package oracle.hadoop.mapreduce.database.connection.config.secureio;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.nio.charset.Charset;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import oracle.hadoop.database.connection.ConnectionConfig;
import oracle.hadoop.database.connection.ConnectionConfigUtil;
import oracle.hadoop.mapreduce.database.connection.config.ConnectionConfigFactory;
import oracle.hadoop.mapreduce.database.connection.config.HadoopConnectionConfig;
import oracle.hadoop.security.container.SecureContainer;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocalFileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.mapreduce.JobContext;
import org.apache.hadoop.mapreduce.lib.output.FileOutputFormat;

/* loaded from: input_file:oracle/hadoop/mapreduce/database/connection/config/secureio/SecureContainerWrapperImpl.class */
public class SecureContainerWrapperImpl {
    private static final String HCC_ALIAS = "hcc.alias";
    private static final String TNSNAMES_ORA_ALIAS = "tnsnames.ora";
    private static final String SQLNET_ORA_ALIAS = "sqlnet.ora";
    private static final String WALLET_SSO_ALIAS = "wallet.sso";
    private static final String WALLET_P12_ALIAS = "wallet.p12";
    private static final String WALLET_FILE_ALIAS = "wallet.file";
    private static final String WALLET_IS_DIRECTORY_ALIAS = "wallet.isdir";
    private static final String SSO_WALLET_FILENAME = "cwallet.sso";
    private static final String P12_WALLET_FILENAME = "ewallet.p12";
    private static final String SSL_TRUSTSTORE_ALIAS = "ssl.wallet.alias";
    private static final String SSL_KEYSTORE_ALIAS = "ssl.keystore.alias";
    private static final String SSL_TRUSTSTORE_KEYSTORE_EQUAL_ALIAS = "ssl.wallet.keystore.equal.alias";
    private static final String SSL_WALLET_CONNECTION_PROP = "javax.net.ssl.trustStore";
    private static final String SSL_KEYSTORE_CONNECTION_PROP = "javax.net.ssl.keyStore";
    private static final String SQLNET_ORA_FILENAME = "sqlnet.ora";
    private static final String SC_CACHE_DIRECTORY = "app_cache";
    private static final String SC_RANDOM_DIR_PREFIX = "secco";
    private static final String SC_FILENAME = "secureFile.jceks";
    private static final Log LOG = LogFactory.getLog(SecureContainerWrapperImpl.class);
    private static final byte[] IS_DIRECTORY = {1};
    private static final byte[] IS_FILE = {0};
    private static final byte[] SSL_TRUSTSTORE_KEYSTORE_EQUAL = {1};

    /* loaded from: input_file:oracle/hadoop/mapreduce/database/connection/config/secureio/SecureContainerWrapperImpl$SecureContainerClientInput.class */
    static class SecureContainerClientInput implements SecureInput {
        private SecureContainer sc;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecureContainerClientInput(JobContext jobContext) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            this.sc = SecureContainer.loadContainer(jobContext);
        }

        @Override // oracle.hadoop.mapreduce.database.connection.config.secureio.SecureInput
        public HadoopConnectionConfig read() throws IOException {
            try {
                return readInner();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IOException("Failed to read HadoopConnectionConfig", e);
            }
        }

        private HadoopConnectionConfig readInner() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException {
            byte[] entry = this.sc.getEntry(SecureContainerWrapperImpl.HCC_ALIAS);
            HadoopConnectionConfig readValue = JsonUtils.getHadoopConnectionConfigObjectReaderWrapper().readValue(entry);
            Arrays.fill(entry, (byte) 0);
            return readValue;
        }

        @Override // java.lang.AutoCloseable
        public void close() throws Exception {
            this.sc = null;
        }
    }

    /* loaded from: input_file:oracle/hadoop/mapreduce/database/connection/config/secureio/SecureContainerWrapperImpl$SecureContainerClusterInput.class */
    static class SecureContainerClusterInput implements SecureInput {
        private JobContext context;
        private SecureContainer sc;
        private LinkedList<Path> allFilePath = new LinkedList<>();

