package oracle.kv.impl.util;

import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import oracle.kv.KVSecurityConstants;
import oracle.kv.impl.admin.param.SecurityParams;
import oracle.kv.impl.param.ParameterState;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.AuthenticatorManager;
import oracle.kv.impl.security.PasswordManager;
import oracle.kv.impl.security.PasswordStore;
import oracle.kv.impl.security.PasswordStoreException;
import oracle.kv.impl.security.util.ConsolePasswordReader;
import oracle.kv.impl.security.util.PasswordReader;
import oracle.kv.impl.security.util.SecurityUtils;
import oracle.kv.util.shell.Shell;

/* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator.class */
public class SecurityConfigCreator {
    private static final int MIN_STORE_PASSPHRASE_LEN = 6;
    private String kvRoot;
    private final IOHelper ioHelper;
    private final ParsedConfig config;
    private final String pwdMgrClass;
    private static final String SHARED_KEY_ALIAS = "shared";
    private static final String SSL_CERT_DN = "CN=NoSQL";
    private static final String SSL_CLIENT_PEER = "CN=NoSQL";
    private static final String SSL_SERVER_PEER = "CN=NoSQL";
    private static final String INTERNAL_AUTH_SSL = "ssl";
    private static final String CERT_MODE_SHARED = "shared";
    private static final String CERT_MODE_SERVER = "server";
    private static final String PWD_ALIAS_KEYSTORE = "keystore";
    private static final String NOT_CREATING_KEYTAB_MESSAGE = "The kadmin path was specified as NONE, so not creating a keytab for the database server. The keytab must be generated and copied to the security configuration directory manually.";

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator$GenericIOHelper.class */
    public static class GenericIOHelper implements IOHelper {
        private PrintStream printStream;
        private PasswordReader passwordReader;

        public GenericIOHelper(PrintStream printStream) {
            this(printStream, new ConsolePasswordReader());
        }

        GenericIOHelper(PrintStream printStream, PasswordReader passwordReader) {
            this.printStream = printStream;
            this.passwordReader = passwordReader;
        }

        @Override // oracle.kv.impl.util.SecurityConfigCreator.IOHelper
        public char[] readPassword(String str) throws IOException {
            return this.passwordReader.readPassword(str);
        }

        @Override // oracle.kv.impl.util.SecurityConfigCreator.IOHelper
        public void println(String str) {
            this.printStream.println(str);
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator$IOHelper.class */
    public interface IOHelper {
        char[] readPassword(String str) throws IOException;

        void println(String str);
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator$ParsedConfig.class */
    public static class ParsedConfig {
        private String pwdmgr;
        private String secDir;
        private char[] ksPassword;
        private String certMode;
        private String userExternalAuth;
        private String krbConf;
        private String princInstanceName;
        private boolean printCreatedFiles = true;
        private SecurityUtils.KadminSetting kadminSetting = new SecurityUtils.KadminSetting();
        private List<ParamSetting> userParams = new ArrayList();
        private Properties princConfigProperties = SecurityUtils.getDefaultKrbPrincipalProperties();

        /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator$ParsedConfig$ParamSetting.class */
        public class ParamSetting {
            final ParameterState pstate;
            final String transportName;
            final String paramName;
            final String paramValue;

            ParamSetting(ParameterState parameterState, String str, String str2, String str3) {
                this.pstate = parameterState;
                this.transportName = str;
                this.paramName = str2;
                this.paramValue = str3;
            }

            public ParameterState getParameterState() {
                return this.pstate;
            }

            public String getTransportName() {
                return this.transportName;
            }

            public String getParamName() {
                return this.paramName;
            }

            public String getParamValue() {
                return this.paramValue;
            }
        }

        public void setPwdmgr(String str) {
            this.pwdmgr = str;
        }

        public String getPwdmgr() {
            return this.pwdmgr;
        }

        public void setPrintCreatedFiles(boolean z) {
            this.printCreatedFiles = z;
        }

        public boolean isPrintCreatedFiles() {
            return this.printCreatedFiles;
        }

        public void setKeystorePassword(char[] cArr) {
            this.ksPassword = cArr;
        }

        public char[] getKeystorePassword() {
            return this.ksPassword;
        }

