package org.apache.ranger.plugin.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
import org.apache.ranger.authorization.utils.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/plugin/util/RangerSslHelper.class */
public class RangerSslHelper {
    static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
    static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
    static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
    static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
    static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
    static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
    static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
    static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
    static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
    static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
    static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2";
    private String mKeyStoreURL;
    private String mKeyStoreAlias;
    private String mKeyStoreFile;
    private String mKeyStoreType;
    private String mTrustStoreURL;
    private String mTrustStoreAlias;
    private String mTrustStoreFile;
    private String mTrustStoreType;
    final String mSslConfigFileName;
    private static final Logger LOG = LoggerFactory.getLogger(RangerSslHelper.class);
    static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
    static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
    static final HostnameVerifier _Hv = new HostnameVerifier() { // from class: org.apache.ranger.plugin.util.RangerSslHelper.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return sSLSession.getPeerHost().equals(str);
        }
    };

    public RangerSslHelper(String str) {
        this.mSslConfigFileName = str;
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> RangerSslHelper(" + this.mSslConfigFileName + ")");
        }
    }

    public SSLContext createContext() {
        readConfig();
        return getSSLContext(getKeyManagers(), getTrustManagers());
    }

    public HostnameVerifier getHostnameVerifier() {
        return _Hv;
    }

    void readConfig() {
        InputStream inputStream = null;
        try {
            try {
                Configuration configuration = new Configuration();
                inputStream = getFileInputStream(this.mSslConfigFileName);
                if (inputStream != null) {
                    configuration.addResource(inputStream);
                }
                this.mKeyStoreURL = configuration.get("xasecure.policymgr.clientssl.keystore.credential.file");
                this.mKeyStoreAlias = "sslKeyStore";
                this.mKeyStoreType = configuration.get("xasecure.policymgr.clientssl.keystore.type", "jks");
                this.mKeyStoreFile = configuration.get("xasecure.policymgr.clientssl.keystore");
                this.mTrustStoreURL = configuration.get("xasecure.policymgr.clientssl.truststore.credential.file");
                this.mTrustStoreAlias = "sslTrustStore";
                this.mTrustStoreType = configuration.get("xasecure.policymgr.clientssl.truststore.type", "jks");
                this.mTrustStoreFile = configuration.get("xasecure.policymgr.clientssl.truststore");
                if (LOG.isDebugEnabled()) {
                    LOG.debug(toString());
                }
                close(inputStream, this.mSslConfigFileName);
            } catch (IOException e) {
                LOG.error("Unable to load SSL Config FileName: [" + this.mSslConfigFileName + "]", e);
                close(inputStream, this.mSslConfigFileName);
            }
        } catch (Throwable th) {
            close(inputStream, this.mSslConfigFileName);
            throw th;
        }
    }

    private KeyManager[] getKeyManagers() {
        KeyManager[] keyManagerArr = null;
        String credential = getCredential(this.mKeyStoreURL, this.mKeyStoreAlias);
        if (!StringUtil.isEmpty(this.mKeyStoreFile) && !StringUtil.isEmpty(credential)) {
            try {
                try {
                    try {
                        try {
                            try {
                                InputStream fileInputStream = getFileInputStream(this.mKeyStoreFile);
                                if (fileInputStream != null) {
                                    KeyStore keyStore = KeyStore.getInstance(this.mKeyStoreType);
                                    keyStore.load(fileInputStream, credential.toCharArray());
                                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
                                    keyManagerFactory.init(keyStore, credential.toCharArray());
                                    keyManagerArr = keyManagerFactory.getKeyManagers();
                                } else {
                                    LOG.error("Unable to obtain keystore from file [" + this.mKeyStoreFile + "]");
                                }
                                close(fileInputStream, this.mKeyStoreFile);
                            } catch (KeyStoreException e) {
                                LOG.error("Unable to obtain from KeyStore", e);
                                close(null, this.mKeyStoreFile);
                            }
                        } catch (FileNotFoundException e2) {
                            LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e2);
                            close(null, this.mKeyStoreFile);
                        }
                    } catch (IOException e3) {
                        LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e3);
                        close(null, this.mKeyStoreFile);
                    } catch (UnrecoverableKeyException e4) {
                        LOG.error("Unable to recover the key from keystore", e4);
                        close(null, this.mKeyStoreFile);
                    }
                } catch (NoSuchAlgorithmException e5) {
                    LOG.error("SSL algorithm is available in the environment", e5);
                    close(null, this.mKeyStoreFile);
                } catch (CertificateException e6) {
                    LOG.error("Unable to obtain the requested certification ", e6);
                    close(null, this.mKeyStoreFile);
                }
            } catch (Throwable th) {
                close(null, this.mKeyStoreFile);
                throw th;
            }
        }
        return keyManagerArr;
    }

