package org.apache.hadoop.hdfs;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.web.URLUtils;
import org.apache.hadoop.util.Time;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLSocketFactory;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.0.5-alpha.jar:org/apache/hadoop/hdfs/HsftpFileSystem.class */
public class HsftpFileSystem extends HftpFileSystem {
    private static final long MM_SECONDS_PER_DAY = 86400000;
    private volatile int ExpWarnDays = 0;

    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.0.5-alpha.jar:org/apache/hadoop/hdfs/HsftpFileSystem$DummyHostnameVerifier.class */
    protected static class DummyHostnameVerifier implements HostnameVerifier {
        protected DummyHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.0.5-alpha.jar:org/apache/hadoop/hdfs/HsftpFileSystem$DummyTrustManager.class */
    public static class DummyTrustManager implements X509TrustManager {
        protected DummyTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem, org.apache.hadoop.fs.FileSystem
    public String getScheme() {
        return "hsftp";
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem, org.apache.hadoop.fs.FileSystem
    public void initialize(URI uri, Configuration configuration) throws IOException {
        super.initialize(uri, configuration);
        setupSsl(configuration);
        this.ExpWarnDays = configuration.getInt("ssl.expiration.warn.days", 30);
    }

    private static void setupSsl(Configuration configuration) throws IOException {
        TrustManager[] trustManagers;
        HdfsConfiguration hdfsConfiguration = new HdfsConfiguration(false);
        hdfsConfiguration.addResource(configuration.get(DFSConfigKeys.DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY, DFSConfigKeys.DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_DEFAULT));
        FileInputStream fileInputStream = null;
        try {
            try {
                SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.SSL);
                KeyManager[] keyManagerArr = null;
                if (hdfsConfiguration.get("ssl.client.keystore.location") != null) {
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
                    KeyStore keyStore = KeyStore.getInstance(hdfsConfiguration.get("ssl.client.keystore.type", "JKS"));
                    char[] charArray = hdfsConfiguration.get("ssl.client.keystore.password", "changeit").toCharArray();
                    FileInputStream fileInputStream2 = new FileInputStream(hdfsConfiguration.get("ssl.client.keystore.location", "keystore.jks"));
                    keyStore.load(fileInputStream2, charArray);
                    keyManagerFactory.init(keyStore, hdfsConfiguration.get("ssl.client.keystore.keypassword", "changeit").toCharArray());
                    keyManagerArr = keyManagerFactory.getKeyManagers();
                    fileInputStream2.close();
                    fileInputStream = null;
                }
                if (hdfsConfiguration.getBoolean("ssl.client.do.not.authenticate.server", false)) {
                    trustManagers = new DummyTrustManager[]{new DummyTrustManager()};
                } else {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
                    KeyStore keyStore2 = KeyStore.getInstance(hdfsConfiguration.get("ssl.client.truststore.type", "JKS"));
                    char[] charArray2 = hdfsConfiguration.get("ssl.client.truststore.password", "changeit").toCharArray();
                    fileInputStream = new FileInputStream(hdfsConfiguration.get("ssl.client.truststore.location", "truststore.jks"));
                    keyStore2.load(fileInputStream, charArray2);
                    trustManagerFactory.init(keyStore2);
                    trustManagers = trustManagerFactory.getTrustManagers();
                }
                sSLContext.init(keyManagerArr, trustManagers, new SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Exception e) {
                throw new IOException("Could not initialize SSLContext", e);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem, org.apache.hadoop.fs.FileSystem
    protected int getDefaultPort() {
        return getDefaultSecurePort();
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem
    protected InetSocketAddress getNamenodeSecureAddr(URI uri) {
        return getNamenodeAddr(uri);
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem
    protected URI getNamenodeUri(URI uri) {
        return getNamenodeSecureUri(uri);
    }

    @Override // org.apache.hadoop.hdfs.HftpFileSystem
    protected HttpURLConnection openConnection(String str, String str2) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) URLUtils.openConnection(new URL("https", this.nnUri.getHost(), this.nnUri.getPort(), str + '?' + addDelegationTokenParam(str2)));
        httpsURLConnection.setHostnameVerifier(new DummyHostnameVerifier());
        httpsURLConnection.setRequestMethod(HttpGet.METHOD_NAME);
        httpsURLConnection.connect();
        int i = this.ExpWarnDays;
        if (i > 0) {
            this.ExpWarnDays = 0;
            long now = (i * 86400000) + Time.now();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpsURLConnection.getLocalCertificates();
            if (x509CertificateArr != null) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    long time = x509Certificate.getNotAfter().getTime();
                    if (time < now) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("\n Client certificate " + x509Certificate.getSubjectX500Principal().getName());
                        sb.append(" have " + ((int) ((time - Time.now()) / 86400000)) + " days to expire");
                        LOG.warn(sb.toString());
                    }
                }
            }
        }
        return httpsURLConnection;
    }
}
