package com.cloudera.cmf.command;

import com.cloudera.cmf.Environment;
import com.cloudera.cmf.command.GenerateCmcaCommand;
import com.cloudera.cmf.command.flow.AbstractCmdWork;
import com.cloudera.cmf.command.flow.CmdWorkCtx;
import com.cloudera.cmf.command.flow.WorkOutput;
import com.cloudera.cmf.command.flow.WorkOutputs;
import com.cloudera.cmf.model.DbCertificate;
import com.cloudera.cmf.service.scm.ScmHandler;
import com.cloudera.cmf.service.scm.ScmParams;
import com.cloudera.enterprise.ArchiveUtils;
import com.cloudera.enterprise.MessageWithArgs;
import com.cloudera.enterprise.TempFileUtils;
import com.cloudera.server.cmf.ClientProtocolUtils;
import com.cloudera.server.cmf.clientprotocol.CommandRequest;
import com.cloudera.server.web.common.I18n;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.List;
import org.apache.commons.collections4.ListUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.joda.time.Instant;
import org.parboiled.common.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/cmf/command/GenerateCmcaCmdWork.class */
public class GenerateCmcaCmdWork extends AbstractCmdWork {
    private static Logger LOG = LoggerFactory.getLogger(GenerateCmcaCmdWork.class);
    private static final String CERTMANAGER_BIN = "bin/certmanager";
    protected GenerateCmcaCmdArgs args;
    protected String certmanagerPath = Paths.get(Environment.getAgentDir(), CERTMANAGER_BIN).toString();

    public GenerateCmcaCmdWork(@JsonProperty("args") GenerateCmcaCmdArgs generateCmcaCmdArgs) {
        this.args = generateCmcaCmdArgs;
    }

    private String runSetupCmcaCommand(List<String> list) throws IOException {
        Path path = null;
        try {
            if (StringUtils.isNotBlank(this.args.getTrustedCaCerts())) {
                list.add("--trusted-ca-certs");
                if (this.args.isInterpretAsFilenames()) {
                    list.add(this.args.getTrustedCaCerts());
                } else {
                    path = TempFileUtils.writeTempFile("trusted-ca-certs", this.args.getTrustedCaCerts());
                    list.add(path.toAbsolutePath().toString());
                }
            }
            String str = new String(createCertmanager().runCmcaCommand(this.args.getLocation(), list));
            TempFileUtils.deleteFileAndSwallowException(path);
            return str;
        } catch (Throwable th) {
            TempFileUtils.deleteFileAndSwallowException(path);
            throw th;
        }
    }

    private String copyFilesAndSetupCustomCmca(String str) throws IOException {
        Preconditions.checkState(StringUtils.isNotEmpty(str));
        Path path = null;
        Path path2 = null;
        Path path3 = null;
        Path path4 = null;
        Path path5 = null;
        try {
            String cmHostCert = this.args.getCmHostCert();
            String cmHostKey = this.args.getCmHostKey();
            String caCert = this.args.getCaCert();
            String keystorePasswd = this.args.getKeystorePasswd();
            String truststorePasswd = this.args.getTruststorePasswd();
            if (!this.args.isInterpretAsFilenames()) {
                path = TempFileUtils.writeTempFile("host-cert", this.args.getCmHostCert());
                path2 = TempFileUtils.writeTempFile("host-key", this.args.getCmHostKey());
                path3 = TempFileUtils.writeTempFile("ca-cert", this.args.getCaCert());
                path4 = TempFileUtils.writeTempFile("keystore-pw", this.args.getKeystorePasswd());
                path5 = TempFileUtils.writeTempFile("truststore-pw", this.args.getTruststorePasswd());
                cmHostCert = path.toAbsolutePath().toString();
                cmHostKey = path2.toAbsolutePath().toString();
                caCert = path3.toAbsolutePath().toString();
                keystorePasswd = path4.toAbsolutePath().toString();
                truststorePasswd = path5.toAbsolutePath().toString();
            }
            String runSetupCmcaCommand = runSetupCmcaCommand(Lists.newArrayList(new String[]{"setup_custom_certdir", "--host-cert", cmHostCert, "--host-key", cmHostKey, "--ca-cert", caCert, "--keystore-pw-file", keystorePasswd, "--truststore-pw-file", truststorePasswd, "--configure-services", "--skip-cm-init", "--override", "keystore_type=" + str}));
            TempFileUtils.deleteFileAndSwallowException(path);
            TempFileUtils.deleteFileAndSwallowException(path2);
            TempFileUtils.deleteFileAndSwallowException(path3);
            TempFileUtils.deleteFileAndSwallowException(path4);
            TempFileUtils.deleteFileAndSwallowException(path5);
            return runSetupCmcaCommand;
        } catch (Throwable th) {
            TempFileUtils.deleteFileAndSwallowException(path);
            TempFileUtils.deleteFileAndSwallowException(path2);
            TempFileUtils.deleteFileAndSwallowException(path3);
            TempFileUtils.deleteFileAndSwallowException(path4);
            TempFileUtils.deleteFileAndSwallowException(path5);
            throw th;
        }
    }

    @VisibleForTesting
    void configureCm(String str, CmdWorkCtx cmdWorkCtx) {
        LOG.info("Configuring CM to turn on Auto-TLS");
        for (String str2 : str.split("\\n")) {
            try {
                CommandRequest parseRequest = ClientProtocolUtils.parseRequest(str2);
                if (parseRequest != null && !StringUtils.isBlank(parseRequest.name)) {
                    if (!parseRequest.name.equalsIgnoreCase("setsettings") || parseRequest.arguments == null || parseRequest.arguments.size() != 2) {
                        throw new IllegalArgumentException("Encountered bad command: " + str2);
                    }
                    LOG.info("Setting TLS configuration: " + parseRequest.arguments.get(0));
                    ClientProtocolUtils.setSetting(parseRequest.arguments.get(0), parseRequest.arguments.get(1), cmdWorkCtx.getCmfEM(), cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry(), cmdWorkCtx.getServiceDataProvider().getOperationsManager());
                }
            } catch (IOException e) {
                throw new IllegalArgumentException("Encountered bad command: " + str2);
            }
        }
    }

