package com.mapr.security;

import com.google.protobuf.ByteString;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.fs.jni.MapRConstants;
import com.mapr.fs.proto.Security;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/security/SecurityHelper.class */
public class SecurityHelper {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityHelper.class);
    private static final String DEFAULT_INSTALL_LOCATION = "/opt/mapr";
    private static final String DEFAULT_CREDSTORE_PASSWORD = "none";
    private static final String DEFAULT_CREDSTORE_KEYPASSWORD = "none";

    /* loaded from: input_file:com/mapr/security/SecurityHelper$CredStore.class */
    public enum CredStore {
        CRED_KEYSTORE,
        CRED_TRUSTSTORE
    }

    public static byte[] zookeeperAuthRequestCreationHelper(Security.TicketAndKey ticketAndKey, long j, String str) {
        if (ticketAndKey == null) {
            LOG.error("TicketAndKey is null");
            return null;
        }
        MutableInt mutableInt = new MutableInt();
        long currentTimeMillis = System.currentTimeMillis();
        byte[] bArr = {(byte) (currentTimeMillis >>> 56), (byte) (currentTimeMillis >>> 48), (byte) (currentTimeMillis >>> 40), (byte) (currentTimeMillis >>> 32), (byte) (currentTimeMillis >>> 24), (byte) (currentTimeMillis >>> 16), (byte) (currentTimeMillis >>> 8), (byte) (currentTimeMillis >>> 0), (byte) (j >>> 56), (byte) (j >>> 48), (byte) (j >>> 40), (byte) (j >>> 32), (byte) (j >>> 24), (byte) (j >>> 16), (byte) (j >>> 8), (byte) (j >>> 0)};
        Security.AuthenticationReqFull.Builder newBuilder = Security.AuthenticationReqFull.newBuilder();
        byte[] Encrypt = Security.Encrypt(ticketAndKey.getUserKey(), bArr, mutableInt);
        if (mutableInt.GetValue() != 0) {
            LOG.error("Could not encrypt ticket with error: " + mutableInt.GetValue());
            return null;
        }
        newBuilder.setEncryptedRandomSecret(ByteString.copyFrom(Encrypt));
        newBuilder.setEncryptedTicket(ticketAndKey.getEncryptedTicket());
        addCLDBsToAuthReqFull(newBuilder, str);
        return Base64.encodeBase64(newBuilder.m83014build().toByteArray());
    }

    public static Security.TicketAndKey ticketReadingHelper() {
        String GetUserTicketAndKeyFileLocation = JNISecurity.GetUserTicketAndKeyFileLocation();
        if (GetUserTicketAndKeyFileLocation == null) {
            LOG.error("TicketKey file is not found");
            return null;
        }
        MutableInt mutableInt = new MutableInt();
        int SetTicketAndKeyFile = Security.SetTicketAndKeyFile(GetUserTicketAndKeyFileLocation);
        if (SetTicketAndKeyFile != 0) {
            LOG.error("Problem with TicketKey file: " + SetTicketAndKeyFile);
            return null;
        }
        String currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
        if (currentClusterName == null) {
            LOG.error("Current cluster name is not found");
            return null;
        }
        Security.TicketAndKey GetTicketAndKeyForCluster = Security.GetTicketAndKeyForCluster(Security.ServerKeyType.ServerKey, currentClusterName, mutableInt);
        if (GetTicketAndKeyForCluster == null) {
            LOG.error("MaprTicket is not found");
            return null;
        }
        if (Security.IsTicketAndKeyUsable(GetTicketAndKeyForCluster)) {
            return GetTicketAndKeyForCluster;
        }
        LOG.error("My Mapr ticket is expired. Get new one");
        return null;
    }

    public static List<String> getHostFromCluster(String str) {
        List<CLDBRpcCommonUtils.IpPort> list = CLDBRpcCommonUtils.getInstance().getOriginalClusterMap().get(str);
        if (list == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<CLDBRpcCommonUtils.IpPort> it = list.iterator();
        while (it.hasNext()) {
            List<String> originalAddr = it.next().getOriginalAddr();
            if (originalAddr.size() > 0) {
                arrayList.add(originalAddr.get(0));
            }
        }
        return arrayList;
    }