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecureContainerClusterInput(JobContext jobContext) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            this.context = jobContext;
            this.sc = SecureContainer.loadContainer(jobContext);
        }

        @Override // oracle.hadoop.mapreduce.database.connection.config.secureio.SecureInput
        public HadoopConnectionConfig read() throws IOException {
            try {
                return readInner();
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IOException("Failed to read HadoopConnectionConfig", e);
            }
        }

        private Path localizeWallet(HadoopConnectionConfig hadoopConnectionConfig) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException {
            byte[] entry = this.sc.getEntry(SecureContainerWrapperImpl.WALLET_IS_DIRECTORY_ALIAS);
            if (entry == null) {
                SecureContainerWrapperImpl.LOG.debug("Wallets not transferred");
                return null;
            }
            if (!Arrays.equals(entry, SecureContainerWrapperImpl.IS_DIRECTORY)) {
                if (!Arrays.equals(entry, SecureContainerWrapperImpl.IS_FILE)) {
                    throw new IllegalStateException("wallet.isdir is neither file nor directory");
                }
                SecureContainerWrapperImpl.LOG.debug("Wallet file transferred");
                Path localizeEntry = this.sc.localizeEntry(SecureContainerWrapperImpl.WALLET_FILE_ALIAS, this.context);
                hadoopConnectionConfig.setClusterWalletLocation(localizeEntry.toUri().getPath());
                this.allFilePath.add(localizeEntry);
                return localizeEntry.getParent();
            }
            SecureContainerWrapperImpl.LOG.debug("Wallet directory transferred");
            Path localizeEntry2 = this.sc.localizeEntry(SecureContainerWrapperImpl.WALLET_SSO_ALIAS, this.context);
            Path localizeEntry3 = this.sc.localizeEntry(SecureContainerWrapperImpl.WALLET_P12_ALIAS, this.context);
            Path path = null;
            if (localizeEntry3 != null) {
                path = localizeEntry3.getParent();
                this.allFilePath.add(localizeEntry3);
            }
            if (localizeEntry2 != null) {
                path = localizeEntry2.getParent();
                this.allFilePath.add(localizeEntry2);
            }
            if (path == null) {
                throw new IllegalStateException("Wallet directory present in secure container but it contains neither sso wallet nor p12 wallet.");
            }
            hadoopConnectionConfig.setClusterWalletLocation(path.toUri().getPath());
            return path;
        }