        public void setSecurityDir(String str) {
            this.secDir = str;
        }

        public String getSecurityDir() {
            return this.secDir;
        }

        public void setCertMode(String str) {
            if (str != null && !SecurityUtils.KEY_ALIAS_DEFAULT.equals(str) && !SecurityConfigCreator.CERT_MODE_SERVER.equals(str)) {
                throw new IllegalArgumentException("The value '" + str + "' is not a valid certificate mode.  Only " + SecurityUtils.KEY_ALIAS_DEFAULT + " and " + SecurityConfigCreator.CERT_MODE_SERVER + " are allowed.");
            }
            this.certMode = str;
        }

        public String getCertMode() {
            return this.certMode;
        }

        public void setUserExternalAuth(String str) {
            if (str != null) {
                this.userExternalAuth = str.toUpperCase(Locale.ENGLISH);
                String[] split = this.userExternalAuth.split(ParameterUtils.HELPER_HOST_SEPARATOR);
                for (String str2 : split) {
                    if (!AuthenticatorManager.isValidAuthMethod(str2) && !AuthenticatorManager.noneAuthMethod(str2)) {
                        throw new IllegalArgumentException("The value '" + str2 + "' is not a valid external authentication method. Only " + Arrays.toString(AuthenticatorManager.SystemAuthMethod.values()) + " are allowed.");
                    }
                }
                if (SecurityUtils.hasKerberos(split) && SecurityUtils.hasIDCSOAuth(split)) {
                    throw new IllegalArgumentException("The value '" + split + "' is not valid, cannot enable more than one authentication methods");
                }
            }
            this.userExternalAuth = str;
        }

        public String getUserExternalAuth() {
            return this.userExternalAuth;
        }

        public void setKrbConf(String str) {
            this.krbConf = str;
        }

        public String getKrbConf() {
            return this.krbConf;
        }

        public SecurityUtils.KadminSetting getKadminSetting() {
            return this.kadminSetting;
        }

        public void setInstanceName(String str) {
            this.princInstanceName = str;
        }

        public String getInstanceName() {
            return this.princInstanceName;
        }

        public void setKadminPath(String str) {
            this.kadminSetting.setKrbAdminPath(str);
        }

        public void setAdminPrinc(String str) {
            this.kadminSetting.setKrbAdminPrinc(str);
        }

        public void setKadminKeytab(String str) {
            this.kadminSetting.setKrbAdminKeytab(str);
        }

        public void setKadminCcache(String str) {
            this.kadminSetting.setKrbAdminCcache(str);
        }

        public void addParam(String str) {
            int indexOf = str.indexOf("=");
            if (indexOf < 0) {
                throw new IllegalArgumentException("Invalid parameter setting - missing '='");
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            String[] split = substring.split(TopologyLocator.HOST_PORT_SEPARATOR);
            if (split.length > 2) {
                throw new IllegalArgumentException("Invalid parameter name format: " + substring);
            }
            String str2 = split[split.length - 1];
            String str3 = split.length > 1 ? split[0] : null;
            ParameterState lookup = ParameterState.lookup(str2);
            if (lookup == null) {
                throw new IllegalArgumentException("The name " + str2 + " is not a valid parameter name");
            }
            if (!lookup.appliesTo(ParameterState.Info.SECURITY) && !lookup.appliesTo(ParameterState.Info.TRANSPORT)) {
                throw new IllegalArgumentException("The name " + str2 + " is not a valid parameter for a security configuration");
            }
            if (str3 != null) {
                if (!lookup.appliesTo(ParameterState.Info.TRANSPORT)) {
                    throw new IllegalArgumentException(str2 + " is not a transport parameter");
                }
                if (!ParameterState.SECURITY_TRANSPORT_CLIENT.equals(str3) && !ParameterState.SECURITY_TRANSPORT_INTERNAL.equals(str3) && !ParameterState.SECURITY_TRANSPORT_JE_HA.equals(str3)) {
                    throw new IllegalArgumentException(str3 + " is not a valid transport name");
                }
            }
            this.userParams.add(new ParamSetting(lookup, str3, str2, substring2));
        }

