package org.apache.hive.iceberg.org.apache.orc;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.TreeMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hive.iceberg.org.apache.orc.impl.HadoopShims;
import org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider;
import org.apache.hive.iceberg.org.apache.orc.impl.LocalKey;

/* loaded from: input_file:org/apache/hive/iceberg/org/apache/orc/InMemoryKeystore.class */
public class InMemoryKeystore implements KeyProvider {
    public static final boolean SUPPORTS_AES_256;
    private final Random random;
    private final TreeMap<String, KeyVersion> keys;
    private final Map<String, Integer> currentVersion;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/hive/iceberg/org/apache/orc/InMemoryKeystore$KeyVersion.class */
    public static class KeyVersion extends HadoopShims.KeyMetadata {
        private final byte[] material;

        KeyVersion(String str, int i, EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
            super(str, i, encryptionAlgorithm);
            this.material = bArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] getMaterial() {
            return this.material;
        }
    }

    public InMemoryKeystore() {
        this(new SecureRandom());
    }

    public InMemoryKeystore(Random random) {
        this.keys = new TreeMap<>();
        this.currentVersion = new HashMap();
        this.random = random;
    }

    private static String buildVersionName(String str, int i) {
        return str + "@" + i;
    }

    @Override // org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider
    public List<String> getKeyNames() {
        return new ArrayList(this.currentVersion.keySet());
    }

    @Override // org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider
    public HadoopShims.KeyMetadata getCurrentKeyVersion(String str) {
        String buildVersionName = buildVersionName(str, this.currentVersion.get(str).intValue());
        if (this.keys.containsKey(buildVersionName)) {
            return this.keys.get(buildVersionName);
        }
        throw new IllegalArgumentException("Unknown key " + str);
    }

    @Override // org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider
    public LocalKey createLocalKey(HadoopShims.KeyMetadata keyMetadata) {
        String buildVersionName = buildVersionName(keyMetadata.getKeyName(), keyMetadata.getVersion());
        if (!this.keys.containsKey(buildVersionName)) {
            throw new IllegalArgumentException("Unknown key " + keyMetadata);
        }
        KeyVersion keyVersion = this.keys.get(buildVersionName);
        EncryptionAlgorithm algorithm = keyVersion.getAlgorithm();
        byte[] bArr = new byte[algorithm.keyLength()];
        this.random.nextBytes(bArr);
        byte[] bArr2 = new byte[algorithm.getIvLength()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        Cipher createCipher = algorithm.createCipher();
        try {
            createCipher.init(2, new SecretKeySpec(keyVersion.getMaterial(), algorithm.getAlgorithm()), new IvParameterSpec(bArr2));
            try {
                return new LocalKey(algorithm, createCipher.doFinal(bArr), bArr);
            } catch (BadPaddingException e) {
                throw new IllegalStateException("ORC bad padding for " + buildVersionName, e);
            } catch (IllegalBlockSizeException e2) {
                throw new IllegalStateException("ORC bad block size for " + buildVersionName, e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new IllegalStateException("ORC bad encryption parameter for " + buildVersionName, e3);
        } catch (InvalidKeyException e4) {
            throw new IllegalStateException("ORC bad encryption key for " + buildVersionName, e4);
        }
    }

    @Override // org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider
    public Key decryptLocalKey(HadoopShims.KeyMetadata keyMetadata, byte[] bArr) {
        String buildVersionName = buildVersionName(keyMetadata.getKeyName(), keyMetadata.getVersion());
        if (!this.keys.containsKey(buildVersionName)) {
            return null;
        }
        KeyVersion keyVersion = this.keys.get(buildVersionName);
        EncryptionAlgorithm algorithm = keyVersion.getAlgorithm();
        byte[] bArr2 = new byte[algorithm.getIvLength()];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        Cipher createCipher = algorithm.createCipher();
        try {
            createCipher.init(2, new SecretKeySpec(keyVersion.getMaterial(), algorithm.getAlgorithm()), new IvParameterSpec(bArr2));
            try {
                return new SecretKeySpec(createCipher.doFinal(bArr), algorithm.getAlgorithm());
            } catch (BadPaddingException e) {
                throw new IllegalStateException("ORC bad padding for " + buildVersionName, e);
            } catch (IllegalBlockSizeException e2) {
                throw new IllegalStateException("ORC bad block size for " + buildVersionName, e2);
            }
        } catch (InvalidAlgorithmParameterException e3) {
            throw new IllegalStateException("ORC bad encryption parameter for " + buildVersionName, e3);
        } catch (InvalidKeyException e4) {
            throw new IllegalStateException("ORC bad encryption key for " + buildVersionName, e4);
        }
    }

    @Override // org.apache.hive.iceberg.org.apache.orc.impl.KeyProvider
    public HadoopShims.KeyProviderKind getKind() {
        return HadoopShims.KeyProviderKind.HADOOP;
    }

    public InMemoryKeystore addKey(String str, EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) throws IOException {
        return addKey(str, 0, encryptionAlgorithm, bArr);
    }

    public InMemoryKeystore addKey(String str, int i, EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) throws IOException {
        if (!SUPPORTS_AES_256 && encryptionAlgorithm != EncryptionAlgorithm.AES_CTR_128) {
            encryptionAlgorithm = EncryptionAlgorithm.AES_CTR_128;
        }
        byte[] bArr2 = new byte[encryptionAlgorithm.keyLength()];
        if (encryptionAlgorithm.keyLength() > bArr.length) {
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            Arrays.fill(bArr2, bArr.length, bArr2.length - 1, (byte) 0);
        } else {
            System.arraycopy(bArr, 0, bArr2, 0, encryptionAlgorithm.keyLength());
        }
        KeyVersion keyVersion = new KeyVersion(str, i, encryptionAlgorithm, bArr2);
        if (this.currentVersion.get(str) != null && this.currentVersion.get(str).intValue() >= i) {
            throw new IOException(String.format("Key %s with equal or higher version %d already exists", str, Integer.valueOf(i)));
        }
        this.keys.put(buildVersionName(str, i), keyVersion);
        this.currentVersion.put(str, Integer.valueOf(i));
        return this;
    }

    static {
        try {
            SUPPORTS_AES_256 = Cipher.getMaxAllowedKeyLength("AES") >= 256;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Unknown algorithm", e);
        }
    }
}
