package org.apache.knox.gateway.services.security.impl;

import java.io.Console;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.net.ntp.TimeStamp;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.GatewaySpiMessages;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.security.EncryptionResult;

/* loaded from: input_file:org/apache/knox/gateway/services/security/impl/CMFMasterService.class */
public class CMFMasterService {
    private static final String MASTER_PASSPHRASE = "masterpassphrase";
    protected String serviceName;
    private static GatewaySpiMessages LOG = (GatewaySpiMessages) MessagesFactory.get(GatewaySpiMessages.class);
    private static final String MASTER_PERSISTENCE_TAG = "#1.0# " + TimeStamp.getCurrentTime().toDateString();
    protected char[] master = null;
    private ConfigurableEncryptor encryptor = new ConfigurableEncryptor(MASTER_PASSPHRASE);

    public CMFMasterService(String str) {
        this.serviceName = null;
        this.serviceName = str;
    }

    public char[] getMasterSecret() {
        return this.master;
    }

    public void setupMasterSecret(String str, String str2, boolean z, GatewayConfig gatewayConfig) throws ServiceLifecycleException {
        this.encryptor.init(gatewayConfig);
        setupMasterSecret(str, str2, z);
    }

    protected void setupMasterSecret(String str, boolean z) throws ServiceLifecycleException {
        setupMasterSecret(str, this.serviceName + "-master", z);
    }

    protected void setupMasterSecret(String str, String str2, boolean z) throws ServiceLifecycleException {
        File file = new File(str, str2);
        if (file.exists()) {
            try {
                initializeFromMaster(file);
            } catch (Exception e) {
                throw new ServiceLifecycleException("Unable to load the persisted master secret.", e);
            }
        } else {
            if (this.master == null) {
                displayWarning(z);
                promptUser();
            }
            if (z) {
                persistMaster(this.master, file);
            }
        }
    }

    protected void promptUser() {
        Console console = System.console();
        if (console == null) {
            LOG.unableToPromptForMasterUseKnoxCLI();
            System.err.println("No console.");
            System.exit(1);
        }
        boolean z = false;
        do {
            char[] readPassword = console.readPassword("Enter master secret: ", new Object[0]);
            char[] readPassword2 = console.readPassword("Enter master secret again: ", new Object[0]);
            if (readPassword.length == 0) {
                console.format("Password too short. Try again.%n", new Object[0]);
            } else if (Arrays.equals(readPassword, readPassword2)) {
                this.master = Arrays.copyOf(readPassword, readPassword.length);
                z = true;
            } else {
                console.format("Passwords don't match. Try again.%n", new Object[0]);
            }
            Arrays.fill(readPassword, ' ');
            Arrays.fill(readPassword2, ' ');
        } while (!z);
    }

    protected void displayWarning(boolean z) {
        Console console = System.console();
        if (console == null) {
            LOG.unableToPromptForMasterUseKnoxCLI();
            System.err.println("No console.");
            System.exit(1);
        }
        if (z) {
            console.printf("***************************************************************************************************\n", new Object[0]);
            console.printf("You have indicated that you would like to persist the master secret for this service instance.\n", new Object[0]);
            console.printf("Be aware that this is less secure than manually entering the secret on startup.\n", new Object[0]);
            console.printf("The persisted file will be encrypted and primarily protected through OS permissions.\n", new Object[0]);
            console.printf("***************************************************************************************************\n", new Object[0]);
            return;
        }
        console.printf("***************************************************************************************************\n", new Object[0]);
        console.printf("Be aware that you will need to enter your master secret for future starts exactly as you do here.\n", new Object[0]);
        console.printf("This secret is needed to access protected resources for the service process.\n", new Object[0]);
        console.printf("The master secret must be protected, kept secret and not stored in clear text anywhere.\n", new Object[0]);
        console.printf("***************************************************************************************************\n", new Object[0]);
    }

    protected void persistMaster(char[] cArr, File file) {
        EncryptionResult encryptMaster = encryptMaster(cArr);
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(MASTER_PERSISTENCE_TAG);
            arrayList.add(Base64.encodeBase64String((Base64.encodeBase64String(encryptMaster.salt) + "::" + Base64.encodeBase64String(encryptMaster.iv) + "::" + Base64.encodeBase64String(encryptMaster.cipher)).getBytes(StandardCharsets.UTF_8)));
            FileUtils.writeLines(file, StandardCharsets.UTF_8.name(), arrayList);
            chmod("600", file);
        } catch (IOException e) {
            LOG.failedToPersistMasterSecret(e);
        }
    }

    private EncryptionResult encryptMaster(char[] cArr) {
        try {
            return this.encryptor.encrypt(new String(cArr));
        } catch (Exception e) {
            LOG.failedToEncryptMasterSecret(e);
            return null;
        }
    }

    protected void initializeFromMaster(File file) throws Exception {
        try {
            List readLines = FileUtils.readLines(file, StandardCharsets.UTF_8);
            LOG.loadingFromPersistentMaster((String) readLines.get(0));
            String[] split = new String(Base64.decodeBase64((String) readLines.get(1)), StandardCharsets.UTF_8).split("::");
            this.master = new String(this.encryptor.decrypt(Base64.decodeBase64(split[0]), Base64.decodeBase64(split[1]), Base64.decodeBase64(split[2])), StandardCharsets.UTF_8).toCharArray();
        } catch (IOException e) {
            LOG.failedToInitializeFromPersistentMaster(file.getName(), e);
            throw e;
        } catch (Exception e2) {
            LOG.failedToInitializeFromPersistentMaster(file.getName(), e2);
            throw e2;
        }
    }

    private void chmod(String str, File file) throws IOException {
        if (isUnixEnv()) {
            if (str == null || file == null) {
                throw new IllegalArgumentException("nullArg");
            }
            if (!file.exists()) {
                throw new IOException("fileNotFound");
            }
            String[] split = str.split(" +");
            ArrayList arrayList = new ArrayList();
            arrayList.add("/bin/chmod");
            arrayList.addAll(Arrays.asList(split));
            arrayList.add(file.getAbsolutePath());
            new ProcessBuilder(arrayList).start();
        }
    }

    private boolean isUnixEnv() {
        return File.separatorChar == '/';
    }
}
