package com.mapr.fs.cldb.security;

import com.google.protobuf.ByteString;
import com.mapr.fs.Rpc;
import com.mapr.fs.cldb.CLDBServerHolder;
import com.mapr.fs.cldb.DareKeyStoreInterface;
import com.mapr.fs.cldb.jni.CldbNative;
import com.mapr.fs.cldb.proto.CLDBProto;
import com.mapr.fs.proto.Common;
import com.mapr.fs.proto.Security;
import com.mapr.fs.proto.Spserver;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.IntBuffer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/mapr/fs/cldb/security/DareKeyManager.class */
public class DareKeyManager {
    private static final int SP_DARE_KEY_SIZE = 64;
    private static final int ENCRYPTED_DARE_KEY_SIZE = 64;
    private static final int DECRYPTED_DARE_KEY_SIZE = 32;
    private static final Logger LOG = LogManager.getLogger(DareKeyManager.class);
    private static DareKeyManager instance = new DareKeyManager();
    private static Object instanceGuard = new Object();

    private DareKeyManager() {
    }

    public static DareKeyManager getInstance() {
        return instance;
    }

    private static String getGuidStr(Common.GuidMsg guidMsg) {
        if (guidMsg == null) {
            return null;
        }
        return String.format("%016x%016x", Long.valueOf(guidMsg.getId640()), Long.valueOf(guidMsg.getId641()));
    }

    private static String getGuidStr(long[] jArr) {
        return String.format("%016x%016x", Long.valueOf(jArr[0]), Long.valueOf(jArr[1]));
    }

    private static String bytesHexDump(ByteString byteString) {
        return bytesHexDump(byteString.toByteArray(), byteString.size());
    }

    private static String bytesHexDump(byte[] bArr, int i) {
        IntBuffer asIntBuffer = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN).asIntBuffer();
        int[] iArr = new int[asIntBuffer.remaining()];
        asIntBuffer.get(iArr);
        StringBuilder sb = new StringBuilder();
        for (int i2 : iArr) {
            sb.append(String.format("%08X", Integer.valueOf(i2)));
        }
        return sb.toString();
    }

    private static String hexDump(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        IntBuffer asIntBuffer = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN).asIntBuffer();
        int[] iArr = new int[asIntBuffer.remaining()];
        asIntBuffer.get(iArr);
        return String.format("%08X%08X%08X%08X%08X%08X%08X%08X", Integer.valueOf(iArr[0]), Integer.valueOf(iArr[1]), Integer.valueOf(iArr[2]), Integer.valueOf(iArr[3]), Integer.valueOf(iArr[4]), Integer.valueOf(iArr[5]), Integer.valueOf(iArr[6]), Integer.valueOf(iArr[7]));
    }

    public ByteString getDareKeyForSp(Common.GuidMsg guidMsg) {
        if (guidMsg == null) {
            LOG.info("getDareKeyForSp: guidMsg is null.");
            return null;
        }
        byte[] bArr = new byte[64];
        int keyForSpGiud = CldbNative.getKeyForSpGiud(new long[]{guidMsg.getId640(), guidMsg.getId641()}, bArr);
        if (keyForSpGiud != 0) {
            LOG.error("getDareKeyForSp: Failed to generate key for SP guid {}, error {}", getGuidStr(guidMsg), Integer.valueOf(keyForSpGiud));
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("getDareKeyForSp: SpGuid:{}, keyAndIv:{}", getGuidStr(guidMsg), hexDump(bArr));
        }
        return ByteString.copyFrom(bArr);
    }

    private static String keyInfoHexDump(CLDBProto.EncryptedKey encryptedKey) {
        if (encryptedKey == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        HashSet hashSet = new HashSet();
        Iterator it = encryptedKey.getEncryptedKeysList().iterator();
        while (it.hasNext()) {
            String bytesHexDump = bytesHexDump((ByteString) it.next());
            if (hashSet.add(bytesHexDump)) {
                sb.append(bytesHexDump + ", ");
            }
        }
        if (sb.length() > 0) {
            sb.setLength(sb.length() - 2);
        }
        return sb.toString();
    }

