package org.apache.hadoop.hbase.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.HBaseInterfaceAudience;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.io.crypto.DefaultCipherProvider;
import org.apache.hadoop.hbase.io.crypto.Encryption;
import org.apache.hadoop.hbase.io.crypto.KeyStoreKeyProvider;
import org.apache.hadoop.hbase.security.EncryptionUtil;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({HBaseInterfaceAudience.TOOLS})
/* loaded from: input_file:org/apache/hadoop/hbase/util/EncryptionTest.class */
public class EncryptionTest {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) EncryptionTest.class);
    static final Map<String, Boolean> keyProviderResults = new ConcurrentHashMap();
    static final Map<String, Boolean> cipherProviderResults = new ConcurrentHashMap();
    static final Map<String, Boolean> cipherResults = new ConcurrentHashMap();

    private EncryptionTest() {
    }

    public static void testKeyProvider(Configuration configuration) throws IOException {
        String str = configuration.get(HConstants.CRYPTO_KEYPROVIDER_CONF_KEY, KeyStoreKeyProvider.class.getName());
        Boolean bool = keyProviderResults.get(str);
        if (bool != null) {
            if (!bool.booleanValue()) {
                throw new IOException("Key provider " + str + " previously failed test");
            }
            return;
        }
        try {
            Encryption.getKeyProvider(configuration);
            keyProviderResults.put(str, true);
        } catch (Exception e) {
            keyProviderResults.put(str, false);
            throw new IOException("Key provider " + str + " failed test: " + e.getMessage(), e);
        }
    }

    public static void testCipherProvider(Configuration configuration) throws IOException {
        String str = configuration.get(HConstants.CRYPTO_CIPHERPROVIDER_CONF_KEY, DefaultCipherProvider.class.getName());
        Boolean bool = cipherProviderResults.get(str);
        if (bool != null) {
            if (!bool.booleanValue()) {
                throw new IOException("Cipher provider " + str + " previously failed test");
            }
            return;
        }
        try {
            Encryption.getCipherProvider(configuration);
            cipherProviderResults.put(str, true);
        } catch (Exception e) {
            cipherProviderResults.put(str, false);
            throw new IOException("Cipher provider " + str + " failed test: " + e.getMessage(), e);
        }
    }

    public static void testEncryption(Configuration configuration, String str, byte[] bArr) throws IOException {
        if (str == null) {
            return;
        }
        if (!Encryption.isEncryptionEnabled(configuration)) {
            throw new IOException(String.format("Cipher %s failed test: encryption is disabled on the cluster", str));
        }
        testKeyProvider(configuration);
        testCipherProvider(configuration);
        Boolean bool = cipherResults.get(str);
        if (bool != null) {
            if (!bool.booleanValue()) {
                throw new IOException("Cipher " + str + " previously failed test");
            }
            return;
        }
        try {
            Encryption.Context newContext = Encryption.newContext(configuration);
            newContext.setCipher(Encryption.getCipher(configuration, str));
            if (bArr == null) {
                newContext.setKey(newContext.getCipher().getRandomKey());
            } else {
                newContext.setKey(EncryptionUtil.unwrapKey(configuration, configuration.get(HConstants.CRYPTO_MASTERKEY_NAME_CONF_KEY, "hbase"), bArr));
            }
            byte[] bArr2 = null;
            if (newContext.getCipher().getIvLength() > 0) {
                bArr2 = new byte[newContext.getCipher().getIvLength()];
                Bytes.secureRandom(bArr2);
            }
            byte[] bArr3 = new byte[1024];
            Bytes.random(bArr3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Encryption.encrypt(byteArrayOutputStream, new ByteArrayInputStream(bArr3), newContext, bArr2);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.reset();
            Encryption.decrypt(byteArrayOutputStream, new ByteArrayInputStream(byteArray), bArr3.length, newContext, bArr2);
            if (!Bytes.equals(bArr3, byteArrayOutputStream.toByteArray())) {
                throw new IOException("Did not pass encrypt/decrypt test");
            }
            cipherResults.put(str, true);
        } catch (Exception e) {
            cipherResults.put(str, false);
            throw new IOException("Cipher " + str + " failed test: " + e.getMessage(), e);
        }
    }
}
