package oracle.kv.impl.security.util;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertPathBuilder;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.x500.X500Principal;
import oracle.kv.impl.admin.param.SecurityParams;
import oracle.kv.impl.param.ParameterMap;
import oracle.kv.impl.param.ParameterState;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.KVStoreUserPrincipal;
import oracle.kv.impl.security.ResourceOwner;
import oracle.kv.impl.security.ssl.KeyStorePasswordSource;
import oracle.kv.impl.util.CommandParser;
import oracle.kv.impl.util.ConfigUtils;
import oracle.kv.impl.util.FileNames;
import oracle.kv.impl.util.FileUtils;
import oracle.kv.impl.util.SecurityConfigCreator;
import oracle.kv.impl.util.sklogger.StatsData;
import oracle.kv.util.shell.Shell;

/* loaded from: input_file:oracle/kv/impl/security/util/SecurityUtils.class */
public final class SecurityUtils {
    public static final String KEY_CERT_FILE = "certFileName";
    private static final String CERT_FILE_DEFAULT = "store.cert";
    public static final String KEY_KEY_ALGORITHM = "keyAlgorithm";
    private static final String KEY_ALGORITHM_DEFAULT = "RSA";
    public static final String KEY_KEY_SIZE = "keySize";
    private static final String KEY_SIZE_DEFAULT = "1024";
    public static final String KEY_DISTINGUISHED_NAME = "distinguishedName";
    private static final String DISTINGUISHED_NAME_DEFAULT = "cn=NoSQL";
    public static final String KEY_KEY_ALIAS = "keyAlias";
    public static final String KEY_ALIAS_DEFAULT = "shared";
    public static final String KEY_VALIDITY = "validity";
    private static final String VALIDITY_DEFAULT = "365";
    public static final String PREFERRED_PROTOCOLS_DEFAULT = "TLSv1.2,TLSv1.1,TLSv1";
    private static final String KS_PRIVATE_KEY_ENTRY = "PrivateKeyEntry";
    private static final String KS_SECRET_KEY_ENTRY = "SecretKeyEntry";
    private static final String KS_TRUSTED_CERT_ENTRY = "trustedCertEntry";
    private static final String TEMP_CERT_FILE = "temp.cert";
    public static final String KADMIN_DEFAULT = "/usr/kerberos/sbin/kadmin";
    public static final String KRB_CONF_FILE = "/etc/krb5.conf";
    private static final String PRINCIPAL_VALIDITY = "krbPrincValidity";
    private static final String PRINC_VALIDITY_DEFAULT = "365days";
    private static final String KEYSALT_LIST = "krbKeysalt";
    private static final String PRINCIPAL_PWD_EXPIRE = "krbPrincPwdExpire";
    private static final String PRINC_PWD_EXPIRE_DEFAULT = "365days";
    private static final String KEYSALT_LIST_DEFAULT = "des3-cbc-sha1:normal,aes128-cts-hmac-sha1-96:normal,arcfour-hmac:normal";
    public static final String KERBEROS_AUTH_NAME = "KERBEROS";
    public static final String KRB_NAME_COMPONENT_SEPARATOR_STR = "/";
    public static final String KRB_NAME_REALM_SEPARATOR_STR = "@";
    public static final String OAUTH_AUTH_NAME = "IDCSOAUTH";
    private static final String digitSet = "0123456789";
    private static final String upperSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    private static final String lowerSet = "abcdefghijklmnopqrstuvwxyz";
    private static final String specialSet = "!#$%&'()*+,-./:; <>?@[]^_`{|}~";
    private static final String allCharSet = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!#$%&'()*+,-./:; <>?@[]^_`{|}~";
    public static final String IDCS_OAUTH_USER_ID_PREFIX = "idcs";
    private static final Set<String> preferredProtocols;
    public static final Properties princDefaultProps = new Properties();
    private static final SecureRandom random = new SecureRandom();

    /* loaded from: input_file:oracle/kv/impl/security/util/SecurityUtils$KadminSetting.class */
    public static class KadminSetting {
        private static final String NO_KADMIN = "NONE";
        private String krbAdminPath = SecurityUtils.KADMIN_DEFAULT;
        private String krbAdminPrinc;
        private String krbAdminKeytab;
        private String krbAdminCcache;

        public KadminSetting setKrbAdminPath(String str) {
            this.krbAdminPath = str;
            return this;
        }

        public String getKrbAdminPath() {
            return this.krbAdminPath;
        }

        public KadminSetting setKrbAdminPrinc(String str) {
            this.krbAdminPrinc = str;
            return this;
        }

        public String getKrbAdminPrinc() {
            return this.krbAdminPrinc;
        }

        public KadminSetting setKrbAdminKeytab(String str) {
            this.krbAdminKeytab = str;
            return this;
        }

        public String getKrbAdminKeytab() {
            return this.krbAdminKeytab;
        }

        public KadminSetting setKrbAdminCcache(String str) {
            this.krbAdminCcache = str;
            return this;
        }

        public String getKrbAdminCcache() {
            return this.krbAdminCcache;
        }

        public boolean doNotPerformKadmin() {
            return this.krbAdminPath.equalsIgnoreCase("NONE");
        }

        public void validateKadminSetting() throws IllegalArgumentException {
            if (doNotPerformKadmin()) {
                return;
            }
            if (this.krbAdminKeytab != null) {
                if (this.krbAdminCcache != null) {
                    throw new IllegalArgumentException("cannot use admin ketyab and credential cache together");
                }
                if (this.krbAdminPrinc == null) {
                    throw new IllegalArgumentException("must specify admin principal when using keytab file");
                }
                if (!new File(this.krbAdminKeytab).exists()) {
                    throw new IllegalArgumentException("keytab file " + this.krbAdminKeytab + " does not exist");
                }
            }
            if (this.krbAdminCcache != null && !new File(this.krbAdminCcache).exists()) {
                throw new IllegalArgumentException("credential cache " + this.krbAdminCcache + " does not exist");
            }
            if (this.krbAdminKeytab == null && this.krbAdminCcache == null && this.krbAdminPrinc == null) {
                throw new IllegalArgumentException("use kadmin with password must specify principal name");
            }
        }

