package org.apache.hadoop.crypto.key;

import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.collect.Lists;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.collections.CollectionUtils;
import org.apache.ranger.entity.XXRangerMasterKey;
import org.apache.ranger.kms.dao.DaoManager;
import org.apache.ranger.kms.dao.RangerMasterKeyDao;
import org.apache.ranger.plugin.util.XMLUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerMasterKey.class */
public class RangerMasterKey implements RangerKMSMKI {
    private static final String DEFAULT_MK_CIPHER = "AES";
    private static final int DEFAULT_MK_KeySize = 256;
    private static final int DEFAULT_SALT_SIZE = 8;
    private static final String DEFAULT_SALT = "abcdefghijklmnopqrstuvwxyz01234567890";
    private static final String DEFAULT_CRYPT_ALGO = "PBEWithMD5AndTripleDES";
    private static final int DEFAULT_ITERATION_COUNT = 1000;
    private static String DEFAULT_MD_ALGO;
    public static final String DBKS_SITE_XML = "dbks-site.xml";
    public static String MK_CIPHER;
    public static String SALT;
    public static String PBE_ALGO;
    public static String MD_ALGO;
    public static String paddingString;
    private DaoManager daoManager;
    private static final Logger logger = LoggerFactory.getLogger(RangerMasterKey.class);
    private static String password = null;
    private static Properties serverConfigProperties = new Properties();
    public static Integer MK_KeySize = 0;
    public static Integer SALT_SIZE = 0;
    public static Integer ITERATION_COUNT = 0;

    public RangerMasterKey() {
    }

    public RangerMasterKey(DaoManager daoManager) {
        this.daoManager = daoManager;
    }

    protected static String getConfig(String str, String str2) {
        String property = serverConfigProperties.getProperty(str);
        if (property == null || property.trim().isEmpty()) {
            property = System.getProperty(str);
        }
        if (property == null || property.trim().isEmpty()) {
            property = str2;
        }
        return property;
    }

    protected static int getIntConfig(String str, int i) {
        int i2 = i;
        String property = serverConfigProperties.getProperty(str);
        if (property != null) {
            try {
                i2 = Integer.parseInt(property);
            } catch (Exception e) {
                logger.warn(property + " can't be parsed to int. Reason: " + e.toString());
            }
        }
        return i2;
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.getMasterKey()");
        }
        logger.info("Getting Master Key");
        List encryptedMK = getEncryptedMK();
        String str2 = null;
        byte[] bArr = null;
        if (CollectionUtils.isNotEmpty(encryptedMK) && encryptedMK.size() == 2) {
            bArr = (byte[]) encryptedMK.get(0);
            str2 = (String) encryptedMK.get(1);
        } else if (CollectionUtils.isNotEmpty(encryptedMK)) {
            bArr = (byte[]) encryptedMK.get(0);
        }
        if (bArr == null || bArr.length <= 0) {
            throw new Exception("No Master Key Found");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.getMasterKey()");
        }
        return decryptMasterKey(bArr, str, str2);
    }

    public SecretKey getMasterSecretKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.getMasterSecretKey()");
        }
        logger.info("Getting Master Key");
        List encryptedMK = getEncryptedMK();
        String str2 = null;
        byte[] bArr = null;
        if (CollectionUtils.isNotEmpty(encryptedMK) && encryptedMK.size() == 2) {
            bArr = (byte[]) encryptedMK.get(0);
            str2 = (String) encryptedMK.get(1);
        } else if (CollectionUtils.isNotEmpty(encryptedMK)) {
            bArr = (byte[]) encryptedMK.get(0);
        }
        if (bArr == null || bArr.length <= 0) {
            throw new Exception("No Master Key Found");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.getMasterSecretKey()");
        }
        return decryptMasterKeySK(bArr, str, str2);
    }

    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.init()");
        }
        XMLUtils.loadConfig("dbks-site.xml", serverConfigProperties);
        DEFAULT_MD_ALGO = getConfig("ranger.keystore.file.type", KeyStore.getDefaultType()).equalsIgnoreCase("bcfks") ? "SHA-512" : "MD5";
        MK_CIPHER = getConfig("ranger.kms.service.masterkey.password.cipher", DEFAULT_MK_CIPHER);
        MK_KeySize = Integer.valueOf(getIntConfig("ranger.kms.service.masterkey.password.size", DEFAULT_MK_KeySize));
        SALT_SIZE = Integer.valueOf(getIntConfig("ranger.kms.service.masterkey.password.salt.size", DEFAULT_SALT_SIZE));
        SALT = getConfig("ranger.kms.service.masterkey.password.salt", DEFAULT_SALT);
        PBE_ALGO = getConfig("ranger.kms.service.masterkey.password.encryption.algorithm", DEFAULT_CRYPT_ALGO);
        MD_ALGO = getConfig("ranger.kms.service.masterkey.password.md.algorithm", DEFAULT_MD_ALGO);
        ITERATION_COUNT = Integer.valueOf(getIntConfig("ranger.kms.service.masterkey.password.iteration.count", 1000));
        paddingString = Joiner.on(",").skipNulls().join(MK_CIPHER, MK_KeySize, new Object[]{SALT_SIZE, PBE_ALGO, MD_ALGO, ITERATION_COUNT, SALT});
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.generateMasterKey()");
        }
        logger.info("Generating Master Key...");
        init();
        String saveEncryptedMK = saveEncryptedMK(paddingString + "," + encryptMasterKey(str), this.daoManager);
        if (saveEncryptedMK == null || saveEncryptedMK.trim().equals("")) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("<== RangerMasterKey.generateMasterKey()");
            return false;
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("Master Key Created with id = " + saveEncryptedMK);
        logger.debug("<== RangerMasterKey.generateMasterKey()");
        return true;
    }

