package defpackage;

import com.amazonaws.regions.RegionUtils;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.services.ec2.model.DescribeTagsRequest;
import com.amazonaws.services.ec2.model.DescribeTagsResult;
import com.amazonaws.services.ec2.model.Filter;
import com.amazonaws.services.ec2.model.TagDescription;
import com.amazonaws.services.elasticmapreduce.spi.security.TLSArtifacts;
import com.amazonaws.services.elasticmapreduce.spi.security.TLSArtifactsProvider;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.lambda.AWSLambdaClient;
import com.amazonaws.services.lambda.model.InvocationType;
import com.amazonaws.services.lambda.model.InvokeRequest;
import com.amazonaws.util.EC2MetadataUtils;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.LinkedList;

/* loaded from: input_file:emrtls.class */
public class emrtls extends TLSArtifactsProvider {
    private String tls_privateKey;
    private String tls_certificate;
    private String tls_interPrivateKey;
    private String tls_interCertificate;
    private String ssm_privateKey;
    private String ssm_certificate;
    private String ssm_interPrivateKey;
    private String ssm_interCertificate;
    private String lambdaName;
    private boolean isCore = false;
    private String accountId = EC2MetadataUtils.getInstanceInfo().getAccountId();
    private String region = EC2MetadataUtils.getInstanceInfo().getRegion();

    public emrtls() {
        readTags();
        this.tls_privateKey = callLambda(this.ssm_privateKey);
        this.tls_certificate = callLambda(this.ssm_certificate);
        this.tls_interPrivateKey = callLambda(this.ssm_interPrivateKey);
        this.tls_interCertificate = callLambda(this.ssm_interCertificate);
        createDirectoryForCerts();
        writeCert("/etc/certs/private.key", this.tls_privateKey);
        writeCert("/etc/certs/public.crt", this.tls_certificate);
    }

    private void createDirectoryForCerts() {
        new File("/etc/certs").mkdir();
    }

    private void writeCert(String str, String str2) {
        try {
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(str));
            bufferedWriter.write(str2);
            bufferedWriter.close();
        } catch (IOException e) {
            e.printStackTrace();
            System.out.println("Error Writing file");
        }
    }

    private String decryptValue(String str, String str2) {
        Object obj = JsonProperty.USE_DEFAULT_NAME;
        ByteBuffer wrap = ByteBuffer.wrap(Base64.getMimeDecoder().decode(str));
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.withCiphertextBlob(wrap);
        HashMap hashMap = new HashMap();
        if (!str2.startsWith("/")) {
            obj = "/";
        }
        hashMap.put("PARAMETER_ARN", String.format("arn:aws:ssm:%s:%s:parameter%s%s", this.region, this.accountId, obj, str2));
        decryptRequest.withEncryptionContext(hashMap);
        AWSKMSClient aWSKMSClient = new AWSKMSClient();
        aWSKMSClient.setRegion(RegionUtils.getRegion(this.region));
        return new String(aWSKMSClient.decrypt(decryptRequest).getPlaintext().array());
    }

    private String callLambda(String str) {
        String format = String.format("{\"ParameterName\":\"%s\"}", str);
        InvokeRequest invokeRequest = new InvokeRequest();
        invokeRequest.withFunctionName(this.lambdaName);
        invokeRequest.withInvocationType(InvocationType.RequestResponse);
        invokeRequest.withPayload(format);
        AWSLambdaClient aWSLambdaClient = new AWSLambdaClient();
        aWSLambdaClient.setRegion(RegionUtils.getRegion(this.region));
        String str2 = null;
        try {
            str2 = new String(aWSLambdaClient.invoke(invokeRequest).getPayload().array(), "UTF-8");
        } catch (Exception e) {
        }
        return decryptValue(str2, str);
    }

    private void readTags() {
        DescribeTagsRequest describeTagsRequest = new DescribeTagsRequest();
        String instanceId = EC2MetadataUtils.getInstanceId();
        LinkedList linkedList = new LinkedList();
        linkedList.add(new Filter("resource-id", Arrays.asList(instanceId)));
        describeTagsRequest.setFilters(linkedList);
        AmazonEC2Client amazonEC2Client = new AmazonEC2Client();
        amazonEC2Client.setRegion(RegionUtils.getRegion(this.region));
        DescribeTagsResult describeTags = amazonEC2Client.describeTags(describeTagsRequest);
        if (describeTags == null) {
            System.out.println("No Tags");
            return;
        }
        for (TagDescription tagDescription : describeTags.getTags()) {
            if (tagDescription.getKey().equals("aws:elasticmapreduce:instance-group-role") && tagDescription.getValue().equals("CORE")) {
                this.isCore = true;
            }
            if (tagDescription.getKey().equals("ssm:ssl:certificate")) {
                this.ssm_certificate = tagDescription.getValue();
            }
            if (tagDescription.getKey().equals("ssm:ssl:private-key")) {
                this.ssm_privateKey = tagDescription.getValue();
            }
            if (tagDescription.getKey().equals("ssm:ssl:inter-node-certificate")) {
                this.ssm_interCertificate = tagDescription.getValue();
            }
            if (tagDescription.getKey().equals("ssm:ssl:inter-node-private-key")) {
                this.ssm_interPrivateKey = tagDescription.getValue();
            }
            if (tagDescription.getKey().equals("tls:lambda-fn-name")) {
                this.lambdaName = tagDescription.getValue();
            }
        }
    }

    protected X509Certificate getX509FromString(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str.replace("-----BEGIN CERTIFICATE-----\n", JsonProperty.USE_DEFAULT_NAME).replace("-----END CERTIFICATE-----", JsonProperty.USE_DEFAULT_NAME).replaceAll("\\s+", JsonProperty.USE_DEFAULT_NAME))));
        } catch (CertificateException e) {
            System.out.println("error in getX509");
            e.printStackTrace();
            return null;
        }
    }

    protected PrivateKey getPrivateKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----", JsonProperty.USE_DEFAULT_NAME).replace("-----END PRIVATE KEY-----", JsonProperty.USE_DEFAULT_NAME).replaceAll("\\s+", JsonProperty.USE_DEFAULT_NAME))));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
            System.out.println("error in getPrivateKey");
            return null;
        }
    }

    @Override // com.amazonaws.services.elasticmapreduce.spi.security.TLSArtifactsProvider
    public TLSArtifacts getTlsArtifacts() {
        PrivateKey privateKey;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (this.isCore) {
            privateKey = getPrivateKey(this.tls_interPrivateKey);
            arrayList.add(getX509FromString(this.tls_interCertificate));
            arrayList2.add(getX509FromString(this.tls_certificate));
            arrayList2.add(getX509FromString(this.tls_interCertificate));
        } else {
            privateKey = getPrivateKey(this.tls_privateKey);
            arrayList.add(getX509FromString(this.tls_certificate));
            arrayList2.add(getX509FromString(this.tls_interCertificate));
        }
        return new TLSArtifacts(privateKey, arrayList, arrayList2);
    }
}
