @Override // java.lang.Runnable
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void run() {
            /*
                Method dump skipped, instructions count: 643
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.hadoop.yarn.server.resourcemanager.security.HopsworksRMAppSecurityActions.TokenRenewer.run():void");
        }
    }

    public HopsworksRMAppSecurityActions() throws MalformedURLException, GeneralSecurityException {
        ACCEPTABLE_HTTP_RESPONSES.add(200);
        ACCEPTABLE_HTTP_RESPONSES.add(204);
        this.authHeader = new AtomicReference<>();
        GsonBuilder gsonBuilder = new GsonBuilder();
        gsonBuilder.setFieldNamingPolicy(FieldNamingPolicy.IDENTITY);
        gsonBuilder.setDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
        this.jsonParser = gsonBuilder.create();
        this.tokenRenewer = Executors.newSingleThreadExecutor(new ThreadFactoryBuilder().setNameFormat("JWT renewer thread").setDaemon(true).build());
    }

    public void setConf(Configuration configuration) {
        this.conf = configuration;
    }

    public Configuration getConf() {
        return this.conf;
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public void init() throws MalformedURLException, GeneralSecurityException, IOException {
        this.httpConnectionManager = createConnectionManager();
        this.httpClient = HttpClients.custom().setConnectionManager(this.httpConnectionManager).build();
        this.hopsworksHost = new URL(this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_HOST_KEY, "http://127.0.0.1"));
        if (!this.conf.getBoolean("ipc.server.ssl.enabled", false) && this.conf.getBoolean(YarnConfiguration.RM_JWT_ENABLED, YarnConfiguration.DEFAULT_RM_JWT_ENABLED)) {
            initJWT();
        } else if (this.conf.getBoolean("ipc.server.ssl.enabled", false)) {
            initJWT();
            initX509();
        }
    }

    @VisibleForTesting
    protected void setMasterToken(String str) {
        this.masterToken = str;
    }

    @VisibleForTesting
    protected void setMasterTokenExpiration(LocalDateTime localDateTime) {
        this.masterTokenExpiration = localDateTime;
    }

    @VisibleForTesting
    protected void setRenewalTokens(String[] strArr) {
        this.renewalTokens = strArr;
    }

    protected PoolingHttpClientConnectionManager createConnectionManager() throws GeneralSecurityException {
        PoolingHttpClientConnectionManager poolingHttpClientConnectionManager = new PoolingHttpClientConnectionManager();
        poolingHttpClientConnectionManager.setDefaultMaxPerRoute(MAX_CONNECTIONS_PER_ROUTE);
        return poolingHttpClientConnectionManager;
    }

    private void initX509() throws MalformedURLException, GeneralSecurityException {
        this.signEndpoint = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_SIGN_ENDPOINT_KEY, YarnConfiguration.DEFAULT_HOPS_HOPSWORKS_SIGN_ENDPOINT));
        this.revokePath = this.conf.get(YarnConfiguration.HOPS_HOPSWORKS_REVOKE_ENDPOINT_KEY, YarnConfiguration.DEFAULT_HOPS_HOPSWORKS_REVOKE_ENDPOINT);
        if (this.revokePath.startsWith("/")) {
            this.revokePath = "%s" + this.revokePath;
        } else {
            this.revokePath = "%s/" + this.revokePath;
        }
        this.certificateFactory = CertificateFactory.getInstance("X.509", "BC");
        this.x509Configured = true;
    }

    private void initJWT() throws MalformedURLException, GeneralSecurityException {
        this.jwtGeneratePath = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.RM_JWT_GENERATE_PATH, YarnConfiguration.DEFAULT_RM_JWT_GENERATE_PATH));
        String str = this.conf.get(YarnConfiguration.RM_JWT_INVALIDATE_PATH, YarnConfiguration.DEFAULT_RM_JWT_INVALIDATE_PATH);
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        this.jwtInvalidatePath = new URL(this.hopsworksHost, str);
        this.jwtRenewPath = new URL(this.hopsworksHost, this.conf.get(YarnConfiguration.RM_JWT_RENEW_PATH, YarnConfiguration.DEFAULT_RM_JWT_RENEW_PATH));
        this.sslConf = new Configuration(false);
        this.sslConf.addResource(this.conf.get("hadoop.ssl.server.conf", "ssl-server.xml"));
        loadMasterJWT();
        loadRenewalJWTs();
        this.serviceJWTValidityPeriodSeconds = this.conf.getTimeDuration(YarnConfiguration.RM_JWT_MASTER_VALIDITY_PERIOD, YarnConfiguration.DEFAULT_RM_JWT_MASTER_VALIDITY_PERIOD, TimeUnit.SECONDS);
        if (this.serviceJWTValidityPeriodSeconds == 0) {
            this.serviceJWTValidityPeriodSeconds = 30L;
        }
        String str2 = this.conf.get(YarnConfiguration.RM_JWT_SERVICE_RENEW_PATH, YarnConfiguration.DEFAULT_RM_JWT_SERVICE_RENEW_PATH);
        this.serviceJWTRenewPath = new URL(this.hopsworksHost, str2);
        String str3 = this.conf.get(YarnConfiguration.RM_JWT_SERVICE_INVALIDATE_PATH, YarnConfiguration.DEFAULT_RM_JWT_SERVICE_INVALIDATE_PATH);
        if (!str3.endsWith("/")) {
            str3 = str2 + "/";
        }
        this.serviceJWTInvalidatePath = new URL(this.hopsworksHost, str3);
        this.tokenRenewer.execute(new TokenRenewer());
        this.jwtConfigured = true;
    }

