package org.apache.hadoop.crypto.key;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.crypto.CryptoCodec;
import org.apache.hadoop.crypto.Decryptor;
import org.apache.hadoop.crypto.Encryptor;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderExtension;

@InterfaceAudience.Private
/* loaded from: input_file:WEB-INF/lib/hadoop-common-2.9.1.jar:org/apache/hadoop/crypto/key/KeyProviderCryptoExtension.class */
public class KeyProviderCryptoExtension extends KeyProviderExtension<CryptoExtension> {
    public static final String EEK = "EEK";
    public static final String EK = "EK";

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-2.9.1.jar:org/apache/hadoop/crypto/key/KeyProviderCryptoExtension$CryptoExtension.class */
    public interface CryptoExtension extends KeyProviderExtension.Extension {
        void warmUpEncryptedKeys(String... strArr) throws IOException;

        void drain(String str);

        EncryptedKeyVersion generateEncryptedKey(String str) throws IOException, GeneralSecurityException;

        KeyProvider.KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-2.9.1.jar:org/apache/hadoop/crypto/key/KeyProviderCryptoExtension$DefaultCryptoExtension.class */
    public static class DefaultCryptoExtension implements CryptoExtension {
        private final KeyProvider keyProvider;
        private static final ThreadLocal<SecureRandom> RANDOM = new ThreadLocal<SecureRandom>() { // from class: org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.DefaultCryptoExtension.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public SecureRandom initialValue() {
                return new SecureRandom();
            }
        };

        private DefaultCryptoExtension(KeyProvider keyProvider) {
            this.keyProvider = keyProvider;
        }

        @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
        public EncryptedKeyVersion generateEncryptedKey(String str) throws IOException, GeneralSecurityException {
            KeyProvider.KeyVersion currentKey = this.keyProvider.getCurrentKey(str);
            Preconditions.checkNotNull(currentKey, "No KeyVersion exists for key '%s' ", str);
            CryptoCodec cryptoCodec = CryptoCodec.getInstance(this.keyProvider.getConf());
            try {
                byte[] bArr = new byte[currentKey.getMaterial().length];
                cryptoCodec.generateSecureRandom(bArr);
                byte[] bArr2 = new byte[cryptoCodec.getCipherSuite().getAlgorithmBlockSize()];
                cryptoCodec.generateSecureRandom(bArr2);
                byte[] deriveIV = EncryptedKeyVersion.deriveIV(bArr2);
                Encryptor createEncryptor = cryptoCodec.createEncryptor();
                createEncryptor.init(currentKey.getMaterial(), deriveIV);
                int length = bArr.length;
                ByteBuffer allocateDirect = ByteBuffer.allocateDirect(length);
                ByteBuffer allocateDirect2 = ByteBuffer.allocateDirect(length);
                allocateDirect.put(bArr);
                allocateDirect.flip();
                createEncryptor.encrypt(allocateDirect, allocateDirect2);
                allocateDirect2.flip();
                byte[] bArr3 = new byte[length];
                allocateDirect2.get(bArr3);
                EncryptedKeyVersion encryptedKeyVersion = new EncryptedKeyVersion(str, currentKey.getVersionName(), bArr2, new KeyProvider.KeyVersion(currentKey.getName(), KeyProviderCryptoExtension.EEK, bArr3));
                cryptoCodec.close();
                return encryptedKeyVersion;
            } catch (Throwable th) {
                cryptoCodec.close();
                throw th;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
        public KeyProvider.KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException {
            String encryptionKeyVersionName = encryptedKeyVersion.getEncryptionKeyVersionName();
            KeyProvider.KeyVersion keyVersion = this.keyProvider.getKeyVersion(encryptionKeyVersionName);
            Preconditions.checkNotNull(keyVersion, "KeyVersion name '%s' does not exist", encryptionKeyVersionName);
            Preconditions.checkArgument(encryptedKeyVersion.getEncryptedKeyVersion().getVersionName().equals(KeyProviderCryptoExtension.EEK), "encryptedKey version name must be '%s', is '%s'", KeyProviderCryptoExtension.EEK, encryptedKeyVersion.getEncryptedKeyVersion().getVersionName());
            byte[] deriveIV = EncryptedKeyVersion.deriveIV(encryptedKeyVersion.getEncryptedKeyIv());
            CryptoCodec cryptoCodec = CryptoCodec.getInstance(this.keyProvider.getConf());
            try {
                Decryptor createDecryptor = cryptoCodec.createDecryptor();
                createDecryptor.init(keyVersion.getMaterial(), deriveIV);
                KeyProvider.KeyVersion encryptedKeyVersion2 = encryptedKeyVersion.getEncryptedKeyVersion();
                int length = encryptedKeyVersion2.getMaterial().length;
                ByteBuffer allocateDirect = ByteBuffer.allocateDirect(length);
                ByteBuffer allocateDirect2 = ByteBuffer.allocateDirect(length);
                allocateDirect.put(encryptedKeyVersion2.getMaterial());
                allocateDirect.flip();
                createDecryptor.decrypt(allocateDirect, allocateDirect2);
                allocateDirect2.flip();
                byte[] bArr = new byte[length];
                allocateDirect2.get(bArr);
                KeyProvider.KeyVersion keyVersion2 = new KeyProvider.KeyVersion(keyVersion.getName(), KeyProviderCryptoExtension.EK, bArr);
                cryptoCodec.close();
                return keyVersion2;
            } catch (Throwable th) {
                cryptoCodec.close();
                throw th;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
        public void warmUpEncryptedKeys(String... strArr) throws IOException {
        }

