package org.apache.hadoop.crypto.key;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.log4j.Logger;
import org.apache.ranger.entity.XXRangerMasterKey;
import org.apache.ranger.kms.dao.DaoManager;
import org.apache.ranger.kms.dao.RangerMasterKeyDao;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerMasterKey.class */
public class RangerMasterKey implements RangerKMSMKI {
    static final Logger logger = Logger.getLogger(RangerMasterKey.class);
    private static final String MK_CIPHER = "AES";
    private static final int MK_KeySize = 256;
    private static final int SALT_SIZE = 8;
    private static final String PBE_ALGO = "PBEWithMD5AndTripleDES";
    private static final String MD_ALGO = "MD5";
    private DaoManager daoManager;

    public RangerMasterKey() {
    }

    public RangerMasterKey(DaoManager daoManager) {
        this.daoManager = daoManager;
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) throws Throwable {
        logger.info("Getting Master Key");
        byte[] encryptedMK = getEncryptedMK();
        if (encryptedMK == null || encryptedMK.length <= 0) {
            throw new Exception("No Master Key Found");
        }
        return decryptMasterKey(encryptedMK, str);
    }

    public SecretKey getMasterSecretKey(String str) throws Throwable {
        logger.info("Getting Master Key");
        byte[] encryptedMK = getEncryptedMK();
        if (encryptedMK == null || encryptedMK.length <= 0) {
            throw new Exception("No Master Key Found");
        }
        return decryptMasterKeySK(encryptedMK, str);
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) throws Throwable {
        logger.info("Generating Master Key");
        String saveEncryptedMK = saveEncryptedMK(encryptMasterKey(str), this.daoManager);
        if (saveEncryptedMK == null || saveEncryptedMK.trim().equals("")) {
            return false;
        }
        logger.debug("Master Key Created with id = " + saveEncryptedMK);
        return true;
    }

    public boolean generateMKFromHSMMK(String str, byte[] bArr) throws Throwable {
        logger.info("Generating Master Key");
        String saveEncryptedMK = saveEncryptedMK(encryptMasterKey(str, bArr), this.daoManager);
        if (saveEncryptedMK == null || saveEncryptedMK.trim().equals("")) {
            return false;
        }
        logger.debug("Master Key Created with id = " + saveEncryptedMK);
        return true;
    }

    private String decryptMasterKey(byte[] bArr, String str) throws Throwable {
        logger.debug("Decrypting Master Key");
        return Base64.encode(getMasterKeyFromBytes(decryptKey(bArr, getPBEParameterSpec(str))).getEncoded());
    }

    private SecretKey decryptMasterKeySK(byte[] bArr, String str) throws Throwable {
        logger.debug("Decrypting Master Key");
        return getMasterKeyFromBytes(decryptKey(bArr, getPBEParameterSpec(str)));
    }

    private byte[] getEncryptedMK() throws Base64DecodingException {
        logger.debug("Retrieving Encrypted Master Key from database");
        try {
            if (this.daoManager == null) {
                return null;
            }
            RangerMasterKeyDao rangerMasterKeyDao = new RangerMasterKeyDao(this.daoManager);
            List<XXRangerMasterKey> all = rangerMasterKeyDao.getAll();
            if (all.size() < 1) {
                throw new Exception("No Master Key exists");
            }
            if (all.size() > 1) {
                throw new Exception("More than one Master Key exists");
            }
            return Base64.decode(rangerMasterKeyDao.getById(all.get(0).getId()).getMasterKey());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private String saveEncryptedMK(String str, DaoManager daoManager) {
        logger.debug("Saving Encrypted Master Key to database");
        XXRangerMasterKey xXRangerMasterKey = new XXRangerMasterKey();
        xXRangerMasterKey.setCipher(MK_CIPHER);
        xXRangerMasterKey.setBitLength(MK_KeySize);
        xXRangerMasterKey.setMasterKey(str);
        if (daoManager == null) {
            return null;
        }
        try {
            RangerMasterKeyDao rangerMasterKeyDao = new RangerMasterKeyDao(daoManager);
            if (rangerMasterKeyDao.getAllCount().longValue() < 1) {
                return rangerMasterKeyDao.create(xXRangerMasterKey).getId().toString();
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private String encryptMasterKey(String str) throws Throwable {
        logger.debug("Encrypting Master Key");
        Key generateMasterKey = generateMasterKey();
        return Base64.encode(encryptKey(generateMasterKey.getEncoded(), getPBEParameterSpec(str)));
    }

    private String encryptMasterKey(String str, byte[] bArr) throws Throwable {
        logger.debug("Encrypting Master Key");
        return Base64.encode(encryptKey(bArr, getPBEParameterSpec(str)));
    }

    private Key generateMasterKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(MK_CIPHER);
        keyGenerator.init(MK_KeySize);
        return keyGenerator.generateKey();
    }

    private PBEKeySpec getPBEParameterSpec(String str) throws Throwable {
        byte[] digest = MessageDigest.getInstance(MD_ALGO).digest(str.getBytes());
        byte[] bArr = new byte[SALT_SIZE];
        System.arraycopy(digest, 0, bArr, 0, SALT_SIZE);
        return new PBEKeySpec(str.toCharArray(), bArr, str.toCharArray().length + 1);
    }

    private byte[] encryptKey(byte[] bArr, PBEKeySpec pBEKeySpec) throws Throwable {
        SecretKey passwordKey = getPasswordKey(pBEKeySpec);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pBEKeySpec.getSalt(), pBEKeySpec.getIterationCount());
        Cipher cipher = Cipher.getInstance(passwordKey.getAlgorithm());
        cipher.init(1, passwordKey, pBEParameterSpec);
        return cipher.doFinal(bArr);
    }

    private SecretKey getPasswordKey(PBEKeySpec pBEKeySpec) throws Throwable {
        return SecretKeyFactory.getInstance(PBE_ALGO).generateSecret(pBEKeySpec);
    }

    private byte[] decryptKey(byte[] bArr, PBEKeySpec pBEKeySpec) throws Throwable {
        SecretKey passwordKey = getPasswordKey(pBEKeySpec);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pBEKeySpec.getSalt(), pBEKeySpec.getIterationCount());
        Cipher cipher = Cipher.getInstance(passwordKey.getAlgorithm());
        cipher.init(2, passwordKey, pBEParameterSpec);
        return cipher.doFinal(bArr);
    }

    private SecretKey getMasterKeyFromBytes(byte[] bArr) throws Throwable {
        return new SecretKeySpec(bArr, MK_CIPHER);
    }

    public Map<String, String> getPropertiesWithPrefix(Properties properties, String str) {
        String substring;
        HashMap hashMap = new HashMap();
        if (properties != null && str != null) {
            for (String str2 : properties.stringPropertyNames()) {
                if (str2 != null) {
                    String property = properties.getProperty(str2);
                    if (str2.startsWith(str) && (substring = str2.substring(str.length())) != null) {
                        hashMap.put(substring, property);
                    }
                }
            }
        }
        return hashMap;
    }
}