        public boolean useKeytab() {
            return (this.krbAdminKeytab == null || this.krbAdminPrinc == null || this.krbAdminCcache != null) ? false : true;
        }

        public boolean useCcache() {
            return this.krbAdminCcache != null && this.krbAdminKeytab == null;
        }

        public boolean promptPwd() {
            return this.krbAdminCcache == null && this.krbAdminKeytab == null;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/util/SecurityUtils$KeystoreEntry.class */
    public static class KeystoreEntry {
        private final String alias;
        private final EntryType entryType;

        /* loaded from: input_file:oracle/kv/impl/security/util/SecurityUtils$KeystoreEntry$EntryType.class */
        public enum EntryType {
            PRIVATE_KEY,
            SECRET_KEY,
            TRUSTED_CERT,
            OTHER
        }

        public KeystoreEntry(String str, EntryType entryType) {
            this.alias = str;
            this.entryType = entryType;
        }

        String getAlias() {
            return this.alias;
        }

        EntryType getEntryType() {
            return this.entryType;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/util/SecurityUtils$Krb5Config.class */
    public static class Krb5Config {
        private File configFile;
        private String defaultRealm;
        private String realmKdc;

        public Krb5Config(File file) {
            this.configFile = file;
        }

        public void parseConfigFile() throws IOException {
            int indexOf;
            List<String> loadConfigFile = loadConfigFile();
            HashMap hashMap = new HashMap();
            int i = 0;
            while (i < loadConfigFile.size()) {
                String trim = loadConfigFile.get(i).trim();
                if (trim.equalsIgnoreCase("[libdefaults]")) {
                    int i2 = i + 1;
                    while (true) {
                        if (i2 >= loadConfigFile.size()) {
                            break;
                        }
                        String trim2 = loadConfigFile.get(i2).trim();
                        int indexOf2 = trim2.indexOf(61);
                        if (indexOf2 > 0 && trim2.substring(0, indexOf2).trim().equalsIgnoreCase("default_realm")) {
                            this.defaultRealm = trimmed(trim2.substring(indexOf2 + 1));
                        }
                        if (loadConfigFile.get(i2).startsWith("[")) {
                            i = i2 - 1;
                            break;
                        }
                        i2++;
                    }
                } else if (trim.equalsIgnoreCase("[realms]")) {
                    String str = "";
                    int i3 = i + 1;
                    while (true) {
                        if (i3 < loadConfigFile.size()) {
                            String trim3 = loadConfigFile.get(i3).trim();
                            if (trim3.endsWith("{")) {
                                int indexOf3 = trim3.indexOf(61);
                                if (indexOf3 > 0) {
                                    str = trim3.substring(0, indexOf3).trim();
                                }
                            } else if (!trim3.startsWith("}") && (indexOf = trim3.indexOf(61)) > 0 && trim3.substring(0, indexOf).trim().equalsIgnoreCase("kdc") && !str.equals("")) {
                                hashMap.put(str, trimmed(trim3.substring(indexOf + 1)));
                            }
                            if (loadConfigFile.get(i3).startsWith("[")) {
                                i = i3 - 1;
                                break;
                            }
                            i3++;
                        }
                    }
                }
                i++;
            }
            if (this.defaultRealm != null) {
                this.realmKdc = (String) hashMap.get(this.defaultRealm);
            }
        }

        public String getDefaultRealm() {
            return this.defaultRealm;
        }

        public String getKdc() {
            return this.realmKdc;
        }

        public String getConfigFilePath() {
            return this.configFile.getAbsolutePath();
        }

        private String trimmed(String str) {
            String trim = str.trim();
            if ((trim.charAt(0) == '\"' && trim.charAt(trim.length() - 1) == '\"') || (trim.charAt(0) == '\'' && trim.charAt(trim.length() - 1) == '\'')) {
                trim = trim.substring(1, trim.length() - 1).trim();
            }
            return trim;
        }

        private List<String> loadConfigFile() throws IOException {
            ArrayList arrayList = new ArrayList();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(this.configFile)));
            Throwable th = null;
            String str = null;
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        if (str != null) {
                            arrayList.add(str);
                        }
                        return arrayList;
                    }
                    if (!readLine.startsWith(Shell.COMMENT_MARK) && !readLine.trim().isEmpty()) {
                        String trim = readLine.trim();
                        if (!trim.startsWith("{")) {
                            if (str != null) {
                                arrayList.add(str);
                            }
                            str = trim;
                        } else {
                            if (str == null) {
                                throw new IOException("Config file should not start with \"{\"");
                            }
                            str = str + " " + trim;
                        }
                    }
                } finally {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
            }
        }
    }

    private SecurityUtils() {
    }

    public static boolean makeOwnerAccessOnly(File file) throws IOException {
        if (file.exists()) {
            return FileSysUtils.selectOsOperations().makeOwnerAccessOnly(file);
        }
        return false;
    }

    public static boolean makeOwnerOnlyWriteAccess(File file) throws IOException {
        if (file.exists()) {
            return FileSysUtils.selectOsOperations().makeOwnerAccessOnly(file);
        }
        return false;
    }

    public static boolean passwordsMatch(char[] cArr, char[] cArr2) {
        if (cArr == cArr2) {
            return true;
        }
        if (cArr == null || cArr2 == null) {
            return false;
        }
        return Arrays.equals(cArr, cArr2);
    }

