package org.apache.sqoop.util.password;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;

/* loaded from: input_file:org/apache/sqoop/util/password/CryptoFileLoader.class */
public class CryptoFileLoader extends FilePasswordLoader {
    private static String PROPERTY_CRYPTO_ALG = "org.apache.sqoop.credentials.loader.crypto.alg";
    private static String PROPERTY_CRYPTO_SALT = "org.apache.sqoop.credentials.loader.crypto.salt";
    private static String PROPERTY_CRYPTO_ITERATIONS = "org.apache.sqoop.credentials.loader.crypto.iterations";
    private static String PROPERTY_CRYPTO_KEY_LEN = "org.apache.sqoop.credentials.loader.crypto.salt.key.len";
    private static String PROPERTY_CRYPTO_PASSPHRASE = "org.apache.sqoop.credentials.loader.crypto.passphrase";
    private static String DEFAULT_ALG = "AES/ECB/PKCS5Padding";
    private static String DEFAULT_SALT = "SALT";
    private static int DEFAULT_ITERATIONS = 10000;
    private static int DEFAULT_KEY_LEN = 128;

    @Override // org.apache.sqoop.util.password.FilePasswordLoader, org.apache.sqoop.util.password.PasswordLoader
    public String loadPassword(String str, Configuration configuration) throws IOException {
        LOG.debug("Fetching password from specified path: " + str);
        Path path = new Path(str);
        FileSystem fileSystem = path.getFileSystem(configuration);
        try {
            verifyPath(fileSystem, path);
            byte[] readBytes = readBytes(fileSystem, path);
            fileSystem.close();
            String str2 = configuration.get(PROPERTY_CRYPTO_PASSPHRASE);
            if (str2 == null) {
                throw new IOException("Passphrase is missing in property " + PROPERTY_CRYPTO_PASSPHRASE);
            }
            String str3 = configuration.get(PROPERTY_CRYPTO_ALG, DEFAULT_ALG);
            String str4 = str3.split("/")[0];
            String str5 = configuration.get(PROPERTY_CRYPTO_SALT, DEFAULT_SALT);
            int i = configuration.getInt(PROPERTY_CRYPTO_ITERATIONS, DEFAULT_ITERATIONS);
            int i2 = configuration.getInt(PROPERTY_CRYPTO_KEY_LEN, DEFAULT_KEY_LEN);
            try {
                try {
                    SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str2.toCharArray(), str5.getBytes(), i, i2)).getEncoded(), str4);
                    try {
                        Cipher cipher = Cipher.getInstance(str3);
                        try {
                            cipher.init(2, secretKeySpec);
                            return new String(cipher.doFinal(readBytes));
                        } catch (Exception e) {
                            throw new IOException("Can't decrypt the password", e);
                        }
                    } catch (Exception e2) {
                        throw new IOException("Can't initialize the decryptor", e2);
                    }
                } catch (Exception e3) {
                    throw new IOException("Can't generate secret key", e3);
                }
            } catch (NoSuchAlgorithmException e4) {
                throw new IOException("Can't load SecretKeyFactory", e4);
            }
        } catch (Throwable th) {
            fileSystem.close();
            throw th;
        }
    }

    @Override // org.apache.sqoop.util.password.PasswordLoader
    public void cleanUpConfiguration(Configuration configuration) {
        configuration.set(PROPERTY_CRYPTO_PASSPHRASE, "REMOVED");
        configuration.set(PROPERTY_CRYPTO_SALT, DEFAULT_SALT);
        configuration.setInt(PROPERTY_CRYPTO_KEY_LEN, DEFAULT_KEY_LEN);
        configuration.setInt(PROPERTY_CRYPTO_ITERATIONS, DEFAULT_ITERATIONS);
    }
}
