package org.apache.hadoop.hdds.security.x509.certificate.utils;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.io.Writer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/utils/CertificateCodec.class */
public class CertificateCodec {
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERT = "-----END CERTIFICATE-----";
    public static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
    private static final Logger LOG = LoggerFactory.getLogger(CertificateCodec.class);
    private static final JcaX509CertificateConverter CERTIFICATE_CONVERTER = new JcaX509CertificateConverter();
    private final SecurityConfig securityConfig;
    private final Path location;
    private final Set<PosixFilePermission> permissionSet;

    public CertificateCodec(SecurityConfig securityConfig, String str) {
        this.permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());
        this.securityConfig = securityConfig;
        this.location = this.securityConfig.getCertificateLocation(str);
    }

    public CertificateCodec(SecurityConfig securityConfig, Path path) {
        this.permissionSet = (Set) Stream.of((Object[]) new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE}).collect(Collectors.toSet());
        this.securityConfig = securityConfig;
        this.location = path;
    }

    public static X509Certificate getX509Certificate(X509CertificateHolder x509CertificateHolder) throws CertificateException {
        return CERTIFICATE_CONVERTER.getCertificate(x509CertificateHolder);
    }

    public static String getPEMEncodedString(CertPath certPath) throws SCMSecurityException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        ArrayList arrayList = new ArrayList(certificates.size());
        Iterator<? extends Certificate> it = certificates.iterator();
        while (it.hasNext()) {
            arrayList.add(getPEMEncodedString((X509Certificate) it.next()));
        }
        return StringUtils.join(arrayList, "\n");
    }

    public static String getPEMEncodedString(X509CertificateHolder x509CertificateHolder) throws SCMSecurityException {
        try {
            return getPEMEncodedString(getX509Certificate(x509CertificateHolder));
        } catch (CertificateException e) {
            throw new SCMSecurityException(e);
        }
    }

    public static <OUT extends OutputStream> OUT writePEMEncoded(X509Certificate x509Certificate, OUT out) throws IOException {
        writePEMEncoded(x509Certificate, new OutputStreamWriter(out, DEFAULT_CHARSET));
        return out;
    }

    public static <W extends Writer> W writePEMEncoded(X509Certificate x509Certificate, W w) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(w);
        Throwable th = null;
        try {
            try {
                jcaPEMWriter.writeObject(x509Certificate);
                if (jcaPEMWriter != null) {
                    if (0 != 0) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                return w;
            } finally {
            }
        } catch (Throwable th3) {
            if (jcaPEMWriter != null) {
                if (th != null) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    jcaPEMWriter.close();
                }
            }
            throw th3;
        }
    }

    public static String getPEMEncodedString(X509Certificate x509Certificate) throws SCMSecurityException {
        try {
            return ((StringWriter) writePEMEncoded(x509Certificate, new StringWriter())).toString();
        } catch (IOException e) {
            LOG.error("Error in encoding certificate." + x509Certificate.getSubjectDN().toString(), e);
            throw new SCMSecurityException("PEM Encoding failed for certificate." + x509Certificate.getSubjectDN().toString(), e, SCMSecurityException.ErrorCode.PEM_ENCODE_FAILED);
        }
    }

    public static X509Certificate getX509Certificate(String str) throws CertificateException {
        return getX509Certificate(str, Function.identity());
    }

    public static <E extends Exception> X509Certificate getX509Certificate(String str, Function<CertificateException, E> function) throws Exception {
        return readX509Certificate(new ByteArrayInputStream(str.getBytes(DEFAULT_CHARSET)), function);
    }

    private static <E extends Exception> X509Certificate readX509Certificate(InputStream inputStream, Function<CertificateException, E> function) throws Exception {
        try {
            return (X509Certificate) getCertFactory().engineGenerateCertificate(inputStream);
        } catch (CertificateException e) {
            throw function.apply(e);
        }
    }

    public static X509Certificate readX509Certificate(InputStream inputStream) throws IOException {
        return readX509Certificate(inputStream, CertificateCodec::toIOException);
    }

