package com.cloudera.keytrustee.util;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/util/HSMKeyProviderConfiguration.class */
public class HSMKeyProviderConfiguration {
    private static final String CONFIG_FILE = "kms-site.xml";
    private static final String KTS_ACLS_XML = "kms-acls.xml";
    private static final String HSMPASSWORD = "cloudera.hsmkp.hsm.password";
    private static final String HSMPASSWORD_ENV = "HSM_PASSWORD";
    private static final String KEYSTORE_PASSWORD = "cloudera.hsmkp.keystore.password";
    private static final String KEYSTORE_PASSWORD_ENV = "KEYSTORE_PASSWORD";
    private static final String HSM_SLOT = "cloudera.hsmkp.hsm.slot";
    private static final String HSM_SLOT_ENV = "HSM_LUNA_SLOT";
    private static final String HSM_THALES_CLIENT_DIR = "cloudera.hsmkp.hsm.thales.client_dir";
    private static final String HSM_THALES_CLIENT_DIR_ENV = "HSM_THALES_CLIENT_DIR";
    private static final String HSM_THALES_DATA_DIR = "cloudera.hsmkp.hsm.thales.kmdata.local";
    private static final String HSM_THALES_DATA_DIR_ENV = "HSM_THALES_KMDATA_LOCAL";
    private static final String HSM_THALES_PROTECT = "cloudera.hsmkp.hsm.thales.protect";
    private static final String HSM_THALES_PROTECT_ENV = "HSM_THALES_PROTECT";
    private static final String HSMPROVIDER = "cloudera.hsmkp.hsm.provider";
    private static final String HSMPROVIDER_ENV = "HSM_PROVIDER";
    private static final String NOHSM = "cloudera.hsmkp.nohsm";
    private static final String NOHSM_ENV = "NOHSM";
    private static final String INITIATEMIGRATION = "cloudera.hsmkp.initiatemigration";
    private static final String INITIATEMIGRATION_ENV = "HSM_INITIATE_MIGRATION";
    private static final String KTKMS_CONFIG_DIR = "cloudera.hsmkp.ktkms.config.dir";
    private static final String KTKMS_CONFIG_DIR_ENV = "HSM_KTKMS_CONFIG_DIR";
    private static final String HSM_USERNAME_ENV = "HSM_USERNAME";
    private static final String HSM_USERNAME = "cloudera.hsmkp.hsm.username";
    private static final String HSM_PASSWORD_CALLBACK_ENV = "HSM_PASSWORD_CALLBACK";
    private static final String HSM_PASSWORD_CALLBACK = "cloudera.hsmkp.hsm.passwordcallback";
    private static final String KEYSTORE_PASSWORD_CALLBACK_ENV = "KEYSTORE_PASSWORD_CALLBACK";
    private static final String KEYSTORE_PASSWORD_CALLBACK = "cloudera.hsmkp.keystore.passwordcallback";
    private static final String CONNECTION_URL = "cloudera.hsmkp.metastore.connectionurl";
    private static final String CONNECTION_URL_ENV = "CONNECTION_URL";
    private static final String CONNECTION_DRIVER = "cloudera.hsmkp.metastore.connectiondriver";
    private static final String CONNECTION_DRIVER_ENV = "CONNECTION_DRIVER";
    private static final String MAPPING = "cloudera.hsmkp.metastore.mapping";
    private static final String DB_PASSWD = "cloudera.hsmkp.metastore.passwordcallback";
    private static final String DB_PASSWD_ENV = "PGPASSWORD";
    private static final String DB_PASSWD_PLAIN = "cloudera.hsmkp.metastore.passwd";
    private static final String DB_USER = "cloudera.hsmkp.metastore.user";
    private static final String DB_PORT = "cloudera.hsmkp.metastore.port";
    private static final String DB_PORT_ENV = "PGPORT";
    private static final String DB_USER_ENV = "PGUSER";
    private static final String MAPPING_ENV = "MAPPING";
    public static final String HSMKP_DATA_DIR = "cloudera.hsmkp.data_dir";
    public static final String HSMKP_DATA_DIR_ENV = "HSMKP_DATA_DIR";
    private static final Logger LOG = LoggerFactory.getLogger(HSMKeyProviderConfiguration.class);
    public static final String HSM_THALES_CLIENT_DIR_DEFAULT = "/opt/nfast";
    public static final String HSM_THALES_RELATIVE_DATA_DIR_DEFAULT = "kmdata/local";
    public static final String HSM_THALES_DATA_DIR_DEFAULT = "/opt/nfast/kmdata/local";
    public static final String HSM_THALES_PROTECT_DEFAULT = "cardset";
    public static final String HSMKP_DATA_DIR_DEFAULT = "/var/lib/hsmkp";
    public static final String CONNECTION_URL_DEFAULT = "jdbc:postgresql://localhost:27606/ckms";
    public static final String CONNECTION_DRIVER_DEFAULT = "org.postgresql.Driver";
    public static final String MAPPING_DEFAULT = "postgresql";
    public static final String DB_USER_DEFAULT = "keytrustee";
    public static final String DB_PASSWORD_DEFAULT = "";
    public static final String DEFAULT_PORT = "27606";
    private static final String MESSAGE_PORT_ENV = "MSG_PORT";
    private static final String DEFAULT_MESSAGE_PORT = "65111";
    private static final String MESSAGE_PORT = "cloudera.hsmkp.message.port";
    public static final String ACL_CONFIG_PREFIX = "keytrustee.kms.";
    private Environment env;
    private Configuration conf;
    private URI[] uris;
    private DepositGroupConfiguration depositGroupConfiguration;
    private TLSConfiguration tlsConfiguration;