        private HadoopConnectionConfig readInner() throws IOException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
            try {
                byte[] entry = this.sc.getEntry(SecureContainerWrapperImpl.HCC_ALIAS);
                HadoopConnectionConfig readValue = JsonUtils.getHadoopConnectionConfigObjectReaderWrapper().readValue(entry);
                Arrays.fill(entry, (byte) 0);
                Path localizeEntry = this.sc.localizeEntry(SecureContainerWrapperImpl.TNSNAMES_ORA_ALIAS, this.context);
                if (localizeEntry != null) {
                    this.allFilePath.add(localizeEntry);
                    readValue.setClusterTNSAdmin(localizeEntry.getParent().toUri().getPath());
                }
                Path localizeWallet = localizeWallet(readValue);
                Path localizeEntry2 = this.sc.localizeEntry(SecureContainerWrapperImpl.SSL_TRUSTSTORE_ALIAS, this.context);
                String str = null;
                if (localizeEntry2 != null) {
                    this.allFilePath.add(localizeEntry2);
                    str = localizeEntry2.toUri().getPath();
                    if (SecureContainerWrapperImpl.LOG.isDebugEnabled()) {
                        SecureContainerWrapperImpl.LOG.debug("Cluster ssl-truststore location: " + str);
                    }
                    readValue.getConnectionProps().setProperty(SecureContainerWrapperImpl.SSL_WALLET_CONNECTION_PROP, str);
                }
                if (!Arrays.equals(this.sc.getEntry(SecureContainerWrapperImpl.SSL_TRUSTSTORE_KEYSTORE_EQUAL_ALIAS), SecureContainerWrapperImpl.SSL_TRUSTSTORE_KEYSTORE_EQUAL)) {
                    Path localizeEntry3 = this.sc.localizeEntry(SecureContainerWrapperImpl.SSL_KEYSTORE_ALIAS, this.context);
                    if (localizeEntry3 != null) {
                        this.allFilePath.add(localizeEntry3);
                        String path = localizeEntry3.toUri().getPath();
                        if (SecureContainerWrapperImpl.LOG.isDebugEnabled()) {
                            SecureContainerWrapperImpl.LOG.debug("Cluster ssl-keystore location: " + path);
                        }
                        readValue.getConnectionProps().setProperty(SecureContainerWrapperImpl.SSL_KEYSTORE_CONNECTION_PROP, path);
                    }
                } else {
                    if (str == null) {
                        throw new IllegalStateException("Internal Error: SSL trustStore and keyStore equals file is set. Expecting not-null trustStore location but got nul trustStore location.");
                    }
                    if (SecureContainerWrapperImpl.LOG.isDebugEnabled()) {
                        SecureContainerWrapperImpl.LOG.debug("SSL Keystore and Trustore are same");
                    }
                    readValue.getConnectionProps().setProperty(SecureContainerWrapperImpl.SSL_KEYSTORE_CONNECTION_PROP, str);
                }
                localizeSqlnetOra(localizeWallet, localizeEntry2);
                return readValue;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IOException("Failed to retrieve HadoopConnectionConfig bytes", e);
            }
        }

        private void localizeSqlnetOra(Path path, Path path2) throws IOException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
            char[] entryAsChars = this.sc.getEntryAsChars("sqlnet.ora");
            if (entryAsChars == null || entryAsChars.length == 0) {
                SecureContainerWrapperImpl.LOG.debug("sqlnet.ora file not found in container");
                return;
            }
            StringWriter stringWriter = new StringWriter();
            Throwable th = null;
            try {
                PrintWriter printWriter = new PrintWriter(stringWriter);
                Throwable th2 = null;
                try {
                    try {
                        printWriter.println(entryAsChars);
                        if (path != null) {
                            printWriter.println(String.format("WALLET_LOCATION=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=%s)))", path.toUri().getPath()));
                        }
                        if (path2 != null) {
                            printWriter.println(String.format("WALLET_LOCATION=(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=%s)))", path2.getParent().toUri().getPath()));
                        }
                        String stringWriter2 = stringWriter.toString();
                        Path path3 = new Path(FileSystem.getLocal(this.context.getConfiguration()).getWorkingDirectory(), "sqlnet.ora");
                        this.sc.writeDataAsFile(stringWriter2, path3, this.context);
                        this.allFilePath.add(path3);
                        if (printWriter != null) {
                            if (0 != 0) {
                                try {
                                    printWriter.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                printWriter.close();
                            }
                        }
                        if (stringWriter != null) {
                            if (0 == 0) {
                                stringWriter.close();
                                return;
                            }
                            try {
                                stringWriter.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        }
                    } catch (Throwable th5) {
                        th2 = th5;
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (printWriter != null) {
                        if (th2 != null) {
                            try {
                                printWriter.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        } else {
                            printWriter.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                if (stringWriter != null) {
                    if (0 != 0) {
                        try {
                            stringWriter.close();
                        } catch (Throwable th9) {
                            th.addSuppressed(th9);
                        }
                    } else {
                        stringWriter.close();
                    }
                }
                throw th8;
            }
        }

        @Override // java.lang.AutoCloseable
        public void close() throws Exception {
            if (this.allFilePath != null) {
                Configuration configuration = this.context.getConfiguration();
                Iterator<Path> it = this.allFilePath.iterator();
                while (it.hasNext()) {
                    Path next = it.next();
                    if (next == null) {
                        throw new IllegalStateException("Null path must not be added in list");
                    }
                    next.getFileSystem(configuration).delete(next, false);
                    SecureContainerWrapperImpl.LOG.debug("Deleted " + next.toUri().getPath());
                }
            }
            this.allFilePath = null;
            this.context = null;
            this.sc = null;
        }
    }

