package oadd.org.apache.drill.exec.ssl;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.text.MessageFormat;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import oadd.io.netty.handler.ssl.SslContext;
import oadd.io.netty.handler.ssl.SslProvider;
import oadd.io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import oadd.org.apache.drill.common.exceptions.DrillException;
import oadd.org.apache.drill.exec.memory.BufferAllocator;
import org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:oadd/org/apache/drill/exec/ssl/SSLConfig.class */
public abstract class SSLConfig {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SSLConfig.class);
    public static final String DEFAULT_SSL_PROVIDER = "JDK";
    public static final String DEFAULT_SSL_PROTOCOL = "TLSv1.3";
    public static final int DEFAULT_SSL_HANDSHAKE_TIMEOUT_MS = 10000;
    protected SslContext nettySslContext;
    protected SSLContext jdkSSlContext;
    private static final boolean isWindows;
    private static final boolean isMacOs;
    public static final String HADOOP_SSL_CONF_TPL_KEY = "hadoop.ssl.{0}.conf";
    public static final String HADOOP_SSL_KEYSTORE_LOCATION_TPL_KEY = "ssl.{0}.keystore.location";
    public static final String HADOOP_SSL_KEYSTORE_PASSWORD_TPL_KEY = "ssl.{0}.keystore.password";
    public static final String HADOOP_SSL_KEYSTORE_TYPE_TPL_KEY = "ssl.{0}.keystore.type";
    public static final String HADOOP_SSL_KEYSTORE_KEYPASSWORD_TPL_KEY = "ssl.{0}.keystore.keypassword";
    public static final String HADOOP_SSL_TRUSTSTORE_LOCATION_TPL_KEY = "ssl.{0}.truststore.location";
    public static final String HADOOP_SSL_TRUSTSTORE_PASSWORD_TPL_KEY = "ssl.{0}.truststore.password";
    public static final String HADOOP_SSL_TRUSTSTORE_TYPE_TPL_KEY = "ssl.{0}.truststore.type";

    /* loaded from: input_file:oadd/org/apache/drill/exec/ssl/SSLConfig$Mode.class */
    public enum Mode {
        CLIENT,
        SERVER
    }

    public abstract void validateKeyStore() throws DrillException;

    public abstract SslContext initNettySslContext() throws DrillException;

    public abstract SSLContext initJDKSSLContext() throws DrillException;

    public abstract boolean isUserSslEnabled();

    public abstract boolean isHttpsEnabled();

    public abstract String getKeyStoreType();

    public abstract String getKeyStorePath();

    public abstract String getKeyStorePassword();

    public abstract String getKeyPassword();

    public abstract String getTrustStoreType();

    public abstract boolean hasTrustStorePath();

    public abstract String getTrustStorePath();

    public abstract boolean hasTrustStorePassword();

    public abstract String getTrustStorePassword();

    public abstract String getProtocol();

    public abstract SslProvider getProvider();

    public abstract int getHandshakeTimeout();

    public abstract Mode getMode();

    public abstract boolean disableHostVerification();

    public abstract boolean disableCertificateVerification();

    public abstract boolean useSystemTrustStore();

    public abstract boolean isSslValid();

    public SslContext getNettySslContext() {
        return this.nettySslContext;
    }

    public TrustManagerFactory initializeTrustManagerFactory() throws DrillException {
        KeyStore keyStore = null;
        try {
            String trustStoreType = getTrustStoreType();
            if ((isWindows || isMacOs) && useSystemTrustStore()) {
                logger.debug("Initializing System truststore.");
                keyStore = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
                keyStore.load(null, null);
            } else if (getTrustStorePath().isEmpty()) {
                logger.debug("Initializing default truststore.");
            } else {
                logger.debug("Initializing truststore {}.", getTrustStorePath());
                keyStore = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
                keyStore.load(new FileInputStream(getTrustStorePath()), getTrustStorePassword().toCharArray());
            }
            TrustManagerFactory trustManagerFactory = disableCertificateVerification() ? InsecureTrustManagerFactory.INSTANCE : TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (Exception e) {
            throw new DrillException("Exception while initializing the truststore: [" + e.getMessage() + "]. ", e);
        }
    }