        @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
        public void drain(String str) {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-2.9.1.jar:org/apache/hadoop/crypto/key/KeyProviderCryptoExtension$EncryptedKeyVersion.class */
    public static class EncryptedKeyVersion {
        private String encryptionKeyName;
        private String encryptionKeyVersionName;
        private byte[] encryptedKeyIv;
        private KeyProvider.KeyVersion encryptedKeyVersion;

        /* JADX INFO: Access modifiers changed from: protected */
        public EncryptedKeyVersion(String str, String str2, byte[] bArr, KeyProvider.KeyVersion keyVersion) {
            this.encryptionKeyName = str == null ? null : str.intern();
            this.encryptionKeyVersionName = str2 == null ? null : str2.intern();
            this.encryptedKeyIv = bArr;
            this.encryptedKeyVersion = keyVersion;
        }

        public static EncryptedKeyVersion createForDecryption(String str, String str2, byte[] bArr, byte[] bArr2) {
            return new EncryptedKeyVersion(str, str2, bArr, new KeyProvider.KeyVersion(null, KeyProviderCryptoExtension.EEK, bArr2));
        }

        public String getEncryptionKeyName() {
            return this.encryptionKeyName;
        }

        public String getEncryptionKeyVersionName() {
            return this.encryptionKeyVersionName;
        }

        public byte[] getEncryptedKeyIv() {
            return this.encryptedKeyIv;
        }

        public KeyProvider.KeyVersion getEncryptedKeyVersion() {
            return this.encryptedKeyVersion;
        }

        protected static byte[] deriveIV(byte[] bArr) {
            byte[] bArr2 = new byte[bArr.length];
            for (int i = 0; i < bArr.length; i++) {
                bArr2[i] = (byte) (bArr[i] ^ 255);
            }
            return bArr2;
        }
    }

    protected KeyProviderCryptoExtension(KeyProvider keyProvider, CryptoExtension cryptoExtension) {
        super(keyProvider, cryptoExtension);
    }

    public void warmUpEncryptedKeys(String... strArr) throws IOException {
        getExtension().warmUpEncryptedKeys(strArr);
    }

    public EncryptedKeyVersion generateEncryptedKey(String str) throws IOException, GeneralSecurityException {
        return getExtension().generateEncryptedKey(str);
    }

    public KeyProvider.KeyVersion decryptEncryptedKey(EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException {
        return getExtension().decryptEncryptedKey(encryptedKeyVersion);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [org.apache.hadoop.crypto.key.KeyProviderCryptoExtension$CryptoExtension] */
    /* JADX WARN: Type inference failed for: r0v17, types: [org.apache.hadoop.crypto.key.KeyProviderCryptoExtension$CryptoExtension] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.apache.hadoop.crypto.key.KeyProvider] */
    public static KeyProviderCryptoExtension createKeyProviderCryptoExtension(KeyProvider keyProvider) {
        return new KeyProviderCryptoExtension(keyProvider, keyProvider instanceof CryptoExtension ? (CryptoExtension) keyProvider : ((keyProvider instanceof KeyProviderExtension) && (((KeyProviderExtension) keyProvider).getKeyProvider() instanceof CryptoExtension)) ? (CryptoExtension) ((KeyProviderExtension) keyProvider).getKeyProvider() : new DefaultCryptoExtension(keyProvider));
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void close() throws IOException {
        KeyProvider keyProvider = getKeyProvider();
        if (keyProvider == null || keyProvider == this) {
            return;
        }
        keyProvider.close();
    }
}
