package org.apache.accumulo.core.security.crypto;

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PushbackInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.conf.Property;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/accumulo/core/security/crypto/DefaultCryptoModule.class */
public class DefaultCryptoModule implements CryptoModule {
    private static final String ENCRYPTION_HEADER_MARKER_V1 = "---Log File Encrypted (v1)---";
    private static final String ENCRYPTION_HEADER_MARKER_V2 = "---Log File Encrypted (v2)---";
    private static Logger log = Logger.getLogger(DefaultCryptoModule.class);

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public CryptoModuleParameters initializeCipher(CryptoModuleParameters cryptoModuleParameters) {
        String cipherTransformation = getCipherTransformation(cryptoModuleParameters);
        log.trace(String.format("Using cipher suite \"%s\" with key length %d with RNG \"%s\" and RNG provider \"%s\" and key encryption strategy \"%s\"", cipherTransformation, Integer.valueOf(cryptoModuleParameters.getKeyLength()), cryptoModuleParameters.getRandomNumberGenerator(), cryptoModuleParameters.getRandomNumberGeneratorProvider(), cryptoModuleParameters.getKeyEncryptionStrategyClass()));
        if (cryptoModuleParameters.getSecureRandom() == null) {
            cryptoModuleParameters.setSecureRandom(DefaultCryptoModuleUtils.getSecureRandom(cryptoModuleParameters.getRandomNumberGenerator(), cryptoModuleParameters.getRandomNumberGeneratorProvider()));
        }
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(cipherTransformation);
        if (cryptoModuleParameters.getInitializationVector() == null) {
            try {
                cipher.init(1, new SecretKeySpec(cryptoModuleParameters.getPlaintextKey(), cryptoModuleParameters.getAlgorithmName()), cryptoModuleParameters.getSecureRandom());
                cryptoModuleParameters.setInitializationVector(cipher.getIV());
            } catch (InvalidKeyException e) {
                log.error("Accumulo encountered an unknown error in generating the secret key object (SecretKeySpec) for an encrypted stream");
                throw new RuntimeException(e);
            }
        } else {
            try {
                cipher.init(1, new SecretKeySpec(cryptoModuleParameters.getPlaintextKey(), cryptoModuleParameters.getAlgorithmName()), new IvParameterSpec(cryptoModuleParameters.getInitializationVector()));
            } catch (InvalidAlgorithmParameterException e2) {
                log.error("Accumulo encountered an unknown error in setting up the initialization vector for an encrypted stream");
                throw new RuntimeException(e2);
            } catch (InvalidKeyException e3) {
                log.error("Accumulo encountered an unknown error in generating the secret key object (SecretKeySpec) for an encrypted stream");
                throw new RuntimeException(e3);
            }
        }
        cryptoModuleParameters.setCipher(cipher);
        return cryptoModuleParameters;
    }

    private String getCipherTransformation(CryptoModuleParameters cryptoModuleParameters) {
        return cryptoModuleParameters.getAlgorithmName() + "/" + cryptoModuleParameters.getEncryptionMode() + "/" + cryptoModuleParameters.getPadding();
    }

    private String[] parseCipherSuite(String str) {
        return str.split("/");
    }

    private boolean validateNotEmpty(String str, boolean z, StringBuffer stringBuffer, String str2) {
        if (str != null && !str.equals("")) {
            return z;
        }
        stringBuffer.append(str2);
        stringBuffer.append("\n");
        return false;
    }

    private boolean validateNotNull(Object obj, boolean z, StringBuffer stringBuffer, String str) {
        if (obj != null) {
            return z;
        }
        stringBuffer.append(str);
        stringBuffer.append("\n");
        return false;
    }

    private boolean validateNotZero(int i, boolean z, StringBuffer stringBuffer, String str) {
        if (i != 0) {
            return z;
        }
        stringBuffer.append(str);
        stringBuffer.append("\n");
        return false;
    }

