package org.apache.slider.server.services.security;

import com.google.inject.Singleton;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.text.MessageFormat;
import org.apache.commons.io.FileUtils;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.core.conf.MapOperations;
import org.apache.slider.core.exceptions.SliderException;
import org.apache.slider.server.services.security.SecurityStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/apache/slider/server/services/security/CertificateManager.class */
public class CertificateManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateManager.class);
    private static final String GEN_SRVR_KEY = "openssl genrsa -des3 -passout pass:{0} -out {1}" + File.separator + "{2} 4096 ";
    private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} -new -key {1}" + File.separator + "{2} -out {1}" + File.separator + "{5} -config {1}" + File.separator + "ca.config -subj {6} -batch";
    private static final String SIGN_SRVR_CRT = "openssl ca -create_serial -out {1}" + File.separator + "{3} -days 365 -keyfile {1}" + File.separator + "{2} -key {0} -selfsign -extensions jdk7_ca -config {1}" + File.separator + "ca.config -batch -infiles {1}" + File.separator + "{5}";
    private static final String EXPRT_KSTR = "openssl pkcs12 -export -in {2}" + File.separator + "{4} -inkey {2}" + File.separator + "{3} -certfile {2}" + File.separator + "{4} -out {2}" + File.separator + "{5} -password pass:{1} -passin pass:{0} \n";
    private static final String REVOKE_AGENT_CRT = "openssl ca -config {0}" + File.separator + "ca.config -keyfile {0}" + File.separator + "{4} -revoke {0}" + File.separator + "{2} -batch -passin pass:{3} -cert {0}" + File.separator + "{5}";
    private static final String SIGN_AGENT_CRT = "openssl ca -config {0}" + File.separator + "ca.config -in {0}" + File.separator + "{1} -out {0}" + File.separator + "{2} -batch -passin pass:{3} -keyfile {0}" + File.separator + "{4} -cert {0}" + File.separator + "{5}";
    private static final String GEN_AGENT_KEY = "openssl req -new -newkey rsa:1024 -nodes -keyout {0}" + File.separator + "{2}.key -subj {1} -out {0}" + File.separator + "{2}.csr -config {3}" + File.separator + "ca.config ";
    private String passphrase;
    private String applicationName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/slider/server/services/security/CertificateManager$StreamConsumer.class */
    public class StreamConsumer extends Thread {
        InputStream is;
        boolean logOutput;

        StreamConsumer(InputStream inputStream, boolean z) {
            this.is = inputStream;
            this.logOutput = z;
        }

        StreamConsumer(CertificateManager certificateManager, InputStream inputStream) {
            this(inputStream, false);
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.is, Charset.forName("UTF8")));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        return;
                    }
                    if (this.logOutput) {
                        CertificateManager.LOG.info(readLine);
                    }
                }
            } catch (IOException e) {
                CertificateManager.LOG.error("Error during processing of process stream", (Throwable) e);
            }
        }
    }

    public void initialize(MapOperations mapOperations) throws SliderException {
        String str;
        try {
            str = InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException unused) {
            str = "localhost";
        }
        initialize(mapOperations, str, null, null);
    }

    public void initialize(MapOperations mapOperations, String str, String str2, String str3) throws SliderException {
        SecurityUtils.initializeSecurityParameters(mapOperations);
        LOG.info("Initialization of root certificate");
        boolean isCertExists = isCertExists();
        LOG.info("Certificate exists:" + isCertExists);
        this.applicationName = str3;
        if (isCertExists) {
            return;
        }
        generateAMKeystore(str, str2);
    }

    private boolean isCertExists() {
        String securityDir = SecurityUtils.getSecurityDir();
        File file = new File(String.valueOf(securityDir) + File.separator + SliderKeys.CRT_FILE_NAME);
        LOG.debug("srvrKstrDir = " + securityDir);
        LOG.debug("srvrCrtName = " + SliderKeys.CRT_FILE_NAME);
        LOG.debug("certFile = " + file.getAbsolutePath());
        return file.exists();
    }