        public List<ParamSetting> getUserParams() {
            return this.userParams;
        }

        public void addKrbProperty(String str) {
            int indexOf = str.indexOf("=");
            if (indexOf < 0) {
                throw new IllegalArgumentException("Invalid parameter setting - missing '='");
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            if (this.princConfigProperties.get(substring) == null) {
                throw new IllegalArgumentException("The name " + substring + " is not a valid Kerberos configuration parameter");
            }
            this.princConfigProperties.put(substring, substring2);
        }

        public Properties getKrbPrincProperties() {
            return this.princConfigProperties;
        }

        public void populateDefaults() {
            if (getSecurityDir() == null) {
                setSecurityDir("security");
            }
            if (getCertMode() == null) {
                setCertMode(SecurityUtils.KEY_ALIAS_DEFAULT);
            }
            if (getKrbConf() == null) {
                setKrbConf(SecurityUtils.KRB_CONF_FILE);
            }
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCreator$ShellIOHelper.class */
    static class ShellIOHelper implements IOHelper {
        private Shell shell;
        private PasswordReader passwordReader;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ShellIOHelper(Shell shell) {
            this.shell = shell;
            this.passwordReader = null;
            if (shell instanceof SecurityShell) {
                this.passwordReader = ((SecurityShell) shell).getPasswordReader();
            }
            if (this.passwordReader == null) {
                this.passwordReader = new ConsolePasswordReader();
            }
        }

        @Override // oracle.kv.impl.util.SecurityConfigCreator.IOHelper
        public char[] readPassword(String str) throws IOException {
            return this.passwordReader.readPassword(str);
        }

        @Override // oracle.kv.impl.util.SecurityConfigCreator.IOHelper
        public void println(String str) {
            this.shell.println(str);
        }
    }

    public SecurityConfigCreator(String str, ParsedConfig parsedConfig, IOHelper iOHelper) {
        this.kvRoot = str;
        this.ioHelper = iOHelper;
        this.config = parsedConfig;
        this.pwdMgrClass = SecurityConfigCommand.getPwdmgrClass(this.config.getPwdmgr());
    }

    public boolean createUserLoginFile(String str, char[] cArr, File file) throws PasswordStoreException, Exception {
        if (resolvePwdMgr() == null) {
            return false;
        }
        SecurityParams makeSecurityParams = makeSecurityParams();
        Properties clientAccessProps = makeSecurityParams.getClientAccessProps();
        clientAccessProps.setProperty(KVSecurityConstants.AUTH_USERNAME_PROPERTY, str);
        if (this.pwdMgrClass.equals(PasswordManager.WALLET_MANAGER_CLASS)) {
            makeSecurityParams.setWalletDir(FileNames.USER_WALLET_DIR);
            clientAccessProps.setProperty(KVSecurityConstants.AUTH_WALLET_PROPERTY, FileNames.USER_WALLET_DIR);
        } else if (this.pwdMgrClass.equals(PasswordManager.FILE_STORE_MANAGER_CLASS)) {
            makeSecurityParams.setPasswordFile(FileNames.USER_PASSWD_FILE);
            clientAccessProps.setProperty(KVSecurityConstants.AUTH_PWDFILE_PROPERTY, FileNames.USER_PASSWD_FILE);
        }
        createUserPasswordStore(file, makeSecurityParams, str, cArr);
        File file2 = new File(file.getPath(), FileNames.USER_SECURITY_FILE);
        clientAccessProps.put("oracle.kv.ssl.trustStore", FileNames.CLIENT_TRUSTSTORE_FILE);
        ConfigUtils.storeProperties(clientAccessProps, null, file2);
        this.ioHelper.println("Generated password for user " + str + ": " + String.valueOf(cArr));
        this.ioHelper.println("User login file: " + file2.getPath());
        return true;
    }

