package org.apache.slider.server.services.security;

import io.hops.hadoop.hive.metastore.api.hive_metastoreConstants;
import java.io.File;
import java.io.IOException;
import java.security.SecureRandom;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.RawLocalFileSystem;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hive.org.apache.commons.io.FileUtils;
import org.apache.hive.org.slf4j.Logger;
import org.apache.hive.org.slf4j.LoggerFactory;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.common.SliderXmlConfKeys;
import org.apache.slider.core.conf.MapOperations;

/* loaded from: input_file:org/apache/slider/server/services/security/SecurityUtils.class */
public class SecurityUtils {
    private static final String PASS_TOKEN = "pass:";
    private static String keystorePass;
    private static String securityDir;
    private static boolean keystoreLocationSpecified;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityUtils.class);
    private static String CA_CONFIG_CONTENTS = "HOME            = .\nRANDFILE        = $ENV::HOME/.rnd\n\n[ ca ]\ndefault_ca             = CA_CLIENT\n[ CA_CLIENT ]\ndir                    = ${SEC_DIR}/db\ncerts                  = $dir/certs\nnew_certs_dir          = $dir/newcerts\n\ndatabase               = $dir/index.txt\nserial                 = $dir/serial\ndefault_days           = 365    \n\ndefault_crl_days       = 7  \ndefault_md             = sha256 \n\npolicy                 = policy_anything \n\n[ policy_anything ]\ncountryName            = optional\nstateOrProvinceName    = optional\nlocalityName           = optional\norganizationName       = optional\norganizationalUnitName = optional\ncommonName             = optional\nemailAddress           = optional\n\n[req]\ndistinguished_name     = req_distinguished_name\n\n[ req_distinguished_name ]\n\n[ jdk7_ca ]\nsubjectKeyIdentifier = hash\nauthorityKeyIdentifier = keyid:always,issuer:always\nbasicConstraints = CA:true\n";
    public static final String UPPER = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    public static final String LOWER = UPPER.toLowerCase();
    public static final String DIGITS = "0123456789";
    public static final String ALPHANUM = UPPER + LOWER + DIGITS;
    public static final char[] ALPHANUM_ARRAY = ALPHANUM.toCharArray();

    public static String randomAlphanumeric(int i) {
        StringBuilder sb = new StringBuilder(i);
        SecureRandom secureRandom = new SecureRandom();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(ALPHANUM_ARRAY[(int) (secureRandom.nextDouble() * ALPHANUM_ARRAY.length)]);
        }
        return sb.toString();
    }

    public static void logOpenSslExitCode(String str, int i) {
        if (i == 0) {
            LOG.info(getOpenSslCommandResult(str, i));
        } else {
            LOG.warn(getOpenSslCommandResult(str, i));
        }
    }

    public static String hideOpenSslPassword(String str) {
        int indexOf = str.indexOf(PASS_TOKEN);
        while (true) {
            int i = indexOf;
            if (i < 0) {
                return str;
            }
            int length = i + PASS_TOKEN.length();
            str = str.replace(str.subSequence(length, str.indexOf(" ", length)), "****");
            indexOf = str.indexOf(PASS_TOKEN, length + 1);
        }
    }

    public static String getOpenSslCommandResult(String str, int i) {
        return "Command " + hideOpenSslPassword(str) + " was finished with exit code: " + i + " - " + getOpenSslExitCodeDescription(i);
    }

    private static String getOpenSslExitCodeDescription(int i) {
        switch (i) {
            case 0:
                return "the operation was completed successfully.";
            case 1:
                return "an error occurred parsing the command options.";
            case 2:
                return "one of the input files could not be read.";
            case 3:
                return "an error occurred creating the PKCS#7 file or when reading the MIME message.";
            case 4:
                return "an error occurred decrypting or verifying the message.";
            case 5:
                return "the message was verified correctly but an error occurred writing out the signers certificates.";
            default:
                return "unsupported code";
        }
    }

    public static void writeCaConfigFile(String str) throws IOException {
        FileUtils.writeStringToFile(new File(str, "ca.config"), CA_CONFIG_CONTENTS.replace("${SEC_DIR}", str));
    }