    public static void clearPassword(char[] cArr) {
        if (cArr != null) {
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = ' ';
            }
        }
    }

    public static boolean initKeyStore(File file, SecurityParams securityParams, char[] cArr, Properties properties) {
        if (properties == null) {
            properties = new Properties();
        }
        String property = properties.getProperty(KEY_CERT_FILE, CERT_FILE_DEFAULT);
        String path = new File(file.getPath(), securityParams.getKeystoreFile()).getPath();
        String keystoreType = securityParams.getKeystoreType();
        String path2 = new File(file.getPath(), securityParams.getTruststoreFile()).getPath();
        String truststoreType = securityParams.getTruststoreType();
        String path3 = new File(file.getPath(), property).getPath();
        try {
            String property2 = properties.getProperty(KEY_KEY_ALGORITHM, KEY_ALGORITHM_DEFAULT);
            String property3 = properties.getProperty(KEY_KEY_SIZE, "1024");
            String property4 = properties.getProperty(KEY_DISTINGUISHED_NAME, DISTINGUISHED_NAME_DEFAULT);
            String property5 = properties.getProperty(KEY_KEY_ALIAS, KEY_ALIAS_DEFAULT);
            String str = new String(cArr);
            int runCmd = runCmd(new String[]{"keytool", "-genkeypair", "-keystore", path, "-storetype", keystoreType, "-storepass", str, "-keypass", str, "-alias", property5, "-dname", property4, "-keyAlg", property2, "-keysize", property3, "-validity", properties.getProperty(KEY_VALIDITY, VALIDITY_DEFAULT)});
            if (runCmd != 0) {
                System.err.println("Error creating keyStore: return code " + runCmd);
                return false;
            }
            int runCmd2 = runCmd(new String[]{"keytool", "-export", CommandParser.FILE_FLAG, path3, "-keystore", path, "-storetype", keystoreType, "-storepass", str, "-alias", property5});
            if (runCmd2 != 0) {
                System.err.println("Error exporting certificate: return code " + runCmd2);
                return false;
            }
            try {
                int runCmd3 = runCmd(new String[]{"keytool", "-import", CommandParser.FILE_FLAG, path3, "-keystore", path2, "-storetype", truststoreType, "-storepass", str, CommandParser.NOPROMPT_FLAG});
                if (runCmd3 != 0) {
                    System.err.println("Error importing certificate to trustStore: return code " + runCmd3);
                    new File(path3).delete();
                    return false;
                }
                new File(path3).delete();
                makeOwnerOnlyWriteAccess(new File(path));
                makeOwnerOnlyWriteAccess(new File(path2));
                return true;
            } catch (Throwable th) {
                new File(path3).delete();
                throw th;
            }
        } catch (IOException e) {
            System.err.println("IO error encountered: " + e.getMessage());
            return false;
        }
    }

    public static void updateSecurityParams(File file, List<SecurityConfigCreator.ParsedConfig.ParamSetting> list) {
        File file2 = new File(file, "security.xml");
        if (!file2.exists()) {
            throw new IllegalStateException("security.xml file does not exist, cannot update the security parameters");
        }
        SecurityParams loadSecurityParams = loadSecurityParams(file);
        applyParamsChanges(loadSecurityParams, list);
        ConfigUtils.createSecurityConfig(loadSecurityParams, file2);
    }

    public static void applyParamsChanges(SecurityParams securityParams, List<SecurityConfigCreator.ParsedConfig.ParamSetting> list) {
        ParameterMap map = securityParams.getMap();
        for (SecurityConfigCreator.ParsedConfig.ParamSetting paramSetting : list) {
            if (!paramSetting.getParameterState().appliesTo(ParameterState.Info.TRANSPORT)) {
                map.setParameter(paramSetting.getParamName(), paramSetting.getParamValue());
            } else if (paramSetting.getTransportName() == null) {
                Iterator<ParameterMap> it = securityParams.getTransportMaps().iterator();
                while (it.hasNext()) {
                    it.next().setParameter(paramSetting.getParamName(), paramSetting.getParamValue());
                }
            } else {
                securityParams.getTransportMap(paramSetting.getTransportName()).setParameter(paramSetting.getParamName(), paramSetting.getParamValue());
            }
        }
    }

    public static boolean mergeTrust(File file, File file2) {
        String str;
        SecurityParams loadSecurityParams = loadSecurityParams(file);
        String path = new File(file, loadSecurityParams.getTruststoreFile()).getPath();
        String str2 = new String(retrieveKeystorePassword(loadSecurityParams));
        String truststoreType = loadSecurityParams.getTruststoreType();
        List<KeystoreEntry> listKeystore = listKeystore(new File(path), truststoreType, str2);
        SecurityParams loadSecurityParams2 = loadSecurityParams(file2);
        String path2 = new File(file2, loadSecurityParams2.getTruststoreFile()).getPath();
        String str3 = new String(retrieveKeystorePassword(loadSecurityParams2));
        String truststoreType2 = loadSecurityParams2.getTruststoreType();
        List<KeystoreEntry> listKeystore2 = listKeystore(new File(path2), truststoreType2, str3);
        HashSet hashSet = new HashSet();
        Iterator<KeystoreEntry> it = listKeystore2.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getAlias());
        }
        String path3 = new File(file.getPath(), TEMP_CERT_FILE).getPath();
        try {
            for (KeystoreEntry keystoreEntry : listKeystore) {
                int runCmd = runCmd(new String[]{"keytool", "-export", CommandParser.FILE_FLAG, path3, "-keystore", path, "-storetype", truststoreType, "-storepass", str2, "-alias", keystoreEntry.getAlias()});
                if (runCmd != 0) {
                    System.err.println("Error exporting certificate: return code " + runCmd);
                    return false;
                }
                String alias = keystoreEntry.getAlias();
                if (hashSet.contains(alias)) {
                    int i = 2;
                    while (true) {
                        str = alias + StatsData.DELIMITER + i;
                        if (!hashSet.contains(str)) {
                            break;
                        }
                        i++;
                    }
                    alias = str;
                }
                hashSet.add(alias);
                int runCmd2 = runCmd(new String[]{"keytool", "-import", CommandParser.FILE_FLAG, path3, "-alias", alias, "-keystore", path2, "-storetype", truststoreType2, "-storepass", str3, CommandParser.NOPROMPT_FLAG});
                if (runCmd2 != 0) {
                    System.err.println("Error importing certificate to trustStore: return code " + runCmd2);
                    return false;
                }
            }
            File file3 = new File(path2);
            File file4 = new File(file2, FileNames.CLIENT_TRUSTSTORE_FILE);
            try {
                copyOwnerWriteFile(file3, file4);
                return true;
            } catch (IOException e) {
                System.err.println("Exception " + e + " while copying " + file3 + " to " + file4);
                return false;
            }
        } catch (IOException e2) {
            System.err.println("Exception " + e2 + " while merging truststore files");
            return false;
        }
    }