    public void setPassphrase(String str) {
        this.passphrase = str;
    }

    private int runCommand(String str) throws SliderException {
        int i = -1;
        BufferedReader bufferedReader = null;
        try {
            try {
                Process exec = Runtime.getRuntime().exec(str);
                StreamConsumer streamConsumer = new StreamConsumer(exec.getInputStream(), true);
                StreamConsumer streamConsumer2 = new StreamConsumer(exec.getErrorStream(), true);
                streamConsumer.start();
                streamConsumer2.start();
                try {
                    exec.waitFor();
                    SecurityUtils.logOpenSslExitCode(str, exec.exitValue());
                    i = exec.exitValue();
                    if (i != 0) {
                        throw new SliderException(i, "Error running command %s", str);
                    }
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        e2.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            e4.printStackTrace();
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e5) {
                    e5.printStackTrace();
                }
            }
        }
        return i;
    }

    public synchronized void generateContainerCertificate(String str, String str2) {
        LOG.info("Generation of certificate for {}", str);
        try {
            runCommand(MessageFormat.format(GEN_AGENT_KEY, SecurityUtils.getSecurityDir(), getSubjectDN(str, str2, this.applicationName), str2, SecurityUtils.getSecurityDir()));
            signAgentCertificate(str2);
        } catch (SliderException e) {
            LOG.error("Error generating the agent certificate", (Throwable) e);
        }
    }

    public synchronized SecurityStore generateContainerKeystore(String str, String str2, String str3, String str4) throws SliderException {
        LOG.info("Generation of container keystore for container {} on {}", str2, str);
        generateContainerCertificate(str, str2);
        String keystorePass = SecurityUtils.getKeystorePass();
        String securityDir = SecurityUtils.getSecurityDir();
        String str5 = String.valueOf(str2) + ".crt";
        String str6 = String.valueOf(str2) + ".key";
        String keystoreFileName = getKeystoreFileName(str2, str3);
        runCommand(MessageFormat.format(EXPRT_KSTR, keystorePass, str4, securityDir, str6, str5, keystoreFileName));
        return new SecurityStore(new File(securityDir, keystoreFileName), SecurityStore.StoreType.keystore);
    }

    private static String getKeystoreFileName(String str, String str2) {
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 != null ? str2 : "";
        return String.format("keystore-%s-%s.p12", objArr);
    }

    private void generateAMKeystore(String str, String str2) throws SliderException {
        LOG.info("Generation of server certificate");
        String securityDir = SecurityUtils.getSecurityDir();
        String keystorePass = SecurityUtils.getKeystorePass();
        Object[] objArr = {keystorePass, securityDir, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME, SliderKeys.KEYSTORE_FILE_NAME, SliderKeys.CSR_FILE_NAME, getSubjectDN(str, str2, this.applicationName)};
        runCommand(MessageFormat.format(GEN_SRVR_KEY, objArr));
        runCommand(MessageFormat.format(GEN_SRVR_REQ, objArr));
        runCommand(MessageFormat.format(SIGN_SRVR_CRT, objArr));
        runCommand(MessageFormat.format(EXPRT_KSTR, keystorePass, keystorePass, securityDir, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME, SliderKeys.KEYSTORE_FILE_NAME, SliderKeys.CSR_FILE_NAME));
    }

    public SecurityStore generateContainerTruststore(String str, String str2, String str3) throws SliderException {
        String securityDir = SecurityUtils.getSecurityDir();
        String truststoreFileName = getTruststoreFileName(str2, str);
        runCommand(MessageFormat.format(EXPRT_KSTR, SecurityUtils.getKeystorePass(), str3, securityDir, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME, truststoreFileName, SliderKeys.CSR_FILE_NAME));
        return new SecurityStore(new File(securityDir, truststoreFileName), SecurityStore.StoreType.truststore);
    }

    private static String getTruststoreFileName(String str, String str2) {
        Object[] objArr = new Object[2];
        objArr[0] = str2;
        objArr[1] = str != null ? str : "";
        return String.format("truststore-%s-%s.p12", objArr);
    }

    public String getServerCert() {
        String str = null;
        try {
            str = FileUtils.readFileToString(getServerCertficateFilePath());
        } catch (IOException e) {
            LOG.error(e.getMessage());
        }
        return str;
    }

    public static File getServerCertficateFilePath() {
        return new File(String.format("%s%s%s", SecurityUtils.getSecurityDir(), File.separator, SliderKeys.CRT_FILE_NAME));
    }