    public boolean createConfig() throws PasswordStoreException, Exception {
        File prepareSecurityDir;
        SecurityUtils.Krb5Config parseKerberosConfig;
        this.config.populateDefaults();
        if (resolvePwdMgr() == null || (prepareSecurityDir = prepareSecurityDir()) == null) {
            return false;
        }
        char[] keystorePassword = this.config.getKeystorePassword();
        if (keystorePassword == null) {
            try {
                keystorePassword = promptForKeyStorePassword();
                if (keystorePassword == null) {
                    this.ioHelper.println("No keystore password specified");
                    return false;
                }
            } catch (IOException e) {
                this.ioHelper.println("I/O error reading password: " + e.getMessage());
                return false;
            }
        } else if (!validKeystorePassword(keystorePassword)) {
            return false;
        }
        SecurityParams makeSecurityParams = makeSecurityParams();
        Properties properties = new Properties();
        properties.setProperty(SecurityUtils.KEY_DISTINGUISHED_NAME, "CN=NoSQL");
        SecurityUtils.initKeyStore(prepareSecurityDir, makeSecurityParams, keystorePassword, properties);
        createUserPasswordStore(prepareSecurityDir, makeSecurityParams, "keystore", keystorePassword);
        if (SecurityUtils.hasKerberos(this.config.getUserExternalAuth())) {
            if (!resolveKerberosAuth() || (parseKerberosConfig = parseKerberosConfig()) == null) {
                return false;
            }
            try {
                this.config.getKadminSetting().validateKadminSetting();
                makeSecurityParams.setKerberosConfFile(parseKerberosConfig.getConfigFilePath());
                makeSecurityParams.setKerberosRealmName(parseKerberosConfig.getDefaultRealm());
                if (this.config.getKadminSetting().doNotPerformKadmin()) {
                    this.ioHelper.println(NOT_CREATING_KEYTAB_MESSAGE);
                } else {
                    SecurityUtils.generateKeyTabFile(prepareSecurityDir, makeSecurityParams, this.config.getKadminSetting(), this.config.getKrbPrincProperties(), this.ioHelper);
                }
            } catch (IllegalArgumentException e2) {
                this.ioHelper.println("kadmin setting error " + e2.getMessage());
                return false;
            }
        }
        if (SecurityUtils.hasIDCSOAuth(this.config.getUserExternalAuth())) {
            resolveIDCSOAuthAuth();
        }
        ConfigUtils.createSecurityConfig(makeSecurityParams, new File(prepareSecurityDir.getPath(), "security.xml"));
        File file = new File(prepareSecurityDir.getPath(), FileNames.CLIENT_SECURITY_FILE);
        Properties clientAccessProps = makeSecurityParams.getClientAccessProps();
        String property = clientAccessProps.getProperty("oracle.kv.ssl.trustStore");
        if (property != null) {
            SecurityUtils.copyOwnerWriteFile(new File(prepareSecurityDir, property), new File(prepareSecurityDir, FileNames.CLIENT_TRUSTSTORE_FILE));
            clientAccessProps.put("oracle.kv.ssl.trustStore", FileNames.CLIENT_TRUSTSTORE_FILE);
        }
        ConfigUtils.storeProperties(clientAccessProps, "Security property settings for communication with KVStore servers", file);
        if (!this.config.isPrintCreatedFiles()) {
            return true;
        }
        List<File> findSecurityFiles = findSecurityFiles(prepareSecurityDir);
        this.ioHelper.println("Created files");
        Iterator<File> it = findSecurityFiles.iterator();
        while (it.hasNext()) {
            this.ioHelper.println("    " + it.next().getPath());
        }
        return true;
    }

    private void createUserPasswordStore(File file, SecurityParams securityParams, String str, char[] cArr) throws IOException {
        PasswordStore makePasswordStore = makePasswordStore(file, securityParams);
        makePasswordStore.setSecret(str, cArr);
        makePasswordStore.save();
        makePasswordStore.discard();
    }