    protected void loadMasterJWT() throws GeneralSecurityException {
        this.masterToken = this.sslConf.get(YarnConfiguration.RM_JWT_MASTER_TOKEN);
        if (this.masterToken == null) {
            throw new GeneralSecurityException("Could not parse JWT from configuration");
        }
        this.authHeader.set(createAuthenticationHeader(this.masterToken));
        try {
            this.masterTokenExpiration = date2LocalDateTime(JWTParser.parse(this.masterToken).getJWTClaimsSet().getExpirationTime());
        } catch (ParseException e) {
            throw new GeneralSecurityException("Could not parse master JWT", e);
        }
    }

    protected void loadRenewalJWTs() throws GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            String str = this.sslConf.get(String.format(YarnConfiguration.RM_JWT_RENEW_TOKEN_PATTERN, Integer.valueOf(i)), YarnAPIStorageFactory.DFS_STORAGE_DRIVER_JAR_FILE_DEFAULT);
            if (str.isEmpty()) {
                break;
            }
            arrayList.add(str);
            i++;
        }
        if (arrayList.isEmpty()) {
            throw new GeneralSecurityException("Could not load one-time renewal JWTs");
        }
        this.renewalTokens = (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public void destroy() {
        try {
            this.tokenRenewer.shutdown();
            if (!this.tokenRenewer.awaitTermination(10L, TimeUnit.SECONDS)) {
                this.tokenRenewer.shutdownNow();
            }
        } catch (InterruptedException e) {
            this.tokenRenewer.shutdownNow();
        }
        if (this.httpConnectionManager != null) {
            this.httpConnectionManager.shutdown();
        }
    }

    private void x509NotConfigured(String str) throws GeneralSecurityException {
        notConfigured(str, "X.509");
    }

    private void jwtNotConfigured(String str) throws GeneralSecurityException {
        notConfigured(str, "JWT");
    }

