package com.cloudera.api.dao.impl;

import com.cloudera.api.dao.CertManagerDao;
import com.cloudera.api.dao.DAOFactory;
import com.cloudera.api.model.ApiCertificateRequest;
import com.cloudera.cmf.model.DbCertificate;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.server.cmf.node.HostCertConfigurator;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.Enumeration;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/api/dao/impl/CertManagerDaoImpl.class */
public class CertManagerDaoImpl extends ManagerDaoBase implements CertManagerDao {
    private static Logger LOG = LoggerFactory.getLogger(CertManagerDaoImpl.class);

    public CertManagerDaoImpl(DAOFactory dAOFactory) {
        super(dAOFactory);
    }

    static byte[] convertJksToPem(InputStream inputStream, String str) {
        try {
            StringBuilder sb = new StringBuilder();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(inputStream, str.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                sb.append("-----BEGIN CERTIFICATE-----\n");
                sb.append(Base64.getEncoder().encodeToString(certificate.getEncoded()));
                sb.append("\n-----END CERTIFICATE-----\n");
            }
            return sb.toString().getBytes();
        } catch (Exception e) {
            throw new IllegalStateException("Encountered exception converting truststore to PEM: ", e);
        }
    }

    @Override // com.cloudera.api.dao.CertManagerDao
    @TxReadOnly
    public byte[] generateCertificate(ApiCertificateRequest apiCertificateRequest) {
        LOG.info("Received request to generate a certificate for: " + apiCertificateRequest.getHostname());
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.HOST_CERT_GENERATOR, this.cmfEM.getScmConfigProvider());
        if (StringUtils.isBlank(str)) {
            LOG.error("No host cert generator is set.");
            throw new SecurityException("Failed to generate certificate");
        }
        LOG.info("Using host certificate generator command: " + str);
        try {
            byte[] retrieveCustomCertTar = HostCertConfigurator.retrieveCustomCertTar(this.cmfEM, apiCertificateRequest.getHostname());
            if (retrieveCustomCertTar != null) {
                return retrieveCustomCertTar;
            }
            DbCertificate findCertificate = this.cmfEM.findCertificate("__root__");
            byte[] bArr = null;
            if (findCertificate != null) {
                bArr = findCertificate.getCerttar();
            }
            byte[] buildCertTar = HostCertConfigurator.buildCertTar(str, apiCertificateRequest.getHostname(), true, apiCertificateRequest.getToken(), bArr);
            if (buildCertTar != null) {
                return buildCertTar;
            }
            LOG.error("Null certificate returned");
            throw new SecurityException("Failed to generate certificate");
        } catch (Exception e) {
            LOG.error("Failed to generate certificate", e);
            throw new SecurityException("Failed to generate certificate");
        }
    }

    @Override // com.cloudera.api.dao.CertManagerDao
    @TxReadOnly
    public byte[] getTruststore(String str) {
        String str2 = (String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PATH, this.cmfEM.getScmConfigProvider());
        if (StringUtils.isEmpty(str2)) {
            LOG.error("Not returning a truststore because TRUSTSTORE_PATH is not configured");
            return new byte[0];
        }
        Path path = Paths.get(str2, new String[0]);
        if (Files.notExists(path, new LinkOption[0])) {
            throw new IllegalStateException("Configured truststore file does not exist");
        }
        if (StringUtils.equalsIgnoreCase(str, "JKS")) {
            try {
                return Files.readAllBytes(path);
            } catch (IOException e) {
                throw new IllegalStateException("Could not read truststore: ", e);
            }
        }
        if (!StringUtils.equalsIgnoreCase(str, "PEM")) {
            throw new IllegalArgumentException("Truststore type must be 'JKS' or 'PEM'");
        }
        String str3 = (String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PASSWORD, this.cmfEM.getScmConfigProvider());
        if (str3 == null) {
            str3 = CommandUtils.CONFIG_TOP_LEVEL_DIR;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            Throwable th = null;
            try {
                try {
                    byte[] convertJksToPem = convertJksToPem(fileInputStream, str3);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return convertJksToPem;
                } finally {
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new IllegalStateException("Could not read truststore: ", e2);
        }
    }

    @Override // com.cloudera.api.dao.CertManagerDao
    @TxReadOnly
    public String getTruststorePassword() {
        String str = (String) ScmHandler.getScmConfigValue(ScmParams.TRUSTSTORE_PASSWORD, this.cmfEM.getScmConfigProvider());
        return str != null ? str : CommandUtils.CONFIG_TOP_LEVEL_DIR;
    }
}