    private TrustManager[] getTrustManagers() {
        TrustManager[] trustManagerArr = null;
        String credential = getCredential(this.mTrustStoreURL, this.mTrustStoreAlias);
        if (!StringUtil.isEmpty(this.mTrustStoreFile) && !StringUtil.isEmpty(credential)) {
            try {
                try {
                    try {
                        try {
                            InputStream fileInputStream = getFileInputStream(this.mTrustStoreFile);
                            if (fileInputStream != null) {
                                KeyStore keyStore = KeyStore.getInstance(this.mTrustStoreType);
                                keyStore.load(fileInputStream, credential.toCharArray());
                                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
                                trustManagerFactory.init(keyStore);
                                trustManagerArr = trustManagerFactory.getTrustManagers();
                            } else {
                                LOG.error("Unable to obtain keystore from file [" + this.mTrustStoreFile + "]");
                            }
                            close(fileInputStream, this.mTrustStoreFile);
                        } catch (FileNotFoundException e) {
                            LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
                            close(null, this.mTrustStoreFile);
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        LOG.error("SSL algorithm is available in the environment", e2);
                        close(null, this.mTrustStoreFile);
                    } catch (CertificateException e3) {
                        LOG.error("Unable to obtain the requested certification ", e3);
                        close(null, this.mTrustStoreFile);
                    }
                } catch (IOException e4) {
                    LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e4);
                    close(null, this.mTrustStoreFile);
                } catch (KeyStoreException e5) {
                    LOG.error("Unable to obtain from KeyStore", e5);
                    close(null, this.mTrustStoreFile);
                }
            } catch (Throwable th) {
                close(null, this.mTrustStoreFile);
                throw th;
            }
        }
        return trustManagerArr;
    }

    private SSLContext getSSLContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        if (trustManagerArr == null) {
            return null;
        }
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
            return sSLContext;
        } catch (NoSuchAlgorithmException e) {
            LOG.error("SSL algorithm is available in the environment", e);
            return null;
        } catch (Exception e2) {
            LOG.error("Unable to initialize the SSLContext", e2);
            return null;
        }
    }

    private String getCredential(String str, String str2) {
        return RangerCredentialProvider.getInstance().getCredentialString(str, str2);
    }

    private InputStream getFileInputStream(String str) throws IOException {
        InputStream inputStream = null;
        if (!StringUtil.isEmpty(str)) {
            File file = new File(str);
            inputStream = file.exists() ? new FileInputStream(file) : ClassLoader.getSystemResourceAsStream(str);
        }
        return inputStream;
    }

    private void close(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.error("Error while closing file: [" + str + "]", e);
            }
        }
    }

    public String toString() {
        return "keyStoreAlias=" + this.mKeyStoreAlias + ", keyStoreFile=" + this.mKeyStoreFile + ", keyStoreType=" + this.mKeyStoreType + ", keyStoreURL=" + this.mKeyStoreURL + ", trustStoreAlias=" + this.mTrustStoreAlias + ", trustStoreFile=" + this.mTrustStoreFile + ", trustStoreType=" + this.mTrustStoreType + ", trustStoreURL=" + this.mTrustStoreURL;
    }
}
