package org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.util;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import org.apache.commons.io.FileUtils;
import org.apache.flink.shaded.zookeeper3.io.netty.channel.internal.ChannelUtils;
import org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.common.ZKConfig;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/flink/shaded/zookeeper3/org/apache/zookeeper/util/CertificateUtils.class */
public final class CertificateUtils {
    private static final String SHA256WithRSA = "SHA256WithRSA";
    private static final String EMPTY_STRING = "";
    private static PrivateKey privateKey;
    private static PublicKey publicKey;
    private static volatile Cipher encryptCipher;
    private static volatile Cipher decryptCipher;
    private static Signature signSignature;
    private static Signature verifySignature;
    static final String CSP_CERT_PATH_ENV = "CSP_NEW_INNER_CERT_PATH";
    static final String CERT_SWITCH_ON = "1";
    private static final String TRUST_JKS_FILE = "/trust.jks";
    private static final String CERT_CONTENT_NULL = "null";
    private static final String CERT_SWITCH_ENV_KEY = "CERT_SWITCH";
    private static final String CERT_SWITCH_PROP_KEY = "CERT_SWITCH_FOR_JSF";
    private static final int CERT_SWITCH_RESULT_ON = 1;
    private static final int CERT_SWITCH_RESULT_OFF = 0;
    private static final String CERT_SWITCH_PROP_OFF = "0";
    private static final String INNER_CERT_MODE_ENV_KEY = "INNER_CERT_MODE";
    private static final String INNER_CERT_MODE_ENV_ON = "1";
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateUtils.class);
    private static Object encryptCipherObj = new Object();
    private static Object decryptCipherObj = new Object();
    private static volatile BouncyCastleProvider bouncyCastleProvider = null;
    private static final Object OBJ = new Object();
    private static final Provider PROVIDER = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);

    private CertificateUtils() {
    }

    public static void initOrUpdateCert() {
        boolean useCspCertSSLPath = useCspCertSSLPath();
        String certpath = getCertpath(useCspCertSSLPath);
        String path = Paths.get(certpath, "p12.cert").toString();
        try {
            char[] pwd = getPwd(certpath, useCspCertSSLPath);
            KeyStore createKeyStore = createKeyStore(path, "PKCS12", pwd);
            Enumeration<String> aliases = createKeyStore.aliases();
            String str = null;
            if (aliases.hasMoreElements()) {
                str = aliases.nextElement();
                LOGGER.info("get key alias is {}", str);
            }
            privateKey = (PrivateKey) createKeyStore.getKey(str, pwd);
            publicKey = createKeyStore.getCertificate(str).getPublicKey();
            signSignature = Signature.getInstance(SHA256WithRSA, BouncyCastleProvider.PROVIDER_NAME);
            signSignature.initSign(privateKey);
            verifySignature = Signature.getInstance(SHA256WithRSA, BouncyCastleProvider.PROVIDER_NAME);
            verifySignature.initVerify(publicKey);
            LOGGER.info("load privateKey and publicKey success");
        } catch (Exception e) {
            LOGGER.error("load certificate failed", e);
        }
    }

    private static char[] getPwd(String str, boolean z) throws ClassNotFoundException, InstantiationException, IllegalAccessException, NoSuchMethodException, InvocationTargetException {
        String stringFromEnv = getStringFromEnv("INNER_TLS_ENABLE");
        String stringFromEnv2 = getStringFromEnv("INNER_TLS_PRIVATE_KEY_PWD");
        String property = System.getProperty(ZKConfig.CLASS_FOR_NAME_JSSP);
        LOGGER.info("get cipher method jssp name is {}", property);
        Class<?> cls = Class.forName(property);
        Object newInstance = cls.newInstance();
        char[] cArr = null;
        if (!"true".equals(stringFromEnv) || "".equals(stringFromEnv2)) {
            File file = Paths.get(str, "pwd").toFile();
            Method declaredMethod = cls.getDeclaredMethod("decrypt", String.class);
            declaredMethod.setAccessible(true);
            String str2 = (String) declaredMethod.invoke(newInstance, readString(file));
            cArr = str2 != null ? str2.toCharArray() : null;
        } else {
            if (!z) {
                return stringFromEnv2.toCharArray();
            }
            String readString = readString(new File(System.getenv(CSP_CERT_PATH_ENV) + "/internal/pwd"));
            String str3 = System.getenv(CSP_CERT_PATH_ENV) + "/common";
            byte[] bArr = null;
            byte[] bArr2 = null;
            try {
                try {
                    bArr = readKeyFile(new File(str3 + "/common1"));
                    bArr2 = readKeyFile(new File(str3 + "/common2"));
                    Method declaredMethod2 = cls.getDeclaredMethod("decryptWithMaterials", String.class, byte[].class, byte[].class);
                    declaredMethod2.setAccessible(true);
                    String str4 = (String) declaredMethod2.invoke(newInstance, readString, bArr, bArr2);
                    if (!isEmpty(str4)) {
                        char[] charArray = str4.toCharArray();
                        clearArray(bArr);
                        clearArray(bArr2);
                        return charArray;
                    }
                    clearArray(bArr);
                    clearArray(bArr2);
                } catch (Exception e) {
                    LOGGER.error("decrypt failed!", e);
                    clearArray(bArr);
                    clearArray(bArr2);
                }
            } catch (Throwable th) {
                clearArray(bArr);
                clearArray(bArr2);
                throw th;
            }
        }
        return cArr;
    }