    public static String printKeystores(File file) {
        SecurityParams loadSecurityParams = loadSecurityParams(file);
        String path = new File(file, loadSecurityParams.getKeystoreFile()).getPath();
        String path2 = new File(file, loadSecurityParams.getTruststoreFile()).getPath();
        String str = new String(retrieveKeystorePassword(loadSecurityParams));
        return printKeystore(path, loadSecurityParams.getKeystoreType(), str) + "\n" + printKeystore(path2, loadSecurityParams.getTruststoreType(), str);
    }

    private static String printKeystore(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        try {
            String[] strArr = {"keytool", "-list", "-keystore", str, "-storetype", str2, "-storepass", str3};
            ArrayList arrayList = new ArrayList();
            if (runCmd(strArr, arrayList) != 0) {
                sb.append("Error listing keyStore: ").append(arrayList);
                return sb.toString();
            }
            sb.append("Keystore: " + str + "\n");
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append(((String) it.next()) + "\n");
            }
            return sb.toString();
        } catch (IOException e) {
            sb.append("IO error encountered: ").append(e.getMessage());
            return sb.toString();
        }
    }

    public static List<KeystoreEntry> listKeystore(File file, String str, String str2) {
        try {
            String[] strArr = {"keytool", "-list", "-keystore", file.getPath(), "-storetype", str, "-storepass", str2};
            ArrayList<String> arrayList = new ArrayList();
            int runCmd = runCmd(strArr, arrayList);
            if (runCmd != 0) {
                System.err.println("Error listing keyStore: return code " + runCmd);
                return null;
            }
            Pattern compile = Pattern.compile("Your keystore contains ([0-9]+) entr.*");
            Pattern compile2 = Pattern.compile("([^,]+),([^,]+, [0-9]+, )([a-zA-Z]+),.*");
            ArrayList arrayList2 = new ArrayList();
            boolean z = false;
            for (String str3 : arrayList) {
                if (z) {
                    Matcher matcher = compile2.matcher(str3);
                    if (matcher.matches()) {
                        String group = matcher.group(3);
                        arrayList2.add(new KeystoreEntry(matcher.group(1), group.equals(KS_PRIVATE_KEY_ENTRY) ? KeystoreEntry.EntryType.PRIVATE_KEY : group.equals(KS_SECRET_KEY_ENTRY) ? KeystoreEntry.EntryType.SECRET_KEY : group.equals(KS_TRUSTED_CERT_ENTRY) ? KeystoreEntry.EntryType.TRUSTED_CERT : KeystoreEntry.EntryType.OTHER));
                    }
                } else if (compile.matcher(str3).matches()) {
                    z = true;
                }
            }
            return arrayList2;
        } catch (IOException e) {
            System.err.println("IO error encountered: " + e.getMessage());
            return null;
        }
    }

    public static void copyOwnerWriteFile(File file, File file2) throws IOException {
        FileUtils.copyFile(file, file2);
        makeOwnerOnlyWriteAccess(file2);
    }

    public static boolean generateKeyTabFile(File file, SecurityParams securityParams, KadminSetting kadminSetting, Properties properties, SecurityConfigCreator.IOHelper iOHelper) {
        if (properties == null) {
            properties = new Properties();
        }
        String path = new File(file.getPath(), securityParams.getKerberosKeytabFile()).getPath();
        try {
            String kerberosServiceName = securityParams.getKerberosServiceName();
            String property = properties.getProperty(PRINCIPAL_VALIDITY);
            String property2 = properties.getProperty(KEYSALT_LIST);
            String property3 = properties.getProperty(PRINCIPAL_PWD_EXPIRE);
            String kerberosInstanceName = securityParams.getKerberosInstanceName();
            String kerberosRealmName = securityParams.getKerberosRealmName();
            String str = kerberosInstanceName != null ? kerberosServiceName + "/" + kerberosInstanceName : kerberosServiceName;
            List<String> generateKadminCmds = generateKadminCmds(kadminSetting, kerberosRealmName);
            generateKadminCmds.add("add_principal -expire " + property + " -pwexpire " + property3 + " -randkey \"" + str + "\"");
            System.out.println("Adding principal " + str);
            int runKadminCmd = runKadminCmd(kadminSetting, iOHelper, generateKadminCmds);
            if (runKadminCmd != 0) {
                System.err.println("Error adding service principal: return code " + runKadminCmd);
                return false;
            }
            generateKadminCmds.remove(generateKadminCmds.size() - 1);
            System.out.println("Extracting keytab " + path);
            generateKadminCmds.add("ktadd -k " + path + " -e " + property2 + " \"" + str + "\"");
            int runKadminCmd2 = runKadminCmd(kadminSetting, iOHelper, generateKadminCmds);
            if (runKadminCmd2 != 0) {
                System.err.println("Error extracting keytab file: return code " + runKadminCmd2);
                return false;
            }
            makeOwnerOnlyWriteAccess(new File(path));
            return true;
        } catch (IOException e) {
            System.err.println("IO error encountered: " + e.getMessage());
            return false;
        }
    }

