package org.apache.iceberg.encryption;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Map;
import javax.crypto.SecretKey;
import org.apache.iceberg.relocated.com.google.common.base.Preconditions;
import org.apache.iceberg.relocated.com.google.common.collect.Maps;

/* loaded from: input_file:org/apache/iceberg/encryption/KeyStoreKmsClient.class */
public class KeyStoreKmsClient extends MemoryMockKMS {
    public static final String KEYSTORE_FILE_PATH_PROP = "kms.client.keystore.path";
    public static final String KEYSTORE_PASSWORD_ENV_VAR = "KEYSTORE_PASSWORD";

    @Override // org.apache.iceberg.encryption.MemoryMockKMS
    public ByteBuffer wrapKey(ByteBuffer byteBuffer, String str) {
        return super.wrapKey(byteBuffer, str.toLowerCase());
    }

    @Override // org.apache.iceberg.encryption.MemoryMockKMS
    public ByteBuffer unwrapKey(ByteBuffer byteBuffer, String str) {
        return super.unwrapKey(byteBuffer, str.toLowerCase());
    }

    public void initialize(Map<String, String> map) {
        String str = map.get(KEYSTORE_FILE_PATH_PROP);
        Preconditions.checkNotNull(str, "kms.client.keystore.path must be set in hadoop or table properties");
        String str2 = System.getenv(KEYSTORE_PASSWORD_ENV_VAR);
        Preconditions.checkNotNull(str2, "KEYSTORE_PASSWORD environment variable must be set");
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            char[] charArray = str2.toCharArray();
            try {
                try {
                    keyStore.load(new FileInputStream(str), charArray);
                    try {
                        Enumeration<String> aliases = keyStore.aliases();
                        this.masterKeys = Maps.newHashMap();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            try {
                                this.masterKeys.put(nextElement, ((SecretKey) keyStore.getKey(nextElement, charArray)).getEncoded());
                            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                                throw new RuntimeException("Failed to get key " + nextElement, e);
                            }
                        }
                        if (this.masterKeys.isEmpty()) {
                            throw new RuntimeException("No keys found in " + str);
                        }
                    } catch (KeyStoreException e2) {
                        throw new RuntimeException("Failed to get key aliases in keystore file " + str, e2);
                    }
                } catch (IOException | NoSuchAlgorithmException | CertificateException e3) {
                    throw new RuntimeException("Failed to load keystore file " + str, e3);
                }
            } catch (FileNotFoundException e4) {
                throw new RuntimeException("Failed to find keystore file " + str, e4);
            }
        } catch (KeyStoreException e5) {
            throw new RuntimeException("Failed to init keystore", e5);
        }
    }
}
