package co.cask.cdap.security.store;

import co.cask.cdap.api.security.store.SecureStore;
import co.cask.cdap.api.security.store.SecureStoreData;
import co.cask.cdap.api.security.store.SecureStoreManager;
import co.cask.cdap.api.security.store.SecureStoreMetadata;
import co.cask.cdap.common.AlreadyExistsException;
import co.cask.cdap.common.NamespaceNotFoundException;
import co.cask.cdap.common.NotFoundException;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.common.namespace.NamespaceQueryAdmin;
import co.cask.cdap.proto.Id;
import co.cask.cdap.proto.id.SecureKeyId;
import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:co/cask/cdap/security/store/FileSecureStore.class */
public class FileSecureStore implements SecureStore, SecureStoreManager {
    private static final Logger LOG = LoggerFactory.getLogger(FileSecureStore.class);
    private static final String SCHEME_NAME = "jceks";
    private static final String NAME_SEPARATOR = ":";
    private final NamespaceQueryAdmin namespaceQueryAdmin;
    private final char[] password;
    private final Path path;
    private final Lock readLock;
    private final Lock writeLock;
    private final KeyStore keyStore;

    @Inject
    public FileSecureStore(CConfiguration cConfiguration, SConfiguration sConfiguration, NamespaceQueryAdmin namespaceQueryAdmin) throws IOException {
        this.path = Paths.get(cConfiguration.get("security.store.file.path"), new String[0]).resolve(cConfiguration.get("security.store.file.name"));
        this.password = sConfiguration.get("security.store.file.password").toCharArray();
        this.namespaceQueryAdmin = namespaceQueryAdmin;
        this.keyStore = locateKeystore(this.path, this.password);
        ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock(true);
        this.readLock = reentrantReadWriteLock.readLock();
        this.writeLock = reentrantReadWriteLock.writeLock();
    }

    public void putSecureData(String str, String str2, String str3, String str4, Map<String, String> map) throws Exception {
        checkNamespaceExists(str);
        String keyName = getKeyName(str, str2);
        SecureStoreMetadata of = SecureStoreMetadata.of(str2, str4, map);
        SecureStoreData secureStoreData = new SecureStoreData(of, str3.getBytes(Charsets.UTF_8));
        this.writeLock.lock();
        try {
            try {
                if (this.keyStore.containsAlias(keyName)) {
                    throw new AlreadyExistsException(new SecureKeyId(str, str2));
                }
                this.keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, of), this.password, null);
                flush();
                LOG.debug(String.format("Successfully stored %s in namespace %s", str2, str));
                this.writeLock.unlock();
            } catch (KeyStoreException e) {
                throw new IOException("Failed to store the key. ", e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    public void deleteSecureData(String str, String str2) throws Exception {
        checkNamespaceExists(str);
        String keyName = getKeyName(str, str2);
        this.writeLock.lock();
        try {
            try {
                if (!this.keyStore.containsAlias(keyName)) {
                    throw new NotFoundException(new SecureKeyId(str, str2));
                }
                deleteFromStore(keyName, this.password);
                flush();
                LOG.debug(String.format("Successfully deleted key %s from namespace %s", str2, str));
                this.writeLock.unlock();
            } catch (IOException e) {
                try {
                    this.keyStore.setKeyEntry(keyName, null, this.password, null);
                } catch (KeyStoreException e2) {
                    e.addSuppressed(e2);
                }
                throw e;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e3) {
                throw new IOException("Failed to delete the key. ", e3);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    public Map<String, String> listSecureData(String str) throws Exception {
        checkNamespaceExists(str);
        this.readLock.lock();
        try {
            try {
                Enumeration<String> aliases = this.keyStore.aliases();
                HashMap hashMap = new HashMap();
                String str2 = str + NAME_SEPARATOR;
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (nextElement.startsWith(str2)) {
                        hashMap.put(nextElement.substring(str2.length()), getSecureStoreMetadata(nextElement).getDescription());
                    }
                }
                return hashMap;
            } catch (KeyStoreException e) {
                throw new IOException("Failed to get the list of elements from the secure store.", e);
            }
        } finally {
            this.readLock.unlock();
        }
    }