    /* loaded from: input_file:oracle/hadoop/mapreduce/database/connection/config/secureio/SecureContainerWrapperImpl$SecureContainerOutput.class */
    static class SecureContainerOutput implements SecureOutput {
        private Job job;
        private SecureContainer sc;
        private Configuration conf;
        private Path secureContainerPath;

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecureContainerOutput(Job job) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            if (job == null) {
                throw new IllegalArgumentException("null job");
            }
            this.job = job;
            this.conf = job.getConfiguration();
            Path outputPath = FileOutputFormat.getOutputPath(job);
            if (outputPath == null) {
                throw new IllegalArgumentException("Job Output Directory not found");
            }
            this.secureContainerPath = new Path(SecureContainer.createRandomizedTempDir(new Path(outputPath.getParent(), SecureContainerWrapperImpl.SC_CACHE_DIRECTORY), SecureContainerWrapperImpl.SC_RANDOM_DIR_PREFIX, this.conf), SecureContainerWrapperImpl.SC_FILENAME);
            this.sc = SecureContainer.newContainer();
        }

        private void storeLocalSqlnetOra(Path path) throws IOException, KeyStoreException {
            FSDataInputStream open = FileSystem.getLocal(this.job.getConfiguration()).open(path);
            Throwable th = null;
            try {
                try {
                    char[] charArray = IOUtils.toCharArray(open, Charset.defaultCharset());
                    if (open != null) {
                        if (0 != 0) {
                            try {
                                open.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            open.close();
                        }
                    }
                    this.sc.addEntry("sqlnet.ora", charArray);
                } finally {
                }
            } catch (Throwable th3) {
                if (open != null) {
                    if (th != null) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        }

        private void storeLocalWallet(Path path) throws IOException, KeyStoreException {
            LocalFileSystem local = FileSystem.getLocal(this.job.getConfiguration());
            FileStatus fileStatus = local.getFileStatus(path);
            if (!fileStatus.isDirectory()) {
                if (!fileStatus.isFile()) {
                    throw new IOException(path.toUri().getPath() + " is neither a file nor a directory");
                }
                this.sc.addEntry(SecureContainerWrapperImpl.WALLET_IS_DIRECTORY_ALIAS, SecureContainerWrapperImpl.IS_FILE);
                this.sc.addEntry(SecureContainerWrapperImpl.WALLET_FILE_ALIAS, path, this.job);
                return;
            }
            this.sc.addEntry(SecureContainerWrapperImpl.WALLET_IS_DIRECTORY_ALIAS, SecureContainerWrapperImpl.IS_DIRECTORY);
            boolean z = false;
            Path path2 = new Path(path, SecureContainerWrapperImpl.SSO_WALLET_FILENAME);
            if (local.exists(path2)) {
                this.sc.addEntry(SecureContainerWrapperImpl.WALLET_SSO_ALIAS, path2, this.job);
                z = true;
            }
            Path path3 = new Path(path, SecureContainerWrapperImpl.P12_WALLET_FILENAME);
            if (local.exists(path3)) {
                this.sc.addEntry(SecureContainerWrapperImpl.WALLET_P12_ALIAS, path3, this.job);
                z = true;
            }
            if (!z) {
                throw new IOException("Neither cwallet.sso nor ewallet.p12 present in " + path.toUri().getPath());
            }
        }

