package org.apache.ambari.logfeeder.conf;

import java.io.File;
import java.nio.charset.Charset;
import javax.annotation.PostConstruct;
import org.apache.ambari.logfeeder.common.LogFeederConstants;
import org.apache.ambari.logsearch.config.api.LogSearchPropertyDescription;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:org/apache/ambari/logfeeder/conf/LogFeederSecurityConfig.class */
public class LogFeederSecurityConfig {
    private static final Logger LOG = LoggerFactory.getLogger(LogFeederSecurityConfig.class);
    private static final String KEYSTORE_LOCATION_ARG = "javax.net.ssl.keyStore";
    private static final String TRUSTSTORE_LOCATION_ARG = "javax.net.ssl.trustStore";
    private static final String KEYSTORE_TYPE_ARG = "javax.net.ssl.keyStoreType";
    private static final String TRUSTSTORE_TYPE_ARG = "javax.net.ssl.trustStoreType";
    private static final String KEYSTORE_PASSWORD_ARG = "javax.net.ssl.keyStorePassword";
    private static final String TRUSTSTORE_PASSWORD_ARG = "javax.net.ssl.trustStorePassword";
    private static final String KEYSTORE_PASSWORD_PROPERTY_NAME = "logfeeder_keystore_password";
    private static final String TRUSTSTORE_PASSWORD_PROPERTY_NAME = "logfeeder_truststore_password";
    private static final String KEYSTORE_PASSWORD_FILE = "ks_pass.txt";
    private static final String TRUSTSTORE_PASSWORD_FILE = "ts_pass.txt";
    private static final String LOGFEEDER_CERT_DEFAULT_FOLDER = "/usr/lib/ambari-logsearch-logfeeder/conf/keys";
    private static final String LOGFEEDER_STORE_DEFAULT_PASSWORD = "bigdata";
    private static final String CREDENTIAL_STORE_PROVIDER_PATH_PROPERTY = "hadoop.security.credential.provider.path";

    @Value("${hadoop.security.credential.provider.path:}")
    @LogSearchPropertyDescription(name = CREDENTIAL_STORE_PROVIDER_PATH_PROPERTY, description = "The jceks file that provides passwords.", examples = {"jceks://file/etc/ambari-logsearch-logfeeder/conf/logfeeder.jceks"}, sources = {LogFeederConstants.LOGFEEDER_PROPERTIES_FILE})
    private String credentialStoreProviderPath;

    @Value("${logfeeder.solr.jaas.file:/etc/security/keytabs/logsearch_solr.service.keytab}")
    @LogSearchPropertyDescription(name = LogFeederConstants.SOLR_JAAS_FILE_PROPERTY, description = "The jaas file used for solr.", examples = {"/usr/lib/ambari-logsearch-logfeeder/conf/logfeeder_jaas.conf"}, defaultValue = LogFeederConstants.DEFAULT_SOLR_JAAS_FILE, sources = {LogFeederConstants.LOGFEEDER_PROPERTIES_FILE})
    private String solrJaasFile;

    @Value("${logfeeder.solr.kerberos.enable:false}")
    @LogSearchPropertyDescription(name = LogFeederConstants.SOLR_KERBEROS_ENABLE_PROPERTY, description = "Enables using kerberos for accessing solr.", examples = {"true"}, defaultValue = "false", sources = {LogFeederConstants.LOGFEEDER_PROPERTIES_FILE})
    private Boolean solrKerberosEnabled;

    public String getKeyStoreLocation() {
        return System.getProperty(KEYSTORE_LOCATION_ARG);
    }

    public String getKeyStoreType() {
        return System.getProperty(KEYSTORE_TYPE_ARG);
    }

    public String getKeyStorePassword() {
        return System.getProperty(KEYSTORE_PASSWORD_ARG);
    }

    public String getTrustStoreLocation() {
        return System.getProperty(TRUSTSTORE_LOCATION_ARG);
    }

    public String getTrustStoreType() {
        return System.getProperty(TRUSTSTORE_TYPE_ARG);
    }

    public String getTrustStorePassword() {
        return System.getProperty(TRUSTSTORE_PASSWORD_ARG);
    }

    public String getCredentialStoreProviderPath() {
        return this.credentialStoreProviderPath;
    }

    public void setCredentialStoreProviderPath(String str) {
        this.credentialStoreProviderPath = str;
    }

    public String getSolrJaasFile() {
        return this.solrJaasFile;
    }

    public void setSolrJaasFile(String str) {
        this.solrJaasFile = str;
    }

    public boolean isSolrKerberosEnabled() {
        return this.solrKerberosEnabled.booleanValue();
    }

    public void setSolrKerberosEnabled(Boolean bool) {
        this.solrKerberosEnabled = bool;
    }

    @PostConstruct
    public void ensureStorePasswords() {
        ensureStorePassword(KEYSTORE_LOCATION_ARG, KEYSTORE_PASSWORD_ARG, KEYSTORE_PASSWORD_PROPERTY_NAME, KEYSTORE_PASSWORD_FILE);
        ensureStorePassword(TRUSTSTORE_LOCATION_ARG, TRUSTSTORE_PASSWORD_ARG, TRUSTSTORE_PASSWORD_PROPERTY_NAME, TRUSTSTORE_PASSWORD_FILE);
    }

    private void ensureStorePassword(String str, String str2, String str3, String str4) {
        if (StringUtils.isNotEmpty(System.getProperty(str)) && StringUtils.isEmpty(System.getProperty(str2))) {
            System.setProperty(str2, getPassword(str3, str4));
        }
    }

    private String getPassword(String str, String str2) {
        String passwordFromCredentialStore = getPasswordFromCredentialStore(str);
        if (passwordFromCredentialStore != null) {
            return passwordFromCredentialStore;
        }
        String passwordFromFile = getPasswordFromFile(str2);
        return passwordFromFile != null ? passwordFromFile : LOGFEEDER_STORE_DEFAULT_PASSWORD;
    }

    private String getPasswordFromCredentialStore(String str) {
        try {
            if (StringUtils.isEmpty(this.credentialStoreProviderPath)) {
                return null;
            }
            Configuration configuration = new Configuration();
            configuration.set(CREDENTIAL_STORE_PROVIDER_PATH_PROPERTY, this.credentialStoreProviderPath);
            char[] password = configuration.getPassword(str);
            if (ArrayUtils.isNotEmpty(password)) {
                return new String(password);
            }
            return null;
        } catch (Exception e) {
            LOG.warn(String.format("Could not load password %s from credential store, using default password", str));
            return null;
        }
    }

    private String getPasswordFromFile(String str) {
        try {
            File file = new File(LOGFEEDER_CERT_DEFAULT_FOLDER, str);
            if (file.exists()) {
                return FileUtils.readFileToString(file, Charset.defaultCharset());
            }
            FileUtils.writeStringToFile(file, LOGFEEDER_STORE_DEFAULT_PASSWORD, Charset.defaultCharset());
            return LOGFEEDER_STORE_DEFAULT_PASSWORD;
        } catch (Exception e) {
            LOG.warn("Exception occurred during read/write password file for keystore/truststore.", e);
            return null;
        }
    }
}