    static Configuration getConfiguration(boolean z, String... strArr) {
        Configuration configuration = new Configuration(z);
        String property = System.getProperty("kms.config.dir");
        if (LOG.isDebugEnabled()) {
            LOG.debug("Will load the properties from the directory " + property);
        }
        if (property != null) {
            try {
                if (!property.startsWith("/")) {
                    throw new RuntimeException("System property 'kms.config.dir' must be an absolute path: " + property);
                }
                if (!property.endsWith("/")) {
                    property = property + "/";
                }
                for (String str : strArr) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Loading from file : " + str);
                    }
                    configuration.addResource(new URL("file://" + property + str));
                    System.err.println(property);
                }
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        } else {
            for (String str2 : strArr) {
                configuration.addResource(str2);
            }
        }
        return configuration;
    }

    private static Configuration getHSMConfigs() {
        return getConfiguration(true, CONFIG_FILE);
    }

    public static Configuration getACLsConf() {
        return getConfiguration(false, KTS_ACLS_XML);
    }

    public HSMKeyProviderConfiguration(Environment environment, URI uri, Configuration configuration) {
        if (null == environment) {
            this.env = new Environment();
        } else {
            this.env = environment;
        }
        Preconditions.checkNotNull(configuration, "Null configuration passed to constructor.");
        this.conf = new Configuration(configuration);
        this.conf.addResource(getHSMConfigs());
        this.depositGroupConfiguration = new DepositGroupConfiguration(environment, configuration);
        this.tlsConfiguration = new TLSConfiguration(environment, configuration);
        this.uris = null;
        if (null != uri) {
            try {
                this.uris = splitUri(uri);
            } catch (URISyntaxException e) {
                LOG.error("Could not split URI [{}]", uri, e);
            }
        }
    }

    public URI[] getSpecifiedProviderURIs() {
        return this.uris;
    }

    public DepositGroupConfiguration getDepositGroupConfiguration() {
        return this.depositGroupConfiguration;
    }

    public TLSConfiguration getTlsConfiguration() {
        return this.tlsConfiguration;
    }

    public String getHSMProvider() {
        return Value(this.conf, this.env, HSMPROVIDER_ENV, HSMPROVIDER);
    }

    public static String Value(Configuration configuration, Environment environment, String str, String str2) {
        return environment.containsKey(str) ? environment.get(str) : configuration.get(str2);
    }