    public static boolean renewKeytab(File file, String str, KadminSetting kadminSetting, SecurityConfigCreator.IOHelper iOHelper) {
        SecurityParams loadSecurityParams = loadSecurityParams(file);
        File file2 = new File(file, loadSecurityParams.getKerberosKeytabFile());
        if (!file2.exists()) {
            System.err.println("keytab " + file2 + " does not exist");
            return false;
        }
        String canonicalPrincName = getCanonicalPrincName(loadSecurityParams);
        File file3 = null;
        try {
            try {
                List<String> generateKadminCmds = generateKadminCmds(kadminSetting, loadSecurityParams.getKerberosRealmName());
                if (str == null) {
                    str = KEYSALT_LIST_DEFAULT;
                }
                File createTempFile = File.createTempFile("tmp", ".keytab");
                if (!createTempFile.delete()) {
                    System.err.println("Error generating a temporary keytab file");
                    if (createTempFile == null || !createTempFile.exists() || createTempFile.delete()) {
                        return false;
                    }
                    System.err.println("Temporary keytab " + createTempFile + " cannot be deleted");
                    return false;
                }
                generateKadminCmds.add("ktadd -k " + createTempFile.getAbsolutePath() + " -e " + str + " " + canonicalPrincName);
                int runKadminCmd = runKadminCmd(kadminSetting, iOHelper, generateKadminCmds);
                if (runKadminCmd != 0) {
                    System.err.println("Error extracting keytab file: return code " + runKadminCmd);
                    if (createTempFile == null || !createTempFile.exists() || createTempFile.delete()) {
                        return false;
                    }
                    System.err.println("Temporary keytab " + createTempFile + " cannot be deleted");
                    return false;
                }
                if (!file2.delete()) {
                    System.err.println("Old keytab " + file2 + " cannot be deleted");
                    if (createTempFile == null || !createTempFile.exists() || createTempFile.delete()) {
                        return false;
                    }
                    System.err.println("Temporary keytab " + createTempFile + " cannot be deleted");
                    return false;
                }
                if (createTempFile.renameTo(file2)) {
                    makeOwnerOnlyWriteAccess(file2);
                    if (createTempFile == null || !createTempFile.exists() || createTempFile.delete()) {
                        return true;
                    }
                    System.err.println("Temporary keytab " + createTempFile + " cannot be deleted");
                    return false;
                }
                System.err.println("keytab " + createTempFile + " cannot be renamed as " + file2);
                if (createTempFile == null || !createTempFile.exists() || createTempFile.delete()) {
                    return false;
                }
                System.err.println("Temporary keytab " + createTempFile + " cannot be deleted");
                return false;
            } catch (IOException e) {
                System.err.println("IO error encountered: " + e.getMessage());
                if (0 == 0 || !file3.exists() || file3.delete()) {
                    return false;
                }
                System.err.println("Temporary keytab " + ((Object) null) + " cannot be deleted");
                return false;
            }
        } catch (Throwable th) {
            if (0 == 0 || !file3.exists() || file3.delete()) {
                throw th;
            }
            System.err.println("Temporary keytab " + ((Object) null) + " cannot be deleted");
            return false;
        }
    }

    public static boolean isKerberos(String str) {
        if (str == null) {
            return false;
        }
        return str.equalsIgnoreCase("KERBEROS");
    }

    public static boolean hasKerberos(String str) {
        if (str == null) {
            return false;
        }
        for (String str2 : str.split(ParameterUtils.HELPER_HOST_SEPARATOR)) {
            if (isKerberos(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isIDCSOAuth(String str) {
        if (str == null) {
            return false;
        }
        return str.equalsIgnoreCase(OAUTH_AUTH_NAME);
    }

    public static boolean hasIDCSOAuth(String str) {
        if (str == null) {
            return false;
        }
        for (String str2 : str.split(ParameterUtils.HELPER_HOST_SEPARATOR)) {
            if (isIDCSOAuth(str2)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasIDCSOAuth(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (isIDCSOAuth(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasKerberos(String[] strArr) {
        if (strArr == null) {
            return false;
        }
        for (String str : strArr) {
            if (isKerberos(str)) {
                return true;
            }
        }
        return false;
    }

    public static String getCanonicalPrincName(SecurityParams securityParams) {
        StringBuilder sb = new StringBuilder();
        sb.append(securityParams.getKerberosServiceName());
        String kerberosInstanceName = securityParams.getKerberosInstanceName();
        if (kerberosInstanceName != null && !kerberosInstanceName.equals("")) {
            sb.append("/");
            sb.append(securityParams.getKerberosInstanceName());
        }
        if (!securityParams.getKerberosRealmName().equals("")) {
            sb.append(KRB_NAME_REALM_SEPARATOR_STR);
            sb.append(securityParams.getKerberosRealmName());
        }
        return sb.toString();
    }