    private void notConfigured(String str, String str2) throws GeneralSecurityException {
        throw new GeneralSecurityException("Called method " + str + " of " + HopsworksRMAppSecurityActions.class.getSimpleName() + " but " + str2 + " is not configured");
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public X509SecurityHandler.CertificateBundle sign(PKCS10CertificationRequest pKCS10CertificationRequest) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.x509Configured) {
            x509NotConfigured("sign");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            String stringifyCSR = stringifyCSR(pKCS10CertificationRequest);
            CSRDTO csrdto = new CSRDTO();
            csrdto.csr = stringifyCSR;
            closeableHttpResponse = post(new StringEntity(this.jsonParser.toJson(csrdto)), this.signEndpoint.toURI(), "Hopsworks CA could not sign CSR");
            CSRDTO csrdto2 = (CSRDTO) this.jsonParser.fromJson(EntityUtils.toString(closeableHttpResponse.getEntity()), CSRDTO.class);
            X509SecurityHandler.CertificateBundle certificateBundle = new X509SecurityHandler.CertificateBundle(parseCertificate(csrdto2.signedCert), parseCertificate(csrdto2.intermediateCaCert));
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            return certificateBundle;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public int revoke(String str) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.x509Configured) {
            x509NotConfigured("revoke");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            closeableHttpResponse = delete(buildUrl(this.revokePath, buildQueryParams(new BasicNameValuePair(REVOKE_CERT_ID_PARAM, str))).toURI(), "Hopsworks CA could not revoke certificate " + str);
            int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            return statusCode;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public String generateJWT(JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.jwtConfigured) {
            jwtNotConfigured("generateJWT");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            Matcher matcher = SUBJECT_USERNAME.matcher(jWTMaterialParameter.getAppUser());
            String group = matcher.matches() ? matcher.group(2) : jWTMaterialParameter.getAppUser();
            JWTDTO jwtdto = new JWTDTO();
            jwtdto.subject = group;
            jwtdto.keyName = jWTMaterialParameter.getApplicationId().toString();
            jwtdto.audiences = String.join(",", jWTMaterialParameter.getAudiences());
            jwtdto.expiresAt = instant2Date(jWTMaterialParameter.getExpirationDate());
            jwtdto.nbf = instant2Date(jWTMaterialParameter.getValidNotBefore());
            jwtdto.renewable = Boolean.valueOf(jWTMaterialParameter.isRenewable());
            jwtdto.expLeeway = Integer.valueOf(jWTMaterialParameter.getExpLeeway());
            closeableHttpResponse = post(new StringEntity(this.jsonParser.toJson(jwtdto)), this.jwtGeneratePath.toURI(), "Hopsworks could not generate JWT for " + jWTMaterialParameter.getAppUser() + "/" + jWTMaterialParameter.getApplicationId().toString());
            String str = ((JWTDTO) this.jsonParser.fromJson(EntityUtils.toString(closeableHttpResponse.getEntity()), JWTDTO.class)).token;
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            return str;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public String renewJWT(JWTSecurityHandler.JWTMaterialParameter jWTMaterialParameter) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.jwtConfigured) {
            jwtNotConfigured("renewJWT");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            JWTDTO jwtdto = new JWTDTO();
            jwtdto.token = jWTMaterialParameter.getToken();
            jwtdto.expiresAt = instant2Date(jWTMaterialParameter.getExpirationDate());
            jwtdto.nbf = instant2Date(jWTMaterialParameter.getValidNotBefore());
            closeableHttpResponse = put(this.jwtRenewPath.toURI(), new StringEntity(this.jsonParser.toJson(jwtdto)), "Could not renew JWT for " + jWTMaterialParameter.getAppUser() + "/" + jWTMaterialParameter.getApplicationId());
            String str = ((JWTDTO) this.jsonParser.fromJson(EntityUtils.toString(closeableHttpResponse.getEntity()), JWTDTO.class)).token;
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            return str;
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.yarn.server.resourcemanager.security.RMAppSecurityActions
    public void invalidateJWT(String str) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.jwtConfigured) {
            jwtNotConfigured("invalidateJWT");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            closeableHttpResponse = delete(new URL(this.jwtInvalidatePath, str).toURI(), "Hopsworks could to invalidate JWT signing key " + str);
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    @VisibleForTesting
    LocalDateTime getMasterTokenExpiration() {
        return this.masterTokenExpiration;
    }

    @InterfaceAudience.Private
    @VisibleForTesting
    protected ServiceTokenDTO renewServiceJWT(String str, String str2, LocalDateTime localDateTime, LocalDateTime localDateTime2) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.jwtConfigured) {
            jwtNotConfigured("renewServiceJWT");
        }
        HttpResponse httpResponse = null;
        try {
            JWTDTO jwtdto = new JWTDTO();
            jwtdto.token = str;
            jwtdto.expiresAt = localDateTime2Date(localDateTime);
            jwtdto.nbf = localDateTime2Date(localDateTime2);
            String json = this.jsonParser.toJson(jwtdto);
            HttpPut httpPut = new HttpPut(this.serviceJWTRenewPath.toURI());
            httpPut.addHeader(createAuthenticationHeader(str2));
            httpPut.setEntity(new StringEntity(json));
            httpPut.addHeader("Content-Type", "application/json");
            httpResponse = this.httpClient.execute(httpPut);
            checkHTTPResponseCode(httpResponse, "Could not make HTTP request to renew service JWT");
            ServiceTokenDTO serviceTokenDTO = (ServiceTokenDTO) this.jsonParser.fromJson(EntityUtils.toString(httpResponse.getEntity()), ServiceTokenDTO.class);
            if (httpResponse != null) {
                httpResponse.close();
            }
            return serviceTokenDTO;
        } catch (Throwable th) {
            if (httpResponse != null) {
                httpResponse.close();
            }
            throw th;
        }
    }