    public int getSlot() {
        try {
            return Integer.parseInt(Value(this.conf, this.env, HSM_SLOT_ENV, HSM_SLOT));
        } catch (NumberFormatException e) {
            LOG.warn("Slot number incorrect.", e);
            throw e;
        }
    }

    public String getUsername() {
        return Value(this.conf, this.env, HSM_USERNAME_ENV, HSM_USERNAME);
    }

    public String getThalesClientDir() {
        String Value = Value(this.conf, this.env, HSM_THALES_CLIENT_DIR_ENV, HSM_THALES_CLIENT_DIR);
        if (Value == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No Thales Client Dir set. Will use default : /opt/nfast");
            }
            Value = HSM_THALES_CLIENT_DIR_DEFAULT;
        }
        return Value;
    }

    public String getThalesDataDir() {
        String Value = Value(this.conf, this.env, HSM_THALES_DATA_DIR_ENV, HSM_THALES_DATA_DIR);
        if (Value == null) {
            String thalesClientDir = getThalesClientDir();
            if (null != thalesClientDir) {
                LOG.debug("No Thales Data Dir set. Will use default relative to Client Dir : " + (thalesClientDir + "/" + HSM_THALES_RELATIVE_DATA_DIR_DEFAULT));
            } else {
                LOG.debug("No Thales Data Dir set. Will use default : " + HSM_THALES_DATA_DIR_DEFAULT);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("No Thales Data Dir set. Will use default : /opt/nfast/kmdata/local");
            }
            Value = HSM_THALES_DATA_DIR_DEFAULT;
        }
        return Value;
    }

    public String getLocalDataDir() {
        String Value = Value(this.conf, this.env, HSMKP_DATA_DIR_ENV, HSMKP_DATA_DIR);
        if (Value == null) {
            Value = HSMKP_DATA_DIR_DEFAULT;
            LOG.debug("No local HSMKP Data Dir set. Will use default : /var/lib/hsmkp");
        }
        return Value;
    }

    public String getThalesProtectProperty() {
        String Value = Value(this.conf, this.env, HSM_THALES_PROTECT_ENV, HSM_THALES_PROTECT);
        if (Value == null) {
            LOG.debug("No Thales protect property set. Will use default : cardset");
            Value = HSM_THALES_PROTECT_DEFAULT;
        }
        return Value;
    }

    public String getHSMPassword() {
        if (null == Value(this.conf, this.env, HSM_PASSWORD_CALLBACK_ENV, HSM_PASSWORD_CALLBACK)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No callback. Will use the password if available.");
            }
            return Value(this.conf, this.env, HSMPASSWORD_ENV, HSMPASSWORD);
        }
        String str = null;
        try {
            str = new String(this.conf.getPassword(HSM_PASSWORD_CALLBACK));
        } catch (IOException e) {
            e.printStackTrace();
        }
        return str;
    }

    public String getPassword() {
        if (null == Value(this.conf, this.env, KEYSTORE_PASSWORD_CALLBACK_ENV, KEYSTORE_PASSWORD_CALLBACK)) {
            LOG.debug("No callback. Will use the password if available.");
            return Value(this.conf, this.env, KEYSTORE_PASSWORD_ENV, KEYSTORE_PASSWORD);
        }
        String str = null;
        try {
            str = new String(this.conf.getPassword(KEYSTORE_PASSWORD_CALLBACK));
        } catch (IOException e) {
            e.printStackTrace();
        }
        if (str == DB_PASSWORD_DEFAULT) {
            LOG.warn("Keystore password has been set to blank. This is a problem!");
        }
        return str;
    }

    public String getConnectionURL() {
        String Value = Value(this.conf, this.env, CONNECTION_URL_ENV, CONNECTION_URL);
        String Value2 = Value(this.conf, this.env, DB_PORT_ENV, DB_PORT);
        if (Value2 == null) {
            Value2 = DEFAULT_PORT;
        }
        if (Value != null) {
            return Value;
        }
        LOG.debug("No Connection URL set. Will use default {}.", CONNECTION_URL_DEFAULT);
        if (Value2.equalsIgnoreCase(DEFAULT_PORT)) {
            LOG.debug("No port set. Will use default connection URL.");
            return CONNECTION_URL_DEFAULT;
        }
        String replace = CONNECTION_URL_DEFAULT.replace(DEFAULT_PORT, Value2);
        LOG.debug("Port has been set. Will use {} as connection URL.", replace);
        return replace;
    }

