package org.apache.gobblin.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.EnumSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/gobblin/crypto/JCEKSKeystoreCredentialStore.class */
public class JCEKSKeystoreCredentialStore implements CredentialStore {
    private static final Logger log = LoggerFactory.getLogger(JCEKSKeystoreCredentialStore.class);
    public static final String TAG = "java";
    private final KeyStore ks;
    private final char[] password;
    private final Path path;
    private final FileSystem fs;

    /* loaded from: input_file:org/apache/gobblin/crypto/JCEKSKeystoreCredentialStore$CreationOptions.class */
    public enum CreationOptions {
        CREATE_IF_MISSING
    }

    public JCEKSKeystoreCredentialStore(String str, String str2) throws IOException {
        this(str, str2, (EnumSet<CreationOptions>) EnumSet.noneOf(CreationOptions.class));
    }

    public JCEKSKeystoreCredentialStore(String str, String str2, EnumSet<CreationOptions> enumSet) throws IOException {
        this(new Path(str), str2, enumSet);
    }

    public JCEKSKeystoreCredentialStore(Path path, String str, EnumSet<CreationOptions> enumSet) throws IOException {
        try {
            this.ks = KeyStore.getInstance("JCEKS");
            this.password = str.toCharArray();
            this.path = path;
            this.fs = path.getFileSystem(new Configuration());
            if (this.fs.exists(path)) {
                InputStream open = this.fs.open(path);
                Throwable th = null;
                try {
                    this.ks.load(open, this.password);
                    log.info("Successfully loaded keystore from " + path);
                    if (open != null) {
                        if (0 != 0) {
                            try {
                                open.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            open.close();
                        }
                    }
                } finally {
                }
            } else {
                if (!enumSet.contains(CreationOptions.CREATE_IF_MISSING)) {
                    throw new IllegalArgumentException("Keystore " + path + " does not exist");
                }
                log.info("No keystore found at " + path + ", creating from scratch");
                this.ks.load(null, this.password);
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalStateException("Unexpected failure initializing keystore", e);
        }
    }

    public byte[] getEncodedKey(String str) {
        try {
            Key key = this.ks.getKey(str, this.password);
            if (key == null) {
                return null;
            }
            return key.getEncoded();
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            log.warn("Error trying to decode key " + str, e);
            return null;
        }
    }

    public Map<String, byte[]> getAllEncodedKeys() {
        HashMap hashMap = new HashMap();
        try {
            Enumeration<String> aliases = this.ks.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    if (this.ks.isKeyEntry(nextElement)) {
                        hashMap.put(nextElement, getEncodedKey(nextElement));
                    }
                } catch (KeyStoreException e) {
                    log.warn("Error trying to decode key id " + nextElement + ", not returning in list", e);
                }
            }
            return hashMap;
        } catch (KeyStoreException e2) {
            log.warn("Error retrieving all aliases in keystore; treating as empty", e2);
            return hashMap;
        }
    }

    public void generateAesKeys(int i, int i2) throws IOException, KeyStoreException {
        for (int i3 = 1; i3 <= i; i3++) {
            this.ks.setEntry(String.valueOf(i3 + i2), new KeyStore.SecretKeyEntry(generateKey()), new KeyStore.PasswordProtection(this.password));
        }
        saveKeystore();
    }

    private SecretKey generateKey() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    private void saveKeystore() throws IOException {
        try {
            OutputStream create = this.fs.create(this.path, true);
            Throwable th = null;
            try {
                try {
                    this.ks.store(create, this.password);
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            create.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IOException("Error serializing keystore", e);
        }
    }
}