    public static IOException toIOException(CertificateException certificateException) {
        return new IOException("Failed to engineGenerateCertificate", certificateException);
    }

    public static X509Certificate firstCertificateFrom(CertPath certPath) {
        return (X509Certificate) certPath.getCertificates().get(0);
    }

    public static CertificateFactory getCertFactory() {
        return new CertificateFactory();
    }

    public Path getLocation() {
        return this.location;
    }

    public void writeCertificate(X509CertificateHolder x509CertificateHolder) throws SCMSecurityException, IOException {
        writeCertificate(this.location.toAbsolutePath(), this.securityConfig.getCertificateFileName(), getPEMEncodedString(x509CertificateHolder));
    }

    public void writeCertificate(X509CertificateHolder x509CertificateHolder, String str) throws IOException {
        writeCertificate(this.location.toAbsolutePath(), str, getPEMEncodedString(x509CertificateHolder));
    }

    public void writeCertificate(String str, String str2) throws IOException {
        writeCertificate(this.location.toAbsolutePath(), str, str2);
    }

    public synchronized void writeCertificate(Path path, String str, String str2) throws IOException {
        checkBasePathDirectory(path);
        File file = Paths.get(path.toString(), str).toFile();
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            try {
                fileOutputStream.write(str2.getBytes(DEFAULT_CHARSET));
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                LOG.info("Save certificate to {}", file.getAbsolutePath());
                LOG.info("Certificate {}", str2);
                Files.setPosixFilePermissions(file.toPath(), this.permissionSet);
            } finally {
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    public static CertPath getCertPathFromPemEncodedString(String str) throws CertificateException {
        return generateCertPathFromInputStream(new ByteArrayInputStream(str.getBytes(DEFAULT_CHARSET)));
    }

    private CertPath getCertPath(Path path, String str) throws IOException, CertificateException {
        checkBasePathDirectory(path.toAbsolutePath());
        File file = Paths.get(path.toAbsolutePath().toString(), str).toFile();
        if (!file.exists()) {
            throw new IOException("Unable to find the requested certificate file. Path: " + file);
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                CertPath generateCertPathFromInputStream = generateCertPathFromInputStream(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return generateCertPathFromInputStream;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public CertPath getCertPath(String str) throws IOException, CertificateException {
        return getCertPath(this.location, str);
    }

    public CertPath getCertPath() throws CertificateException, IOException {
        return getCertPath(this.securityConfig.getCertificateFileName());
    }

    public static X509CertificateHolder getCertificateHolder(X509Certificate x509Certificate) throws CertificateEncodingException, IOException {
        return new X509CertificateHolder(x509Certificate.getEncoded());
    }

    public CertPath prependCertToCertPath(X509CertificateHolder x509CertificateHolder, CertPath certPath) throws CertificateException {
        List<? extends Certificate> certificates = certPath.getCertificates();
        ArrayList arrayList = new ArrayList();
        arrayList.add(getX509Certificate(x509CertificateHolder));
        Iterator<? extends Certificate> it = certificates.iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) it.next());
        }
        return getCertFactory().engineGenerateCertPath(arrayList);
    }

    public X509CertificateHolder getTargetCertHolder(Path path, String str) throws CertificateException, IOException {
        return getCertificateHolder(firstCertificateFrom(getCertPath(path, str)));
    }

    public X509CertificateHolder getTargetCertHolder() throws CertificateException, IOException {
        return getTargetCertHolder(this.location, this.securityConfig.getCertificateFileName());
    }

    private static CertPath generateCertPathFromInputStream(InputStream inputStream) throws CertificateException {
        return getCertFactory().engineGenerateCertPath(inputStream, "PEM");
    }

    private void checkBasePathDirectory(Path path) throws IOException {
        if (path.toFile().exists() || path.toFile().mkdirs()) {
            return;
        }
        LOG.error("Unable to create file path. Path: {}", path);
        throw new IOException("Creation of the directories failed." + path);
    }
}