    private static List<String> generateKadminCmds(KadminSetting kadminSetting, String str) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(kadminSetting.getKrbAdminPath());
        arrayList.add("-r");
        arrayList.add(str);
        if (kadminSetting.useKeytab()) {
            arrayList.add("-k");
            arrayList.add("-t");
            arrayList.add(kadminSetting.getKrbAdminKeytab());
            System.out.println(String.format("Login Kerberos admin via keytab %s with %s", kadminSetting.getKrbAdminKeytab(), kadminSetting.getKrbAdminPrinc()));
        } else if (kadminSetting.useCcache()) {
            arrayList.add("-c");
            arrayList.add(kadminSetting.getKrbAdminCcache());
            System.out.println(String.format("Login Kerberos admin via credential cache %s with %s", kadminSetting.getKrbAdminCcache(), kadminSetting.getKrbAdminPrinc()));
        }
        if (kadminSetting.getKrbAdminPrinc() != null) {
            arrayList.add("-p");
            arrayList.add(kadminSetting.getKrbAdminPrinc());
        }
        arrayList.add("-q");
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int runCmd(String[] strArr) throws IOException {
        Process exec = Runtime.getRuntime().exec(strArr);
        boolean z = false;
        int i = 0;
        while (!z) {
            try {
                i = exec.waitFor();
                z = true;
            } catch (InterruptedException e) {
            }
        }
        return i;
    }

    private static int runKadminCmd(KadminSetting kadminSetting, SecurityConfigCreator.IOHelper iOHelper, List<String> list) throws IOException {
        ArrayList arrayList = new ArrayList();
        ProcessBuilder processBuilder = new ProcessBuilder(list);
        processBuilder.redirectErrorStream(true);
        Process start = processBuilder.start();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
        if (kadminSetting.promptPwd()) {
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(start.getOutputStream()));
            char[] readPassword = iOHelper.readPassword("Password for " + kadminSetting.getKrbAdminPrinc() + ": ");
            if (readPassword == null) {
                System.err.println("Failed to acquire kadmin password");
            }
            bufferedWriter.write(readPassword);
            clearPassword(readPassword);
            bufferedWriter.write("\n");
            bufferedWriter.flush();
        }
        boolean z = false;
        while (!z) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                z = true;
            } else {
                arrayList.add(readLine);
            }
        }
        boolean z2 = false;
        int i = 0;
        while (!z2) {
            try {
                i = start.waitFor();
                z2 = true;
            } catch (InterruptedException e) {
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            System.err.println((String) it.next());
        }
        return i;
    }

    private static int runCmd(String[] strArr, List<String> list) throws IOException {
        Process exec = Runtime.getRuntime().exec(strArr);
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(exec.getInputStream()));
        boolean z = false;
        while (!z) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                z = true;
            } else {
                list.add(readLine);
            }
        }
        boolean z2 = false;
        int i = 0;
        while (!z2) {
            try {
                i = exec.waitFor();
                z2 = true;
            } catch (InterruptedException e) {
            }
        }
        return i;
    }

    public static boolean isLocalHost(String str) throws SocketException {
        try {
            boolean z = false;
            for (InetAddress inetAddress : InetAddress.getAllByName(str)) {
                if (!isLocalAddress(inetAddress)) {
                    return false;
                }
                z = true;
            }
            return z;
        } catch (UnknownHostException e) {
            return false;
        }
    }

    private static boolean isLocalAddress(InetAddress inetAddress) throws SocketException {
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            NetworkInterface nextElement = networkInterfaces.nextElement();
            if (isLocalAddress(nextElement, inetAddress)) {
                return true;
            }
            Enumeration<NetworkInterface> subInterfaces = nextElement.getSubInterfaces();
            while (subInterfaces.hasMoreElements()) {
                if (isLocalAddress(subInterfaces.nextElement(), inetAddress)) {
                    return true;
                }
            }
        }
        return false;
    }

    private static boolean isLocalAddress(NetworkInterface networkInterface, InetAddress inetAddress) {
        Enumeration<InetAddress> inetAddresses = networkInterface.getInetAddresses();
        while (inetAddresses.hasMoreElements()) {
            if (inetAddresses.nextElement().equals(inetAddress)) {
                return true;
            }
        }
        return false;
    }

    public static SecurityParams loadSecurityParams(File file) {
        return ConfigUtils.getSecurityParams(new File(file, "security.xml"));
    }

    private static char[] retrieveKeystorePassword(SecurityParams securityParams) {
        KeyStorePasswordSource create = KeyStorePasswordSource.create(securityParams);
        if (create == null) {
            return null;
        }
        return create.getPassword();
    }

    public static ResourceOwner currentUserAsOwner() {
        KVStoreUserPrincipal currentUser = KVStoreUserPrincipal.getCurrentUser();
        if (currentUser == null) {
            return null;
        }
        return new ResourceOwner(currentUser.getUserId(), currentUser.getName());
    }

    public static Properties getDefaultKrbPrincipalProperties() {
        return (Properties) princDefaultProps.clone();
    }

