package com.huawei.bigdata.om.web.api.controller;

import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.controller.api.common.certificate.CertResponse;
import com.huawei.bigdata.om.controller.api.common.data.State;
import com.huawei.bigdata.om.controller.api.extern.monitor.script.ScriptExecutionResult;
import com.huawei.bigdata.om.controller.api.extern.monitor.script.ScriptExecutorFactory;
import com.huawei.bigdata.om.northbound.snmp.constdefinition.ConstDefinition;
import com.huawei.bigdata.om.web.api.exception.InternalServerException;
import com.huawei.bigdata.om.web.api.exception.InvalidParameterException;
import com.huawei.bigdata.om.web.api.model.cert.APICertificate;
import com.huawei.bigdata.om.web.api.service.CertResourceService;
import com.huawei.bigdata.om.web.api.service.ClusterResourceService;
import com.huawei.bigdata.om.web.api.util.APIContextUtil;
import com.huawei.bigdata.om.web.util.ApplicationConfiguration;
import com.huawei.bigdata.om.web.util.WebUtils;
import io.swagger.annotations.ApiParam;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.multipart.MultipartFile;

@RestController
/* loaded from: input_file:com/huawei/bigdata/om/web/api/controller/CertController.class */
public class CertController implements ICertController {
    private static final int CERT_MAX_SIZE = 10485760;
    private static final String DEFAULT_CONTROLLER_URL = "http://localhost:20008";
    private static final String CERTIFICATE_SUFFIX = ".tar";
    private static final String CA_CERT_TYPE = "ca";
    private static final String SSO_CERT_TYPE = "sso";
    private static final int SCRIPT_EXECUTION_DEFAULT_VALUE = 900000;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private CertResourceService certResourceService;

    @Autowired
    private ClusterResourceService clusterService;
    private static final String CONFIG_FILE_DIR = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + "/webapps/web/WEB-INF/classes/config/";
    private static final String CA_CERT_PATH = System.getenv("CONTROLLER_HOME") + "/security/cert/root/ca.crt";
    private static final String SSO_CERT_PATH = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + "/conf/security/sso.crt";
    private static final String SSO_TMP_CERT_PATH = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + "/conf/security/sso_tmp.crt";
    private static final String SCRIPT_LANUCHER = System.getenv("CONTROLLER_HOME") + "/sbin/scriptLauncher.sh";
    private static final String SSO_CERT_IMPORT_SHELL = System.getenv("CONTROLLER_HOME") + "/security/cert/conf/importssocert.sh";
    private static final Logger LOG = LoggerFactory.getLogger(CertController.class);

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void importCaCertificate(@RequestParam("file") @ApiParam(value = "证书文件包", required = true) MultipartFile multipartFile) {
        ResponseEntity exchange;
        LOG.info("Inter import certifcate.");
        if (null == multipartFile) {
            LOG.error("Import certificate failed,paramater is null.");
            throw new InvalidParameterException("23-4000001", "RESID_OM_API_CERT_0001");
        }
        LOG.info("start to import certificate file [{}].", StringHelper.replaceBlank(multipartFile.getOriginalFilename()));
        if (multipartFile.getSize() > 10485760) {
            LOG.error("Input file to large[{}].", Long.valueOf(multipartFile.getSize()));
            throw new InvalidParameterException("23-4000002", "RESID_OM_API_CERT_0002");
        }
        if (!StringUtils.endsWith(multipartFile.getOriginalFilename(), CERTIFICATE_SUFFIX)) {
            LOG.error("Input file name is invalid.");
            throw new InvalidParameterException("23-4000003", "RESID_OM_API_CERT_0003");
        }
        try {
            byte[] bytes = multipartFile.getBytes();
            String property = new AnnotationConfigApplicationContext(new Class[]{ApplicationConfiguration.class}).getEnvironment().getProperty(WebUtils.CONTROLLER_URL);
            if (StringUtils.isEmpty(property)) {
                property = DEFAULT_CONTROLLER_URL;
            }
            LOG.info("Controller url is {}.", property);
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setContentType(MediaType.APPLICATION_XML);
            HttpEntity httpEntity = new HttpEntity(bytes, httpHeaders);
            StringBuilder sb = new StringBuilder(property);
            sb.append("/certificate/importCertificate");
            try {
                LOG.info("Url is {}.", StringHelper.replaceBlank(sb.toString()));
                exchange = this.restTemplate.exchange(sb.toString(), HttpMethod.POST, httpEntity, CertResponse.class, new Object[0]);
            } catch (Exception e) {
                LOG.error("ControllerClient importCertificate error, catch exception.");
                try {
                    exchange = this.restTemplate.exchange(sb.toString(), HttpMethod.POST, httpEntity, CertResponse.class, new Object[0]);
                } catch (Exception e2) {
                    LOG.error("ControllerClient importCertificate error, catch exception again.");
                    throw new InternalServerException("23-5000002", "RESID_OM_API_CERT_0005");
                }
            }
            if (null == exchange || null == exchange.getBody()) {
                LOG.error("ControllerClient importCertificate error,controllerResponse return null");
                throw new InternalServerException("23-5000002", "RESID_OM_API_CERT_0005");
            }
            CertResponse certResponse = (CertResponse) exchange.getBody();
            if (State.COMPLETE.equals(certResponse.getSate())) {
                LOG.info("Finished to import certificate file.");
            } else {
                LOG.error("Import certificate file error");
                this.certResourceService.handleErrorCode(certResponse);
            }
        } catch (IOException e3) {
            LOG.error("File getBytes error.");
            throw new InternalServerException("23-5000001", "RESID_OM_API_CERT_0004");
        }
    }