    public static String getClusterFromHost(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String str = CLDBRpcCommonUtils.getInstance().getHostMap().get(it.next());
            if (str != null) {
                return str;
            }
        }
        return null;
    }

    public static boolean addCLDBsToAuthReqFull(Security.AuthenticationReqFull.Builder builder, String str) {
        String currentClusterName = (str == null || str.isEmpty()) ? CLDBRpcCommonUtils.getInstance().getCurrentClusterName() : str;
        if (currentClusterName == null) {
            LOG.error("Current cluster name is null. Cannot retrieve CLDB host names.");
            return false;
        }
        List<String> hostFromCluster = getHostFromCluster(currentClusterName);
        if (hostFromCluster == null) {
            LOG.error("No CLDBs can be found for the cluster " + currentClusterName);
            return false;
        }
        builder.addAllCldb(hostFromCluster);
        return true;
    }

    public static boolean checkCLDBAuthReqFull(Security.AuthenticationReqFull authenticationReqFull) {
        String currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
        Iterator it = authenticationReqFull.mo82981getCldbList().iterator();
        while (it.hasNext()) {
            String str = CLDBRpcCommonUtils.getInstance().getHostMap().get((String) it.next());
            if (str != null && str.equals(currentClusterName)) {
                return true;
            }
        }
        return false;
    }

    public static Security.AuthenticationResp createAuthRespWrongTicket() {
        String currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
        Security.AuthenticationResp.Builder newBuilder = Security.AuthenticationResp.newBuilder();
        newBuilder.setStatus(1);
        newBuilder.setError("Ticket for wrong cluster is being used on cluster " + currentClusterName);
        List<String> hostFromCluster = getHostFromCluster(currentClusterName);
        if (hostFromCluster == null) {
            LOG.error("No CLDBs can be found for the cluster " + currentClusterName);
            return null;
        }
        newBuilder.addAllReceivingCldb(hostFromCluster);
        return newBuilder.m83063build();
    }

    public static char[] getPasswordFromCredStore(CredStore credStore, String str, String str2, String str3) throws IllegalArgumentException {
        String str4;
        String str5 = System.getenv(MapRConstants.MAPR_ENV_VAR);
        if (credStore != CredStore.CRED_KEYSTORE && credStore != CredStore.CRED_TRUSTSTORE) {
            throw new IllegalArgumentException("Credential store must be either CRED_KEYSTORE or CRED_TRUSTSTORE");
        }
        if (!str2.equalsIgnoreCase("jks") && !str2.equalsIgnoreCase("jceks") && !str2.equalsIgnoreCase("bcfks")) {
            throw new IllegalArgumentException("Credential store type must be either jks, jceks or bcfks");
        }
        String str6 = (str5 != null ? !str5.isEmpty() ? str5 : "/opt/mapr" : "/opt/mapr") + "/conf";
        if (str2.equalsIgnoreCase("jks") || str2.equalsIgnoreCase("jceks")) {
            str4 = "jceks";
        } else {
            if (!str2.equalsIgnoreCase("bcfks")) {
                return null;
            }
            str4 = str2;
        }
        String str7 = str3 == null ? "none" : str3;
        String str8 = str7;
        File file = null;
        if (credStore == CredStore.CRED_KEYSTORE) {
            file = new File(str6, "maprkeycreds." + str4);
        } else if (credStore == CredStore.CRED_TRUSTSTORE) {
            file = new File(str6, "maprtrustcreds." + str4);
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                KeyStore keyStore = str4.equals("jceks") ? KeyStore.getInstance(str4) : KeyStore.getInstance(FipsLoader.BOUNCY_CASTLE_KEYSTORE_TYPE, FipsLoader.BOUNCY_CASTLE_SRAND_PROVIDER);
                keyStore.load(fileInputStream, str7.toCharArray());
                char[] charArray = new String(((SecretKey) keyStore.getKey(str, str8.toCharArray())).getEncoded()).toCharArray();
                fileInputStream.close();
                return charArray;
            } finally {
            }
        } catch (Exception e) {
            return null;
        }
    }
}