    public static String verifyConfiguration(File file) {
        SecurityParams loadSecurityParams = loadSecurityParams(file);
        StringBuilder sb = new StringBuilder();
        try {
            String transAllowProtocols = loadSecurityParams.getTransAllowProtocols(ParameterState.SECURITY_TRANSPORT_JE_HA);
            if (!checkIfProtocolsAllowed(transAllowProtocols)) {
                sb.append("Transport JE HA is not using preferred protocols.").append(" Found: ").append(transAllowProtocols).append(" Preferred protocols: ").append(PREFERRED_PROTOCOLS_DEFAULT);
            }
        } catch (IllegalArgumentException e) {
            sb.append("Problem with protocols specified for transport JE HA: ").append(e.getMessage());
        }
        String checkClientAllowedProtocols = checkClientAllowedProtocols(ParameterState.SECURITY_TRANSPORT_INTERNAL, loadSecurityParams);
        if (checkClientAllowedProtocols != null) {
            sb.append(checkClientAllowedProtocols);
        }
        String checkClientAllowedProtocols2 = checkClientAllowedProtocols(ParameterState.SECURITY_TRANSPORT_CLIENT, loadSecurityParams);
        if (checkClientAllowedProtocols2 != null) {
            sb.append(checkClientAllowedProtocols2);
        }
        String transServerKeyAlias = loadSecurityParams.getTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_INTERNAL);
        String transClientKeyAlias = loadSecurityParams.getTransClientKeyAlias(ParameterState.SECURITY_TRANSPORT_INTERNAL);
        if (!transServerKeyAlias.equals(transClientKeyAlias)) {
            sb.append("Key alias of internal transport server ").append(transServerKeyAlias).append(" is not the same as client ").append(transClientKeyAlias).append(".\n");
        }
        String transServerKeyAlias2 = loadSecurityParams.getTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_JE_HA);
        if (!transServerKeyAlias.equals(transServerKeyAlias2)) {
            sb.append("Key alias of internal transport server ").append(transServerKeyAlias).append(" is not the same as JE HA transport ").append(transServerKeyAlias2).append(".\n");
        }
        String transServerKeyAlias3 = loadSecurityParams.getTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_CLIENT);
        if (!transServerKeyAlias.equals(transServerKeyAlias3)) {
            sb.append("Key alias of internal transport server ").append(transServerKeyAlias).append(" is not the same as server for client transport ").append(transServerKeyAlias3).append(".\n");
        }
        String transClientIdentityAllowed = loadSecurityParams.getTransClientIdentityAllowed(ParameterState.SECURITY_TRANSPORT_INTERNAL);
        String transServerIdentityAllowed = loadSecurityParams.getTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_INTERNAL);
        if (!transClientIdentityAllowed.equals(transServerIdentityAllowed)) {
            sb.append("Identities allowed by server side of internal").append(" transport ").append(transServerIdentityAllowed).append(" are not the same as client side of internal").append(" transport ").append(transClientIdentityAllowed).append(".\n");
        }
        String transServerIdentityAllowed2 = loadSecurityParams.getTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_JE_HA);
        if (!transClientIdentityAllowed.equals(transServerIdentityAllowed2)) {
            sb.append("Identities allowed by JE HA transport ").append(transServerIdentityAllowed2).append(" are not the same as internal transport ").append(transClientIdentityAllowed).append(".\n");
        }
        String transServerIdentityAllowed3 = loadSecurityParams.getTransServerIdentityAllowed(ParameterState.SECURITY_TRANSPORT_CLIENT);
        if (!transClientIdentityAllowed.equals(transServerIdentityAllowed3)) {
            sb.append("Identities allowed by client transport ").append(transServerIdentityAllowed3).append(" are not the same as internal transport ").append(transClientIdentityAllowed).append(".\n");
        }
        String checkKeystoreInstallation = checkKeystoreInstallation(loadSecurityParams);
        if (checkKeystoreInstallation != null) {
            sb.append(checkKeystoreInstallation);
        }
        return sb.toString();
    }

    public static KeyStore loadKeyStore(String str, char[] cArr, String str2, String str3) throws IllegalArgumentException {
        if (str3 == null || str3.isEmpty()) {
            str3 = KeyStore.getDefaultType();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str3);
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    try {
                        try {
                            try {
                                keyStore.load(fileInputStream, cArr);
                                return keyStore;
                            } finally {
                                try {
                                    fileInputStream.close();
                                } catch (IOException e) {
                                }
                            }
                        } catch (NoSuchAlgorithmException e2) {
                            throw new IllegalArgumentException("Unable to check " + str2 + " integrity: " + str, e2);
                        }
                    } catch (CertificateException e3) {
                        throw new IllegalArgumentException("Not all certificates could be loaded: " + str, e3);
                    }
                } catch (IOException e4) {
                    throw new IllegalArgumentException("Error reading from " + str2 + " file " + str, e4);
                }
            } catch (FileNotFoundException e5) {
                throw new IllegalArgumentException("Unable to locate specified " + str2 + " " + str, e5);
            }
        } catch (KeyStoreException e6) {
            throw new IllegalArgumentException("Unable to find a " + str2 + " instance of type " + str3, e6);
        }
    }

    private static String checkClientAllowedProtocols(String str, SecurityParams securityParams) {
        String transClientAllowProtocols = securityParams.getTransClientAllowProtocols(str);
        try {
            if (checkIfProtocolsAllowed(transClientAllowProtocols)) {
                return null;
            }
            return "Transport " + str + " is not using preferred protocols " + transClientAllowProtocols + " , the prefered protocols are " + PREFERRED_PROTOCOLS_DEFAULT;
        } catch (IllegalArgumentException e) {
            return "Problem with protocols specified for transport " + str + ": " + e.getMessage();
        }
    }

    private static boolean checkIfProtocolsAllowed(String str) {
        String[] split = str.split(ParameterUtils.HELPER_HOST_SEPARATOR);
        if (split.length == 0) {
            throw new IllegalArgumentException("'" + str + "' does not have the correct format, must be specified in the format 'x,y,z', using commas as delimiters");
        }
        for (String str2 : split) {
            if (preferredProtocols.contains(str2.trim())) {
                return true;
            }
        }
        return false;
    }