        @Override // oracle.hadoop.mapreduce.database.connection.config.secureio.SecureOutput
        public void write(HadoopConnectionConfig hadoopConnectionConfig) throws IOException {
            try {
                writeInner(hadoopConnectionConfig);
                this.sc.saveContainer(this.secureContainerPath, this.job);
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IOException("Failed to write HadoopConnectionConfig", e);
            }
        }

        private void writeInner(HadoopConnectionConfig hadoopConnectionConfig) throws IOException, KeyStoreException {
            if (hadoopConnectionConfig == null) {
                throw new IllegalArgumentException("null HadoopConnectionConfig");
            }
            ConnectionConfig clientConnectionConfig = ConnectionConfigFactory.getClientConnectionConfig(hadoopConnectionConfig);
            String tNSAdmin = clientConnectionConfig.getTNSAdmin();
            Path tnsnamesOraPath = getTnsnamesOraPath(tNSAdmin);
            Path sqlnetOraPath = getSqlnetOraPath(tNSAdmin);
            Path oEPWalletPath = getOEPWalletPath(ConnectionConfigUtil.getOEPWalletLocation(clientConnectionConfig));
            Path sslTrustStorePath = getSslTrustStorePath(ConnectionConfigUtil.getSslTrustStoreLocation(clientConnectionConfig));
            Path sslKeyStorePath = getSslKeyStorePath(ConnectionConfigUtil.getKeyStoreLocation(clientConnectionConfig));
            if (tnsnamesOraPath != null) {
                this.sc.addEntry(SecureContainerWrapperImpl.TNSNAMES_ORA_ALIAS, tnsnamesOraPath, this.job);
            }
            if (oEPWalletPath != null) {
                storeLocalWallet(oEPWalletPath);
            }
            if (sslTrustStorePath != null) {
                this.sc.addEntry(SecureContainerWrapperImpl.SSL_TRUSTSTORE_ALIAS, sslTrustStorePath, this.job);
            }
            if (sslKeyStorePath != null) {
                if (sslTrustStorePath == null || !sslTrustStorePath.toUri().getPath().equals(sslKeyStorePath.toUri().getPath())) {
                    this.sc.addEntry(SecureContainerWrapperImpl.SSL_KEYSTORE_ALIAS, sslKeyStorePath, this.job);
                } else {
                    this.sc.addEntry(SecureContainerWrapperImpl.SSL_TRUSTSTORE_KEYSTORE_EQUAL_ALIAS, SecureContainerWrapperImpl.SSL_TRUSTSTORE_KEYSTORE_EQUAL);
                }
            }
            if (sqlnetOraPath != null) {
                storeLocalSqlnetOra(sqlnetOraPath);
            }
            this.sc.addEntry(SecureContainerWrapperImpl.HCC_ALIAS, JsonUtils.getHadoopConnectionConfigObjectWriterWrapper().writeValueAsBytes(hadoopConnectionConfig));
        }

        private Path getFileInTnsAdmin(Configuration configuration, String str, String str2) throws IOException {
            if (str == null || str.length() == 0) {
                return null;
            }
            Path path = new Path(new Path(str), str2);
            if (FileSystem.getLocal(configuration).exists(path)) {
                return path;
            }
            return null;
        }

        private Path getTnsnamesOraPath(String str) throws IOException {
            return getFileInTnsAdmin(this.conf, str, SecureContainerWrapperImpl.TNSNAMES_ORA_ALIAS);
        }

        private Path getSqlnetOraPath(String str) throws IOException {
            return getFileInTnsAdmin(this.conf, str, "sqlnet.ora");
        }

        private Path getSslTrustStorePath(String str) throws IOException {
            return getWalletPath(str);
        }

        private Path getSslKeyStorePath(String str) throws IOException {
            return getWalletPath(str);
        }

        private Path getOEPWalletPath(String str) throws IOException {
            return getWalletPath(str);
        }

        private Path getWalletPath(String str) throws IOException {
            if (str == null || str.length() == 0) {
                return null;
            }
            Path path = new Path(str);
            if (FileSystem.getLocal(this.conf).exists(path)) {
                return path;
            }
            return null;
        }

        @Override // java.lang.AutoCloseable
        public void close() throws Exception {
            if (this.sc != null && this.job != null) {
                this.sc.deleteContainer(this.job);
            }
            this.job = null;
            this.sc = null;
            this.conf = null;
            this.secureContainerPath = null;
        }
    }
}
