package org.apache.accumulo.core.security.crypto;

import java.io.DataOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.client.impl.Namespaces;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.util.CachedConfiguration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy.class */
public class CachingHDFSSecretKeyEncryptionStrategy implements SecretKeyEncryptionStrategy {
    private static final Logger log = LoggerFactory.getLogger(CachingHDFSSecretKeyEncryptionStrategy.class);
    private SecretKeyCache secretKeyCache = new SecretKeyCache();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/accumulo/core/security/crypto/CachingHDFSSecretKeyEncryptionStrategy$SecretKeyCache.class */
    public static class SecretKeyCache {
        private boolean initialized = false;
        private byte[] keyEncryptionKey;
        private String pathToKeyName;

        public synchronized void ensureSecretKeyCacheInitialized(CryptoModuleParameters cryptoModuleParameters) throws IOException {
            if (this.initialized) {
                return;
            }
            this.pathToKeyName = getFullPathToKey(cryptoModuleParameters);
            if (this.pathToKeyName == null || this.pathToKeyName.equals(Namespaces.DEFAULT_NAMESPACE)) {
                this.pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue();
            }
            Path path = new Path(this.pathToKeyName);
            FileSystem fileSystem = FileSystem.get(CachedConfiguration.getInstance());
            try {
                if (!fileSystem.exists(path)) {
                    initializeKeyEncryptionKey(fileSystem, path, cryptoModuleParameters);
                }
                FSDataInputStream open = fileSystem.open(path);
                try {
                    this.keyEncryptionKey = new byte[open.readInt()];
                    open.readFully(this.keyEncryptionKey);
                    this.initialized = true;
                    if (open != null) {
                        open.close();
                    }
                } finally {
                }
            } catch (IOException e) {
                CachingHDFSSecretKeyEncryptionStrategy.log.error("Could not initialize key encryption cache", e);
            }
        }

        private void initializeKeyEncryptionKey(FileSystem fileSystem, Path path, CryptoModuleParameters cryptoModuleParameters) throws IOException {
            DataOutputStream dataOutputStream = null;
            try {
                dataOutputStream = fileSystem.create(path);
                fileSystem.setReplication(path, (short) 5);
                SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom(cryptoModuleParameters.getRandomNumberGenerator(), cryptoModuleParameters.getRandomNumberGeneratorProvider());
                byte[] bArr = new byte[cryptoModuleParameters.getKeyLength() / 8];
                secureRandom.nextBytes(bArr);
                dataOutputStream.writeInt(bArr.length);
                dataOutputStream.write(bArr);
                dataOutputStream.flush();
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
            } catch (Throwable th) {
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
                throw th;
            }
        }

        private String getFullPathToKey(CryptoModuleParameters cryptoModuleParameters) {
            String str = cryptoModuleParameters.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey());
            String str2 = cryptoModuleParameters.getAllOptions().get(Property.INSTANCE_DFS_DIR.getKey());
            if (str == null) {
                str = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue();
            }
            if (str2 == null) {
                str2 = Property.INSTANCE_DFS_DIR.getDefaultValue();
            }
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
            return str2 + str;
        }

        public byte[] getKeyEncryptionKey() {
            return this.keyEncryptionKey;
        }

        public String getPathToKeyName() {
            return this.pathToKeyName;
        }
    }

    @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategy
    public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters cryptoModuleParameters) {
        try {
            this.secretKeyCache.ensureSecretKeyCacheInitialized(cryptoModuleParameters);
            doKeyEncryptionOperation(3, cryptoModuleParameters);
            return cryptoModuleParameters;
        } catch (IOException e) {
            log.error("{}", e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.accumulo.core.security.crypto.SecretKeyEncryptionStrategy
    public CryptoModuleParameters decryptSecretKey(CryptoModuleParameters cryptoModuleParameters) {
        try {
            this.secretKeyCache.ensureSecretKeyCacheInitialized(cryptoModuleParameters);
            doKeyEncryptionOperation(4, cryptoModuleParameters);
            return cryptoModuleParameters;
        } catch (IOException e) {
            log.error("{}", e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    private void doKeyEncryptionOperation(int i, CryptoModuleParameters cryptoModuleParameters) throws IOException {
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(cryptoModuleParameters.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey()));
        try {
            cipher.init(i, new SecretKeySpec(this.secretKeyCache.getKeyEncryptionKey(), cryptoModuleParameters.getAlgorithmName()));
            if (4 == i) {
                try {
                    cryptoModuleParameters.setPlaintextKey(cipher.unwrap(cryptoModuleParameters.getEncryptedKey(), cryptoModuleParameters.getAlgorithmName(), 3).getEncoded());
                    return;
                } catch (InvalidKeyException e) {
                    log.error("{}", e.getMessage(), e);
                    throw new RuntimeException(e);
                } catch (NoSuchAlgorithmException e2) {
                    log.error("{}", e2.getMessage(), e2);
                    throw new RuntimeException(e2);
                }
            }
            try {
                cryptoModuleParameters.setEncryptedKey(cipher.wrap(new SecretKeySpec(cryptoModuleParameters.getPlaintextKey(), cryptoModuleParameters.getAlgorithmName())));
                cryptoModuleParameters.setOpaqueKeyEncryptionKeyID(this.secretKeyCache.getPathToKeyName());
            } catch (InvalidKeyException e3) {
                log.error("{}", e3.getMessage(), e3);
                throw new RuntimeException(e3);
            } catch (IllegalBlockSizeException e4) {
                log.error("{}", e4.getMessage(), e4);
                throw new RuntimeException(e4);
            }
        } catch (InvalidKeyException e5) {
            log.error("{}", e5.getMessage(), e5);
            throw new RuntimeException(e5);
        }
    }
}