    public static File getAgentCertficateFilePath(String str) {
        return new File(String.format("%s%s%s.crt", SecurityUtils.getSecurityDir(), File.separator, str));
    }

    public static File getContainerKeystoreFilePath(String str, String str2) {
        return new File(SecurityUtils.getSecurityDir(), getKeystoreFileName(str, str2));
    }

    public static File getContainerTruststoreFilePath(String str, String str2) {
        return new File(SecurityUtils.getSecurityDir(), getTruststoreFileName(str, str2));
    }

    public static File getAgentKeyFilePath(String str) {
        return new File(String.format("%s%s%s.key", SecurityUtils.getSecurityDir(), File.separator, str));
    }

    public synchronized SignCertResponse signAgentCrt(String str, String str2, String str3) {
        SignCertResponse signCertResponse = new SignCertResponse();
        LOG.info("Signing of agent certificate");
        LOG.info("Verifying passphrase");
        if (!this.passphrase.equals(str3.trim())) {
            LOG.warn("Incorrect passphrase from the agent");
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage("Incorrect passphrase from the agent");
            return signCertResponse;
        }
        String securityDir = SecurityUtils.getSecurityDir();
        String keystorePass = SecurityUtils.getKeystorePass();
        String str4 = String.valueOf(str) + ".csr";
        String str5 = String.valueOf(str) + ".crt";
        Object[] objArr = {securityDir, str4, str5, keystorePass, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME};
        File file = new File(String.valueOf(securityDir) + File.separator + str5);
        if (file.exists()) {
            LOG.info("Revoking of " + str + " certificate.");
            String format = MessageFormat.format(REVOKE_AGENT_CRT, objArr);
            try {
                runCommand(format);
            } catch (SliderException e) {
                int exitCode = e.getExitCode();
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage(SecurityUtils.getOpenSslCommandResult(format, exitCode));
                return signCertResponse;
            }
        }
        try {
            FileUtils.writeStringToFile(new File(String.valueOf(securityDir) + File.separator + str4), str2);
        } catch (IOException e2) {
            e2.printStackTrace();
        }
        String format2 = MessageFormat.format(SIGN_AGENT_CRT, objArr);
        LOG.debug(SecurityUtils.hideOpenSslPassword(format2));
        try {
            runCommand(format2);
            try {
                String readFileToString = FileUtils.readFileToString(file);
                signCertResponse.setResult(SignCertResponse.OK_STATUS);
                signCertResponse.setSignedCa(readFileToString);
                return signCertResponse;
            } catch (IOException e3) {
                e3.printStackTrace();
                LOG.error("Error reading signed agent certificate");
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage("Error reading signed agent certificate");
                return signCertResponse;
            }
        } catch (SliderException e4) {
            int exitCode2 = e4.getExitCode();
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage(SecurityUtils.getOpenSslCommandResult(format2, exitCode2));
            return signCertResponse;
        }
    }

    private String signAgentCertificate(String str) throws SliderException {
        String securityDir = SecurityUtils.getSecurityDir();
        String keystorePass = SecurityUtils.getKeystorePass();
        String str2 = String.valueOf(str) + ".csr";
        String str3 = String.valueOf(str) + ".crt";
        if (!new File(securityDir, SliderKeys.CRT_FILE_NAME).exists()) {
            throw new SliderException("CA certificate not generated");
        }
        Object[] objArr = {securityDir, str2, str3, keystorePass, SliderKeys.KEY_FILE_NAME, SliderKeys.CRT_FILE_NAME};
        if (new File(String.valueOf(securityDir) + File.separator + str3).exists()) {
            LOG.info("Revoking of " + str + " certificate.");
            runCommand(MessageFormat.format(REVOKE_AGENT_CRT, objArr));
        }
        String format = MessageFormat.format(SIGN_AGENT_CRT, objArr);
        LOG.debug(SecurityUtils.hideOpenSslPassword(format));
        runCommand(format);
        return str3;
    }

    private String getSubjectDN(String str, String str2, String str3) {
        Object[] objArr = new Object[3];
        objArr[0] = str;
        objArr[1] = str2 != null ? "/OU=" + str2 : "";
        objArr[2] = str3 != null ? "/OU=" + str3 : "";
        return String.format("/CN=%s%s%s", objArr);
    }
}
