package org.apache.sqoop.repository;

import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
import org.apache.sqoop.model.MMasterKey;
import org.apache.sqoop.security.SecurityConstants;
import org.apache.sqoop.security.SecurityError;
import org.apache.sqoop.utils.PasswordUtils;

/* loaded from: input_file:org/apache/sqoop/repository/MasterKeyManager.class */
public class MasterKeyManager {
    private String hmacAlgorithm;
    private int hmacKeySizeBytes;
    private String cipherAlgorithm;
    private int cipherKeySize;
    private String cipherSpec;
    private String pbkdf2Algorithm;
    private int pbkdf2Rounds;
    private int ivLength;
    private RepositoryTransaction repositoryTransaction;
    private MMasterKey mMasterKey;
    private SecretKey masterEncryptionKey;
    private SecretKey masterHmacKey;
    private Random random;
    private static MasterKeyManager instance = new MasterKeyManager();

    public static MasterKeyManager getInstance() {
        return instance;
    }

    public static void setInstance(MasterKeyManager masterKeyManager) {
        instance = masterKeyManager;
    }

    public void initialize() throws SqoopException {
        initialize(true);
    }

    public void initialize(boolean z) throws SqoopException {
        initialize(z, false, null);
    }

    public void initialize(boolean z, boolean z2, RepositoryTransaction repositoryTransaction) throws SqoopException {
        MapContext context = SqoopConfiguration.getInstance().getContext();
        if (context.getBoolean(SecurityConstants.REPO_ENCRYPTION_ENABLED, false)) {
            initialize(z, populateStringConfiguration(context, SecurityConstants.REPO_ENCRYPTION_HMAC_ALGORITHM), populateStringConfiguration(context, SecurityConstants.REPO_ENCRYPTION_CIPHER_ALGORITHM), populateStringConfiguration(context, SecurityConstants.REPO_ENCRYPTION_CIPHER_SPEC), populateIntConfiguration(context, SecurityConstants.REPO_ENCRYPTION_CIPHER_KEY_SIZE), populateIntConfiguration(context, SecurityConstants.REPO_ENCRYPTION_INITIALIZATION_VECTOR_SIZE), populateStringConfiguration(context, SecurityConstants.REPO_ENCRYPTION_PBKDF2_ALGORITHM), populateIntConfiguration(context, SecurityConstants.REPO_ENCRYPTION_PBKDF2_ROUNDS), PasswordUtils.readPassword(context, SecurityConstants.REPO_ENCRYPTION_PASSWORD, SecurityConstants.REPO_ENCRYPTION_PASSWORD_GENERATOR), z2, repositoryTransaction);
        }
    }

    public synchronized void initialize(boolean z, String str, String str2, String str3, int i, int i2, String str4, int i3, String str5, boolean z2, RepositoryTransaction repositoryTransaction) throws SqoopException {
        byte[] generateRandomByteArray;
        byte[] generateRandomByteArray2;
        this.hmacAlgorithm = str;
        this.cipherAlgorithm = str2;
        this.cipherSpec = str3;
        this.cipherKeySize = i;
        this.ivLength = i2;
        this.pbkdf2Algorithm = str4;
        this.pbkdf2Rounds = i3;
        this.repositoryTransaction = repositoryTransaction;
        this.random = new SecureRandom();
        try {
            this.hmacKeySizeBytes = Mac.getInstance(this.hmacAlgorithm).getMacLength();
            Repository repository = RepositoryManager.getInstance().getRepository();
            if (StringUtils.isEmpty(str5)) {
                throw new SqoopException(SecurityError.ENCRYPTION_0008);
            }
            MMasterKey masterKey = repository.getMasterKey(this.repositoryTransaction);
            String encodeBase64String = (masterKey == null || z2) ? Base64.encodeBase64String(generateRandomByteArray(this.hmacKeySizeBytes)) : masterKey.getSalt();
            byte[] keysFromPassword = getKeysFromPassword(str5, encodeBase64String);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keysFromPassword, 0, this.cipherKeySize, this.cipherAlgorithm);
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(keysFromPassword, this.cipherKeySize, this.hmacKeySizeBytes, this.hmacAlgorithm);
            if (masterKey != null && !z2) {
                this.mMasterKey = masterKey;
                String iv = masterKey.getIv();
                String encryptedSecret = masterKey.getEncryptedSecret();
                if (!validHmac(secretKeySpec2, encryptedSecret, masterKey.getHmac())) {
                    throw new SqoopException(SecurityError.ENCRYPTION_0001);
                }
                byte[] decryptToBytes = decryptToBytes(secretKeySpec, encryptedSecret, iv);
                generateRandomByteArray = new byte[this.cipherKeySize];
                generateRandomByteArray2 = new byte[this.hmacKeySizeBytes];
                System.arraycopy(decryptToBytes, 0, generateRandomByteArray, 0, this.cipherKeySize);
                System.arraycopy(decryptToBytes, this.cipherKeySize, generateRandomByteArray2, 0, this.hmacKeySizeBytes);
            } else {
                if (!z) {
                    throw new SqoopException(SecurityError.ENCRYPTION_0002);
                }
                generateRandomByteArray = generateRandomByteArray(this.cipherKeySize);
                generateRandomByteArray2 = generateRandomByteArray(this.hmacKeySizeBytes);
                String encodeBase64String2 = Base64.encodeBase64String(generateRandomByteArray(this.ivLength));
                String encryptToString = encryptToString(secretKeySpec, ArrayUtils.addAll(generateRandomByteArray, generateRandomByteArray2), encodeBase64String2);
                this.mMasterKey = new MMasterKey(encryptToString, generateHmac(secretKeySpec2, encryptToString), encodeBase64String, encodeBase64String2);
                repository.createMasterKey(this.mMasterKey, this.repositoryTransaction);
            }
            this.masterEncryptionKey = new SecretKeySpec(generateRandomByteArray, 0, this.cipherKeySize, this.cipherAlgorithm);
            this.masterHmacKey = new SecretKeySpec(generateRandomByteArray2, 0, this.hmacKeySizeBytes, this.hmacAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0011, e);
        }
    }

