package org.apache.hadoop.crypto.key;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Map;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.log4j.Logger;
import org.apache.ranger.kms.dao.DaoManager;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKMSDB.class */
public class RangerKMSDB {
    static final Logger logger = Logger.getLogger(RangerKMSDB.class);
    private EntityManagerFactory entityManagerFactory;
    private DaoManager daoManager;
    private final Map<String, String> jpaProperties;
    private static final String PROPERTY_PREFIX = "ranger.ks.";
    private static final String DB_DIALECT = "jpa.jdbc.dialect";
    private static final String DB_DRIVER = "jpa.jdbc.driver";
    private static final String DB_URL = "jpa.jdbc.url";
    private static final String DB_USER = "jpa.jdbc.user";
    private static final String DB_PASSWORD = "jpa.jdbc.password";
    private static final String JPA_DB_DIALECT = "javax.persistence.jdbc.dialect";
    private static final String JPA_DB_DRIVER = "javax.persistence.jdbc.driver";
    private static final String JPA_DB_URL = "javax.persistence.jdbc.url";
    private static final String JPA_DB_USER = "javax.persistence.jdbc.user";
    private static final String JPA_DB_PASSWORD = "javax.persistence.jdbc.password";
    private static final String DB_SSL_ENABLED = "db.ssl.enabled";
    private static final String DB_SSL_REQUIRED = "db.ssl.required";
    private static final String DB_SSL_VerifyServerCertificate = "db.ssl.verifyServerCertificate";
    private static final String DB_SSL_AUTH_TYPE = "db.ssl.auth.type";
    private static final String DB_SSL_KEYSTORE = "keystore.file";
    private static final String DB_SSL_KEYSTORE_PASSWORD = "keystore.password";
    private static final String DB_SSL_TRUSTSTORE = "truststore.file";
    private static final String DB_SSL_TRUSTSTORE_PASSWORD = "truststore.password";
    private static final String DB_SSL_CERTIFICATE_FILE = "db.ssl.certificateFile";
    public static final int DB_FLAVOR_UNKNOWN = 0;
    public static final int DB_FLAVOR_MYSQL = 1;
    public static final int DB_FLAVOR_ORACLE = 2;
    public static final int DB_FLAVOR_POSTGRES = 3;
    public static final int DB_FLAVOR_SQLSERVER = 4;
    public static final int DB_FLAVOR_SQLANYWHERE = 5;
    private final Configuration conf;

    public RangerKMSDB() {
        this.jpaProperties = new HashMap();
        this.conf = new Configuration();
    }

    public RangerKMSDB(Configuration configuration) {
        this.jpaProperties = new HashMap();
        this.conf = configuration;
        initDBConnectivity();
    }

    public DaoManager getDaoManager() {
        return this.daoManager;
    }

    private void initDBConnectivity() {
        try {
            this.jpaProperties.put(JPA_DB_DIALECT, this.conf.get("ranger.ks.jpa.jdbc.dialect"));
            this.jpaProperties.put(JPA_DB_DRIVER, this.conf.get("ranger.ks.jpa.jdbc.driver"));
            this.jpaProperties.put(JPA_DB_URL, this.conf.get("ranger.ks.jpa.jdbc.url"));
            this.jpaProperties.put(JPA_DB_USER, this.conf.get("ranger.ks.jpa.jdbc.user"));
            this.jpaProperties.put(JPA_DB_PASSWORD, this.conf.get("ranger.ks.jpa.jdbc.password"));
            if (getDBFlavor(this.conf) == 1 || getDBFlavor(this.conf) == 3) {
                updateDBSSLURL();
            }
            this.entityManagerFactory = Persistence.createEntityManagerFactory("persistence_ranger_server", this.jpaProperties);
            this.daoManager = new DaoManager();
            this.daoManager.setEntityManagerFactory(this.entityManagerFactory);
            this.daoManager.getEntityManager();
            logger.info("Connected to DB : " + isDbConnected());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private boolean isDbConnected() {
        EntityManager entityManager = getEntityManager();
        return entityManager != null && entityManager.isOpen();
    }

    private EntityManager getEntityManager() {
        DaoManager daoManager = this.daoManager;
        if (daoManager == null) {
            return null;
        }
        try {
            return daoManager.getEntityManager();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private int getDBFlavor(Configuration configuration) {
        for (String str : new String[]{"ranger.ks.jpa.jdbc.dialect", "ranger.ks.jpa.jdbc.driver", "ranger.ks.jpa.jdbc.url"}) {
            String str2 = configuration.get(str);
            if (!StringUtils.isBlank(str2)) {
                if (StringUtils.containsIgnoreCase(str2, "mysql")) {
                    return 1;
                }
                if (StringUtils.containsIgnoreCase(str2, "oracle")) {
                    return 2;
                }
                if (StringUtils.containsIgnoreCase(str2, "postgresql")) {
                    return 3;
                }
                if (StringUtils.containsIgnoreCase(str2, "sqlserver") || StringUtils.containsIgnoreCase(str2, "mssql")) {
                    return 4;
                }
                if (StringUtils.containsIgnoreCase(str2, "sqlanywhere") || StringUtils.containsIgnoreCase(str2, "sqla")) {
                    return 5;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("DB Flavor could not be determined from property - " + str + "=" + str2);
                }
            }
        }
        logger.error("DB Flavor could not be determined");
        return 0;
    }