    private static Security.Key getLocalDareMasterKey() {
        byte[] bArr = new byte[DECRYPTED_DARE_KEY_SIZE];
        if (CldbNative.getDareMasterKey(bArr) != 0) {
            LOG.error("getLocalDareMasterKey: failed to get Dare master key");
            return null;
        }
        ByteString copyFrom = ByteString.copyFrom(bArr);
        if (copyFrom != null) {
            return Security.Key.newBuilder().setKey(copyFrom).build();
        }
        return null;
    }

    private static void shutdown(String str) {
        CLDBServerHolder.getInstance().getCLDB().shutdown(str, null);
    }

    private static Spserver.ListDisksResponse fetchDiskList(long j) {
        Spserver.ListDisksResponse listDisksResponse = null;
        byte[] bArr = null;
        try {
            bArr = Rpc.sendRequest(j, Common.MapRProgramId.StoragePoolServerProgramId.getNumber(), Spserver.SPSProg.ListDisksProc.getNumber(), Spserver.ListDisksRequest.newBuilder().build());
            if (bArr == null) {
                shutdown("Failed to fetch local SP info, fetched null.");
            }
            listDisksResponse = Spserver.ListDisksResponse.parseFrom(bArr);
            if (listDisksResponse.getStatus() != 0) {
                LOG.error("ListDisksRequest failed status:{}", Integer.valueOf(listDisksResponse.getStatus()));
                shutdown("Failed to fetch local SP info.");
            }
        } catch (Exception e) {
            LOG.error("Exception during kvstore RPC op apply: ", e);
            if (bArr != null) {
                LOG.error("Resp size: {}", Integer.valueOf(bArr.length));
            }
            shutdown("Failed to fetch local SP info.");
        }
        return listDisksResponse;
    }

    public static String recoverDareMasterKey(DareKeyStoreInterface dareKeyStoreInterface, Security.CredentialsMsg credentialsMsg, long j) {
        CLDBProto.EncryptedKey fetchDareMasterKey = dareKeyStoreInterface.fetchDareMasterKey();
        if (fetchDareMasterKey == null) {
            LOG.error("Failed to recover dare master key, key store returned null");
            return null;
        }
        Spserver.ListDisksResponse fetchDiskList = fetchDiskList(j);
        if (fetchDiskList == null || fetchDiskList.getDrecCount() == 0) {
            shutdown("no disks reported in ListDisksResponse");
        }
        byte[] bArr = new byte[DECRYPTED_DARE_KEY_SIZE];
        int decryptDareKey = CldbNative.decryptDareKey(fetchDareMasterKey.toByteArray(), fetchDiskList.toByteArray(), bArr);
        if (decryptDareKey == 0) {
            return bytesHexDump(ByteString.copyFrom(bArr));
        }
        LOG.error("recoverDareMasterKey: native decryption returned {}", Integer.valueOf(decryptDareKey));
        return null;
    }

    private List<String> getMissingSpsInKeyStore(DareKeyStoreInterface dareKeyStoreInterface, CLDBProto.EncryptedKey encryptedKey) {
        HashSet hashSet = new HashSet();
        for (String str : CLDBServerHolder.getInstance().getTableRootCidSps()) {
            int decryptDareForSp = CldbNative.decryptDareForSp(encryptedKey.toByteArray(), str.getBytes(), new byte[DECRYPTED_DARE_KEY_SIZE]);
            if (decryptDareForSp != 0) {
                LOG.info("getMissingSpsInKeyStore(): Entry for key encrypted using sp {} not found in key store, {}", str, Integer.valueOf(decryptDareForSp));
                hashSet.add(str);
            }
        }
        return new ArrayList(hashSet);
    }