    private static String getCertpath(boolean z) {
        return z ? getStringFromEnv(CSP_CERT_PATH_ENV) + "/internal/" : getStringFromEnv("SSLPATH");
    }

    public static synchronized byte[] encryptByPublicKey(byte[] bArr) {
        try {
            if (null == publicKey) {
                return new byte[0];
            }
            if (encryptCipher == null) {
                synchronized (encryptCipherObj) {
                    if (encryptCipher == null) {
                        encryptCipher = Cipher.getInstance(publicKey.getAlgorithm(), BouncyCastleProvider.PROVIDER_NAME);
                        encryptCipher.init(1, publicKey);
                    }
                }
            }
            return encryptCipher.doFinal(bArr);
        } catch (Exception e) {
            LOGGER.error("encrypt by public key failed", e);
            return new byte[0];
        }
    }

    public static synchronized byte[] decryptByPrivateKey(byte[] bArr) {
        try {
            if (null == privateKey) {
                return new byte[0];
            }
            if (decryptCipher == null) {
                synchronized (decryptCipherObj) {
                    if (decryptCipher == null) {
                        decryptCipher = Cipher.getInstance(privateKey.getAlgorithm(), BouncyCastleProvider.PROVIDER_NAME);
                        decryptCipher.init(2, privateKey);
                    }
                }
            }
            return decryptCipher.doFinal(bArr);
        } catch (Exception e) {
            LOGGER.error("decrypt by private key failed", e);
            return new byte[0];
        }
    }

    public static byte[] sign(byte[] bArr) {
        try {
            signSignature.update(bArr);
            return signSignature.sign();
        } catch (SignatureException e) {
            LOGGER.error("sign failed ", e);
            return new byte[0];
        }
    }

    public static synchronized boolean verifySign(byte[] bArr, String str) {
        return true;
    }

    public static byte[] getEncodeAuthInfo(String str) {
        byte[] encryptByPublicKey = encryptByPublicKey(str.getBytes(StandardCharsets.UTF_8));
        if (encryptByPublicKey.length == 0) {
            return new byte[0];
        }
        byte[] sign = sign(encryptByPublicKey);
        byte[] encode = Base64.getEncoder().encode(encryptByPublicKey);
        byte[] encode2 = Base64.getEncoder().encode(sign);
        byte[] bArr = new byte[encode.length + encode2.length + 1];
        System.arraycopy(encode, 0, bArr, 0, encode.length);
        System.arraycopy(encode2, 0, bArr, encode.length + 1, encode2.length);
        return bArr;
    }

    private static ByteArrayOutputStream writeToStream(Cipher cipher, int i, byte[] bArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th = null;
            try {
                try {
                    int length = bArr.length;
                    int i2 = 0;
                    int i3 = 0;
                    while (length - i2 > 0) {
                        byte[] doFinal = length - i2 > i ? cipher.doFinal(bArr, i2, i) : cipher.doFinal(bArr, i2, length - i2);
                        byteArrayOutputStream.write(doFinal, 0, doFinal.length);
                        i3++;
                        i2 = i3 * i;
                    }
                    if (byteArrayOutputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    return byteArrayOutputStream;
                } finally {
                }
            } finally {
            }
        } catch (IOException | BadPaddingException | IllegalBlockSizeException e) {
            LOGGER.error("write data failed", e);
            return new ByteArrayOutputStream();
        }
    }

    public static String getSecurityFilePath(File file) {
        if (file == null) {
            return "";
        }
        boolean z = false;
        boolean z2 = false;
        try {
            z = FileUtils.isSymlink(file);
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            z2 = true;
        }
        if (z || z2) {
            return file.getAbsolutePath();
        }
        try {
            return file.getCanonicalPath();
        } catch (IOException e2) {
            LOGGER.error(e2.getMessage(), e2);
            return "";
        }
    }

    public static KeyStore createKeyStore(String str, String str2, char[] cArr) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException {
        KeyStore keyStore;
        FileInputStream fileInputStream = null;
        try {
            if ("PKCS12".equals(str2)) {
                addBouncyCastleProvider();
                keyStore = KeyStore.getInstance(str2, BouncyCastleProvider.PROVIDER_NAME);
            } else {
                keyStore = KeyStore.getInstance(str2);
            }
            fileInputStream = new FileInputStream(str);
            keyStore.load(fileInputStream, cArr);
            KeyStore keyStore2 = keyStore;
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
            return keyStore2;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e2) {
                }
            }
            throw th;
        }
    }