    public boolean generateMKFromHSMMK(String str, byte[] bArr) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.generateMKFromHSMMK()");
        }
        init();
        String saveEncryptedMK = saveEncryptedMK(paddingString + "," + encryptMasterKey(str, bArr), this.daoManager);
        if (saveEncryptedMK == null || saveEncryptedMK.trim().equals("")) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
            return false;
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("Master Key Created with id = " + saveEncryptedMK);
        logger.debug("<== RangerMasterKey.generateMKFromHSMMK()");
        return true;
    }

    private String decryptMasterKey(byte[] bArr, String str, String str2) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.decryptMasterKey()");
            logger.debug("Decrypting Master Key...");
        }
        if (str2 == null) {
            getPasswordParam(str);
        }
        SecretKey masterKeyFromBytes = getMasterKeyFromBytes(decryptKey(bArr, getPBEParameterSpec(str)));
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.decryptMasterKey()");
        }
        return Base64.encode(masterKeyFromBytes.getEncoded());
    }

    public static void getPasswordParam(String str) {
        String[] strArr = null;
        if (str != null && str.contains(",")) {
            strArr = (String[]) Lists.newArrayList(Splitter.on(",").split(str)).toArray(new String[0]);
        }
        if (strArr == null || strArr.length < 7) {
            MK_CIPHER = DEFAULT_MK_CIPHER;
            MK_KeySize = Integer.valueOf(DEFAULT_MK_KeySize);
            SALT_SIZE = Integer.valueOf(DEFAULT_SALT_SIZE);
            PBE_ALGO = DEFAULT_CRYPT_ALGO;
            MD_ALGO = DEFAULT_MD_ALGO;
            password = str;
            SALT = password;
            if (password != null) {
                ITERATION_COUNT = Integer.valueOf(password.toCharArray().length + 1);
                return;
            }
            return;
        }
        MK_CIPHER = strArr[0];
        int i = 0 + 1;
        MK_KeySize = Integer.valueOf(Integer.parseInt(strArr[i]));
        int i2 = i + 1;
        SALT_SIZE = Integer.valueOf(Integer.parseInt(strArr[i2]));
        int i3 = i2 + 1;
        PBE_ALGO = strArr[i3];
        int i4 = i3 + 1;
        MD_ALGO = strArr[i4];
        int i5 = i4 + 1;
        ITERATION_COUNT = Integer.valueOf(Integer.parseInt(strArr[i5]));
        int i6 = i5 + 1;
        SALT = strArr[i6];
        password = strArr[i6 + 1];
    }

    public boolean generateMKFromKeySecureMK(String str, byte[] bArr) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.generateMKFromKeySecureMK()");
        }
        init();
        String saveEncryptedMK = saveEncryptedMK(paddingString + "," + encryptMasterKey(str, bArr), this.daoManager);
        if (saveEncryptedMK != null && !saveEncryptedMK.trim().equals("")) {
            logger.debug("Master Key Created with id = " + saveEncryptedMK);
            return true;
        }
        if (!logger.isDebugEnabled()) {
            return false;
        }
        logger.debug("<== RangerMasterKey.generateMKFromKeySecureMK()");
        return false;
    }

    private SecretKey decryptMasterKeySK(byte[] bArr, String str, String str2) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.decryptMasterKeySK()");
        }
        if (str2 == null) {
            getPasswordParam(str);
        }
        byte[] decryptKey = decryptKey(bArr, getPBEParameterSpec(str));
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.decryptMasterKeySK()");
        }
        return getMasterKeyFromBytes(decryptKey);
    }

    private List getEncryptedMK() throws Base64DecodingException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.getEncryptedMK()");
        }
        try {
            if (this.daoManager != null) {
                ArrayList arrayList = new ArrayList();
                RangerMasterKeyDao rangerMasterKeyDao = new RangerMasterKeyDao(this.daoManager);
                List<XXRangerMasterKey> all = rangerMasterKeyDao.getAll();
                if (all.size() < 1) {
                    throw new Exception("No Master Key exists");
                }
                if (all.size() > 1) {
                    throw new Exception("More than one Master Key exists");
                }
                String masterKey = rangerMasterKeyDao.getById(all.get(0).getId()).getMasterKey();
                if (!masterKey.contains(",")) {
                    arrayList.add(Base64.decode(masterKey));
                    if (logger.isDebugEnabled()) {
                        logger.debug("<== RangerMasterKey.getEncryptedMK()");
                    }
                    return arrayList;
                }
                getPasswordParam(masterKey);
                arrayList.add(Base64.decode(password));
                arrayList.add(masterKey);
                if (logger.isDebugEnabled()) {
                    logger.debug("<== RangerMasterKey.getEncryptedMK()");
                }
                return arrayList;
            }
        } catch (Exception e) {
            logger.error("Unable to Retrieving Master Key from database!!! or ", e);
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("<== RangerMasterKey.getEncryptedMK()");
        return null;
    }

