package com.cloudera.cmf.security.components;

import com.cloudera.cmf.VersionData;
import com.cloudera.cmf.model.DbConfigContainerConfigProvider;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.persist.DatabaseExecutor;
import com.cloudera.cmf.persist.DatabaseTask;
import com.cloudera.cmf.service.config.ConfigChange;
import com.cloudera.cmf.service.config.ConfigUpdateListener;
import com.cloudera.cmf.service.config.ParamSpec;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParamTrackerStore;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.cmf.version.Release;
import com.cloudera.enterprise.ssl.AcceptAllCertificates;
import com.cloudera.enterprise.ssl.FileBasedKeyStoresFactory;
import com.cloudera.enterprise.ssl.SSLFactory;
import com.cloudera.server.cmf.OperationsManager;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Multimap;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.configuration.MapConfiguration;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component(SslHelper.BEAN_NAME)
/* loaded from: input_file:com/cloudera/cmf/security/components/SslHelper.class */
public class SslHelper {
    public static final String BEAN_NAME = "sslHelper";
    private static Logger LOG = LoggerFactory.getLogger(SslHelper.class);
    private final OperationsManager om;
    private final AcceptAllCertificates acceptAllCertificates;
    private SSLSocketFactory sslSocketFactory;
    private TrustManager[] trustManagers;
    private ScmParamTrackerStore scmParamTrackerStore;

    @Autowired
    public SslHelper(OperationsManager operationsManager, DatabaseExecutor databaseExecutor, ScmParamTrackerStore scmParamTrackerStore) {
        this.scmParamTrackerStore = scmParamTrackerStore;
        this.om = operationsManager;
        try {
            this.acceptAllCertificates = new AcceptAllCertificates();
            this.om.addConfigUpdateListener(new ConfigUpdateListener() { // from class: com.cloudera.cmf.security.components.SslHelper.1
                @Override // com.cloudera.cmf.service.config.ConfigUpdateListener
                public void onConfigUpdate(CmfEntityManager cmfEntityManager, Multimap<ParamSpec<?>, ConfigChange> multimap) {
                    if (multimap.keySet().contains(ScmParams.TRUSTSTORE_PASSWORD) || multimap.keySet().contains(ScmParams.TRUSTSTORE_PATH) || multimap.keySet().contains(ScmParams.KEYSTORE_TYPE)) {
                        SslHelper.LOG.debug("Reload SSL trust store due to path/pwd/type change.");
                        DbConfigContainerConfigProvider scmConfigProvider = cmfEntityManager.getScmConfigProvider();
                        SslHelper.this.updateSslObjects((String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PATH, scmConfigProvider), (String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PASSWORD, scmConfigProvider), ((ScmParams.KeyStoreType) ScmHandler.getScmConfigValue(ScmParams.KEYSTORE_TYPE, scmConfigProvider)).getString());
                    }
                }
            });
            databaseExecutor.execReadonlyTaskNE(new DatabaseTask<Void>() { // from class: com.cloudera.cmf.security.components.SslHelper.2
                /* renamed from: run, reason: merged with bridge method [inline-methods] */
                public Void m472run(CmfEntityManager cmfEntityManager) {
                    DbConfigContainerConfigProvider scmConfigProvider = cmfEntityManager.getScmConfigProvider();
                    SslHelper.this.updateSslObjects((String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PATH, scmConfigProvider), (String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PASSWORD, scmConfigProvider), ((ScmParams.KeyStoreType) ScmHandler.getScmConfigValue(ScmParams.KEYSTORE_TYPE, scmConfigProvider)).getString());
                    return null;
                }
            });
        } catch (Exception e) {
            LOG.error("Failed to create accept all certificates configurator", e);
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void updateSslObjects(String str, String str2, String str3) {
        if (str == null || str.isEmpty()) {
            this.sslSocketFactory = null;
            this.trustManagers = null;
            return;
        }
        try {
            MapConfiguration mapConfiguration = new MapConfiguration(ImmutableMap.of(FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, "com.cloudera.enterprise.ssl.{0}.truststore.location"), str, FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, "com.cloudera.enterprise.ssl.{0}.truststore.password"), str2, FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.CLIENT, "com.cloudera.enterprise.ssl.{0}.truststore.type"), str3));
            FileBasedKeyStoresFactory fileBasedKeyStoresFactory = new FileBasedKeyStoresFactory();
            fileBasedKeyStoresFactory.setConf(mapConfiguration);
            fileBasedKeyStoresFactory.init(SSLFactory.Mode.CLIENT);
            this.trustManagers = fileBasedKeyStoresFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, this.trustManagers, null);
            this.sslSocketFactory = new SSLSocketFactory(sSLContext);
        } catch (Exception e) {
            LOG.info("Failed to load SSL trust store and create ssl socket: " + e.getMessage());
            this.sslSocketFactory = null;
            this.trustManagers = null;
        }
    }

    public synchronized SSLSocketFactory getSslSocketFactory() {
        return this.sslSocketFactory;
    }

    public synchronized TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }

    public AcceptAllCertificates getAcceptAllCertificates() {
        return this.acceptAllCertificates;
    }

    public boolean useAcceptAllCertificatesOnPeer() {
        boolean z = false;
        if (VersionData.getRelease().lessThan(Release.of("CM", 7L, 5L, 0L)) && this.scmParamTrackerStore.get(ScmParams.CDP_ENV) == ScmParams.CdpEnv.PUBLIC_CLOUD) {
            z = true;
        }
        return z;
    }
}