    public static String getKeystorePass() {
        return keystorePass;
    }

    public static String getSecurityDir() {
        return securityDir;
    }

    public static void initializeSecurityParameters(MapOperations mapOperations) {
        initializeSecurityParameters(mapOperations, false);
    }

    public static void initializeSecurityParameters(MapOperations mapOperations, boolean z) {
        String option = mapOperations.getOption(SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, null);
        if (option == null) {
            option = getDefaultKeystoreLocation();
            keystoreLocationSpecified = false;
        } else {
            keystoreLocationSpecified = true;
        }
        File parentFile = new File(option).getParentFile();
        if (!parentFile.exists()) {
            File file = new File(parentFile, hive_metastoreConstants.META_TABLE_DB);
            File file2 = new File(file, "newcerts");
            file2.mkdirs();
            RawLocalFileSystem rawLocalFileSystem = null;
            try {
                try {
                    rawLocalFileSystem = new RawLocalFileSystem();
                    FsPermission fsPermission = new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE);
                    rawLocalFileSystem.setPermission(new Path(file.getAbsolutePath()), fsPermission);
                    rawLocalFileSystem.setPermission(new Path(file.getAbsolutePath()), fsPermission);
                    rawLocalFileSystem.setPermission(new Path(file2.getAbsolutePath()), fsPermission);
                    new File(file, "index.txt").createNewFile();
                    writeCaConfigFile(parentFile.getAbsolutePath().replace('\\', '/'));
                    if (rawLocalFileSystem != null) {
                        try {
                            rawLocalFileSystem.close();
                        } catch (IOException e) {
                            LOG.warn("Unable to close fileSystem", (Throwable) e);
                        }
                    }
                } catch (IOException e2) {
                    LOG.error("Unable to create SSL configuration directories/files", (Throwable) e2);
                    if (rawLocalFileSystem != null) {
                        try {
                            rawLocalFileSystem.close();
                        } catch (IOException e3) {
                            LOG.warn("Unable to close fileSystem", (Throwable) e3);
                        }
                    }
                }
            } catch (Throwable th) {
                if (rawLocalFileSystem != null) {
                    try {
                        rawLocalFileSystem.close();
                    } catch (IOException e4) {
                        LOG.warn("Unable to close fileSystem", (Throwable) e4);
                    }
                }
                throw th;
            }
        }
        keystorePass = getKeystorePassword(parentFile, z);
        securityDir = parentFile.getAbsolutePath();
    }

    private static String getKeystorePassword(File file, boolean z) {
        File file2 = new File(file, SliderKeys.CRT_PASS_FILE_NAME);
        String str = null;
        if (file2.exists()) {
            LOG.info("Reading password from existing file");
            try {
                str = FileUtils.readFileToString(file2).replaceAll("\\p{Cntrl}", "");
            } catch (IOException e) {
                LOG.error("Error reading password from existing file", (Throwable) e);
            }
        } else {
            LOG.info("Generating keystore password");
            str = randomAlphanumeric(Integer.valueOf(SliderKeys.PASS_LEN).intValue());
            if (z) {
                try {
                    FileUtils.writeStringToFile(file2, str);
                    file2.setWritable(true);
                    file2.setReadable(true);
                } catch (IOException e2) {
                    throw new RuntimeException("Error creating certificate password file", e2);
                }
            }
        }
        return str;
    }

    private static String getDefaultKeystoreLocation() {
        try {
            File file = new File(String.valueOf(FileUtils.getTempDirectory().getAbsolutePath()) + "/sec" + System.currentTimeMillis());
            if (file.mkdirs()) {
                return file.getAbsolutePath() + File.separator + SliderKeys.SECURITY_DIR + File.separator + SliderKeys.KEYSTORE_FILE_NAME;
            }
            throw new IOException("Unable to create temporary security directory");
        } catch (IOException unused) {
            LOG.warn("Unable to create security directory");
            return null;
        }
    }

    public static void cleanupSecurityDir() throws IOException {
        if (keystoreLocationSpecified || securityDir == null) {
            return;
        }
        File parentFile = new File(securityDir).getParentFile();
        LOG.debug("Cleaning up AM created tmp security dir {}", parentFile.getAbsolutePath());
        FileUtils.deleteDirectory(parentFile);
    }
}
