package id.onyx.obdp.server.security;

import com.google.inject.Inject;
import com.google.inject.Singleton;
import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.utils.HostUtils;
import id.onyx.obdp.server.utils.ShellCommandUtil;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.text.MessageFormat;
import java.util.Map;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:id/onyx/obdp/server/security/CertificateManager.class */
public class CertificateManager {

    @Inject
    Configuration configs;
    private static final String SET_PERMISSIONS = "find %s -type f -exec chmod 700 {} +";
    private static final String SET_SERVER_PASS_FILE_PERMISSIONS = "chmod 600 %s";
    private static final Logger LOG = LoggerFactory.getLogger(CertificateManager.class);
    private static final String GEN_SRVR_KEY = "openssl genrsa -des3 -passout pass:{0} -out {1}" + File.separator + "{2} 4096 ";
    private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} -new -key {1}" + File.separator + "{2} -out {1}" + File.separator + "{5} -batch";
    private static final String SIGN_SRVR_CRT = "openssl ca -create_serial -out {1}" + File.separator + "{3} -days 365 -keyfile {1}" + File.separator + "{2} -key {0} -selfsign -extensions jdk7_ca -config {1}" + File.separator + "ca.config -batch -infiles {1}" + File.separator + "{5}";
    private static final String EXPRT_KSTR = "openssl pkcs12 -export -in {1}" + File.separator + "{3} -inkey {1}" + File.separator + "{2} -certfile {1}" + File.separator + "{3} -out {1}" + File.separator + "{4} -password pass:{0} -passin pass:{0} \n";
    private static final String REVOKE_AGENT_CRT = "openssl ca -config {0}" + File.separator + "ca.config -keyfile {0}" + File.separator + "{4} -revoke {0}" + File.separator + "{2} -batch -passin pass:{3} -cert {0}" + File.separator + "{5}";
    private static final String SIGN_AGENT_CRT = "openssl ca -config {0}" + File.separator + "ca.config -in {0}" + File.separator + "{1} -out {0}" + File.separator + "{2} -batch -passin pass:{3} -keyfile {0}" + File.separator + "{4} -cert {0}" + File.separator + "{5}";

    public void initRootCert() {
        LOG.info("Initialization of root certificate");
        boolean isCertExists = isCertExists();
        LOG.info("Certificate exists:" + isCertExists);
        if (isCertExists) {
            return;
        }
        generateServerCertificate();
    }

    private boolean isCertExists() {
        Map<String, String> configsMap = this.configs.getConfigsMap();
        String str = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey());
        String str2 = configsMap.get(Configuration.SRVR_CRT_NAME.getKey());
        File file = new File(str + File.separator + str2);
        LOG.debug("srvrKstrDir = {}", str);
        LOG.debug("srvrCrtName = {}", str2);
        LOG.debug("certFile = {}", file.getAbsolutePath());
        return file.exists();
    }

    protected int runCommand(String str) {
        BufferedReader bufferedReader = null;
        try {
            try {
                Process exec = Runtime.getRuntime().exec(str);
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(exec.getInputStream(), Charset.forName("UTF8")));
                while (true) {
                    String readLine = bufferedReader2.readLine();
                    if (readLine == null) {
                        try {
                            break;
                        } catch (InterruptedException e) {
                            e.printStackTrace();
                            if (bufferedReader2 == null) {
                                return -1;
                            }
                            try {
                                bufferedReader2.close();
                                return -1;
                            } catch (IOException e2) {
                                e2.printStackTrace();
                                return -1;
                            }
                        }
                    }
                    LOG.info(readLine);
                }
                exec.waitFor();
                ShellCommandUtil.logOpenSslExitCode(str, exec.exitValue());
                int exitValue = exec.exitValue();
                if (bufferedReader2 != null) {
                    try {
                        bufferedReader2.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                return exitValue;
            } catch (IOException e4) {
                e4.printStackTrace();
                if (0 == 0) {
                    return -1;
                }
                try {
                    bufferedReader.close();
                    return -1;
                } catch (IOException e5) {
                    e5.printStackTrace();
                    return -1;
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e6) {
                    e6.printStackTrace();
                }
            }
            throw th;
        }
    }