    public String getConnectionDriverName() {
        String Value = Value(this.conf, this.env, CONNECTION_DRIVER_ENV, CONNECTION_DRIVER);
        if (Value != null) {
            return Value;
        }
        if (!LOG.isDebugEnabled()) {
            return CONNECTION_DRIVER_DEFAULT;
        }
        LOG.debug("No Connection Driver set. Will use default : org.postgresql.Driver");
        return CONNECTION_DRIVER_DEFAULT;
    }

    public boolean isNoHSM() {
        return Boolean.parseBoolean(Value(this.conf, this.env, NOHSM_ENV, NOHSM));
    }

    public boolean isInitiateMigration() {
        return Boolean.parseBoolean(Value(this.conf, this.env, INITIATEMIGRATION_ENV, INITIATEMIGRATION));
    }

    public String getKTKMSDataDir() {
        return StringUtils.trimToEmpty(Value(this.conf, this.env, KTKMS_CONFIG_DIR_ENV, KTKMS_CONFIG_DIR));
    }

    public String getMapping() {
        String Value = Value(this.conf, this.env, MAPPING_ENV, MAPPING);
        if (Value != null) {
            return Value;
        }
        if (!LOG.isDebugEnabled()) {
            return MAPPING_DEFAULT;
        }
        LOG.debug("No Mapping set. Will use default : postgresql");
        return MAPPING_DEFAULT;
    }

    public String getDBUser() {
        String Value = Value(this.conf, this.env, DB_USER_ENV, DB_USER);
        if (Value == null) {
            if (!LOG.isDebugEnabled()) {
                return DB_USER_DEFAULT;
            }
            LOG.debug("No user set. Will use default : keytrustee");
            return DB_USER_DEFAULT;
        }
        if (Value.length() > 16) {
            LOG.warn("Detected what appears to be CM-generated db username [{}]", Value);
            Value = Value.substring(0, 16).toLowerCase().replaceAll("[^A-Za-z]", DB_PASSWORD_DEFAULT);
            LOG.warn("Converted CM-generated db username to [{}].", Value);
        }
        return Value;
    }

    public String getDBPassword() {
        String Value = Value(this.conf, this.env, DB_PASSWD_ENV, DB_PASSWD);
        if (null == Value) {
            LOG.debug("No callback. Will use password if present.");
            String Value2 = Value(this.conf, this.env, DB_PASSWD_ENV, DB_PASSWD_PLAIN);
            if (null == Value2) {
                Value2 = DB_PASSWORD_DEFAULT;
            }
            return Value2;
        }
        try {
            Value = new String(this.conf.getPassword(DB_PASSWD));
            if (null == Value || Value.isEmpty()) {
                LOG.warn("Database password is empty. This makes your databasevulnerable.");
            }
            return Value;
        } catch (IOException e) {
            e.printStackTrace();
            LOG.debug("Returning default password for DB.");
            return Value;
        }
    }

    public int getMessagePort() {
        String Value = Value(this.conf, this.env, MESSAGE_PORT_ENV, "cloudera.hsmkp.message.port");
        LOG.debug("Message Port is set to {}.", Value);
        if (null == Value) {
            Value = DEFAULT_MESSAGE_PORT;
        }
        int parseInt = Integer.parseInt(Value);
        LOG.debug("Using {} as message port.", Integer.valueOf(parseInt));
        return parseInt;
    }

    private static URI[] splitUri(URI uri) throws URISyntaxException {
        String[] split = uri.toString().split(",");
        URI[] uriArr = new URI[split.length];
        for (int i = 0; i < split.length; i++) {
            uriArr[i] = new URI(split[i]);
        }
        return uriArr;
    }
}