    public boolean addKerberosConfig() {
        if (!resolveKerberosAuth()) {
            return false;
        }
        File file = new File(this.kvRoot);
        if (!file.exists()) {
            this.ioHelper.println("The directory " + file.getPath() + " does not exist");
            return false;
        }
        if (!file.isAbsolute()) {
            this.kvRoot = file.getAbsoluteFile().getPath();
        }
        File file2 = new File(this.kvRoot, this.config.getSecurityDir());
        if (!file2.exists()) {
            this.ioHelper.println("The directory " + file2.getPath() + " does not exist");
            return false;
        }
        this.config.populateDefaults();
        File file3 = new File(file2.getPath(), "security.xml");
        if (!file3.exists()) {
            this.ioHelper.println("security.xml file does not exist, need to run securityconfig create firstly");
            return false;
        }
        SecurityParams securityParams = ConfigUtils.getSecurityParams(file3);
        String kerberosKeytabFile = securityParams.getKerberosKeytabFile();
        if (kerberosKeytabFile == null) {
            kerberosKeytabFile = FileNames.KERBEROS_KEYTAB_FILE;
        }
        SecurityUtils.Krb5Config parseKerberosConfig = parseKerberosConfig();
        if (parseKerberosConfig == null) {
            return false;
        }
        try {
            this.config.getKadminSetting().validateKadminSetting();
            String str = FileNames.KERBEROS_KEYTAB_FILE;
            for (ParsedConfig.ParamSetting paramSetting : this.config.getUserParams()) {
                if (paramSetting.paramName.equals(ParameterState.SEC_KERBEROS_SERVICE_NAME)) {
                    securityParams.setKerberosServiceName(paramSetting.paramValue);
                } else if (paramSetting.paramName.equals(ParameterState.SEC_KERBEROS_KEYTAB_FILE)) {
                    str = paramSetting.paramValue;
                }
            }
            securityParams.setKerberosKeytabFile(str);
            securityParams.setKerberosConfFile(parseKerberosConfig.getConfigFilePath());
            securityParams.setKerberosRealmName(parseKerberosConfig.getDefaultRealm());
            securityParams.setKerberosInstanceName(this.config.getInstanceName());
            if (this.config.getKadminSetting().doNotPerformKadmin()) {
                this.ioHelper.println(NOT_CREATING_KEYTAB_MESSAGE);
                ConfigUtils.createSecurityConfig(securityParams, file3);
                return true;
            }
            String canonicalPrincName = SecurityUtils.getCanonicalPrincName(securityParams);
            KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(canonicalPrincName);
            File file4 = new File(file2, str);
            if (file4.exists()) {
                if (KeyTab.getInstance(file4).getKeys(kerberosPrincipal).length != 0) {
                    this.ioHelper.println("Keytab file " + str + " already contains the keys of " + canonicalPrincName + " not adding this Kerberos service principal.");
                    return false;
                }
                if (!file4.delete()) {
                    this.ioHelper.println("Existing keytab file " + str + " cannot be removed");
                    return false;
                }
            }
            if (kerberosKeytabFile != null && !kerberosKeytabFile.equals(str)) {
                File file5 = new File(file2, kerberosKeytabFile);
                if (file5.exists()) {
                    if (KeyTab.getInstance(file5).getKeys(kerberosPrincipal).length != 0) {
                        this.ioHelper.println("Existing keytab file " + kerberosKeytabFile + " already contains the keys of " + canonicalPrincName + ", rename keytab file from " + kerberosKeytabFile + " to " + str);
                        if (file5.renameTo(file4)) {
                            ConfigUtils.createSecurityConfig(securityParams, file3);
                            return true;
                        }
                        this.ioHelper.println("Rename keytab file failed");
                        return false;
                    }
                    if (!file5.delete()) {
                        this.ioHelper.println("Old keytab file " + kerberosKeytabFile + " cannot be removed");
                        return false;
                    }
                }
            }
            if (!SecurityUtils.generateKeyTabFile(file2, securityParams, this.config.getKadminSetting(), this.config.getKrbPrincProperties(), this.ioHelper)) {
                return false;
            }
            this.ioHelper.println("Created file: " + str);
            ConfigUtils.createSecurityConfig(securityParams, file3);
            return true;
        } catch (IllegalArgumentException e) {
            this.ioHelper.println("kadmin setting error " + e.getMessage());
            return false;
        }
    }

    private List<File> findSecurityFiles(File file) {
        ArrayList arrayList = new ArrayList();
        findFiles(file, arrayList);
        return arrayList;
    }

    private void findFiles(File file, List<File> list) {
        for (File file2 : file.listFiles()) {
            if (file2.isDirectory()) {
                findFiles(file2, list);
            } else {
                list.add(file2);
            }
        }
    }

