package org.apache.hadoop.security.ssl;

import com.google.common.annotations.VisibleForTesting;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.text.MessageFormat;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.0.0.jar:org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.class */
public class FileBasedKeyStoresFactory implements KeyStoresFactory {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FileBasedKeyStoresFactory.class);
    public static final String SSL_KEYSTORE_LOCATION_TPL_KEY = "ssl.{0}.keystore.location";
    public static final String SSL_KEYSTORE_PASSWORD_TPL_KEY = "ssl.{0}.keystore.password";
    public static final String SSL_KEYSTORE_KEYPASSWORD_TPL_KEY = "ssl.{0}.keystore.keypassword";
    public static final String SSL_KEYSTORE_TYPE_TPL_KEY = "ssl.{0}.keystore.type";
    public static final String SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY = "ssl.{0}.truststore.reload.interval";
    public static final String SSL_TRUSTSTORE_LOCATION_TPL_KEY = "ssl.{0}.truststore.location";
    public static final String SSL_TRUSTSTORE_PASSWORD_TPL_KEY = "ssl.{0}.truststore.password";
    public static final String SSL_TRUSTSTORE_TYPE_TPL_KEY = "ssl.{0}.truststore.type";
    public static final String SSL_EXCLUDE_CIPHER_LIST = "ssl.{0}.exclude.cipher.list";
    public static final String DEFAULT_KEYSTORE_TYPE = "jks";
    public static final int DEFAULT_SSL_TRUSTSTORE_RELOAD_INTERVAL = 10000;
    private Configuration conf;
    private KeyManager[] keyManagers;
    private TrustManager[] trustManagers;
    private ReloadingX509TrustManager trustManager;

    @VisibleForTesting
    public static String resolvePropertyName(SSLFactory.Mode mode, String str) {
        return MessageFormat.format(str, StringUtils.toLowerCase(mode.toString()));
    }

    @Override // org.apache.hadoop.conf.Configurable
    public void setConf(Configuration configuration) {
        this.conf = configuration;
    }

    @Override // org.apache.hadoop.conf.Configurable
    public Configuration getConf() {
        return this.conf;
    }

    @Override // org.apache.hadoop.security.ssl.KeyStoresFactory
    public void init(SSLFactory.Mode mode) throws IOException, GeneralSecurityException {
        boolean z = this.conf.getBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, false);
        KeyStore keyStore = KeyStore.getInstance(this.conf.get(resolvePropertyName(mode, SSL_KEYSTORE_TYPE_TPL_KEY), "jks"));
        String str = null;
        if (z || mode == SSLFactory.Mode.SERVER) {
            String resolvePropertyName = resolvePropertyName(mode, SSL_KEYSTORE_LOCATION_TPL_KEY);
            String str2 = this.conf.get(resolvePropertyName, "");
            if (str2.isEmpty()) {
                throw new GeneralSecurityException("The property '" + resolvePropertyName + "' has not been set in the ssl configuration file.");
            }
            String resolvePropertyName2 = resolvePropertyName(mode, SSL_KEYSTORE_PASSWORD_TPL_KEY);
            String password = getPassword(this.conf, resolvePropertyName2, "");
            if (password.isEmpty()) {
                throw new GeneralSecurityException("The property '" + resolvePropertyName2 + "' has not been set in the ssl configuration file.");
            }
            str = getPassword(this.conf, resolvePropertyName(mode, SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), password);
            if (LOG.isDebugEnabled()) {
                LOG.debug(mode.toString() + " KeyStore: " + str2);
            }
            FileInputStream fileInputStream = new FileInputStream(str2);
            try {
                keyStore.load(fileInputStream, password.toCharArray());
                fileInputStream.close();
                if (LOG.isDebugEnabled()) {
                    LOG.debug(mode.toString() + " Loaded KeyStore: " + str2);
                }
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } else {
            keyStore.load(null, null);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
        keyManagerFactory.init(keyStore, str != null ? str.toCharArray() : null);
        this.keyManagers = keyManagerFactory.getKeyManagers();
        String str3 = this.conf.get(resolvePropertyName(mode, SSL_TRUSTSTORE_TYPE_TPL_KEY), "jks");
        String resolvePropertyName3 = resolvePropertyName(mode, SSL_TRUSTSTORE_LOCATION_TPL_KEY);
        String str4 = this.conf.get(resolvePropertyName3, "");
        if (str4.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("The property '" + resolvePropertyName3 + "' has not been set, no TrustStore will be loaded");
            }
            this.trustManagers = null;
            return;
        }
        String password2 = getPassword(this.conf, resolvePropertyName(mode, SSL_TRUSTSTORE_PASSWORD_TPL_KEY), "");
        if (password2.isEmpty()) {
            password2 = null;
        }
        long j = this.conf.getLong(resolvePropertyName(mode, SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), 10000L);
        if (LOG.isDebugEnabled()) {
            LOG.debug(mode.toString() + " TrustStore: " + str4);
        }
        this.trustManager = new ReloadingX509TrustManager(str3, str4, password2, j);
        this.trustManager.init();
        if (LOG.isDebugEnabled()) {
            LOG.debug(mode.toString() + " Loaded TrustStore: " + str4);
        }
        this.trustManagers = new TrustManager[]{this.trustManager};
    }

    String getPassword(Configuration configuration, String str, String str2) {
        String str3 = str2;
        try {
            char[] password = configuration.getPassword(str);
            if (password != null) {
                str3 = new String(password);
            }
        } catch (IOException e) {
            LOG.warn("Exception while trying to get password for alias " + str + ": " + e.getMessage());
        }
        return str3;
    }

    @Override // org.apache.hadoop.security.ssl.KeyStoresFactory
    public synchronized void destroy() {
        if (this.trustManager != null) {
            this.trustManager.destroy();
            this.trustManager = null;
            this.keyManagers = null;
            this.trustManagers = null;
        }
    }

    @Override // org.apache.hadoop.security.ssl.KeyStoresFactory
    public KeyManager[] getKeyManagers() {
        return this.keyManagers;
    }

    @Override // org.apache.hadoop.security.ssl.KeyStoresFactory
    public TrustManager[] getTrustManagers() {
        return this.trustManagers;
    }
}