    private boolean validateParamsObject(CryptoModuleParameters cryptoModuleParameters, int i) {
        if (i == 1) {
            StringBuffer stringBuffer = new StringBuffer("The following problems were found with the CryptoModuleParameters object you provided for an encrypt operation:\n");
            boolean validateNotEmpty = validateNotEmpty(cryptoModuleParameters.getAlgorithmName(), true, stringBuffer, "No algorithm name was specified.");
            if (validateNotEmpty && cryptoModuleParameters.getAlgorithmName().equals("NullCipher")) {
                return true;
            }
            boolean validateNotNull = validateNotNull(cryptoModuleParameters.getPlaintextOutputStream(), validateNotEmpty(cryptoModuleParameters.getRandomNumberGeneratorProvider(), validateNotEmpty(cryptoModuleParameters.getRandomNumberGenerator(), validateNotEmpty(cryptoModuleParameters.getEncryptionMode(), validateNotZero(cryptoModuleParameters.getKeyLength(), validateNotEmpty(cryptoModuleParameters.getPadding(), validateNotEmpty, stringBuffer, "No padding was specified."), stringBuffer, "No key length was specified."), stringBuffer, "No encryption mode was specified."), stringBuffer, "No random number generator was specified."), stringBuffer, "No random number generate provider was specified."), stringBuffer, "No plaintext output stream was specified.");
            if (validateNotNull) {
                return validateNotNull;
            }
            log.error("CryptoModulesParameters object is not valid.");
            log.error(stringBuffer.toString());
            throw new RuntimeException("CryptoModulesParameters object is not valid.");
        }
        if (i != 2) {
            return false;
        }
        StringBuffer stringBuffer2 = new StringBuffer("The following problems were found with the CryptoModuleParameters object you provided for a decrypt operation:\n");
        boolean validateNotNull2 = validateNotNull(cryptoModuleParameters.getEncryptedKey(), validateNotNull(cryptoModuleParameters.getInitializationVector(), validateNotNull(cryptoModuleParameters.getEncryptedInputStream(), validateNotEmpty(cryptoModuleParameters.getRandomNumberGeneratorProvider(), validateNotEmpty(cryptoModuleParameters.getRandomNumberGenerator(), validateNotEmpty(cryptoModuleParameters.getEncryptionMode(), validateNotZero(cryptoModuleParameters.getKeyLength(), validateNotEmpty(cryptoModuleParameters.getPadding(), true, stringBuffer2, "No padding was specified."), stringBuffer2, "No key length was specified."), stringBuffer2, "No encryption mode was specified."), stringBuffer2, "No random number generator was specified."), stringBuffer2, "No random number generate provider was specified."), stringBuffer2, "No encrypted input stream was specified."), stringBuffer2, "No initialization vector was specified."), stringBuffer2, "No encrypted key was specified.");
        if (cryptoModuleParameters.getKeyEncryptionStrategyClass() != null && !cryptoModuleParameters.getKeyEncryptionStrategyClass().equals("NullSecretKeyEncryptionStrategy")) {
            validateNotNull2 = validateNotEmpty(cryptoModuleParameters.getOpaqueKeyEncryptionKeyID(), validateNotNull2, stringBuffer2, "No opqaue key encryption ID was specified.");
        }
        if (validateNotNull2) {
            return validateNotNull2;
        }
        log.error("CryptoModulesParameters object is not valid.");
        log.error(stringBuffer2.toString());
        throw new RuntimeException("CryptoModulesParameters object is not valid.");
    }