    private String saveEncryptedMK(String str, DaoManager daoManager) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.saveEncryptedMK()");
        }
        XXRangerMasterKey xXRangerMasterKey = new XXRangerMasterKey();
        xXRangerMasterKey.setCipher(MK_CIPHER);
        xXRangerMasterKey.setBitLength(MK_KeySize.intValue());
        xXRangerMasterKey.setMasterKey(str);
        if (daoManager != null) {
            try {
                RangerMasterKeyDao rangerMasterKeyDao = new RangerMasterKeyDao(daoManager);
                if (rangerMasterKeyDao.getAllCount().longValue() < 1) {
                    XXRangerMasterKey create = rangerMasterKeyDao.create(xXRangerMasterKey);
                    if (logger.isDebugEnabled()) {
                        logger.debug("<== RangerMasterKey.saveEncryptedMK()");
                    }
                    return create.getId().toString();
                }
            } catch (Exception e) {
                logger.error("Error while saving master key in Database!!! ", e);
            }
        }
        if (!logger.isDebugEnabled()) {
            return null;
        }
        logger.debug("<== RangerMasterKey.saveEncryptedMK()");
        return null;
    }

    private String encryptMasterKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.encryptMasterKey()");
        }
        Key generateMasterKey = generateMasterKey();
        byte[] encryptKey = encryptKey(generateMasterKey.getEncoded(), getPBEParameterSpec(str));
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.encryptMasterKey()");
        }
        return Base64.encode(encryptKey);
    }

    private String encryptMasterKey(String str, byte[] bArr) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.encryptMasterKey()");
        }
        byte[] encryptKey = encryptKey(bArr, getPBEParameterSpec(str));
        if (logger.isDebugEnabled()) {
            logger.debug("<== RangerMasterKey.encryptMasterKey()");
        }
        return Base64.encode(encryptKey);
    }

    private Key generateMasterKey() throws NoSuchAlgorithmException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.generateMasterKey()");
        }
        KeyGenerator keyGenerator = KeyGenerator.getInstance(MK_CIPHER);
        keyGenerator.init(MK_KeySize.intValue());
        return keyGenerator.generateKey();
    }

    private PBEKeySpec getPBEParameterSpec(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.getPBEParameterSpec()");
        }
        byte[] digest = MessageDigest.getInstance(MD_ALGO).digest(SALT.getBytes());
        byte[] bArr = new byte[SALT_SIZE.intValue()];
        System.arraycopy(digest, 0, bArr, 0, SALT_SIZE.intValue());
        return new PBEKeySpec(str.toCharArray(), bArr, ITERATION_COUNT.intValue());
    }

    private byte[] encryptKey(byte[] bArr, PBEKeySpec pBEKeySpec) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.encryptKey()");
        }
        SecretKey passwordKey = getPasswordKey(pBEKeySpec);
        if (pBEKeySpec.getSalt() == null) {
            return null;
        }
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pBEKeySpec.getSalt(), pBEKeySpec.getIterationCount());
        Cipher cipher = Cipher.getInstance(passwordKey.getAlgorithm());
        cipher.init(1, passwordKey, pBEParameterSpec);
        return cipher.doFinal(bArr);
    }

    private SecretKey getPasswordKey(PBEKeySpec pBEKeySpec) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerMasterKey.getPasswordKey()");
        }
        return SecretKeyFactory.getInstance(PBE_ALGO).generateSecret(pBEKeySpec);
    }

    private byte[] decryptKey(byte[] bArr, PBEKeySpec pBEKeySpec) throws Throwable {
        SecretKey passwordKey = getPasswordKey(pBEKeySpec);
        if (pBEKeySpec.getSalt() == null) {
            return null;
        }
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pBEKeySpec.getSalt(), pBEKeySpec.getIterationCount());
        Cipher cipher = Cipher.getInstance(passwordKey.getAlgorithm());
        cipher.init(2, passwordKey, pBEParameterSpec);
        return cipher.doFinal(bArr);
    }

    private SecretKey getMasterKeyFromBytes(byte[] bArr) throws Throwable {
        return new SecretKeySpec(bArr, MK_CIPHER);
    }

    public Map<String, String> getPropertiesWithPrefix(Properties properties, String str) {
        String substring;
        HashMap hashMap = new HashMap();
        if (properties != null && str != null) {
            for (String str2 : properties.stringPropertyNames()) {
                if (str2 != null) {
                    String property = properties.getProperty(str2);
                    if (str2.startsWith(str) && (substring = str2.substring(str.length())) != null) {
                        hashMap.put(substring, property);
                    }
                }
            }
        }
        return hashMap;
    }
}