    private static void addBouncyCastleProvider() {
        if (bouncyCastleProvider == null) {
            synchronized (OBJ) {
                if (bouncyCastleProvider == null) {
                    bouncyCastleProvider = new BouncyCastleProvider();
                }
            }
        }
        if (PROVIDER == null) {
            Security.addProvider(bouncyCastleProvider);
        }
    }

    public static byte[] readKeyFile(File file) throws Exception {
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        byte[] bArr = new byte[1048577];
        try {
            try {
                FileInputStream fileInputStream2 = new FileInputStream(file);
                BufferedInputStream bufferedInputStream2 = new BufferedInputStream(fileInputStream2);
                int read = bufferedInputStream2.read(bArr, 0, bArr.length);
                if (read <= 0) {
                    throw new Exception("key file is not valid.");
                }
                byte[] bArr2 = new byte[read];
                System.arraycopy(bArr, 0, bArr2, 0, read);
                bufferedInputStream2.close();
                fileInputStream2.close();
                clearArray(bArr);
                return bArr2;
            } catch (IOException e) {
                throw new Exception("read key file failed.");
            }
        } catch (Throwable th) {
            bufferedInputStream.close();
            fileInputStream.close();
            clearArray(bArr);
            throw th;
        }
    }

    public static int getCertSwitch() {
        if (!"1".equals(getStringFromEnv(INNER_CERT_MODE_ENV_KEY))) {
            return 0;
        }
        String stringFromEnv = getStringFromEnv(CSP_CERT_PATH_ENV);
        if (isEmpty(stringFromEnv)) {
            LOGGER.info("CSPCERTSSLPATH is not exist, get CertSwitch result is {}", 0);
            return 0;
        }
        String readFile = readFile(stringFromEnv + "/internal/certswitch");
        if (isEmpty(readFile)) {
            int i = "1".equals(getStringFromEnv(CERT_SWITCH_ENV_KEY)) ? 1 : 0;
            LOGGER.info("certswitch file is not exist or content is empty, get CertSwitch result is {}", Integer.valueOf(i));
            return i;
        }
        int i2 = "1".equalsIgnoreCase(readFile) ? 1 : 0;
        LOGGER.info("get CertSwitch result is {}", Integer.valueOf(i2));
        return i2;
    }

    public static boolean useCspCertSSLPath() {
        if (!"1".equals(getStringFromEnv(INNER_CERT_MODE_ENV_KEY))) {
            return false;
        }
        if (CERT_SWITCH_PROP_OFF.equals(System.getProperty(CERT_SWITCH_PROP_KEY))) {
            LOGGER.info("CERT_SWITCH_FOR_JSF is 0, do not use cspCertSslPath");
            return false;
        }
        if (getCertSwitch() == 0) {
            LOGGER.info("cert switch is off, do not use cspCertSslPath");
            return false;
        }
        String readFile = readFile(getStringFromEnv(CSP_CERT_PATH_ENV) + "/internal/" + TRUST_JKS_FILE);
        if (isEmpty(readFile) || CERT_CONTENT_NULL.equalsIgnoreCase(readFile)) {
            LOGGER.info("TrustJks file is not exist, or content is null, , do not use cspCertSslPath");
            return false;
        }
        LOGGER.info("use cspCertSslPath");
        return true;
    }

    public static String readFile(String str) {
        StringBuffer stringBuffer = new StringBuffer(ChannelUtils.MAX_BYTES_PER_GATHERING_WRITE_ATTEMPTED_LOW_THRESHOLD);
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(str));
            Throwable th = null;
            try {
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = bufferedInputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    }
                    stringBuffer.append(new String(bArr, 0, read, Charset.forName("UTF-8")));
                }
                if (!"".equals(stringBuffer.toString())) {
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    return stringBuffer.toString();
                }
                LOGGER.error("The contents of file is empty!");
                if (bufferedInputStream != null) {
                    if (0 != 0) {
                        try {
                            bufferedInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedInputStream.close();
                    }
                }
                return null;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.error("Failed to read configfile!", e);
            return null;
        }
        LOGGER.error("Failed to read configfile!", e);
        return null;
    }

    public static boolean isEmpty(CharSequence charSequence) {
        return charSequence == null || charSequence.length() == 0;
    }

    private static String getStringFromEnv(String str) {
        String str2;
        return (null == str || (str2 = System.getenv(str)) == null) ? "" : str2;
    }

    public static void clearArray(byte[] bArr) {
        if (bArr != null) {
            Arrays.fill(bArr, (byte) 0);
        }
    }

    public static String readString(File file) {
        try {
            return FileUtils.readFileToString(new File(getSecurityFilePath(file)), StandardCharsets.UTF_8);
        } catch (IOException e) {
            LOGGER.error("Read file error: ", e);
            return "";
        }
    }

    static {
        initOrUpdateCert();
    }
}