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public CryptoModuleParameters getEncryptingOutputStream(CryptoModuleParameters cryptoModuleParameters) throws IOException {
        log.trace("Initializing crypto output stream (new style)");
        if (!validateParamsObject(cryptoModuleParameters, 1)) {
            log.error("CryptoModuleParameters was not valid.");
            throw new RuntimeException("Invalid CryptoModuleParameters");
        }
        if (cryptoModuleParameters.getAlgorithmName().equals("NullCipher")) {
            cryptoModuleParameters.setEncryptedOutputStream(cryptoModuleParameters.getPlaintextOutputStream());
            return cryptoModuleParameters;
        }
        SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom(cryptoModuleParameters.getRandomNumberGenerator(), cryptoModuleParameters.getRandomNumberGeneratorProvider());
        if (cryptoModuleParameters.getPlaintextKey() == null) {
            byte[] bArr = new byte[cryptoModuleParameters.getKeyLength() / 8];
            secureRandom.nextBytes(bArr);
            cryptoModuleParameters.setPlaintextKey(bArr);
        }
        CryptoModuleParameters encryptSecretKey = CryptoModuleFactory.getSecretKeyEncryptionStrategy(cryptoModuleParameters.getKeyEncryptionStrategyClass()).encryptSecretKey(cryptoModuleParameters);
        if (!encryptSecretKey.getCloseUnderylingStreamAfterCryptoStreamClose()) {
            encryptSecretKey.setPlaintextOutputStream(new DiscardCloseOutputStream(encryptSecretKey.getPlaintextOutputStream()));
        }
        Cipher cipher = encryptSecretKey.getCipher();
        if (cipher == null) {
            initializeCipher(encryptSecretKey);
            cipher = encryptSecretKey.getCipher();
        }
        if (0 == cipher.getBlockSize()) {
            throw new RuntimeException("Encryption cipher must be a block cipher");
        }
        encryptSecretKey.setEncryptedOutputStream(new BlockedOutputStream(new CipherOutputStream(encryptSecretKey.getPlaintextOutputStream(), cipher), cipher.getBlockSize(), encryptSecretKey.getBlockStreamSize()));
        if (encryptSecretKey.getRecordParametersToStream()) {
            DataOutputStream dataOutputStream = new DataOutputStream(encryptSecretKey.getPlaintextOutputStream());
            dataOutputStream.writeUTF(ENCRYPTION_HEADER_MARKER_V2);
            dataOutputStream.writeInt(encryptSecretKey.getAllOptions().size());
            for (String str : encryptSecretKey.getAllOptions().keySet()) {
                dataOutputStream.writeUTF(str);
                dataOutputStream.writeUTF(encryptSecretKey.getAllOptions().get(str));
            }
            dataOutputStream.writeUTF(getCipherTransformation(encryptSecretKey));
            dataOutputStream.writeUTF(encryptSecretKey.getAlgorithmName());
            dataOutputStream.writeInt(encryptSecretKey.getInitializationVector().length);
            dataOutputStream.write(encryptSecretKey.getInitializationVector());
            dataOutputStream.writeUTF(encryptSecretKey.getOpaqueKeyEncryptionKeyID());
            dataOutputStream.writeInt(encryptSecretKey.getEncryptedKey().length);
            dataOutputStream.write(encryptSecretKey.getEncryptedKey());
            dataOutputStream.writeInt(encryptSecretKey.getBlockStreamSize());
        }
        return encryptSecretKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public CryptoModuleParameters getDecryptingInputStream(CryptoModuleParameters cryptoModuleParameters) throws IOException {
        log.trace("About to initialize decryption stream (new style)");
        if (cryptoModuleParameters.getRecordParametersToStream()) {
            DataInputStream dataInputStream = new DataInputStream(cryptoModuleParameters.getEncryptedInputStream());
            log.trace("About to read encryption parameters from underlying stream");
            String readUTF = dataInputStream.readUTF();
            if (!readUTF.equals(ENCRYPTION_HEADER_MARKER_V1) && !readUTF.equals(ENCRYPTION_HEADER_MARKER_V2)) {
                log.trace("Read something off of the encrypted input stream that was not the encryption header marker, so pushing back bytes and returning the given stream");
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                new DataOutputStream(byteArrayOutputStream).writeUTF(readUTF);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                PushbackInputStream pushbackInputStream = new PushbackInputStream(cryptoModuleParameters.getEncryptedInputStream(), byteArray.length);
                pushbackInputStream.unread(byteArray);