    private void generateServerCertificate() {
        LOG.info("Generation of server certificate");
        Map<String, String> configsMap = this.configs.getConfigsMap();
        String str = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey());
        String str2 = configsMap.get(Configuration.SRVR_CRT_NAME.getKey());
        String str3 = configsMap.get(Configuration.SRVR_CSR_NAME.getKey());
        String str4 = configsMap.get(Configuration.SRVR_KEY_NAME.getKey());
        String str5 = configsMap.get(Configuration.KSTR_NAME.getKey());
        String str6 = configsMap.get(Configuration.SRVR_CRT_PASS.getKey());
        String str7 = configsMap.get(Configuration.SRVR_CRT_PASS_FILE.getKey());
        Object[] objArr = {str6, str, str4, str2, str5, str3};
        runCommand(MessageFormat.format(GEN_SRVR_KEY, objArr));
        runCommand(MessageFormat.format(GEN_SRVR_REQ, objArr));
        runCommand(MessageFormat.format(SIGN_SRVR_CRT, objArr));
        runCommand(MessageFormat.format(EXPRT_KSTR, objArr));
        runCommand(String.format(SET_PERMISSIONS, str));
        runCommand(String.format(SET_SERVER_PASS_FILE_PERMISSIONS, str + File.separator + str7));
    }

    public String getCACertificateChainContent() {
        String property = this.configs.getProperty(Configuration.SRVR_KSTR_DIR);
        File file = new File(property, this.configs.getProperty(Configuration.SRVR_CRT_CHAIN_NAME));
        if (file.exists()) {
            try {
                return new String(Files.readAllBytes(file.toPath()));
            } catch (IOException e) {
                LOG.error(e.getMessage());
            }
        }
        File file2 = new File(property, this.configs.getProperty(Configuration.SRVR_CRT_NAME));
        if (!file2.canRead()) {
            return null;
        }
        try {
            return new String(Files.readAllBytes(file2.toPath()));
        } catch (IOException e2) {
            LOG.error(e2.getMessage());
            return null;
        }
    }

    public synchronized SignCertResponse signAgentCrt(String str, String str2, String str3) {
        SignCertResponse signCertResponse = new SignCertResponse();
        LOG.info("Signing agent certificate");
        String trim = StringUtils.trim(str);
        if (StringUtils.isEmpty(trim)) {
            LOG.warn("The agent hostname is missing");
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage("The agent hostname is missing");
            return signCertResponse;
        }
        if (this.configs.validateAgentHostnames()) {
            LOG.info("Validating agent hostname: {}", trim);
            if (!HostUtils.isValidHostname(trim)) {
                LOG.warn("The agent hostname is not a valid hostname");
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage("The agent hostname is not a valid hostname");
                return signCertResponse;
            }
        } else {
            LOG.info("Skipping validation of agent hostname: {}", trim);
        }
        LOG.info("Verifying passphrase");
        if (!this.configs.getConfigsMap().get(Configuration.PASSPHRASE.getKey()).trim().equals(str3.trim())) {
            LOG.warn("Incorrect passphrase from the agent");
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage("Incorrect passphrase from the agent");
            return signCertResponse;
        }
        Map<String, String> configsMap = this.configs.getConfigsMap();
        String str4 = configsMap.get(Configuration.SRVR_KSTR_DIR.getKey());
        String str5 = configsMap.get(Configuration.SRVR_CRT_PASS.getKey());
        String str6 = configsMap.get(Configuration.SRVR_CRT_NAME.getKey());
        String str7 = configsMap.get(Configuration.SRVR_KEY_NAME.getKey());
        String str8 = trim + ".csr";
        String str9 = trim + ".crt";
        Object[] objArr = {str4, str8, str9, str5, str7, str6};
        File file = new File(str4 + File.separator + str9);
        if (file.exists()) {
            LOG.info("Revoking of " + trim + " certificate.");
            String format = MessageFormat.format(REVOKE_AGENT_CRT, objArr);
            int runCommand = runCommand(format);
            if (runCommand != 0) {
                signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
                signCertResponse.setMessage(ShellCommandUtil.getOpenSslCommandResult(format, runCommand));
                return signCertResponse;
            }
        }
        try {
            FileUtils.writeStringToFile(new File(str4 + File.separator + str8), str2, Charset.defaultCharset());
        } catch (IOException e) {
            e.printStackTrace();
        }
        String format2 = MessageFormat.format(SIGN_AGENT_CRT, objArr);
        LOG.debug(ShellCommandUtil.hideOpenSslPassword(format2));
        int runCommand2 = runCommand(format2);
        if (runCommand2 != 0) {
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage(ShellCommandUtil.getOpenSslCommandResult(format2, runCommand2));
            return signCertResponse;
        }
        try {
            String readFileToString = FileUtils.readFileToString(file, Charset.defaultCharset());
            signCertResponse.setResult(SignCertResponse.OK_STATUS);
            signCertResponse.setSignedCa(readFileToString);
            return signCertResponse;
        } catch (IOException e2) {
            e2.printStackTrace();
            LOG.error("Error reading signed agent certificate");
            signCertResponse.setResult(SignCertResponse.ERROR_STATUS);
            signCertResponse.setMessage("Error reading signed agent certificate");
            return signCertResponse;
        }
    }
}
