package net.bluemind.server.node.hook;

import com.google.common.io.ByteStreams;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.concurrent.TimeUnit;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.rest.BmContext;
import net.bluemind.network.utils.NetworkHelper;
import net.bluemind.node.api.INodeClient;
import net.bluemind.node.api.NCUtils;
import net.bluemind.node.api.NodeActivator;
import net.bluemind.server.api.Server;
import net.bluemind.server.api.TagDescriptor;
import net.bluemind.server.hook.DefaultServerHook;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/server/node/hook/NodeHook.class */
public class NodeHook extends DefaultServerHook {
    private static final Logger logger = LoggerFactory.getLogger(NodeHook.class);
    public static final String serverCert = "/etc/bm/bm.jks";
    public static final String clientCert = "/etc/bm/nodeclient_keystore.jks";
    public static final String trustClientCert = "/etc/bm/nodeclient_truststore.jks";
    public static final String cacert = "/var/lib/bm-ca/cacert.pem";
    public static final String bmcoretok = "/etc/bm/bm-core.tok";
    public static final String bmCerts = "/etc/ssl/certs/bm_cert.pem";
    public static final String dhParam = "/etc/nginx/bm_dhparam.pem";

    public void onServerCreated(BmContext bmContext, ItemValue<Server> itemValue) throws ServerFault {
        logger.info("***** new node, copy /etc/bm/nodeclient_truststore.jks to trigger clientCert auth");
        String address = ((Server) itemValue.value).address();
        try {
            if (!new File(clientCert).exists()) {
                fullInitLocalhost();
            }
            INodeClient iNodeClient = NodeActivator.get(address);
            iNodeClient.writeFile(serverCert, new ByteArrayInputStream(Files.readAllBytes(new File(serverCert).toPath())));
            iNodeClient.executeCommandNoOut(new String[]{"chmod", "400", serverCert});
            iNodeClient.writeFile(trustClientCert, new ByteArrayInputStream(Files.readAllBytes(new File(trustClientCert).toPath())));
            iNodeClient.executeCommandNoOut(new String[]{"chmod", "400", trustClientCert});
            iNodeClient.writeFile(cacert, new ByteArrayInputStream(Files.readAllBytes(new File(cacert).toPath())));
            iNodeClient.writeFile("/etc/bm/server.uid", new ByteArrayInputStream(itemValue.uid.getBytes()));
            iNodeClient.ping();
        } catch (Exception e) {
            logger.info("waiting for node {} 8022 switch... ({})", address, e.getMessage());
            waitForPort(address);
        }
        try {
            INodeClient iNodeClient2 = NodeActivator.get(address);
            File file = new File("/etc/bm/bm.ini." + address);
            if (file.exists()) {
                logger.info("Using overriden bm.ini for host {}", address);
            } else {
                file = new File("/etc/bm/bm.ini");
            }
            iNodeClient2.writeFile("/etc/bm/bm.ini", new ByteArrayInputStream(Files.readAllBytes(file.toPath())));
            iNodeClient2.writeFile(bmcoretok, new ByteArrayInputStream(Files.readAllBytes(new File(bmcoretok).toPath())));
            iNodeClient2.executeCommandNoOut(new String[]{"chmod", "440", bmcoretok});
            iNodeClient2.executeCommandNoOut(new String[]{"chown", "root:bluemind", bmcoretok});
            copyBmCertFile(address, iNodeClient2);
            if (NCUtils.connectedToMyself(iNodeClient2) || new File("/etc/bm/skip.restart").exists()) {
                return;
            }
            NCUtils.execNoOut(iNodeClient2, new String[]{"/usr/bin/bmctl", "restart-exceptnode"});
        } catch (Exception e2) {
            logger.info("sf: {}", e2.getMessage());
        }
    }

    private void copyBmCertFile(String str, INodeClient iNodeClient) {
        File file = new File(bmCerts);
        if (file.exists() && !NCUtils.connectedToMyself(iNodeClient)) {
            copyToRemote(str, iNodeClient, file.toPath());
            Throwable th = null;
            try {
                try {
                    DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get("/etc/ssl/certs", new String[0]), "bm_cert-*.pem");
                    try {
                        newDirectoryStream.forEach(path -> {
                            copyToRemote(str, iNodeClient, path);
                        });
                        if (newDirectoryStream != null) {
                            newDirectoryStream.close();
                        }
                    } catch (Throwable th2) {
                        if (newDirectoryStream != null) {
                            newDirectoryStream.close();
                        }
                        throw th2;
                    }
                } catch (IOException e) {
                    throw new ServerFault(String.format("Fail to copy /etc/ssl/certs/bm_cert-*.pem to server %s", str), e);
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        }
    }