    @ResponseStatus(HttpStatus.NO_CONTENT)
    public void restartWeb() {
        this.clusterService.operationAuthentication();
        APIContextUtil.getWebClient().restartOMSTomcat();
    }

    public APICertificate getCertificate(@PathVariable("certificate_type") @ApiParam(value = "证书类型", required = true) String str) {
        FileInputStream fileInputStream;
        APICertificate aPICertificate = new APICertificate();
        aPICertificate.setCertFormat("crt");
        FileInputStream fileInputStream2 = null;
        try {
            try {
                if (str.equals(CA_CERT_TYPE)) {
                    fileInputStream = new FileInputStream(CA_CERT_PATH);
                    aPICertificate.setDependType("Sign");
                } else {
                    if (!str.equals(SSO_CERT_TYPE)) {
                        LOG.error("Import certificate file error");
                        throw new InvalidParameterException("23-4000004", "RESID_OM_API_CERT_0018");
                    }
                    fileInputStream = new FileInputStream(SSO_CERT_PATH);
                    aPICertificate.setDependType("SSL");
                }
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(fileInputStream);
                aPICertificate.setNotBefore(x509Certificate.getNotBefore().toString());
                aPICertificate.setNotAfter(x509Certificate.getNotAfter().toString());
                aPICertificate.setSubjectName(x509Certificate.getSubjectDN().toString());
                aPICertificate.setStrExtentions("");
                aPICertificate.setKeyAlgorithm(x509Certificate.getSigAlgName());
                aPICertificate.setKeySize(2048);
                aPICertificate.setDescription("");
                aPICertificate.setDependServiceName("");
                aPICertificate.setDependCertName("");
                aPICertificate.setDependCertFormat("");
                if (null != fileInputStream) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        LOG.error("close cert file stream failed.");
                    }
                }
                return aPICertificate;
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        fileInputStream2.close();
                    } catch (IOException e2) {
                        LOG.error("close cert file stream failed.");
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            LOG.error("{} cert is not existed.", str);
            throw new InternalServerException("23-5000001", "RESID_OM_API_CERT_0004");
        } catch (CertificateException e4) {
            LOG.error("certificateException {}.", e4);
            throw new InternalServerException("23-5000001", "RESID_OM_API_CERT_0004");
        }
    }

    public void importSsoCertificate(@RequestParam("file") @ApiParam(value = "证书文件", required = true) MultipartFile multipartFile) {
        LOG.info("Inter import sso certifcate.");
        if (null == multipartFile) {
            LOG.error("Import sso cert failed ,paramater is null.");
            throw new InvalidParameterException("23-4000001", "RESID_OM_API_CERT_0001");
        }
        LOG.info("start to import sso certificate file [{}].", StringHelper.replaceBlank(multipartFile.getOriginalFilename()));
        if (multipartFile.getSize() > 10485760) {
            LOG.error("Input file to large[{}].", Long.valueOf(multipartFile.getSize()));
            throw new InvalidParameterException("23-4000002", "RESID_OM_API_CERT_0002");
        }
        try {
            byte[] bytes = multipartFile.getBytes();
            File file = new File(SSO_TMP_CERT_PATH);
            if (file.exists() && !file.delete()) {
                LOG.error("Faile to delte {}.", file.getName());
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(bytes);
            fileOutputStream.flush();
            fileOutputStream.close();
            String[] strArr = {SCRIPT_LANUCHER, "sh ", SSO_CERT_IMPORT_SHELL, SSO_TMP_CERT_PATH};
            ScriptExecutionResult executeLocalShell = ScriptExecutorFactory.getHandler().executeLocalShell(strArr, SCRIPT_EXECUTION_DEFAULT_VALUE, (Map) null, false);
            LOG.info("sso cert import shell command: {}", StringHelper.replaceBlank(Arrays.toString(strArr)));
            if (executeLocalShell.getExitCode() != 0) {
                LOG.error("Failed to check import cert files: key file and cert file not match.");
                throw new InternalServerException("23-5000001", "RESID_OM_API_CERT_0004");
            }
        } catch (IOException e) {
            LOG.error("File getBytes error.");
            throw new InternalServerException("23-5000001", "RESID_OM_API_CERT_0004");
        }
    }
}
