package org.apache.accumulo.server.security;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecurityPermission;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.security.thrift.AuthInfo;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.conf.ServerConfiguration;
import org.apache.accumulo.server.master.state.TabletServerState;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:org/apache/accumulo/server/security/SecurityConstants.class */
public class SecurityConstants {
    private static SecurityPermission SYSTEM_CREDENTIALS_PERMISSION = new SecurityPermission("systemCredentialsPermission");
    private static final byte[] SYSTEM_PASSWORD = makeSystemPassword();
    public static final String SYSTEM_USERNAME = "!SYSTEM";
    private static final AuthInfo systemCredentials = new AuthInfo(SYSTEM_USERNAME, ByteBuffer.wrap(SYSTEM_PASSWORD), HdfsZooInstance.getInstance().getInstanceID());
    public static byte[] confChecksum = null;

    public static AuthInfo getSystemCredentials() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SYSTEM_CREDENTIALS_PERMISSION);
        }
        return systemCredentials;
    }

    private static byte[] makeSystemPassword() {
        byte[] bytes = "1.4.1".getBytes();
        byte[] bytes2 = HdfsZooInstance.getInstance().getInstanceID().getBytes();
        try {
            confChecksum = getSystemConfigChecksum();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(12 + bytes.length + bytes2.length + confChecksum.length);
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            try {
                dataOutputStream.write(bytes.length);
                dataOutputStream.write(bytes);
                dataOutputStream.write(bytes2.length);
                dataOutputStream.write(bytes2);
                dataOutputStream.write(confChecksum.length);
                dataOutputStream.write(confChecksum);
                return Base64.encodeBase64(byteArrayOutputStream.toByteArray());
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Failed to compute configuration checksum", e2);
        }
    }

    public static TabletServerState compareSystemPassword(byte[] bArr) {
        if (Arrays.equals(SYSTEM_PASSWORD, bArr)) {
            return TabletServerState.RESERVED;
        }
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(Base64.decodeBase64(bArr)));
        try {
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr2);
            boolean z = !Arrays.equals(bArr2, "1.4.1".getBytes());
            byte[] bArr3 = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr3);
            boolean z2 = !Arrays.equals(bArr3, HdfsZooInstance.getInstance().getInstanceID().getBytes());
            byte[] bArr4 = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr4);
            boolean z3 = !Arrays.equals(bArr4, getSystemConfigChecksum());
            if (dataInputStream.available() > 0) {
                throw new IOException();
            }
            return z ? z2 ? z3 ? TabletServerState.BAD_VERSION_AND_INSTANCE_AND_CONFIG : TabletServerState.BAD_VERSION_AND_INSTANCE : z3 ? TabletServerState.BAD_VERSION_AND_CONFIG : TabletServerState.BAD_VERSION : z2 ? z3 ? TabletServerState.BAD_INSTANCE_AND_CONFIG : TabletServerState.BAD_INSTANCE : z3 ? TabletServerState.BAD_CONFIG : TabletServerState.BAD_SYSTEM_PASSWORD;
        } catch (IOException e) {
            return TabletServerState.BAD_SYSTEM_PASSWORD;
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("Failed to compare system password", e2);
        }
    }

    private static byte[] getSystemConfigChecksum() throws NoSuchAlgorithmException {
        if (confChecksum == null) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update("1.4.1".getBytes());
            messageDigest.update(HdfsZooInstance.getInstance().getInstanceID().getBytes());
            Iterator it = ServerConfiguration.getSystemConfiguration().iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                if (((String) entry.getKey()).startsWith(Property.INSTANCE_PREFIX.toString())) {
                    messageDigest.update(((String) entry.getKey()).getBytes());
                    messageDigest.update(((String) entry.getValue()).getBytes());
                }
            }
            confChecksum = messageDigest.digest();
        }
        return confChecksum;
    }
}