    private void copyToRemote(String str, INodeClient iNodeClient, Path path) {
        try {
            iNodeClient.writeFile(path.toFile().getAbsolutePath(), new ByteArrayInputStream(Files.readAllBytes(path)));
        } catch (IOException e) {
            throw new ServerFault(String.format("Fail to copy %s to server %s", path.toFile().getAbsolutePath(), str), e);
        }
    }

    /* JADX WARN: Finally extract failed */
    private void fullInitLocalhost() throws ServerFault {
        Throwable th;
        String readLine;
        logger.info("Ping {} node before doing anything", "127.0.0.1");
        INodeClient iNodeClient = NodeActivator.get("127.0.0.1");
        iNodeClient.ping();
        try {
            File createTempFile = File.createTempFile("client_cert", ".sh");
            Throwable th2 = null;
            try {
                InputStream resourceAsStream = NodeHook.class.getClassLoader().getResourceAsStream("data/client_cert.sh");
                Throwable th3 = null;
                try {
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
                        try {
                            ByteStreams.copy(resourceAsStream, fileOutputStream);
                            if (fileOutputStream != null) {
                                fileOutputStream.close();
                            }
                            if (resourceAsStream != null) {
                                resourceAsStream.close();
                            }
                            ProcessBuilder command = new ProcessBuilder(new String[0]).command("/bin/bash", createTempFile.getAbsolutePath());
                            command.redirectErrorStream(true);
                            Process start = command.start();
                            th3 = null;
                            try {
                                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
                                do {
                                    try {
                                        readLine = bufferedReader.readLine();
                                        logger.info("{}", readLine != null ? readLine : "---");
                                    } catch (Throwable th4) {
                                        if (bufferedReader != null) {
                                            bufferedReader.close();
                                        }
                                        throw th4;
                                    }
                                } while (readLine != null);
                                if (bufferedReader != null) {
                                    bufferedReader.close();
                                }
                                int waitFor = start.waitFor();
                                createTempFile.delete();
                                logger.info("client_cert.sh exited: {}", Integer.valueOf(waitFor));
                                iNodeClient.ping();
                            } finally {
                            }
                        } catch (Throwable th5) {
                            if (fileOutputStream != null) {
                                fileOutputStream.close();
                            }
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                        throw th6;
                    }
                } finally {
                }
            } finally {
                if (0 == 0) {
                    th2 = th;
                } else if (null != th) {
                    th2.addSuppressed(th);
                }
                Throwable th7 = th2;
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        } catch (ServerFault e2) {
            logger.info("Node {} is restarting in secure mode ({})", "127.0.0.1", e2.getMessage());
            waitForPort("127.0.0.1");
        }
    }

    private void waitForPort(String str) {
        if (!"false".equals(System.getProperty("node.hook.wait"))) {
            new NetworkHelper(str).waitForListeningPort(8022, 5L, TimeUnit.SECONDS);
            return;
        }
        try {
            Thread.sleep(2000L);
        } catch (InterruptedException unused) {
            Thread.currentThread().interrupt();
        }
    }

    public void onServerTagged(BmContext bmContext, ItemValue<Server> itemValue, String str) throws ServerFault {
        if (TagDescriptor.bm_core.getTag().equals(str)) {
            newCore((Server) itemValue.value);
        }
    }

    private void newCore(Server server) {
        if ("127.0.0.1".equals(server.address()) || "localhost".equals(server.address())) {
            return;
        }
        if (logger.isInfoEnabled()) {
            logger.info("***** new core @ {}, must copy {}", server.address(), clientCert);
        }
        try {
            INodeClient iNodeClient = NodeActivator.get(server.address());
            iNodeClient.writeFile(clientCert, new ByteArrayInputStream(Files.readAllBytes(new File(clientCert).toPath())));
            NCUtils.execNoOut(iNodeClient, new String[]{"chmod", "400", clientCert});
        } catch (ServerFault | IOException e) {
            logger.error(e.getMessage());
        }
    }
}