    private static String checkKeystoreInstallation(SecurityParams securityParams) {
        KeyStorePasswordSource create = KeyStorePasswordSource.create(securityParams);
        if (create == null) {
            return "Unable to create keystore password source.\n";
        }
        String str = securityParams.getConfigDir() + File.separator + securityParams.getKeystoreFile();
        String str2 = securityParams.getConfigDir() + File.separator + securityParams.getTruststoreFile();
        String transServerKeyAlias = securityParams.getTransServerKeyAlias(ParameterState.SECURITY_TRANSPORT_JE_HA);
        String transClientIdentityAllowed = securityParams.getTransClientIdentityAllowed(ParameterState.SECURITY_TRANSPORT_JE_HA);
        try {
            try {
                char[] password = create.getPassword();
                KeyStore loadKeyStore = loadKeyStore(str, password, ParameterState.SEC_KEYSTORE_FILE, securityParams.getKeystoreType());
                KeyStore loadKeyStore2 = loadKeyStore(str2, password, ParameterState.SEC_TRUSTSTORE_FILE, securityParams.getTruststoreType());
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) loadKeyStore.getEntry(transServerKeyAlias, new KeyStore.PasswordProtection(password));
                if (privateKeyEntry == null) {
                    String str3 = "Private key " + transServerKeyAlias + " does not exist in the keystore.";
                    clearPassword(password);
                    return str3;
                }
                Certificate certificate = privateKeyEntry.getCertificate();
                if (!(certificate instanceof X509Certificate)) {
                    String str4 = "Certificate of " + transServerKeyAlias + " is not a valid X509 certificate.\n";
                    clearPassword(password);
                    return str4;
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                String verifyCertIdentityAllowed = verifyCertIdentityAllowed(subjectX500Principal, transClientIdentityAllowed);
                if (verifyCertIdentityAllowed != null) {
                    clearPassword(password);
                    return verifyCertIdentityAllowed;
                }
                if (subjectX500Principal.getName().equals(x509Certificate.getIssuerX500Principal().getName())) {
                    clearPassword(password);
                    return null;
                }
                X509CertSelector x509CertSelector = new X509CertSelector();
                Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
                x509CertSelector.setCertificate((X509Certificate) certificateChain[0]);
                ArrayList arrayList = new ArrayList();
                for (Certificate certificate2 : certificateChain) {
                    if (!(certificate2 instanceof X509Certificate)) {
                        String str5 = "Certificate chain contains invalid X509 certificate " + certificate2.toString() + ".\n";
                        clearPassword(password);
                        return str5;
                    }
                    arrayList.add((X509Certificate) certificate2);
                }
                try {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(loadKeyStore, x509CertSelector);
                    CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
                    pKIXBuilderParameters.setRevocationEnabled(false);
                    certPathBuilder.build(pKIXBuilderParameters);
                    boolean z = false;
                    Enumeration<String> aliases = loadKeyStore2.aliases();
                    while (aliases.hasMoreElements()) {
                        Certificate certificate3 = loadKeyStore2.getCertificate(aliases.nextElement());
                        if ((certificate3 instanceof X509Certificate) && x509Certificate.equals(certificate3)) {
                            z = true;
                        }
                    }
                    if (z) {
                        clearPassword(password);
                        return null;
                    }
                    String str6 = str2 + " must contain the certificate " + x509Certificate.getSubjectDN().getName() + ".\n";
                    clearPassword(password);
                    return str6;
                } catch (Exception e) {
                    String str7 = "Problem with verifying certificate chain in keystore " + str + ".\n";
                    clearPassword(password);
                    return str7;
                }
            } catch (Exception e2) {
                String str8 = "Unexpected error: " + e2.getMessage();
                clearPassword(null);
                return str8;
            }
        } catch (Throwable th) {
            clearPassword(null);
            throw th;
        }
    }

    static String verifyCertIdentityAllowed(X500Principal x500Principal, String str) {
        String x500Principal2 = x500Principal.toString();
        String name = x500Principal.getName("RFC1779");
        if (checkIdentityAllowed(str, name)) {
            return null;
        }
        return "The certificate's subject name '" + x500Principal2 + "' when displayed in RFC 1779 format as '" + name + "' does not match '" + str + "' specified in allowedIdentities.\n";
    }

    private static boolean checkIdentityAllowed(String str, String str2) {
        return str2.matches(str.substring("dnmatch(".length(), str.length() - 1));
    }

    public static char[] generateKeyStorePassword(int i) {
        char[] cArr = new char[i];
        for (int i2 = 0; i2 < i; i2++) {
            cArr[i2] = allCharSet.charAt(random.nextInt(allCharSet.length()));
        }
        return cArr;
    }

    public static char[] generateUserPassword() {
        char[] cArr = new char[12];
        for (int i = 0; i < 3; i++) {
            cArr[i] = upperSet.charAt(random.nextInt(upperSet.length()));
            cArr[i + 3] = lowerSet.charAt(random.nextInt(lowerSet.length()));
            cArr[i + 6] = specialSet.charAt(random.nextInt(specialSet.length()));
            cArr[i + 9] = digitSet.charAt(random.nextInt(digitSet.length()));
        }
        return permuteCharArray(cArr);
    }

    private static char[] permuteCharArray(char[] cArr) {
        ArrayList arrayList = new ArrayList();
        for (char c : cArr) {
            arrayList.add(Character.valueOf(c));
        }
        Collections.shuffle(arrayList);
        char[] cArr2 = new char[arrayList.size()];
        for (int i = 0; i < arrayList.size(); i++) {
            cArr2[i] = ((Character) arrayList.get(i)).charValue();
        }
        arrayList.clear();
        return cArr2;
    }

    static {
        princDefaultProps.put(PRINCIPAL_VALIDITY, "365days");
        princDefaultProps.put(KEYSALT_LIST, KEYSALT_LIST_DEFAULT);
        princDefaultProps.put(PRINCIPAL_PWD_EXPIRE, "365days");
        preferredProtocols = new HashSet();
        preferredProtocols.add("TLSv1.2");
        preferredProtocols.add("TLSv1.1");
        preferredProtocols.add("TLSv1");
    }
}