    public SecureStoreData getSecureData(String str, String str2) throws Exception {
        checkNamespaceExists(str);
        String keyName = getKeyName(str, str2);
        this.readLock.lock();
        try {
            try {
                if (!this.keyStore.containsAlias(keyName)) {
                    throw new NotFoundException(str2 + " not found in the secure store.");
                }
                SecureStoreData data = ((KeyStoreEntry) this.keyStore.getKey(keyName, this.password)).getData();
                this.readLock.unlock();
                return data;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IOException("Unable to retrieve the key " + str2, e);
            }
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private void checkNamespaceExists(String str) throws Exception {
        Id.Namespace namespace = new Id.Namespace(str);
        if (!this.namespaceQueryAdmin.exists(namespace)) {
            throw new NamespaceNotFoundException(namespace);
        }
    }

    private Key deleteFromStore(String str, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        this.writeLock.lock();
        try {
            Key key = this.keyStore.getKey(str, cArr);
            this.keyStore.deleteEntry(str);
            this.writeLock.unlock();
            return key;
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private SecureStoreMetadata getSecureStoreMetadata(String str) throws Exception {
        String[] split = str.split(NAME_SEPARATOR);
        Preconditions.checkArgument(split.length == 2);
        String str2 = split[0];
        String str3 = split[1];
        this.readLock.lock();
        try {
            try {
                if (!this.keyStore.containsAlias(str)) {
                    throw new NotFoundException(new SecureKeyId(str2, str3));
                }
                SecureStoreMetadata metadata = ((KeyStoreEntry) this.keyStore.getKey(str, this.password)).getMetadata();
                this.readLock.unlock();
                return metadata;
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new IOException("Unable to retrieve the metadata for " + str3 + " in namespace " + str2, e);
            }
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    private static Path constructNewPath(Path path) {
        return path.resolveSibling(path.getFileName() + "_NEW");
    }

    private static void loadFromPath(KeyStore keyStore, Path path, char[] cArr) throws IOException {
        try {
            DataInputStream dataInputStream = new DataInputStream(Files.newInputStream(path, new OpenOption[0]));
            Throwable th = null;
            try {
                try {
                    keyStore.load(dataInputStream, cArr);
                    if (dataInputStream != null) {
                        if (0 != 0) {
                            try {
                                dataInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            dataInputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (NoSuchAlgorithmException | CertificateException e) {
            throw new IOException("Unable to load the Secure Store. ", e);
        }
    }

    private static KeyStore locateKeystore(Path path, char[] cArr) throws IOException {
        Path constructNewPath = constructNewPath(path);
        try {
            KeyStore keyStore = KeyStore.getInstance(SCHEME_NAME);
            Files.deleteIfExists(constructNewPath);
            if (Files.exists(path, new LinkOption[0])) {
                loadFromPath(keyStore, path, cArr);
            } else {
                Path parent = path.getParent();
                if (!Files.exists(parent, new LinkOption[0])) {
                    Files.createDirectories(parent, new FileAttribute[0]);
                }
                keyStore.load(null, cArr);
                LOG.info("New Secure Store initialized successfully.");
            }
            return keyStore;
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IOException("Can't create Secure Store. ", e);
        }
    }

    private void flush() throws IOException {
        Path constructNewPath = constructNewPath(this.path);
        this.writeLock.lock();
        try {
            Files.deleteIfExists(constructNewPath);
            writeToKeyStore(constructNewPath);
            Files.move(constructNewPath, this.path, StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private void writeToKeyStore(Path path) throws IOException {
        try {
            DataOutputStream dataOutputStream = new DataOutputStream(Files.newOutputStream(path, new OpenOption[0]));
            Throwable th = null;
            try {
                try {
                    this.keyStore.store(dataOutputStream, this.password);
                    if (dataOutputStream != null) {
                        if (0 != 0) {
                            try {
                                dataOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            dataOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (KeyStoreException e) {
            throw new IOException("The underlying java key store has not been initialized.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException("The appropriate data integrity algorithm for the underlying java key store could not be found", e2);
        } catch (CertificateException e3) {
            throw new IOException("Failed to store the certificates included in the keystore data.", e3);
        }
    }

    private static String getKeyName(String str, String str2) {
        return str + NAME_SEPARATOR + str2;
    }
}
