package org.apache.knox.gateway.cloud.idbroker.common;

import java.io.IOException;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/knox/gateway/cloud/idbroker/common/CommonUtils.class */
public class CommonUtils {
    private static final Logger LOG = LoggerFactory.getLogger(CommonUtils.class);
    private static final String[] SSL_CLIENT_CONF_PROPS = {"ssl.client.truststore.location", "ssl.client.keystore.location", "ssl.client.truststore.type", "ssl.client.keystore.type"};

    public static boolean useCABCertFromDelegationToken(Configuration configuration, String str) {
        return configuration.getBoolean(str + CommonConstants.USE_CERT_FROM_DT_SUFFIX, false);
    }

    public static String getTruststoreLocation(Configuration configuration, String str) {
        return getTruststoreLocation(configuration, str, null);
    }

    public static String getTruststoreLocation(Configuration configuration, String str, String str2) {
        String trimmed = configuration.getTrimmed(str);
        if (StringUtils.isBlank(trimmed)) {
            ensureSSLClientConfigLoaded(configuration);
            trimmed = configuration.getTrimmed("ssl.client.truststore.location");
            if (StringUtils.isBlank(trimmed)) {
                trimmed = str2;
            }
        }
        return trimmed;
    }

    public static String getTruststorePass(Configuration configuration, String str) {
        return getTruststorePass(configuration, str, null);
    }

    public static String getTruststorePass(Configuration configuration, String str, String str2) {
        String password = getPassword(configuration, str);
        if (StringUtils.isBlank(password)) {
            ensureSSLClientConfigLoaded(configuration);
            password = getPassword(configuration, "ssl.client.truststore.password");
            if (StringUtils.isBlank(password)) {
                password = str2;
            }
        }
        return password;
    }

    public static String getPassword(Configuration configuration, String str) {
        String str2 = null;
        try {
            char[] password = configuration.getPassword(str);
            if (password != null && password.length > 0) {
                str2 = new String(password);
            }
        } catch (IOException e) {
        }
        return str2;
    }

    public static void ensureSSLClientConfigLoaded(Configuration configuration) {
        String trimmed = configuration.getTrimmed(CommonConstants.SSL_CLIENT_CONF);
        if (StringUtils.isBlank(trimmed) || hasSSLClientConfiguration(configuration)) {
            return;
        }
        configuration.addResource(trimmed);
    }

    private static boolean hasSSLClientConfiguration(Configuration configuration) {
        boolean z = false;
        String[] strArr = SSL_CLIENT_CONF_PROPS;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (configuration.get(strArr[i]) != null) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static <T extends DelegationTokenIdentifier> Token<T> lookupToken(Credentials credentials, Text text, Text text2) throws IOException {
        if (text2 == null) {
            throw new IllegalArgumentException("expectedKind is null");
        }
        LOG.debug("Looking for token for service {} in credentials", text);
        Token<T> token = credentials.getToken(text);
        if (token == null) {
            LOG.debug("No token for {} found", text);
            return null;
        }
        Text kind = token.getKind();
        LOG.debug("Found token of kind {}", kind);
        if (text2.equals(kind)) {
            return token;
        }
        throw new IOException("Token mismatch: expected token for " + text + " of type " + text2 + " but got a token of type " + kind);
    }
}
