package io.hops.security;

import com.google.common.annotations.VisibleForTesting;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory;
import org.apache.hadoop.security.ssl.SSLFactory;

/* loaded from: input_file:io/hops/security/HopsUtil.class */
public class HopsUtil {
    private static final Log LOG = LogFactory.getLog(HopsUtil.class);
    private static final TrustManager[] trustAll = {new X509TrustManager() { // from class: io.hops.security.HopsUtil.1
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }};
    private static final Pattern CN_PATTERN = Pattern.compile(".*CN=([^,]+).*");
    private static final Pattern O_PATTERN = Pattern.compile(".*O=([^,]+).*");
    private static final Pattern OU_PATTERN = Pattern.compile(".*OU=([^,]+).*");
    private static final Pattern L_PATTERN = Pattern.compile(".*L=([^,]+).*");

    public static String readCryptoMaterialPassword(File file) throws IOException {
        if (file.exists()) {
            return FileUtils.readFileToString(file).trim();
        }
        throw new FileNotFoundException("File containing crypto material password could not be found");
    }

    public static String extractCNFromSubject(String str) {
        Matcher matcher = CN_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }

    public static String extractOFromSubject(String str) {
        Matcher matcher = O_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }

    public static String extractOUFromSubject(String str) {
        Matcher matcher = OU_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }

    public static String extractLFromSubject(String str) {
        Matcher matcher = L_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }

    public static void trustAllHTTPS() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, trustAll, null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: io.hops.security.HopsUtil.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Could not initialize SSLContext for CRL fetcher", e);
        }
    }

    public static void generateContainerSSLServerConfiguration(Configuration configuration) throws IOException {
        generateContainerSSLServerConfiguration(new File(configuration.get(SSLFactory.LOCALIZED_PASSWD_FILE_PATH_KEY, SSLFactory.DEFAULT_LOCALIZED_PASSWD_FILE_PATH)), configuration);
    }

    @VisibleForTesting
    public static void generateContainerSSLServerConfiguration(File file, Configuration configuration) throws IOException {
        if (file.exists()) {
            writeSSLConf(generateSSLServerConf(configuration), configuration, file);
        } else {
            throw new FileNotFoundException("File " + configuration.get(SSLFactory.LOCALIZED_PASSWD_FILE_PATH_KEY, SSLFactory.DEFAULT_LOCALIZED_PASSWD_FILE_PATH) + " does not exist in " + System.getProperty("user.dir"));
        }
    }

    private static Configuration generateSSLServerConf(Configuration configuration) {
        Configuration configuration2 = new Configuration(false);
        Configuration configuration3 = new Configuration(false);
        configuration3.addResource(configuration.get(SSLFactory.SSL_CLIENT_CONF_KEY, "ssl-client.xml"));
        long j = configuration3.getLong(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, FileBasedKeyStoresFactory.SSL_KEYSTORE_RELOAD_INTERVAL_TPL_KEY), 10000L);
        String str = configuration3.get(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, FileBasedKeyStoresFactory.SSL_KEYSTORE_RELOAD_TIMEUNIT_TPL_KEY), FileBasedKeyStoresFactory.DEFAULT_SSL_KEYSTORE_RELOAD_TIMEUNIT);
        long j2 = configuration3.getLong(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), 10000L);
        configuration2.setLong(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_RELOAD_INTERVAL_TPL_KEY), j);
        configuration2.set(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_RELOAD_TIMEUNIT_TPL_KEY), str);
        configuration2.setLong(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), j2);
        return configuration2;
    }

    private static void writeSSLConf(Configuration configuration, Configuration configuration2, File file) throws IOException {
        String str = configuration2.get(SSLFactory.SSL_SERVER_CONF_KEY, "ssl-server.xml");
        FileWriter fileWriter = new FileWriter(file.getParentFile() == null ? str : Paths.get(file.getParentFile().getAbsolutePath(), str).toString(), false);
        Throwable th = null;
        try {
            try {
                configuration.writeXml(fileWriter);
                fileWriter.flush();
                if (fileWriter != null) {
                    if (0 == 0) {
                        fileWriter.close();
                        return;
                    }
                    try {
                        fileWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileWriter != null) {
                if (th != null) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th4;
        }
    }
}