    public KeyManagerFactory initializeKeyManagerFactory() throws DrillException {
        String keyStorePath = getKeyStorePath();
        String keyStorePassword = getKeyStorePassword();
        String keyStoreType = getKeyStoreType();
        try {
            if (keyStorePath.isEmpty()) {
                throw new DrillException("No Keystore provided.");
            }
            KeyStore keyStore = KeyStore.getInstance(!keyStoreType.isEmpty() ? keyStoreType : KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(keyStorePath);
            if (keyStorePassword.isEmpty()) {
                throw new DrillException("The Keystore password cannot be empty.");
            }
            keyStore.load(fileInputStream, keyStorePassword.toCharArray());
            if (keyStore.size() == 0) {
                throw new DrillException("The Keystore has no entries.");
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, getKeyPassword().toCharArray());
            return keyManagerFactory;
        } catch (Exception e) {
            throw new DrillException("Exception while initializing the keystore: [" + e.getMessage() + "]. ");
        }
    }

    public void initContext() throws DrillException {
        if ((isWindows || isMacOs) && useSystemTrustStore()) {
            initJDKSSLContext();
            logger.debug("Initialized Windows/MacOs SSL context using JDK.");
        } else {
            initNettySslContext();
            logger.debug("Initialized SSL context.");
        }
    }

    public SSLEngine createSSLEngine(BufferAllocator bufferAllocator, String str, int i) {
        SSLEngine createSSLEngine;
        if ((isWindows || isMacOs) && useSystemTrustStore()) {
            if (str != null) {
                createSSLEngine = this.jdkSSlContext.createSSLEngine(str, i);
                logger.debug("Initializing Windows/MacOs SSLEngine with hostname.");
            } else {
                createSSLEngine = this.jdkSSlContext.createSSLEngine();
                logger.debug("Initializing Windows/MacOs SSLEngine with no hostname.");
            }
        } else if (str != null) {
            createSSLEngine = this.nettySslContext.newEngine(bufferAllocator.getAsByteBufAllocator(), str, i);
            logger.debug("Initializing SSLEngine with hostname.");
        } else {
            createSSLEngine = this.nettySslContext.newEngine(bufferAllocator.getAsByteBufAllocator());
            logger.debug("Initializing SSLEngine with no hostname.");
        }
        return createSSLEngine;
    }

    abstract Configuration getHadoopConfig();

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPassword(String str) {
        String str2 = null;
        if (getHadoopConfig() != null) {
            try {
                char[] password = getHadoopConfig().getPassword(str);
                if (password != null) {
                    str2 = String.valueOf(password);
                }
            } catch (IOException e) {
                logger.warn("Unable to obtain password {} from CredentialProvider API: {}", str, e.getMessage());
            }
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String resolveHadoopPropertyName(String str, Mode mode) {
        return MessageFormat.format(str, mode.toString().toLowerCase());
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append("SSL is ").append(isUserSslEnabled() ? "" : " not ").append("enabled.\n");
        sb.append("HTTPS is ").append(isHttpsEnabled() ? "" : " not ").append("enabled.\n");
        if (isUserSslEnabled() || isHttpsEnabled()) {
            sb.append("SSL Configuration :").append("OS:").append(System.getProperty("os.name")).append("\n\tUsing system trust store: ").append(useSystemTrustStore()).append("\n\tprotocol: ").append(getProtocol()).append("\n\tkeyStoreType: ").append(getKeyStoreType()).append("\n\tkeyStorePath: ").append(getKeyStorePath()).append("\n\tkeyStorePassword: ").append(getPrintablePassword(getKeyStorePassword())).append("\n\tkeyPassword: ").append(getPrintablePassword(getKeyPassword())).append("\n\ttrustStoreType: ").append(getTrustStoreType()).append("\n\ttrustStorePath: ").append(getTrustStorePath()).append("\n\ttrustStorePassword: ").append(getPrintablePassword(getTrustStorePassword())).append("\n\thandshakeTimeout: ").append(getHandshakeTimeout()).append("\n\tdisableHostVerification: ").append(disableHostVerification()).append("\n\tdisableCertificateVerification: ").append(disableCertificateVerification());
        }
        return sb.toString();
    }

    private String getPrintablePassword(String str) {
        StringBuilder sb = new StringBuilder();
        if (str == null || str.length() < 2) {
            return str;
        }
        sb.append(str.charAt(0)).append("****").append(str.charAt(str.length() - 1));
        return sb.toString();
    }

    static {
        isWindows = System.getProperty("os.name").toLowerCase().indexOf("win") >= 0;
        isMacOs = System.getProperty("os.name").toLowerCase().indexOf("mac") >= 0;
    }
}
