package io.hops.hopsworks.expat.migrations.x509;

import com.google.common.io.ByteStreams;
import com.google.common.io.Files;
import io.hops.hopsworks.common.util.ProcessDescriptor;
import io.hops.hopsworks.common.util.ProcessResult;
import io.hops.hopsworks.expat.configuration.ConfigurationBuilder;
import io.hops.hopsworks.expat.configuration.ExpatConf;
import io.hops.hopsworks.expat.db.DbConnectionFactory;
import io.hops.hopsworks.expat.db.dao.certificates.ExpatCertificate;
import io.hops.hopsworks.expat.db.dao.user.ExpatUser;
import io.hops.hopsworks.expat.db.dao.user.ExpatUserFacade;
import io.hops.hopsworks.expat.executor.ProcessExecutor;
import io.hops.hopsworks.expat.migrations.MigrationException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.sql.Connection;
import java.sql.SQLException;
import java.time.LocalDateTime;
import java.util.Map;
import java.util.Set;
import org.apache.commons.configuration2.Configuration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:io/hops/hopsworks/expat/migrations/x509/GenerateCertificates.class */
public abstract class GenerateCertificates {
    private static final Logger LOGGER = LogManager.getLogger(GenerateCertificates.class);
    protected Path certsBackupDir;
    protected Configuration config;
    protected Path masterPwdPath;
    protected String intermediateCA;
    protected String masterPassword;
    private Path generateUserCertificatesSh;
    protected Connection connection;
    protected ExpatUserFacade expatUserFacade;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setup(String str) throws MigrationException, ConfigurationException, IOException, SQLException {
        String property = System.getProperty("user.home");
        if (property == null) {
            throw new MigrationException("Could not get user home");
        }
        this.certsBackupDir = Paths.get(property, str + "_certs_backup_" + LocalDateTime.now().toString());
        try {
            FileUtils.forceMkdir(this.certsBackupDir.toFile());
            this.config = ConfigurationBuilder.getConfiguration();
            this.masterPwdPath = Paths.get(this.config.getString(ExpatConf.MASTER_PWD_FILE_KEY), new String[0]);
            this.intermediateCA = this.config.getString(ExpatConf.INTERMEDIATE_CA_PATH);
            this.masterPassword = Files.toString(this.masterPwdPath.toFile(), Charset.defaultCharset());
            this.generateUserCertificatesSh = Paths.get(this.config.getString(ExpatConf.EXPAT_PATH), "bin", "generate_user_certificates.sh");
            this.connection = DbConnectionFactory.getConnection();
            this.expatUserFacade = new ExpatUserFacade();
        } catch (IOException e) {
            throw new MigrationException("Could not create certs backup directory", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void generateNewCertsAndUpdateDb(Map<ExpatCertificate, ExpatUser> map, String str) throws SQLException, IOException {
        int size = map.size();
        LOGGER.info("Going to regenerate " + size + " certificates");
        LOGGER.info("Start generating new " + str + " Certificates");
        int i = 1;
        for (Map.Entry<ExpatCertificate, ExpatUser> entry : map.entrySet()) {
            generateCertificate(entry.getKey(), entry.getValue(), i, size);
            i++;
        }
        LOGGER.info("Start updating certificates");
        updateCertificatesInDB(map.keySet(), this.connection);
    }

    private void generateCertificate(ExpatCertificate expatCertificate, ExpatUser expatUser, int i, int i2) throws IOException {
        String str = expatCertificate.getProjectName() + "__" + expatCertificate.getUsername();
        LOGGER.info("Generating new certificate for " + expatCertificate);
        String str2 = str + ".cert.pem";
        File file = Paths.get(this.intermediateCA, "certs", str2).toFile();
        File file2 = Paths.get(this.certsBackupDir.toString(), str2).toFile();
        String str3 = str + ".key.pem";
        File file3 = Paths.get(this.intermediateCA, "private", str3).toFile();
        File file4 = Paths.get(this.certsBackupDir.toString(), str3).toFile();
        if (file.exists()) {
            FileUtils.moveFile(file, file2);
        }
        if (file3.exists()) {
            FileUtils.moveFile(file3, file4);
        }
        ProcessResult execute = ProcessExecutor.getExecutor().execute(new ProcessDescriptor.Builder().addCommand("/usr/bin/sudo").addCommand(this.generateUserCertificatesSh.toString()).addCommand(str).addCommand(expatCertificate.getPlainPassword()).addCommand(this.config.getString(ExpatConf.VALIDITY_DAYS, "3650")).addCommand(this.config.getString(ExpatConf.CA_PASSWORD)).redirectErrorStream(true).build());
        if (execute.getExitCode() != 0) {
            throw new IOException("Failed to generate certificate for " + str + " Reason: " + execute.getStdout());
        }
        File file5 = Paths.get("/tmp", str + "__kstore.jks").toFile();
        File file6 = Paths.get("/tmp", str + "__tstore.jks").toFile();
        FileInputStream fileInputStream = new FileInputStream(file5);
        Throwable th = null;
        try {
            try {
                byte[] byteArray = ByteStreams.toByteArray(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                fileInputStream = new FileInputStream(file6);
                Throwable th3 = null;
                try {
                    try {
                        byte[] byteArray2 = ByteStreams.toByteArray(fileInputStream);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        expatCertificate.setKeyStore(byteArray);
                        expatCertificate.setTrustStore(byteArray2);
                        LOGGER.info("Finished generating new certificate for " + expatCertificate + " - " + i + "/" + i2);
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
        }
    }

    abstract void updateCertificatesInDB(Set<ExpatCertificate> set, Connection connection) throws SQLException;
}