    @VisibleForTesting
    void setCertmanagerPath(String str) {
        this.certmanagerPath = str;
    }

    @VisibleForTesting
    CertmanagerRunner createCertmanager() {
        return new CertmanagerRunner();
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.cloudera.cmf.command.flow.CmdWork
    public WorkOutput doWork(CmdWorkCtx cmdWorkCtx) {
        String runSetupCmcaCommand;
        boolean z = false;
        if (this.args.isCustomCA() && (StringUtils.isBlank(this.args.getCmHostCert()) || StringUtils.isBlank(this.args.getCmHostKey()) || StringUtils.isBlank(this.args.getCaCert()) || StringUtils.isBlank(this.args.getKeystorePasswd()) || StringUtils.isBlank(this.args.getTruststorePasswd()))) {
            return WorkOutputs.failure(cmdWorkCtx.getCommandId(), I18n.t(GenerateCmcaCommand.I18nKeys.NO_CUSTOM_CERTS), new String[0]);
        }
        Path path = null;
        if (StringUtils.isEmpty(this.args.getLocation())) {
            LOG.info("Storing CMCA in database for HA");
            z = true;
            try {
                LOG.info("Creating temporary directory for CA generation.");
                path = TempFileUtils.createTempDir("generateCmca");
                this.args.setLocation(path.toAbsolutePath().toString());
            } catch (IOException e) {
                return WorkOutputs.failure(cmdWorkCtx.getCommandId(), I18n.t(GenerateCmcaCommand.I18nKeys.GEN_CMCA_FAILED, ExceptionUtils.getStackTrace(e)), new String[0]);
            }
        }
        String string = ((ScmParams.KeyStoreType) ScmHandler.getScmConfigValue(ScmParams.KEYSTORE_TYPE, cmdWorkCtx.getCmfEM().getScmConfigProvider())).getString();
        if (StringUtils.isEmpty(string)) {
            string = KeyStore.getDefaultType();
        }
        LOG.info("Generating CMCA");
        try {
            try {
                if (this.args.isCustomCA()) {
                    runSetupCmcaCommand = copyFilesAndSetupCustomCmca(string);
                    if (!ListUtils.emptyIfNull(this.args.getHostCerts()).isEmpty()) {
                        createCertmanager().importAdditionalCerts(this.args.getLocation(), this.args.getHostCerts(), this.args.isInterpretAsFilenames(), z, cmdWorkCtx.getCmfEM());
                    }
                } else {
                    runSetupCmcaCommand = runSetupCmcaCommand(Lists.newArrayList(new String[]{"setup", "--rotate", "--configure-services", "--skip-cm-init", "--override", "keystore_type=" + string}));
                }
                if (z) {
                    if (cmdWorkCtx.getCmfEM().findCertificate("__root__") != null) {
                        LOG.info("There is already an existing CMCA. It will be rotated.");
                    }
                    byte[] runTarCompress = ArchiveUtils.runTarCompress(this.args.getLocation(), true);
                    DbCertificate dbCertificate = new DbCertificate();
                    dbCertificate.setCreatedInstant(Instant.now());
                    dbCertificate.setHostname("__root__");
                    dbCertificate.setCerttar(runTarCompress);
                    LOG.info("Persisting new CMCA to database");
                    cmdWorkCtx.getCmfEM().persistCertificate(dbCertificate);
                }
                if (path != null) {
                    if (1 != 0) {
                        TempFileUtils.deleteDirAndSwallowException(path);
                    } else {
                        LOG.info("CMCA generation failed. Temporary directory is at: " + path);
                    }
                }
                try {
                    configureCm(runSetupCmcaCommand, cmdWorkCtx);
                    if (z) {
                        ClientProtocolUtils.setSetting("HOST_CERT_GENERATOR", CertmanagerRunner.TEMP_DIR_MARKER, cmdWorkCtx.getCmfEM(), cmdWorkCtx.getServiceDataProvider().getServiceHandlerRegistry(), cmdWorkCtx.getServiceDataProvider().getOperationsManager());
                    }
                    return WorkOutputs.success(GenerateCmcaCommand.I18nKeys.HELP.getKey(), new String[0]);
                } catch (IllegalArgumentException e2) {
                    return WorkOutputs.failure(cmdWorkCtx.getCommandId(), I18n.t(GenerateCmcaCommand.I18nKeys.BAD_COMMAND, ExceptionUtils.getStackTrace(e2)), new String[0]);
                }
            } catch (IOException e3) {
                LOG.error("Failed to generate CMCA: ", e3);
                throw new IllegalStateException(e3);
            }
        } catch (Throwable th) {
            if (path != null) {
                if (0 != 0) {
                    TempFileUtils.deleteDirAndSwallowException(path);
                } else {
                    LOG.info("CMCA generation failed. Temporary directory is at: " + path);
                }
            }
            throw th;
        }
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public MessageWithArgs getDescription(CmdWorkCtx cmdWorkCtx) {
        return MessageWithArgs.of(GenerateCmcaCommand.I18nKeys.HELP, new String[0]);
    }

    @Override // com.cloudera.cmf.command.flow.CmdWork
    public void onFinish(WorkOutput workOutput, CmdWorkCtx cmdWorkCtx) {
    }
}