                cryptoModuleParameters.setPlaintextInputStream(pushbackInputStream);
                return cryptoModuleParameters;
            }
            HashMap hashMap = new HashMap();
            int readInt = dataInputStream.readInt();
            for (int i = 0; i < readInt; i++) {
                hashMap.put(dataInputStream.readUTF(), dataInputStream.readUTF());
            }
            String readUTF2 = dataInputStream.readUTF();
            String readUTF3 = dataInputStream.readUTF();
            String[] parseCipherSuite = parseCipherSuite(readUTF2);
            cryptoModuleParameters.setAlgorithmName(readUTF3);
            cryptoModuleParameters.setEncryptionMode(parseCipherSuite[1]);
            cryptoModuleParameters.setPadding(parseCipherSuite[2]);
            byte[] bArr = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr);
            cryptoModuleParameters.setInitializationVector(bArr);
            cryptoModuleParameters.setOpaqueKeyEncryptionKeyID(dataInputStream.readUTF());
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.readFully(bArr2);
            cryptoModuleParameters.setEncryptedKey(bArr2);
            if (cryptoModuleParameters.getOverrideStreamsSecretKeyEncryptionStrategy()) {
                for (String str : hashMap.keySet()) {
                    if (!str.equals(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey())) {
                        cryptoModuleParameters.getAllOptions().put(str, hashMap.get(str));
                    }
                }
                cryptoModuleParameters.setKeyEncryptionStrategyClass(cryptoModuleParameters.getAllOptions().get(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey()));
            } else {
                cryptoModuleParameters = CryptoModuleFactory.fillParamsObjectFromStringMap(cryptoModuleParameters, hashMap);
            }
            cryptoModuleParameters = CryptoModuleFactory.getSecretKeyEncryptionStrategy(cryptoModuleParameters.getKeyEncryptionStrategyClass()).decryptSecretKey(cryptoModuleParameters);
            if (readUTF.equals(ENCRYPTION_HEADER_MARKER_V2)) {
                cryptoModuleParameters.setBlockStreamSize(dataInputStream.readInt());
            } else {
                cryptoModuleParameters.setBlockStreamSize(0);
            }
        }
        if (!validateParamsObject(cryptoModuleParameters, 2)) {
            log.error("CryptoModuleParameters object failed validation for decrypt");
            throw new RuntimeException("CryptoModuleParameters object failed validation for decrypt");
        }
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(getCipherTransformation(cryptoModuleParameters));
        try {
            cipher.init(2, new SecretKeySpec(cryptoModuleParameters.getPlaintextKey(), cryptoModuleParameters.getAlgorithmName()), new IvParameterSpec(cryptoModuleParameters.getInitializationVector()));
            InputStream cipherInputStream = new CipherInputStream(cryptoModuleParameters.getEncryptedInputStream(), cipher);
            if (cryptoModuleParameters.getBlockStreamSize() > 0) {
                cipherInputStream = new BlockedInputStream(cipherInputStream, cipher.getBlockSize(), cryptoModuleParameters.getBlockStreamSize());
            }
            log.trace("Initialized cipher input stream with transformation [" + getCipherTransformation(cryptoModuleParameters) + "]");
            cryptoModuleParameters.setPlaintextInputStream(cipherInputStream);
            return cryptoModuleParameters;
        } catch (InvalidAlgorithmParameterException e) {
            log.error("Error when trying to initialize cipher with initialization vector");
            throw new RuntimeException(e);
        } catch (InvalidKeyException e2) {
            log.error("Error when trying to initialize cipher with secret key");
            throw new RuntimeException(e2);
        }
    }

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public CryptoModuleParameters generateNewRandomSessionKey(CryptoModuleParameters cryptoModuleParameters) {
        if (cryptoModuleParameters.getSecureRandom() == null) {
            cryptoModuleParameters.setSecureRandom(DefaultCryptoModuleUtils.getSecureRandom(cryptoModuleParameters.getRandomNumberGenerator(), cryptoModuleParameters.getRandomNumberGeneratorProvider()));
        }
        byte[] bArr = new byte[cryptoModuleParameters.getKeyLength() / 8];
        cryptoModuleParameters.getSecureRandom().nextBytes(bArr);
        cryptoModuleParameters.setPlaintextKey(bArr);
        return cryptoModuleParameters;
    }
}
