package org.apache.hadoop.crypto.key;

import com.tencentcloudapi.common.Credential;
import com.tencentcloudapi.common.exception.TencentCloudSDKException;
import com.tencentcloudapi.kms.v20190118.KmsClient;
import com.tencentcloudapi.kms.v20190118.models.DecryptRequest;
import com.tencentcloudapi.kms.v20190118.models.DescribeKeyRequest;
import com.tencentcloudapi.kms.v20190118.models.DescribeKeyResponse;
import com.tencentcloudapi.kms.v20190118.models.EncryptRequest;
import com.tencentcloudapi.kms.v20190118.models.KeyMetadata;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerTencentKMSProvider.class */
public class RangerTencentKMSProvider implements RangerKMSMKI {
    static final Logger logger = LoggerFactory.getLogger(RangerTencentKMSProvider.class);
    static final String TENCENT_MASTER_KEY_ID = "ranger.kms.tencent.masterkey.id";
    static final String TENCENT_CLIENT_ID = "ranger.kms.tencent.client.id";
    static final String TENCENT_CLIENT_SECRET = "ranger.kms.tencent.client.secret";
    static final String TENCENT_CLIENT_REGION = "ranger.kms.tencent.client.region";
    private String masterKeyId;
    private KeyMetadata masterKeyMetadata;
    private KmsClient keyVaultClient;

    protected RangerTencentKMSProvider(Configuration configuration, KmsClient kmsClient) {
        this.masterKeyId = configuration.get(TENCENT_MASTER_KEY_ID);
        this.keyVaultClient = kmsClient;
    }

    public RangerTencentKMSProvider(Configuration configuration) throws Exception {
        this(configuration, createKMSClient(configuration));
    }

    public static KmsClient createKMSClient(Configuration configuration) throws Exception {
        String str = configuration.get(TENCENT_CLIENT_ID);
        if (StringUtils.isEmpty(str)) {
            throw new Exception("Tencent KMS is enabled, but client id is not configured");
        }
        String str2 = configuration.get(TENCENT_CLIENT_SECRET);
        return new KmsClient(new Credential(str, str2), configuration.get(TENCENT_CLIENT_REGION));
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) throws Exception {
        if (this.keyVaultClient == null) {
            throw new Exception("Key Vault Client is null. Please check the azure related configuration.");
        }
        try {
            DescribeKeyRequest describeKeyRequest = new DescribeKeyRequest();
            describeKeyRequest.setKeyId(this.masterKeyId);
            DescribeKeyResponse DescribeKey = this.keyVaultClient.DescribeKey(describeKeyRequest);
            if (DescribeKey == null || !DescribeKey.getKeyMetadata().getKeyId().equals(this.masterKeyId)) {
                throw new Exception("KetMetadata is invalid");
            }
            this.masterKeyMetadata = DescribeKey.getKeyMetadata();
            if (this.masterKeyMetadata == null) {
                throw new NoSuchMethodException("generateMasterKey is not implemented for Tencent KMS");
            }
            logger.info("Tencent Master key exist with KeyId :" + this.masterKeyId + " with Alias: " + this.masterKeyMetadata.getAlias() + " with Description : " + this.masterKeyMetadata.getDescription() + " with ResourceId : " + this.masterKeyMetadata.getResourceId());
            return true;
        } catch (TencentCloudSDKException e) {
            throw new Exception("Error while getting existing master key from Tencent.  Master Key Id : " + this.masterKeyId + " . Error : " + e.getMessage());
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public byte[] encryptZoneKey(Key key) throws Exception {
        try {
            EncryptRequest encryptRequest = new EncryptRequest();
            encryptRequest.setKeyId(this.masterKeyId);
            encryptRequest.setPlaintext(Base64.getEncoder().encodeToString(key.getEncoded()));
            return this.keyVaultClient.Encrypt(encryptRequest).getCiphertextBlob().getBytes(StandardCharsets.US_ASCII);
        } catch (TencentCloudSDKException e) {
            throw ((Exception) new Exception("Error while encrypting zone key.").initCause(e));
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public byte[] decryptZoneKey(byte[] bArr) throws Exception {
        try {
            DecryptRequest decryptRequest = new DecryptRequest();
            decryptRequest.setCiphertextBlob(new String(bArr, StandardCharsets.US_ASCII));
            return Base64.getDecoder().decode(this.keyVaultClient.Decrypt(decryptRequest).getPlaintext());
        } catch (TencentCloudSDKException e) {
            throw ((Exception) new Exception("Error while decrypting zone key.").initCause(e));
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) {
        return null;
    }
}
