package com.cloudera.server.cmf.node;

import com.cloudera.cmf.CommandRunner;
import com.cloudera.cmf.command.CertmanagerRunner;
import com.cloudera.cmf.command.GenerateHostCertsCommand;
import com.cloudera.cmf.model.DbCertificate;
import com.cloudera.cmf.persist.CmfEntityManager;
import com.cloudera.cmf.service.CommandUtils;
import com.cloudera.enterprise.ArchiveUtils;
import com.cloudera.enterprise.TempFileUtils;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import net.schmizz.sshj.common.StreamCopier;
import net.schmizz.sshj.xfer.InMemorySourceFile;
import net.schmizz.sshj.xfer.LocalSourceFile;
import net.schmizz.sshj.xfer.TransferListener;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/server/cmf/node/HostCertConfigurator.class */
public class HostCertConfigurator extends SSHConfigurator {
    protected static final Logger LOG = LoggerFactory.getLogger(HostCertConfigurator.class);
    private static final String SCRIPT_BASE_NAME = "install_certs";
    private static final String CERTMANAGER_COMMAND = "/opt/cloudera/cm-agent/bin/certmanager --location %s gen_node_cert --output=-";
    public static final String CM_AGENT_UTIL_PATH = "/opt/cloudera/cm-agent/bin/cm";
    private String remotePath;
    private LocalSourceFile certTar;

    public HostCertConfigurator(String str, int i, String str2, String str3, String str4, String str5, LocalSourceFile localSourceFile) {
        super(str, i, str2, str3, str4, str5);
        this.certTar = localSourceFile;
    }

    public static byte[] buildCertTar(String str, String str2, boolean z, String str3, byte[] bArr) {
        return buildCertTarFileInternal(str, str2, z, str3, bArr, CERTMANAGER_COMMAND);
    }

    @VisibleForTesting
    static byte[] buildCertTarFileInternal(String str, String str2, boolean z, String str3, byte[] bArr, String str4) {
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        Preconditions.checkState(!str.isEmpty());
        Path path = null;
        try {
            try {
                if (StringUtils.equals(str, CertmanagerRunner.TEMP_DIR_MARKER)) {
                    LOG.info("Creating temporary directory for certificate generation.");
                    path = TempFileUtils.createTempDir(GenerateHostCertsCommand.COMMAND_NAME);
                    if (bArr == null) {
                        throw new IllegalStateException("Root CMCA in database should not be null");
                    }
                    ArchiveUtils.runTarExtract(bArr, path.toAbsolutePath().toString());
                    str = String.format(str4, path.toAbsolutePath().toString());
                }
                LOG.info("Using host certificate generator command: " + str);
                String[] strArr = (String[]) ArrayUtils.add(str.split("\\s+"), str2);
                if (z) {
                    strArr = (String[]) ArrayUtils.add(strArr, "--rotate");
                }
                ByteArrayInputStream byteArrayInputStream = null;
                if (str3 != null) {
                    byteArrayInputStream = new ByteArrayInputStream(str3.getBytes());
                    strArr = (String[]) ArrayUtils.add(strArr, "--verify-token");
                }
                CommandRunner.WriterCommandResult run = CommandRunner.run(Arrays.asList(strArr), byteArrayInputStream, (Map) null, new CommandRunner.WriterCommandResult());
                if (run.retcode != 0) {
                    LOG.error("Failed to generate certificates for {}: {}", str2, run._output);
                    throw new IllegalStateException("Failed to generate certificates for " + str2, run.exception);
                }
                byte[] byteArray = run._output.toByteArray();
                if (path != null) {
                    if (1 != 0) {
                        TempFileUtils.deleteDirAndSwallowException(path);
                    } else {
                        LOG.error("Certificate generation failed. Temporary directory is at: " + path);
                    }
                }
                return byteArray;
            } catch (IOException e) {
                throw new IllegalStateException("Failed to generate certificates", e);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                if (0 != 0) {
                    TempFileUtils.deleteDirAndSwallowException((Path) null);
                } else {
                    LOG.error("Certificate generation failed. Temporary directory is at: " + ((Object) null));
                }
            }
            throw th;
        }
    }

    public static LocalSourceFile buildCertTarFile(String str, String str2, boolean z, byte[] bArr) {
        return buildCertTarFileFromBytes(buildCertTar(str, str2, z, null, bArr));
    }

    public static LocalSourceFile buildCertTarFileFromBytes(final byte[] bArr) {
        return new InMemorySourceFile() { // from class: com.cloudera.server.cmf.node.HostCertConfigurator.1
            public String getName() {
                return "cert.tar";
            }

            public long getLength() {
                return bArr.length;
            }

            public InputStream getInputStream() throws IOException {
                return new ByteArrayInputStream(bArr);
            }

            public int getPermissions() throws IOException {
                return 384;
            }
        };
    }

    public static byte[] retrieveCustomCertTar(CmfEntityManager cmfEntityManager, String str) {
        byte[] bArr = null;
        DbCertificate findCertificate = cmfEntityManager.findCertificate(str);
        if (findCertificate != null) {
            bArr = findCertificate.getCerttar();
            if (bArr == null) {
                throw new IllegalStateException(String.format("Invalid certificate in database for '%s': missing cert data", str));
            }
        }
        return bArr;
    }

    public void configure() {
        try {
            connect();
            createRemotePath();
            copy(this.certTar, this.remotePath, this.certTar.getName());
            if (execute(buildInstallCertCommand())) {
            } else {
                throw new IllegalStateException();
            }
        } finally {
            disconnect();
        }
    }

    public String buildInstallCertCommand() {
        Object[] objArr = new Object[4];
        objArr[0] = StringUtils.equals(this.user, "root") ? CommandUtils.CONFIG_TOP_LEVEL_DIR : "sudo -n ";
        objArr[1] = CM_AGENT_UTIL_PATH;
        objArr[2] = this.remotePath;
        objArr[3] = this.certTar.getName();
        return String.format("%s%s install_certs %s/%s", objArr);
    }

    private void createRemotePath() {
        execute("mktemp -d " + new File("/tmp", "install_certs.XXXXXXXX"));
        List<String> newOutput = getNewOutput();
        if (newOutput.isEmpty()) {
            LOG.error("Failed to create temporary directory");
        } else {
            this.remotePath = StringUtils.stripEnd(newOutput.get(newOutput.size() - 1), (String) null);
        }
    }

    @Override // com.cloudera.server.cmf.node.SSHConfigurator
    protected void failWithException(Throwable th) {
    }

    public TransferListener directory(String str) {
        return null;
    }

    public StreamCopier.Listener file(String str, long j) {
        return null;
    }
}
