package org.apache.hadoop.security.ssl;

import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.contract.AbstractFSContractTestBase;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.test.GenericTestUtils;
import org.bouncycastle.x509.X509V1CertificateGenerator;

/* loaded from: input_file:org/apache/hadoop/security/ssl/KeyStoreTestUtil.class */
public class KeyStoreTestUtil {
    public static String getClasspathDir(Class cls) throws Exception {
        String str = cls.getName().replace('.', '/') + ".class";
        String path = Thread.currentThread().getContextClassLoader().getResource(str).toURI().getPath();
        return path.substring(0, (path.length() - str.length()) - 1);
    }

    public static X509Certificate generateCertificate(String str, KeyPair keyPair, int i, String str2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
        Date date = new Date();
        Date date2 = new Date(date.getTime() + (i * 86400000));
        BigInteger bigInteger = new BigInteger(64, new SecureRandom());
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        X500Principal x500Principal = new X500Principal(str);
        x509V1CertificateGenerator.setSerialNumber(bigInteger);
        x509V1CertificateGenerator.setIssuerDN(x500Principal);
        x509V1CertificateGenerator.setNotBefore(date);
        x509V1CertificateGenerator.setNotAfter(date2);
        x509V1CertificateGenerator.setSubjectDN(x500Principal);
        x509V1CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V1CertificateGenerator.setSignatureAlgorithm(str2);
        return x509V1CertificateGenerator.generate(keyPair.getPrivate());
    }

    public static KeyPair generateKeyPair(String str) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(AbstractFSContractTestBase.TEST_FILE_LEN);
        return keyPairGenerator.genKeyPair();
    }

    private static KeyStore createEmptyKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        return keyStore;
    }

    private static void saveKeyStore(KeyStore keyStore, String str, String str2) throws GeneralSecurityException, IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        try {
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    public static void createKeyStore(String str, String str2, String str3, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str3, key, str2.toCharArray(), new Certificate[]{certificate});
        saveKeyStore(createEmptyKeyStore, str, str2);
    }

    public static void createKeyStore(String str, String str2, String str3, String str4, Key key, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setKeyEntry(str4, key, str3.toCharArray(), new Certificate[]{certificate});
        saveKeyStore(createEmptyKeyStore, str, str2);
    }

    public static void createTrustStore(String str, String str2, String str3, Certificate certificate) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        createEmptyKeyStore.setCertificateEntry(str3, certificate);
        saveKeyStore(createEmptyKeyStore, str, str2);
    }

    public static <T extends Certificate> void createTrustStore(String str, String str2, Map<String, T> map) throws GeneralSecurityException, IOException {
        KeyStore createEmptyKeyStore = createEmptyKeyStore();
        for (Map.Entry<String, T> entry : map.entrySet()) {
            createEmptyKeyStore.setCertificateEntry(entry.getKey(), entry.getValue());
        }
        saveKeyStore(createEmptyKeyStore, str, str2);
    }

    public static void cleanupSSLConfig(String str, String str2) throws Exception {
        new File(str + "/clientKS.jks").delete();
        new File(str + "/serverKS.jks").delete();
        new File(str + "/trustKS.jks").delete();
        new File(str2 + "/ssl-client.xml").delete();
        new File(str2 + "/ssl-server.xml").delete();
    }

    public static void setupSSLConfig(String str, String str2, Configuration configuration, boolean z) throws Exception {
        setupSSLConfig(str, str2, configuration, z, true);
    }

    public static void setupSSLConfig(String str, String str2, Configuration configuration, boolean z, boolean z2) throws Exception {
        setupSSLConfig(str, str2, configuration, z, true, "");
    }