    private PasswordManager resolvePwdMgr() {
        try {
            return PasswordManager.load(this.pwdMgrClass);
        } catch (ClassNotFoundException e) {
            this.ioHelper.println("Unable to locate password manager class '" + this.pwdMgrClass + "'");
            return null;
        } catch (Exception e2) {
            this.ioHelper.println("Creation of password manager class failed: " + e2.getMessage());
            return null;
        }
    }

    private File prepareSecurityDir() {
        File file = new File(this.kvRoot);
        if (!file.exists()) {
            this.ioHelper.println("The directory " + file.getPath() + " does not exist");
            return null;
        }
        if (!file.isAbsolute()) {
            this.kvRoot = file.getAbsoluteFile().getPath();
        }
        File file2 = new File(this.kvRoot, this.config.getSecurityDir());
        if (file2.exists()) {
            if (!directoryEmpty(file2)) {
                this.ioHelper.println("The directory " + file2.getPath() + " exists and is not empty");
                return null;
            }
        } else if (!file2.mkdir()) {
            this.ioHelper.println("Unable to create the directory " + file2.getPath());
            return null;
        }
        return file2;
    }

    private boolean directoryEmpty(File file) {
        String[] list = file.list();
        return list != null && list.length == 0;
    }

    private PasswordStore makePasswordStore(File file, SecurityParams securityParams) {
        try {
            PasswordStore storeHandle = PasswordManager.load(this.pwdMgrClass).getStoreHandle(new File(file, new File(this.pwdMgrClass.equals(PasswordManager.WALLET_MANAGER_CLASS) ? securityParams.getWalletDir() : securityParams.getPasswordFile()).getPath()));
            try {
                storeHandle.create(null);
                return storeHandle;
            } catch (IOException e) {
                this.ioHelper.println("Error creating password store: " + e.getMessage());
                return null;
            }
        } catch (ClassNotFoundException e2) {
            this.ioHelper.println("Unable to locate password manager class '" + this.pwdMgrClass + "'");
            return null;
        } catch (Exception e3) {
            this.ioHelper.println("Creation of password manager class failed: " + e3.getMessage());
            return null;
        }
    }

    private SecurityParams makeSecurityParams() {
        SecurityParams securityParams = new SecurityParams();
        securityParams.setSecurityEnabled(true);
        if (this.pwdMgrClass.equals(PasswordManager.WALLET_MANAGER_CLASS)) {
            securityParams.setWalletDir(FileNames.WALLET_DIR);
        } else {
            securityParams.setPasswordFile(FileNames.PASSWD_FILE);
            securityParams.setPasswordClass(this.pwdMgrClass);
        }
        securityParams.setKeystorePasswordAlias("keystore");
        securityParams.setKeystoreFile(FileNames.KEYSTORE_FILE);
        securityParams.setTruststoreFile(FileNames.TRUSTSTORE_FILE);
        securityParams.setInternalAuth("ssl");
        securityParams.setCertMode(SecurityUtils.KEY_ALIAS_DEFAULT);
        if (SecurityUtils.hasKerberos(this.config.getUserExternalAuth())) {
            if (this.config.getInstanceName() != null) {
                securityParams.setKerberosInstanceName(this.config.getInstanceName());
            }
            if (this.config.getKrbConf() != null) {
                securityParams.setKerberosConfFile(this.config.getKrbConf());
            }
            securityParams.setKerberosKeytabFile(FileNames.KERBEROS_KEYTAB_FILE);
        }
        securityParams.addTransportMap(ParameterState.SECURITY_TRANSPORT_CLIENT);
        securityParams.setTransType(ParameterState.SECURITY_TRANSPORT_CLIENT, "ssl");
        securityParams.setTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_CLIENT, SecurityUtils.KEY_ALIAS_DEFAULT);
        securityParams.setTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_CLIENT, "dnmatch(CN=NoSQL)");
        securityParams.setTransClientAllowProtocols(ParameterState.SECURITY_TRANSPORT_CLIENT, SecurityUtils.PREFERRED_PROTOCOLS_DEFAULT);
        securityParams.addTransportMap(ParameterState.SECURITY_TRANSPORT_INTERNAL);
        securityParams.setTransType(ParameterState.SECURITY_TRANSPORT_INTERNAL, "ssl");
        securityParams.setTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_INTERNAL, SecurityUtils.KEY_ALIAS_DEFAULT);
        securityParams.setTransClientKeyAlias(ParameterState.SECURITY_TRANSPORT_INTERNAL, SecurityUtils.KEY_ALIAS_DEFAULT);
        securityParams.setTransClientAuthRequired(ParameterState.SECURITY_TRANSPORT_INTERNAL, true);
        securityParams.setTransClientIdentityAllowed(ParameterState.SECURITY_TRANSPORT_INTERNAL, "dnmatch(CN=NoSQL)");
        securityParams.setTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_INTERNAL, "dnmatch(CN=NoSQL)");
        securityParams.setTransClientAllowProtocols(ParameterState.SECURITY_TRANSPORT_INTERNAL, SecurityUtils.PREFERRED_PROTOCOLS_DEFAULT);
        securityParams.addTransportMap(ParameterState.SECURITY_TRANSPORT_JE_HA);
        securityParams.setTransType(ParameterState.SECURITY_TRANSPORT_JE_HA, "ssl");
        securityParams.setTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_JE_HA, SecurityUtils.KEY_ALIAS_DEFAULT);
        securityParams.setTransClientAuthRequired(ParameterState.SECURITY_TRANSPORT_JE_HA, true);
        securityParams.setTransClientIdentityAllowed(ParameterState.SECURITY_TRANSPORT_JE_HA, "dnmatch(CN=NoSQL)");
        securityParams.setTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_JE_HA, "dnmatch(CN=NoSQL)");
        securityParams.setTransAllowProtocols(ParameterState.SECURITY_TRANSPORT_JE_HA, SecurityUtils.PREFERRED_PROTOCOLS_DEFAULT);
        SecurityUtils.applyParamsChanges(securityParams, this.config.getUserParams());
        return securityParams;
    }

