package io.hops.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.X509SecurityMaterial;
import org.apache.hadoop.util.envVars.EnvironmentVariables;
import org.apache.hadoop.util.envVars.EnvironmentVariablesFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.6-RC0.jar:io/hops/security/SuperuserKeystoresLoader.class */
public class SuperuserKeystoresLoader {
    public static final String SUPER_MATERIAL_DIRECTORY_ENV_VARIABLE = "SUPERUSER_MATERIAL_DIRECTORY";
    protected static final String SUPER_MATERIAL_HOME_SUBDIRECTORY = ".hops_tls";
    private static final String SUPER_KEYSTORE_FILE_FORMAT = "%s__kstore.jks";
    private static final String SUPER_TRUSTSTORE_FILE_FORMAT = "%s__tstore.jks";
    private static final String SUPER_MATERIAL_PASSWD_FILE_FORMAT = "%s__passwd";
    private final Configuration configuration;
    private final EnvironmentVariables environmentVariables = EnvironmentVariablesFactory.getInstance();
    private static final Log LOG = LogFactory.getLog(SuperuserKeystoresLoader.class);
    private static final Pattern HOME_PATTERN = Pattern.compile(".*\\$\\{HOME\\}.*");
    private static final Pattern HOME_REPLACEMENT_PATTERN = Pattern.compile("\\$\\{HOME\\}");
    private static final Pattern USER_PATTERN = Pattern.compile(".*\\$\\{USER\\}.*");
    private static final Pattern USER_REPLACEMENT_PATTERN = Pattern.compile("\\$\\{USER\\}");

    public SuperuserKeystoresLoader(Configuration configuration) {
        this.configuration = configuration;
    }

    public X509SecurityMaterial loadSuperUserMaterial() throws IOException {
        Path materialDirectory = getMaterialDirectory();
        String userName = UserGroupInformation.getLoginUser().getUserName();
        return new X509SecurityMaterial(materialDirectory.resolve(getSuperKeystoreFilename(userName)), materialDirectory.resolve(getSuperTruststoreFilename(userName)), materialDirectory.resolve(getSuperMaterialPasswdFilename(userName)));
    }

    private Path getMaterialDirectory() throws IOException {
        String env = this.environmentVariables.getEnv(SUPER_MATERIAL_DIRECTORY_ENV_VARIABLE);
        if (env != null) {
            LOG.debug("Found environment variable for super user material directory. Path is " + env);
            return Paths.get(env, new String[0]);
        }
        String property = System.getProperty("user.home");
        String str = this.configuration.get(CommonConfigurationKeysPublic.HOPS_TLS_SUPER_MATERIAL_DIRECTORY, null);
        if (Strings.isNullOrEmpty(str)) {
            Path path = Paths.get(property, SUPER_MATERIAL_HOME_SUBDIRECTORY);
            LOG.debug("Falling back to $HOME for super user material directory: " + path);
            return path;
        }
        LOG.debug("Super user material directory has been set in configuration file " + str);
        if (HOME_PATTERN.matcher(str).matches()) {
            String replaceAll = HOME_REPLACEMENT_PATTERN.matcher(str).replaceAll(property);
            LOG.debug("Replacing ${HOME} - Super user material directory: " + replaceAll);
            return Paths.get(replaceAll, new String[0]);
        }
        if (!USER_PATTERN.matcher(str).matches()) {
            return Paths.get(str, new String[0]);
        }
        String replaceAll2 = USER_REPLACEMENT_PATTERN.matcher(str).replaceAll(UserGroupInformation.getLoginUser().getUserName());
        LOG.debug("Replacing ${USER} - Super user material directory: " + replaceAll2);
        return Paths.get(replaceAll2, new String[0]);
    }

    @VisibleForTesting
    public String getSuperKeystoreFilename(String str) {
        return String.format(SUPER_KEYSTORE_FILE_FORMAT, str);
    }

    @VisibleForTesting
    public String getSuperTruststoreFilename(String str) {
        return String.format(SUPER_TRUSTSTORE_FILE_FORMAT, str);
    }

    @VisibleForTesting
    public String getSuperMaterialPasswdFilename(String str) {
        return String.format(SUPER_MATERIAL_PASSWD_FILE_FORMAT, str);
    }
}