    private void updateDBSSLURL() {
        if (this.conf == null || this.conf.get("ranger.ks.db.ssl.enabled") == null) {
            return;
        }
        String normalize = normalize(this.conf.get("ranger.ks.db.ssl.enabled"));
        if ("true".equalsIgnoreCase(normalize)) {
            String normalize2 = normalize(this.conf.get("ranger.ks.db.ssl.required"));
            String normalize3 = normalize(this.conf.get("ranger.ks.db.ssl.verifyServerCertificate"));
            String str = this.conf.get("ranger.ks.db.ssl.auth.type", "2-way");
            this.conf.set("ranger.ks.db.ssl.enabled", normalize);
            this.conf.set("ranger.ks.db.ssl.required", normalize2);
            this.conf.set("ranger.ks.db.ssl.verifyServerCertificate", normalize3);
            this.conf.set("ranger.ks.db.ssl.auth.type", str);
            String str2 = this.conf.get("ranger.ks.jpa.jdbc.url");
            if (StringUtils.isNotEmpty(str2) && !str2.contains("?")) {
                StringBuffer stringBuffer = new StringBuffer(str2);
                if (getDBFlavor(this.conf) == 1) {
                    stringBuffer.append("?useSSL=" + normalize + "&requireSSL=" + normalize2 + "&verifyServerCertificate=" + normalize3);
                } else if (getDBFlavor(this.conf) == 3) {
                    String str3 = this.conf.get("ranger.ks.db.ssl.certificateFile");
                    if (StringUtils.isNotEmpty(str3)) {
                        stringBuffer.append("?ssl=" + normalize + "&sslmode=verify-full&sslrootcert=" + str3);
                    } else if ("true".equalsIgnoreCase(normalize3) || "true".equalsIgnoreCase(normalize2)) {
                        stringBuffer.append("?ssl=" + normalize + "&sslmode=verify-full&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory");
                    } else {
                        stringBuffer.append("?ssl=" + normalize);
                    }
                }
                this.conf.set("ranger.ks.jpa.jdbc.url", stringBuffer.toString());
            }
            this.jpaProperties.put(JPA_DB_URL, this.conf.get("ranger.ks.jpa.jdbc.url"));
            logger.info("ranger.ks.jpa.jdbc.url=" + this.conf.get("ranger.ks.jpa.jdbc.url"));
            if ("true".equalsIgnoreCase(normalize3) || "true".equalsIgnoreCase(normalize2)) {
                if (!"1-way".equalsIgnoreCase(str)) {
                    String str4 = this.conf.get("ranger.ks.keystore.file");
                    if (StringUtils.isEmpty(str4)) {
                        logger.debug("keystore property 'ranger.ks.keystore.file' value not found!");
                    } else {
                        Path path = Paths.get(str4, new String[0]);
                        if (Files.exists(path, new LinkOption[0]) && Files.isReadable(path)) {
                            System.setProperty("javax.net.ssl.keyStore", this.conf.get("ranger.ks.keystore.file"));
                            System.setProperty("javax.net.ssl.keyStorePassword", this.conf.get("ranger.ks.keystore.password"));
                            System.setProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
                        } else {
                            logger.debug("Could not find or read keystore file '" + str4 + "'");
                        }
                    }
                }
                String str5 = this.conf.get("ranger.ks.truststore.file");
                if (StringUtils.isEmpty(str5)) {
                    logger.debug("truststore property 'ranger.ks.truststore.file' value not found!");
                    return;
                }
                Path path2 = Paths.get(str5, new String[0]);
                if (!Files.exists(path2, new LinkOption[0]) || !Files.isReadable(path2)) {
                    logger.debug("Could not find or read truststore file '" + str5 + "'");
                    return;
                }
                System.setProperty("javax.net.ssl.trustStore", this.conf.get("ranger.ks.truststore.file"));
                System.setProperty("javax.net.ssl.trustStorePassword", this.conf.get("ranger.ks.truststore.password"));
                System.setProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
            }
        }
    }

    private String normalize(String str) {
        return (StringUtils.isEmpty(str) || !"true".equalsIgnoreCase(str)) ? "false" : str.toLowerCase();
    }
}
