package org.apache.ranger.services.schema.registry.client.connection.util;

import com.hortonworks.registries.auth.KerberosLogin;
import com.hortonworks.registries.auth.Login;
import com.hortonworks.registries.auth.NOOPLogin;
import com.hortonworks.registries.auth.util.JaasConfiguration;
import com.hortonworks.registries.schemaregistry.client.SchemaRegistryClient;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/services/schema/registry/client/connection/util/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class);
    private static final long KERBEROS_SYNCHRONIZATION_TIMEOUT_MS = 180000;
    private static final String REGISTY_CLIENT_JAAS_SECTION = "RegistryClient";

    public static boolean isHttpsConnection(Map<String, ?> map) {
        return map.get(SchemaRegistryClient.Configuration.SCHEMA_REGISTRY_URL.name()).toString().trim().startsWith("https://");
    }

    public static SSLContext createSSLContext(Map<String, ?> map, String str) throws Exception {
        InputStream fileInputStream;
        SSLContext sSLContext = SSLContext.getInstance(str);
        KeyManager[] keyManagerArr = null;
        String str2 = (String) map.get("keyStorePath");
        if (str2 == null || str2.isEmpty()) {
            str2 = System.getProperty("javax.net.ssl.keyStore");
        }
        String str3 = (String) map.get("keyStorePassword");
        if (str3 == null || str2.isEmpty()) {
            str3 = (String) Optional.ofNullable(System.getProperty("javax.net.ssl.keyStorePassword")).orElse("");
        }
        String str4 = (String) map.get("keyStoreType");
        if (str4 == null || str4.isEmpty()) {
            str4 = System.getProperty("javax.net.ssl.keyStoreType");
        }
        String str5 = (String) map.get("trustStorePath");
        if (str5 == null || str5.isEmpty()) {
            str5 = System.getProperty("javax.net.ssl.trustStore");
        }
        String str6 = (String) map.get("trustStorePassword");
        if (str6 == null || str6.isEmpty()) {
            str6 = (String) Optional.ofNullable(System.getProperty("javax.net.ssl.trustStorePassword")).orElse("");
        }
        String str7 = (String) map.get("trustStoreType");
        if (str7 == null || str7.isEmpty()) {
            str7 = System.getProperty("javax.net.ssl.trustStoreType");
        }
        Object obj = map.get("serverCertValidation");
        boolean z = obj == null || Boolean.parseBoolean(obj.toString());
        if (str2 != null) {
            KeyStore keyStore = KeyStore.getInstance(str4 != null ? str4 : KeyStore.getDefaultType());
            fileInputStream = getFileInputStream(str2);
            try {
                keyStore.load(fileInputStream, str3.toCharArray());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, str3.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } finally {
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        TrustManager[] trustManagerArr = null;
        if (!z) {
            trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: org.apache.ranger.services.schema.registry.client.connection.util.SecurityUtils.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str8) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str8) throws CertificateException {
                }
            }};
        } else if (str5 != null) {
            KeyStore keyStore2 = KeyStore.getInstance(str7 != null ? str7 : KeyStore.getDefaultType());
            fileInputStream = getFileInputStream(str5);
            try {
                keyStore2.load(fileInputStream, str6.toCharArray());
                trustManagerFactory.init(keyStore2);
                trustManagerArr = trustManagerFactory.getTrustManagers();
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } finally {
            }
        }
        sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        return sSLContext;
    }

    private static InputStream getFileInputStream(String str) throws FileNotFoundException {
        InputStream resourceAsStream;
        File file = new File(str);
        if (file.exists()) {
            resourceAsStream = new FileInputStream(file);
        } else {
            resourceAsStream = SecurityUtils.class.getResourceAsStream(str);
            if (resourceAsStream == null && !str.startsWith("/")) {
                resourceAsStream = SecurityUtils.class.getResourceAsStream("/" + str);
            }
            if (resourceAsStream == null) {
                resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(str);
                if (resourceAsStream == null && !str.startsWith("/")) {
                    resourceAsStream = ClassLoader.getSystemResourceAsStream("/" + str);
                }
            }
        }
        return resourceAsStream;
    }

    static String getJaasConfigForClientPrincipal(Map<String, ?> map) {
        String str = (String) map.get("lookupkeytab");
        String str2 = (String) map.get("lookupprincipal");
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return null;
        }
        return "com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false principal=\"" + str2 + "\" useKeyTab=true keyTab=\"" + str + "\";";
    }

    public static Login initializeSecurityContext(Map<String, ?> map) {
        String jaasConfigForClientPrincipal = getJaasConfigForClientPrincipal(map);
        if (isKerberosEnabled(map) && jaasConfigForClientPrincipal != null) {
            KerberosLogin kerberosLogin = new KerberosLogin(KERBEROS_SYNCHRONIZATION_TIMEOUT_MS);
            try {
                kerberosLogin.configure(new HashMap(), REGISTY_CLIENT_JAAS_SECTION, new JaasConfiguration(REGISTY_CLIENT_JAAS_SECTION, jaasConfigForClientPrincipal));
                kerberosLogin.login();
                return kerberosLogin;
            } catch (LoginException e) {
                LOG.error("Failed to initialize the dynamic JAAS config: " + jaasConfigForClientPrincipal + ". Attempting static JAAS config.");
            } catch (Exception e2) {
                LOG.error("Failed to parse the dynamic JAAS config. Attempting static JAAS config.", e2);
            }
        }
        return new NOOPLogin();
    }

    static boolean isKerberosEnabled(Map<String, ?> map) {
        String str = (String) map.get("authtype");
        String str2 = (String) map.get("schema-registry.authentication");
        return str != null && str2 != null && str.equals("kerberos") && str2.equalsIgnoreCase("kerberos");
    }
}
