package com.linkedin.venice.hadoop.ssl;

import com.linkedin.venice.exceptions.VeniceException;
import com.linkedin.venice.hadoop.VenicePushJob;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Properties;
import org.apache.hadoop.io.IOUtils;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/linkedin/venice/hadoop/ssl/TempFileSSLConfigurator.class */
public class TempFileSSLConfigurator implements SSLConfigurator {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) TempFileSSLConfigurator.class);

    @Override // com.linkedin.venice.hadoop.ssl.SSLConfigurator
    public Properties setupSSLConfig(Properties properties, Credentials credentials) {
        Properties properties2 = new Properties();
        properties2.putAll(properties);
        if (properties2.containsKey("security.protocol") && properties2.getProperty("security.protocol").toLowerCase().equals(VenicePushJob.SSL_PREFIX)) {
            LOGGER.info("Start setting up the ssl properties.");
            try {
                byte[] certification = getCertification(credentials, new Text(properties2.getProperty(VenicePushJob.SSL_KEY_STORE_PROPERTY_NAME)));
                LOGGER.info("Found key store cert from credentials.");
                String writeToTempFile = writeToTempFile(certification);
                LOGGER.info("Write key store cert to file: {}", writeToTempFile);
                properties2.put("ssl.keystore.location", writeToTempFile);
                byte[] certification2 = getCertification(credentials, new Text(properties2.getProperty(VenicePushJob.SSL_TRUST_STORE_PROPERTY_NAME)));
                LOGGER.info("Found trust store cert from credentials.");
                String writeToTempFile2 = writeToTempFile(certification2);
                LOGGER.info("Write trust store cert to file: {}", writeToTempFile2);
                properties2.put("ssl.truststore.location", writeToTempFile2);
                properties2.put("ssl.keystore.password", getPassword(credentials, new Text(properties2.getProperty(VenicePushJob.SSL_KEY_STORE_PASSWORD_PROPERTY_NAME))));
                properties2.put("ssl.key.password", getPassword(credentials, new Text(properties2.getProperty(VenicePushJob.SSL_KEY_PASSWORD_PROPERTY_NAME))));
                if (!properties2.containsKey("ssl.keystore.type")) {
                    properties2.put("ssl.keystore.type", "pkcs12");
                }
                if (!properties2.containsKey("ssl.truststore.type")) {
                    properties2.put("ssl.truststore.type", "JKS");
                }
                if (!properties2.containsKey("ssl.truststore.password")) {
                    properties2.put("ssl.truststore.password", "changeit");
                }
                if (!properties2.containsKey("ssl.trustmanager.algorithm")) {
                    properties2.put("ssl.trustmanager.algorithm", "SunX509");
                }
                if (!properties2.containsKey("ssl.keymanager.algorithm")) {
                    properties2.put("ssl.keymanager.algorithm", "SunX509");
                }
                if (!properties2.containsKey("ssl.secure.random.implementation")) {
                    properties2.put("ssl.secure.random.implementation", "SHA1PRNG");
                }
                LOGGER.info("Complete setting up the ssl properties.");
            } catch (VeniceException e) {
                throw e;
            }
        }
        return properties2;
    }

    protected String getPassword(Credentials credentials, Text text) {
        return new String(credentials.getSecretKey(text), StandardCharsets.UTF_8);
    }

    protected byte[] getCertification(Credentials credentials, Text text) {
        byte[] secretKey = credentials.getSecretKey(text);
        if (secretKey == null) {
            throw new VeniceException("Could not find certification: " + text.toString() + " under user's credentials.");
        }
        return secretKey;
    }

    protected String writeToTempFile(byte[] bArr) {
        try {
            Path createTempFile = Files.createTempFile(null, null, new FileAttribute[0]);
            IOUtils.copyBytes((InputStream) new ByteArrayInputStream(bArr), Files.newOutputStream(createTempFile, new OpenOption[0]), bArr.length, true);
            File file = createTempFile.toFile();
            file.deleteOnExit();
            if (bArr.length == file.length() && file.setReadable(true, true)) {
                return file.getCanonicalPath();
            }
            throw new VeniceException("Unable to create or chmod file: " + file.getAbsolutePath());
        } catch (IOException e) {
            throw new VeniceException("Unable to create temp file for certification.", e);
        }
    }
}
