package org.apache.paimon.shade.org.apache.parquet.crypto.keytools;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.Path;
import org.apache.paimon.mergetree.compact.aggregate.FieldListaggAgg;
import org.apache.paimon.shade.jackson2.com.fasterxml.jackson.dataformat.csv.CsvSchema;
import org.apache.paimon.shade.org.apache.parquet.crypto.ColumnEncryptionProperties;
import org.apache.paimon.shade.org.apache.parquet.crypto.DecryptionPropertiesFactory;
import org.apache.paimon.shade.org.apache.parquet.crypto.EncryptionPropertiesFactory;
import org.apache.paimon.shade.org.apache.parquet.crypto.FileDecryptionProperties;
import org.apache.paimon.shade.org.apache.parquet.crypto.FileEncryptionProperties;
import org.apache.paimon.shade.org.apache.parquet.crypto.ParquetCipher;
import org.apache.paimon.shade.org.apache.parquet.crypto.ParquetCryptoRuntimeException;
import org.apache.paimon.shade.org.apache.parquet.hadoop.api.WriteSupport;
import org.apache.paimon.shade.org.apache.parquet.hadoop.metadata.ColumnPath;
import org.apache.paimon.shade.org.codehaus.janino.Opcode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/paimon/shade/org/apache/parquet/crypto/keytools/PropertiesDrivenCryptoFactory.class */
public class PropertiesDrivenCryptoFactory implements EncryptionPropertiesFactory, DecryptionPropertiesFactory {
    public static final String COLUMN_KEYS_PROPERTY_NAME = "parquet.encryption.column.keys";
    public static final String FOOTER_KEY_PROPERTY_NAME = "parquet.encryption.footer.key";
    public static final String UNIFORM_KEY_PROPERTY_NAME = "parquet.encryption.uniform.key";
    public static final String ENCRYPTION_ALGORITHM_PROPERTY_NAME = "parquet.encryption.algorithm";
    public static final String PLAINTEXT_FOOTER_PROPERTY_NAME = "parquet.encryption.plaintext.footer";
    public static final boolean PLAINTEXT_FOOTER_DEFAULT = false;
    private static final Logger LOG = LoggerFactory.getLogger(PropertiesDrivenCryptoFactory.class);
    private static final int[] ACCEPTABLE_DATA_KEY_LENGTHS = {128, Opcode.OP1_LV1, 256};
    public static final String ENCRYPTION_ALGORITHM_DEFAULT = ParquetCipher.AES_GCM_V1.toString();
    private static final SecureRandom RANDOM = new SecureRandom();

    @Override // org.apache.paimon.shade.org.apache.parquet.crypto.EncryptionPropertiesFactory
    public FileEncryptionProperties getFileEncryptionProperties(Configuration configuration, Path path, WriteSupport.WriteContext writeContext) throws ParquetCryptoRuntimeException {
        String trimmed = configuration.getTrimmed(FOOTER_KEY_PROPERTY_NAME);
        String trimmed2 = configuration.getTrimmed(COLUMN_KEYS_PROPERTY_NAME);
        String trimmed3 = configuration.getTrimmed(UNIFORM_KEY_PROPERTY_NAME);
        boolean stringIsEmpty = KeyToolkit.stringIsEmpty(trimmed);
        boolean stringIsEmpty2 = KeyToolkit.stringIsEmpty(trimmed2);
        boolean stringIsEmpty3 = KeyToolkit.stringIsEmpty(trimmed3);
        if (stringIsEmpty && stringIsEmpty2 && stringIsEmpty3) {
            LOG.debug("Unencrypted file: {}", path);
            return null;
        }
        if (stringIsEmpty3) {
            if (stringIsEmpty) {
                throw new ParquetCryptoRuntimeException("No footer key configured in parquet.encryption.footer.key");
            }
            if (stringIsEmpty2) {
                throw new ParquetCryptoRuntimeException("No column keys configured in parquet.encryption.column.keys");
            }
        } else {
            if (!stringIsEmpty) {
                throw new ParquetCryptoRuntimeException("Uniform encryption. Cant have footer key configured in parquet.encryption.footer.key");
            }
            if (!stringIsEmpty2) {
                throw new ParquetCryptoRuntimeException("Uniform encryption. Cant have column keys configured in parquet.encryption.column.keys");
            }
            trimmed = trimmed3;
        }
        HadoopFSKeyMaterialStore hadoopFSKeyMaterialStore = null;
        boolean z = configuration.getBoolean(KeyToolkit.KEY_MATERIAL_INTERNAL_PROPERTY_NAME, true);
        if (!z) {
            if (path == null) {
                throw new ParquetCryptoRuntimeException("Output file path cannot be null");
            }
            try {
                hadoopFSKeyMaterialStore = new HadoopFSKeyMaterialStore(path.getFileSystem(configuration));
                hadoopFSKeyMaterialStore.initialize(path, configuration, false);
            } catch (IOException e) {
                throw new ParquetCryptoRuntimeException("Failed to get key material store", e);
            }
        }
        FileKeyWrapper fileKeyWrapper = new FileKeyWrapper(configuration, hadoopFSKeyMaterialStore);
        String trimmed4 = configuration.getTrimmed(ENCRYPTION_ALGORITHM_PROPERTY_NAME, ENCRYPTION_ALGORITHM_DEFAULT);
        try {
            ParquetCipher valueOf = ParquetCipher.valueOf(trimmed4);
            int i = configuration.getInt(KeyToolkit.DATA_KEY_LENGTH_PROPERTY_NAME, 128);
            if (Arrays.binarySearch(ACCEPTABLE_DATA_KEY_LENGTHS, i) < 0) {
                throw new ParquetCryptoRuntimeException("Wrong data key length : " + i);
            }
            int i2 = i / 8;
            byte[] bArr = new byte[i2];
            RANDOM.nextBytes(bArr);
            byte[] encryptionKeyMetadata = fileKeyWrapper.getEncryptionKeyMetadata(bArr, trimmed, true);
            boolean z2 = configuration.getBoolean(PLAINTEXT_FOOTER_PROPERTY_NAME, false);
            FileEncryptionProperties.Builder withAlgorithm = FileEncryptionProperties.builder(bArr).withFooterKeyMetadata(encryptionKeyMetadata).withAlgorithm(valueOf);
            if (stringIsEmpty3) {
                withAlgorithm = withAlgorithm.withEncryptedColumns(getColumnEncryptionProperties(i2, trimmed2, fileKeyWrapper));
            }
            if (z2) {
                withAlgorithm = withAlgorithm.withPlaintextFooter();
            }
            if (null != hadoopFSKeyMaterialStore) {
                hadoopFSKeyMaterialStore.saveMaterial();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("File encryption properties for {} - algo: {}; footer key id: {}; uniform key id: {}; plaintext footer: {}; internal key material: {}; encrypted columns: {}", new Object[]{path, valueOf, trimmed, trimmed3, Boolean.valueOf(z2), Boolean.valueOf(z), trimmed2});
            }
            return withAlgorithm.build();
        } catch (IllegalArgumentException e2) {
            throw new ParquetCryptoRuntimeException("Wrong encryption algorithm: " + trimmed4);
        }
    }

