package org.apache.hadoop.net.hopssslchecks;

import io.hops.security.CertificateLocalization;
import io.hops.security.HopsUtil;
import io.hops.security.SuperuserKeystoresLoader;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.net.HopsSSLSocketFactory;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.ssl.X509SecurityMaterial;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-api-3.2.0.3-RC0.jar:org/apache/hadoop/net/hopssslchecks/SuperUserHopsSSLCheck.class */
public class SuperUserHopsSSLCheck extends AbstractHopsSSLCheck {
    private static final Log LOG = LogFactory.getLog(SuperUserHopsSSLCheck.class);

    public SuperUserHopsSSLCheck() {
        super(-1);
    }

    @Override // org.apache.hadoop.net.hopssslchecks.AbstractHopsSSLCheck, org.apache.hadoop.net.hopssslchecks.HopsSSLCheck
    public HopsSSLCryptoMaterial check(UserGroupInformation userGroupInformation, Set<String> set, Configuration configuration, CertificateLocalization certificateLocalization) throws IOException {
        String userName = userGroupInformation.getUserName();
        if (!set.contains(userName)) {
            return null;
        }
        try {
            isConfigurationNeededForSuperUser(userName, configuration);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Found crypto material with the hostname");
            }
            if (certificateLocalization != null) {
                return new HopsSSLCryptoMaterial(certificateLocalization.getSuperKeystoreLocation(), certificateLocalization.getSuperKeystorePass(), certificateLocalization.getSuperKeyPassword(), certificateLocalization.getSuperTruststoreLocation(), certificateLocalization.getSuperTruststorePass(), certificateLocalization.getSuperMaterialPasswordFile(), true);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("*** Called setTlsConfiguration for superuser but CertificateLocalization is NULL");
            }
            return getSuperuserMaterialFromFile(configuration);
        } catch (SSLMaterialAlreadyConfiguredException e) {
            return new HopsSSLCryptoMaterial(configuration.get(HopsSSLSocketFactory.CryptoKeys.KEY_STORE_FILEPATH_KEY.getValue()), configuration.get(HopsSSLSocketFactory.CryptoKeys.KEY_STORE_PASSWORD_KEY.getValue()), configuration.get(HopsSSLSocketFactory.CryptoKeys.KEY_PASSWORD_KEY.getValue()), configuration.get(HopsSSLSocketFactory.CryptoKeys.TRUST_STORE_FILEPATH_KEY.getValue()), configuration.get(HopsSSLSocketFactory.CryptoKeys.TRUST_STORE_PASSWORD_KEY.getValue()));
        }
    }

    private HopsSSLCryptoMaterial getSuperuserMaterialFromFile(Configuration configuration) throws IOException {
        X509SecurityMaterial loadSuperUserMaterial = new SuperuserKeystoresLoader(configuration).loadSuperUserMaterial();
        if (!fileExists(loadSuperUserMaterial.getKeyStoreLocation()) || !fileExists(loadSuperUserMaterial.getTrustStoreLocation()) || !fileExists(loadSuperUserMaterial.getPasswdLocation())) {
            throw new IOException("Could not load Keystore/Truststore/Password file from " + loadSuperUserMaterial.getKeyStoreLocation().getParent() + " . Check your permissions or configuration");
        }
        String readCryptoMaterialPassword = HopsUtil.readCryptoMaterialPassword(loadSuperUserMaterial.getPasswdLocation().toFile());
        return new HopsSSLCryptoMaterial(loadSuperUserMaterial.getKeyStoreLocation().toString(), readCryptoMaterialPassword, readCryptoMaterialPassword, loadSuperUserMaterial.getTrustStoreLocation().toString(), readCryptoMaterialPassword, loadSuperUserMaterial.getPasswdLocation().toString(), true);
    }

    private boolean fileExists(Path path) {
        return path.toFile().exists();
    }
}