    public synchronized void destroy() {
        this.hmacAlgorithm = null;
        this.hmacKeySizeBytes = 0;
        this.cipherAlgorithm = null;
        this.cipherKeySize = 0;
        this.cipherSpec = null;
        this.pbkdf2Algorithm = null;
        this.pbkdf2Rounds = 0;
        this.ivLength = 0;
        this.repositoryTransaction = null;
        this.mMasterKey = null;
        this.masterEncryptionKey = null;
        this.masterHmacKey = null;
        this.random = null;
    }

    public void deleteMasterKeyFromRepository() {
        RepositoryManager.getInstance().getRepository().deleteMasterKey(this.mMasterKey.getPersistenceId(), this.repositoryTransaction);
    }

    public String encryptWithMasterKey(String str, String str2) throws SqoopException {
        return encryptToString(this.masterEncryptionKey, str, str2);
    }

    public String decryptWithMasterKey(String str, String str2, String str3) throws SqoopException {
        if (validWithMasterHmacKey(str, str3)) {
            return decryptWithMasterKey(str, str2);
        }
        throw new SqoopException(SecurityError.ENCRYPTION_0010);
    }

    public String generateHmacWithMasterHmacKey(String str) throws SqoopException {
        return generateHmac(this.masterHmacKey, str);
    }

    public String generateRandomIv() {
        return Base64.encodeBase64String(generateRandomByteArray(this.ivLength));
    }

    private boolean validWithMasterHmacKey(String str, String str2) throws SqoopException {
        return validHmac(this.masterHmacKey, str, str2);
    }

    private String decryptWithMasterKey(String str, String str2) throws SqoopException {
        return decryptToString(this.masterEncryptionKey, str, str2);
    }

    private byte[] encryptToBytes(SecretKey secretKey, String str, String str2) throws SqoopException {
        return encryptToBytes(secretKey, str.getBytes(Charset.forName("UTF-8")), str2);
    }

    private byte[] encryptToBytes(SecretKey secretKey, byte[] bArr, String str) throws SqoopException {
        try {
            Cipher cipher = Cipher.getInstance(this.cipherSpec);
            cipher.init(1, secretKey, new IvParameterSpec(Base64.decodeBase64(str)));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0004, e);
        }
    }

    private String encryptToString(SecretKey secretKey, byte[] bArr, String str) throws SqoopException {
        return Base64.encodeBase64String(encryptToBytes(secretKey, bArr, str));
    }

    private String encryptToString(SecretKey secretKey, String str, String str2) throws SqoopException {
        return Base64.encodeBase64String(encryptToBytes(secretKey, str, str2));
    }

    private boolean validHmac(SecretKey secretKey, String str, String str2) throws SqoopException {
        try {
            Mac mac = Mac.getInstance(this.hmacAlgorithm);
            mac.init(secretKey);
            return Arrays.equals(mac.doFinal(Base64.decodeBase64(str)), Base64.decodeBase64(str2));
        } catch (GeneralSecurityException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0005, e);
        }
    }

    private String generateHmac(SecretKey secretKey, String str) throws SqoopException {
        try {
            Mac mac = Mac.getInstance(this.hmacAlgorithm);
            mac.init(secretKey);
            return Base64.encodeBase64String(mac.doFinal(Base64.decodeBase64(str)));
        } catch (GeneralSecurityException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0005, e);
        }
    }

    private byte[] decryptToBytes(SecretKey secretKey, String str, String str2) throws SqoopException {
        try {
            Cipher cipher = Cipher.getInstance(this.cipherSpec);
            cipher.init(2, secretKey, new IvParameterSpec(Base64.decodeBase64(str2)));
            return cipher.doFinal(Base64.decodeBase64(str));
        } catch (GeneralSecurityException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0006, e);
        }
    }

    private String decryptToString(SecretKey secretKey, String str, String str2) throws SqoopException {
        return new String(decryptToBytes(secretKey, str, str2), Charset.forName("UTF-8"));
    }

    private String populateStringConfiguration(MapContext mapContext, String str) throws SqoopException {
        String string = mapContext.getString(str);
        if (StringUtils.isEmpty(string)) {
            throw new SqoopException(SecurityError.ENCRYPTION_0009, str);
        }
        return string;
    }

    private int populateIntConfiguration(MapContext mapContext, String str) throws SqoopException {
        int i = mapContext.getInt(str, 0);
        if (i < 1) {
            throw new SqoopException(SecurityError.ENCRYPTION_0009, str);
        }
        return i;
    }

    @SuppressWarnings({"IS2_INCONSISTENT_SYNC"})
    private byte[] generateRandomByteArray(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private byte[] getKeysFromPassword(String str, String str2) throws SqoopException {
        try {
            return SecretKeyFactory.getInstance(this.pbkdf2Algorithm).generateSecret(new PBEKeySpec(str.toCharArray(), Base64.decodeBase64(str2), this.pbkdf2Rounds, (this.cipherKeySize + this.hmacKeySizeBytes) * 8)).getEncoded();
        } catch (GeneralSecurityException e) {
            throw new SqoopException(SecurityError.ENCRYPTION_0003, e);
        }
    }
}