    private char[] promptForKeyStorePassword() throws IOException {
        while (true) {
            char[] readPassword = this.ioHelper.readPassword("Enter a password for the Java KeyStore:");
            if (readPassword == null || readPassword.length == 0) {
                return null;
            }
            if (validKeystorePassword(readPassword)) {
                char[] readPassword2 = this.ioHelper.readPassword("Re-enter the KeyStore password for verification:");
                if (readPassword2 != null && SecurityUtils.passwordsMatch(readPassword, readPassword2)) {
                    return readPassword;
                }
                this.ioHelper.println("The passwords do not match");
            }
        }
    }

    private boolean validKeystorePassword(char[] cArr) {
        if (cArr.length >= 6) {
            return true;
        }
        this.ioHelper.println("The keystore password must be at least 6 characters long");
        return false;
    }

    private boolean resolveKerberosAuth() {
        if (AuthenticatorManager.isSupported("KERBEROS")) {
            return true;
        }
        this.ioHelper.println("Unable to locate Kerberos authenticator class, it is possible you are using NoSQL Database Community Edition or Basic Edition. Kerberos authentication is only available in NoSQL Database Enterprise Edition");
        return false;
    }

    private boolean resolveIDCSOAuthAuth() {
        if (AuthenticatorManager.isSupported(SecurityUtils.OAUTH_AUTH_NAME)) {
            return true;
        }
        this.ioHelper.println("IDCS OAuth authentication is not supported");
        return false;
    }

    private SecurityUtils.Krb5Config parseKerberosConfig() {
        File file = new File(this.config.getKrbConf());
        if (!file.exists()) {
            this.ioHelper.println("Kerberos configuration file does not exist");
            return null;
        }
        SecurityUtils.Krb5Config krb5Config = new SecurityUtils.Krb5Config(file);
        try {
            krb5Config.parseConfigFile();
            if (krb5Config.getDefaultRealm() != null && krb5Config.getKdc() != null) {
                return krb5Config;
            }
            this.ioHelper.println("Kerberos configuration file does not specifydefault realm and its kdc correctly");
            return null;
        } catch (IOException e) {
            this.ioHelper.println("Parsing kerberos configuration file " + this.config.getKrbConf() + " error: " + e.getMessage());
            return null;
        }
    }
}