    @InterfaceAudience.Private
    @VisibleForTesting
    protected void invalidateServiceJWT(String str) throws URISyntaxException, IOException, GeneralSecurityException {
        if (!this.jwtConfigured) {
            jwtNotConfigured("invalidateServiceToken");
        }
        CloseableHttpResponse closeableHttpResponse = null;
        try {
            closeableHttpResponse = delete(new URL(this.serviceJWTInvalidatePath, str).toURI(), "Could not invalidate token " + str);
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
        } catch (Throwable th) {
            if (closeableHttpResponse != null) {
                closeableHttpResponse.close();
            }
            throw th;
        }
    }

    private CloseableHttpResponse post(HttpEntity httpEntity, URI uri, String str) throws IOException {
        HttpPost httpPost = new HttpPost(uri);
        addAuthenticationHeader(httpPost);
        httpPost.setEntity(httpEntity);
        httpPost.addHeader("Content-Type", "application/json");
        HttpResponse execute = this.httpClient.execute(httpPost);
        checkHTTPResponseCode(execute, str);
        return execute;
    }

    private CloseableHttpResponse get(URI uri, String str) throws IOException {
        HttpGet httpGet = new HttpGet(uri);
        addAuthenticationHeader(httpGet);
        HttpResponse execute = this.httpClient.execute(httpGet);
        checkHTTPResponseCode(execute, str);
        return execute;
    }

    private CloseableHttpResponse delete(URI uri, String str) throws IOException {
        HttpDelete httpDelete = new HttpDelete(uri);
        addAuthenticationHeader(httpDelete);
        httpDelete.addHeader("Content-Type", "application/json");
        HttpResponse execute = this.httpClient.execute(httpDelete);
        checkHTTPResponseCode(execute, str);
        return execute;
    }

    private CloseableHttpResponse put(URI uri, String str) throws IOException {
        return put(uri, null, str);
    }

    private CloseableHttpResponse put(URI uri, HttpEntity httpEntity, String str) throws IOException {
        HttpPut httpPut = new HttpPut(uri);
        addAuthenticationHeader(httpPut);
        if (httpEntity != null) {
            httpPut.setEntity(httpEntity);
        }
        httpPut.addHeader("Content-Type", "application/json");
        HttpResponse execute = this.httpClient.execute(httpPut);
        checkHTTPResponseCode(execute, str);
        return execute;
    }

    private URL buildUrl(String str, String str2) throws MalformedURLException {
        return new URL(String.format(str, this.hopsworksHost.toString()) + str2);
    }

    private String buildQueryParams(NameValuePair... nameValuePairArr) {
        ArrayList arrayList = new ArrayList();
        for (NameValuePair nameValuePair : nameValuePairArr) {
            if (nameValuePair.getValue() != null) {
                arrayList.add(nameValuePair);
            }
        }
        return URLEncodedUtils.format(arrayList, "UTF-8");
    }

    private X509Certificate parseCertificate(String str) throws IOException, GeneralSecurityException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        Throwable th = null;
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) this.certificateFactory.generateCertificate(byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                return x509Certificate;
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayInputStream != null) {
                if (th != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
            throw th3;
        }
    }

    private void checkHTTPResponseCode(HttpResponse httpResponse, String str) throws IOException {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (!ACCEPTABLE_HTTP_RESPONSES.contains(Integer.valueOf(statusCode))) {
            throw new IOException("HTTP error, response code " + statusCode + " Reason: " + httpResponse.getStatusLine().getReasonPhrase() + " Message: " + str);
        }
    }

    private String stringifyCSR(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            try {
                PemWriter pemWriter = new PemWriter(stringWriter);
                pemWriter.writeObject(new JcaMiscPEMGenerator(pKCS10CertificationRequest).generate());
                pemWriter.flush();
                stringWriter.flush();
                pemWriter.close();
                String stringWriter2 = stringWriter.toString();
                if (stringWriter != null) {
                    if (0 != 0) {
                        try {
                            stringWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        stringWriter.close();
                    }
                }
                return stringWriter2;
            } finally {
            }
        } catch (Throwable th3) {
            if (stringWriter != null) {
                if (th != null) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    stringWriter.close();
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v3, types: [java.time.LocalDateTime] */
    public LocalDateTime date2LocalDateTime(Date date) {
        return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.time.ZonedDateTime] */
    private Date localDateTime2Date(LocalDateTime localDateTime) {
        return Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
    }

    private Date instant2Date(Instant instant) {
        return Date.from(instant);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LocalDateTime now() {
        return LocalDateTime.now();
    }

    @VisibleForTesting
    protected Header createAuthenticationHeader(String str) {
        return new BasicHeader("Authorization", String.format(AUTH_HEADER_CONTENT, str));
    }

    private void addAuthenticationHeader(HttpRequest httpRequest) {
        httpRequest.addHeader(this.authHeader.get());
    }

    protected boolean isTime2Renew(LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        return localDateTime.isAfter(localDateTime2) || localDateTime.isEqual(localDateTime2);
    }
}