    private Map<ColumnPath, ColumnEncryptionProperties> getColumnEncryptionProperties(int i, String str, FileKeyWrapper fileKeyWrapper) throws ParquetCryptoRuntimeException {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split(CsvSchema.DEFAULT_ARRAY_ELEMENT_SEPARATOR)) {
            String trim = str2.trim();
            if (!trim.isEmpty()) {
                String[] split = trim.split(":");
                if (split.length != 2) {
                    throw new ParquetCryptoRuntimeException("Incorrect key to columns mapping in parquet.encryption.column.keys: [" + trim + "]");
                }
                String trim2 = split[0].trim();
                if (trim2.isEmpty()) {
                    throw new ParquetCryptoRuntimeException("Empty key name in parquet.encryption.column.keys");
                }
                String[] split2 = split[1].trim().split(FieldListaggAgg.DELIMITER);
                if (0 == split2.length) {
                    throw new ParquetCryptoRuntimeException("No columns to encrypt defined for key: " + trim2);
                }
                for (String str3 : split2) {
                    String trim3 = str3.trim();
                    if (trim3.isEmpty()) {
                        throw new ParquetCryptoRuntimeException("Empty column name in parquet.encryption.column.keys for key: " + trim2);
                    }
                    ColumnPath fromDotString = ColumnPath.fromDotString(trim3);
                    if (hashMap.containsKey(fromDotString)) {
                        throw new ParquetCryptoRuntimeException("Multiple keys defined for the same column: " + trim3);
                    }
                    byte[] bArr = new byte[i];
                    RANDOM.nextBytes(bArr);
                    hashMap.put(fromDotString, ColumnEncryptionProperties.builder(fromDotString).withKey(bArr).withKeyMetaData(fileKeyWrapper.getEncryptionKeyMetadata(bArr, trim2, false)).build());
                }
            }
        }
        if (hashMap.isEmpty()) {
            throw new ParquetCryptoRuntimeException("No column keys configured in parquet.encryption.column.keys");
        }
        return hashMap;
    }

    @Override // org.apache.paimon.shade.org.apache.parquet.crypto.DecryptionPropertiesFactory
    public FileDecryptionProperties getFileDecryptionProperties(Configuration configuration, Path path) throws ParquetCryptoRuntimeException {
        FileKeyUnwrapper fileKeyUnwrapper = new FileKeyUnwrapper(configuration, path);
        if (LOG.isDebugEnabled()) {
            LOG.debug("File decryption properties for {}", path);
        }
        return FileDecryptionProperties.builder().withKeyRetriever(fileKeyUnwrapper).withPlaintextFilesAllowed().build();
    }
}