    public static void setupSSLConfig(String str, String str2, Configuration configuration, boolean z, boolean z2, String str3) throws Exception {
        String str4 = str + "/clientKS.jks";
        String str5 = str + "/serverKS.jks";
        String str6 = null;
        File file = new File(str2 + "/ssl-client.xml");
        File file2 = new File(str2 + "/ssl-server.xml");
        HashMap hashMap = new HashMap();
        if (z) {
            KeyPair generateKeyPair = generateKeyPair("RSA");
            X509Certificate generateCertificate = generateCertificate("CN=localhost, O=client", generateKeyPair, 30, "SHA1withRSA");
            createKeyStore(str4, "clientP", "client", generateKeyPair.getPrivate(), generateCertificate);
            hashMap.put("client", generateCertificate);
        }
        KeyPair generateKeyPair2 = generateKeyPair("RSA");
        X509Certificate generateCertificate2 = generateCertificate("CN=localhost, O=server", generateKeyPair2, 30, "SHA1withRSA");
        createKeyStore(str5, "serverP", "server", generateKeyPair2.getPrivate(), generateCertificate2);
        hashMap.put("server", generateCertificate2);
        if (z2) {
            str6 = str + "/trustKS.jks";
            createTrustStore(str6, "trustP", hashMap);
        }
        Configuration createClientSSLConfig = createClientSSLConfig(str4, "clientP", "clientP", str6, str3);
        Configuration createServerSSLConfig = createServerSSLConfig(str5, "serverP", "serverP", str6, str3);
        saveConfig(file, createClientSSLConfig);
        saveConfig(file2, createServerSSLConfig);
        configuration.set("hadoop.ssl.hostname.verifier", "ALLOW_ALL");
        configuration.set("hadoop.ssl.client.conf", file.getName());
        configuration.set("hadoop.ssl.server.conf", file2.getName());
        configuration.setBoolean("hadoop.ssl.require.client.cert", z);
    }

    public static Configuration createClientSSLConfig(String str, String str2, String str3, String str4) {
        return createSSLConfig(SSLFactory.Mode.CLIENT, str, str2, str3, str4, "");
    }

    public static Configuration createClientSSLConfig(String str, String str2, String str3, String str4, String str5) {
        return createSSLConfig(SSLFactory.Mode.CLIENT, str, str2, str3, str4, str5);
    }

    public static Configuration createServerSSLConfig(String str, String str2, String str3, String str4) throws IOException {
        return createSSLConfig(SSLFactory.Mode.SERVER, str, str2, str3, str4, "");
    }

    public static Configuration createServerSSLConfig(String str, String str2, String str3, String str4, String str5) throws IOException {
        return createSSLConfig(SSLFactory.Mode.SERVER, str, str2, str3, str4, str5);
    }

    private static Configuration createSSLConfig(SSLFactory.Mode mode, String str, String str2, String str3, String str4, String str5) {
        Configuration configuration = new Configuration(false);
        if (str != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.location"), str);
        }
        if (str2 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.password"), str2);
        }
        if (str3 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.keystore.keypassword"), str3);
        }
        if (str4 != null) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.location"), str4);
        }
        if ("trustP" != 0) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.password"), "trustP");
        }
        if (null != str5 && !str5.isEmpty()) {
            configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.exclude.cipher.list"), str5);
        }
        configuration.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, "ssl.{0}.truststore.reload.interval"), "1000");
        return configuration;
    }

    public static void saveConfig(File file, Configuration configuration) throws IOException {
        FileWriter fileWriter = new FileWriter(file);
        try {
            configuration.writeXml(fileWriter);
            fileWriter.close();
        } catch (Throwable th) {
            fileWriter.close();
            throw th;
        }
    }

    public static void provisionPasswordsToCredentialProvider() throws Exception {
        File testDir = GenericTestUtils.getTestDir();
        Configuration configuration = new Configuration();
        String str = "jceks://file" + new Path(testDir.toString(), "test.jks").toUri();
        new File(testDir, "test.jks").delete();
        configuration.set("hadoop.security.credential.provider.path", str);
        CredentialProvider credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(configuration).get(0);
        char[] cArr = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        try {
            credentialProvider.createCredentialEntry(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, "ssl.{0}.keystore.password"), new char[]{'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'});
            credentialProvider.createCredentialEntry(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, "ssl.{0}.keystore.keypassword"), cArr);
            credentialProvider.flush();
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }
}
