package org.apache.accumulo.core.security.crypto;

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.util.CachedConfiguration;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/accumulo/core/security/crypto/DefaultSecretKeyEncryptionStrategy.class */
public class DefaultSecretKeyEncryptionStrategy implements SecretKeyEncryptionStrategy {
    private static final Logger log = Logger.getLogger(DefaultSecretKeyEncryptionStrategy.class);

    /* loaded from: input_file:org/apache/accumulo/core/security/crypto/DefaultSecretKeyEncryptionStrategy$DefaultSecretKeyEncryptionStrategyContext.class */
    public static class DefaultSecretKeyEncryptionStrategyContext implements SecretKeyEncryptionStrategyContext {
        private byte[] plaintextSecretKey;
        private byte[] encryptedSecretKey;
        private Map<String, String> context;
        private String opaqueKeyId;

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public String getOpaqueKeyEncryptionKeyID() {
            return this.opaqueKeyId;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public void setOpaqueKeyEncryptionKeyID(String str) {
            this.opaqueKeyId = str;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public byte[] getPlaintextSecretKey() {
            return this.plaintextSecretKey;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public void setPlaintextSecretKey(byte[] bArr) {
            this.plaintextSecretKey = bArr;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public byte[] getEncryptedSecretKey() {
            return this.encryptedSecretKey;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public void setEncryptedSecretKey(byte[] bArr) {
            this.encryptedSecretKey = bArr;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public Map<String, String> getContext() {
            return this.context;
        }

        @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategyContext
        public void setContext(Map<String, String> map) {
            this.context = map;
        }
    }

    @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategy
    public SecretKeyEncryptionStrategyContext encryptSecretKey(SecretKeyEncryptionStrategyContext secretKeyEncryptionStrategyContext) {
        String str = secretKeyEncryptionStrategyContext.getContext().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_HDFS_URI.getKey());
        String str2 = secretKeyEncryptionStrategyContext.getContext().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey());
        try {
            doKeyEncryptionOperation(1, secretKeyEncryptionStrategyContext, str2, new Path(str2), getHadoopFileSystem(str));
            return secretKeyEncryptionStrategyContext;
        } catch (IOException e) {
            log.error(e);
            throw new RuntimeException(e);
        }
    }

    private void initializeKeyEncryptingKey(FileSystem fileSystem, Path path, SecretKeyEncryptionStrategyContext secretKeyEncryptionStrategyContext) throws IOException {
        Map<String, String> context = secretKeyEncryptionStrategyContext.getContext();
        FSDataOutputStream create = fileSystem.create(path);
        fileSystem.setReplication(path, (short) 5);
        create.writeInt(context.size());
        for (String str : context.keySet()) {
            create.writeUTF(str);
            create.writeUTF(context.get(str));
        }
        SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom(context.get(Property.CRYPTO_SECURE_RNG.getKey()), context.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
        byte[] bArr = new byte[Integer.parseInt(context.get(Property.CRYPTO_CIPHER_KEY_LENGTH.getKey())) / 8];
        secureRandom.nextBytes(bArr);
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(context.get(Property.CRYPTO_CIPHER_SUITE.getKey()));
        try {
            cipher.init(1, new SecretKeySpec(bArr, context.get(Property.CRYPTO_CIPHER_ALGORITHM_NAME.getKey())), secureRandom);
            byte[] iv = cipher.getIV();
            create.writeInt(iv.length);
            create.write(iv);
            create.writeInt(bArr.length);
            create.write(bArr);
            create.flush();
            create.close();
        } catch (InvalidKeyException e) {
            log.error(e);
            throw new RuntimeException(e);
        }
    }

    private FileSystem getHadoopFileSystem(String str) {
        FileSystem fileSystem;
        if (str == null || str.equals("")) {
            try {
                fileSystem = FileSystem.get(new URI(str), CachedConfiguration.getInstance());
            } catch (IOException e) {
                log.error(e);
                throw new RuntimeException(e);
            } catch (URISyntaxException e2) {
                log.error(e2);
                throw new RuntimeException(e2);
            }
        } else {
            try {
                fileSystem = FileSystem.get(CachedConfiguration.getInstance());
            } catch (IOException e3) {
                log.error(e3);
                throw new RuntimeException(e3);
            }
        }
        return fileSystem;
    }

    @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategy
    public SecretKeyEncryptionStrategyContext decryptSecretKey(SecretKeyEncryptionStrategyContext secretKeyEncryptionStrategyContext) {
        String str = secretKeyEncryptionStrategyContext.getContext().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_HDFS_URI.getKey());
        String str2 = secretKeyEncryptionStrategyContext.getContext().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey());
        try {
            doKeyEncryptionOperation(2, secretKeyEncryptionStrategyContext, str2, new Path(str2), getHadoopFileSystem(str));
            return secretKeyEncryptionStrategyContext;
        } catch (IOException e) {
            log.error(e);
            throw new RuntimeException(e);
        }
    }

    private void doKeyEncryptionOperation(int i, SecretKeyEncryptionStrategyContext secretKeyEncryptionStrategyContext, String str, Path path, FileSystem fileSystem) throws IOException {
        DataInputStream dataInputStream = null;
        try {
            if (!fileSystem.exists(path)) {
                if (i == 2) {
                    log.error("There was a call to decrypt the session key but no key encryption key exists.  Either restore it, reconfigure the conf file to point to it in HDFS, or throw the affected data away and begin again.");
                    throw new RuntimeException("Could not find key encryption key file in configured location in HDFS (" + str + ")");
                }
                initializeKeyEncryptingKey(fileSystem, path, secretKeyEncryptionStrategyContext);
            }
            dataInputStream = fileSystem.open(path);
            int readInt = dataInputStream.readInt();
            HashMap hashMap = new HashMap();
            for (int i2 = 0; i2 < readInt; i2++) {
                hashMap.put(dataInputStream.readUTF(), dataInputStream.readUTF());
            }
            byte[] bArr = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr);
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr2);
            Cipher cipher = DefaultCryptoModuleUtils.getCipher((String) hashMap.get(Property.CRYPTO_CIPHER_SUITE.getKey()));
            try {
                cipher.init(i, new SecretKeySpec(bArr2, (String) hashMap.get(Property.CRYPTO_CIPHER_ALGORITHM_NAME.getKey())), new IvParameterSpec(bArr));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                if (2 == i) {
                    cipherOutputStream.write(secretKeyEncryptionStrategyContext.getEncryptedSecretKey());
                    cipherOutputStream.flush();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    cipherOutputStream.close();
                    secretKeyEncryptionStrategyContext.setPlaintextSecretKey(byteArray);
                } else {
                    cipherOutputStream.write(secretKeyEncryptionStrategyContext.getPlaintextSecretKey());
                    cipherOutputStream.flush();
                    byte[] byteArray2 = byteArrayOutputStream.toByteArray();
                    cipherOutputStream.close();
                    secretKeyEncryptionStrategyContext.setEncryptedSecretKey(byteArray2);
                    secretKeyEncryptionStrategyContext.setOpaqueKeyEncryptionKeyID(str);
                }
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
            } catch (InvalidAlgorithmParameterException e) {
                log.error(e);
                throw new RuntimeException(e);
            } catch (InvalidKeyException e2) {
                log.error(e2);
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            throw th;
        }
    }

    @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategy
    public SecretKeyEncryptionStrategyContext getNewContext() {
        return new DefaultSecretKeyEncryptionStrategyContext();
    }
}