    private Map<ByteString, String> getEncryptedDareKeyMap() {
        HashMap hashMap = new HashMap();
        List<String> tableRootCidSps = CLDBServerHolder.getInstance().getTableRootCidSps();
        Security.Key localDareMasterKey = getLocalDareMasterKey();
        if (localDareMasterKey == null) {
            return null;
        }
        for (String str : tableRootCidSps) {
            byte[] bArr = new byte[64];
            int encryptDareKey = CldbNative.encryptDareKey(str.getBytes(), localDareMasterKey.getKey().toByteArray(), bArr);
            if (encryptDareKey != 0) {
                LOG.error("getEncryptedDareKeyMap(): failed to encrypt dare master key for sp , status {}", str, Integer.valueOf(encryptDareKey));
            } else {
                hashMap.put(ByteString.copyFrom(bArr), str);
            }
        }
        LOG.debug("getEncryptedDareKeyMap: returning dare keys encrypted with {} sps.", Integer.valueOf(tableRootCidSps.size()));
        return hashMap;
    }

    private Set<ByteString> getDarekeysFromKeyStore(DareKeyStoreInterface dareKeyStoreInterface) {
        HashSet hashSet = new HashSet();
        CLDBProto.EncryptedKey fetchDareMasterKey = dareKeyStoreInterface.fetchDareMasterKey();
        if (fetchDareMasterKey == null) {
            LOG.error("Failed to fetch encrypted dare keys from key store.");
            fetchDareMasterKey = CLDBProto.EncryptedKey.newBuilder().build();
        }
        Iterator it = fetchDareMasterKey.getEncryptedKeysList().iterator();
        while (it.hasNext()) {
            byte[] byteArray = ((ByteString) it.next()).toByteArray();
            bytesHexDump(byteArray, 64);
            hashSet.add(ByteString.copyFrom(byteArray));
        }
        LOG.debug("getDarekeysFromKeyStore: Key store returned {} encrypted keys", Integer.valueOf(fetchDareMasterKey.getEncryptedKeysCount()));
        return hashSet;
    }

    private void updateKeyStore(DareKeyStoreInterface dareKeyStoreInterface, Set<ByteString> set) {
        CLDBProto.EncryptedKey.Builder newBuilder = CLDBProto.EncryptedKey.newBuilder();
        Iterator<ByteString> it = set.iterator();
        while (it.hasNext()) {
            newBuilder.addEncryptedKeys(it.next());
        }
        CLDBProto.EncryptedKey build = newBuilder.build();
        LOG.info("updateKeyStore: updated key store with num entries {}", Integer.valueOf(build.getEncryptedKeysCount()));
        dareKeyStoreInterface.storeDareMasterKey(build);
    }

    public void updateKeyStore(DareKeyStoreInterface dareKeyStoreInterface) {
        if (dareKeyStoreInterface == null) {
            return;
        }
        CLDBProto.EncryptedKey fetchDareMasterKey = dareKeyStoreInterface.fetchDareMasterKey();
        List<String> list = null;
        if (fetchDareMasterKey != null) {
            list = getMissingSpsInKeyStore(dareKeyStoreInterface, fetchDareMasterKey);
            if (list.size() == 0) {
                LOG.debug("updateKeyStore: No change in cid1 sps, key store dare keys are up-to-date.");
                return;
            }
        }
        Map<ByteString, String> encryptedDareKeyMap = getEncryptedDareKeyMap();
        if (encryptedDareKeyMap == null) {
            LOG.info("updateKeyStore: skipped updating dare key store, dare master key not found");
            return;
        }
        if (LOG.isInfoEnabled()) {
            LOG.info(list == null ? "updateKeyStore: Updating dare key store, sp " + encryptedDareKeyMap.values() : "updateKeyStore: Updating dare key store, sp " + list + ", total entries " + encryptedDareKeyMap.size());
        }
        updateKeyStore(dareKeyStoreInterface, encryptedDareKeyMap.keySet());
    }
}
