package com.cloudera.keytrustee.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jboss.netty.channel.ChannelPipeline;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.channel.Channels;
import org.jboss.netty.handler.ssl.SslHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/util/SelfTrustingSSLChannelPipelineFactory.class */
public class SelfTrustingSSLChannelPipelineFactory implements ChannelPipelineFactory {
    public static final String sslVersionDefault = "TLSv1.2";
    public static final String KEYSTORE_TYPE = "jks";
    private static Logger LOG = LoggerFactory.getLogger(SelfTrustingSSLChannelPipelineFactory.class);
    private HSMKeyProviderConfiguration hsmkpConfig;
    private SecureRandom secureRandom;
    private String commonName;
    private String hostname;
    private String orgUnitName = "Eng";
    private String orgName = "Cloudera";
    private String city = "Austin";
    private String state = "TX";
    private String country = "US";
    private long validity = 3650;
    private InetAddress inetAddress;
    private String certKeyStoreFile;
    private String certKeyStorePassword;
    private String certKeyStoreKeyPassword;
    private String certTrustStoreFile;
    private String sslVersion;

    public SelfTrustingSSLChannelPipelineFactory(TLSConfiguration tLSConfiguration) throws IOException {
        this.commonName = null;
        this.hostname = null;
        this.inetAddress = null;
        this.secureRandom = tLSConfiguration.getSecureRandom();
        try {
            this.inetAddress = InetAddress.getLocalHost();
            this.certKeyStoreFile = tLSConfiguration.getTLSKeyStoreFile();
            this.certKeyStorePassword = tLSConfiguration.getTLSKeyStorePassword();
            this.certKeyStoreKeyPassword = tLSConfiguration.getTLSKeyStoreKeyPassword();
            this.certTrustStoreFile = tLSConfiguration.getTLSTrustStoreFile();
            this.sslVersion = tLSConfiguration.getSSLVersion();
            this.hostname = this.inetAddress.getCanonicalHostName();
            LOG.debug("Canonical hostname for SSLChannelPipelineFactory is : " + this.hostname);
            this.commonName = "cn=" + this.hostname;
            LOG.debug("Common name for SSLChannelPipelineFactory is : " + this.commonName);
        } catch (UnknownHostException e) {
            LOG.error("Could not resolve localhost to prepare SSLChannelPipelineFactory.");
            throw new IOException("Could not resolve localhost to prepare SSLChannelPipelineFactory.");
        }
    }

    private SSLContext createServerSSLContext() {
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            File file = new File(this.certKeyStoreFile);
            if (file.exists()) {
                LOG.info("Using server keystore found at [" + this.certKeyStoreFile + "].");
                keyStore.load(new FileInputStream(file), this.certKeyStorePassword.toCharArray());
            } else {
                LOG.warn("No server keystore found at [" + this.certKeyStoreFile + "]. Generating self-signed certificate and keystore at this location to use.");
                keyStore.load(null, null);
                X509Certificate[] x509CertificateArr = new X509Certificate[1];
                keyStore.setKeyEntry("self", generateSelfSignedCertUsingBC(x509CertificateArr), this.certKeyStorePassword.toCharArray(), x509CertificateArr);
                keyStore.store(new FileOutputStream(file), this.certKeyStorePassword.toCharArray());
            }
            TrustManager[] trustManagerArr = null;
            KeyStore keyStore2 = KeyStore.getInstance("jks");
            File file2 = new File(this.certTrustStoreFile);
            String str = "JVM default truststore,";
            if (file2.exists()) {
                LOG.info("Using server truststore found at [" + this.certTrustStoreFile + "].");
                keyStore2.load(new FileInputStream(file2), null);
                str = "truststore at [" + this.certTrustStoreFile + "]";
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            LOG.info("Initializing server SSLContext with " + str + " keystore at [" + this.certKeyStoreFile + "] and specified random number generator.");
            keyManagerFactory.init(keyStore, this.certKeyStorePassword.toCharArray());
            SSLContext sSLContext = SSLContext.getInstance(this.sslVersion);
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, this.secureRandom);
            return sSLContext;
        } catch (Exception e) {
            throw new Error("Failed to initialize the server SSLContext", e);
        }
    }

    private PrivateKey generateSelfSignedCertUsingBC(X509Certificate[] x509CertificateArr) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, IOException {
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
        keyPairGenerator.initialize(2048, this.secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        GeneralNames generalNames = new GeneralNames(new GeneralName(2, this.hostname));
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(this.commonName), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + (this.validity * 24 * 60 * 60)), new X500Name(this.commonName), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
        x509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, true, generalNames);
        x509CertificateArr[0] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate())).getEncoded()));
        return generateKeyPair.getPrivate();
    }

    private String getAlgorithm() {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return property;
    }

    public ChannelPipeline getPipeline() throws Exception {
        ChannelPipeline pipeline = Channels.pipeline();
        SSLContext createServerSSLContext = createServerSSLContext();
        SSLParameters defaultSSLParameters = createServerSSLContext.getDefaultSSLParameters();
        SSLEngine createSSLEngine = createServerSSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        defaultSSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
        createSSLEngine.setSSLParameters(defaultSSLParameters);
        pipeline.addLast("ssl", new SslHandler(createSSLEngine));
        return pipeline;
    }
}
