package org.apache.hadoop.crypto.key;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Arrays;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.kms.dao.DaoManager;

/* loaded from: input_file:org/apache/hadoop/crypto/key/Ranger2JKSUtil.class */
public class Ranger2JKSUtil {
    private static final String DEFAULT_KEYSTORE_TYPE = "jceks";
    private static final String ENCRYPTION_KEY = "ranger.db.encrypt.key.password";
    private static final String KEYSECURE_ENABLED = "ranger.kms.keysecure.enabled";
    private static final String KEYSECURE_USERNAME = "ranger.kms.keysecure.login.username";
    private static final String KEYSECURE_PASSWORD = "ranger.kms.keysecure.login.password";
    private static final String KEYSECURE_PASSWORD_ALIAS = "ranger.kms.keysecure.login.password.alias";
    private static final String KEYSECURE_LOGIN = "ranger.kms.keysecure.login";
    private static final String CREDENTIAL_PATH = "ranger.ks.jpa.jdbc.credential.provider.path";

    public static void showUsage() {
        System.err.println("USAGE: java " + Ranger2JKSUtil.class.getName() + " <KMS_FileName> [KeyStoreType]");
        System.err.println(" If KeyStoreType is not provided, it will be considered as jceks");
        System.err.println(" When execution of this utility, it will prompt for both keystore password and key password.");
    }

    public static void main(String[] strArr) throws IOException {
        if (strArr.length == 0) {
            System.err.println("Invalid number of parameters found.");
            showUsage();
            System.exit(1);
            return;
        }
        String str = strArr[0];
        File file = new File(str);
        if (!file.exists() && !file.createNewFile()) {
            System.err.println("Error creating new keystore file. fileName=" + strArr[0]);
        }
        String str2 = strArr.length == 2 ? strArr[1] : DEFAULT_KEYSTORE_TYPE;
        try {
            KeyStore.getInstance(str2);
        } catch (KeyStoreException e) {
            System.err.println("ERROR: Unable to get valid keystore for the type [" + str2 + "]");
            showUsage();
            System.exit(1);
        }
        new Ranger2JKSUtil().doExportKeysFromJKS(str, str2);
        System.out.println("Keys from Ranger KMS Database has been successfully exported into " + str);
        System.exit(0);
    }

    private void doExportKeysFromJKS(String str, String str2) {
        char[] charArray;
        try {
            try {
                char[] passwordFromConsole = ConsoleUtil.getPasswordFromConsole("Enter Password for the keystore FILE :");
                char[] passwordFromConsole2 = ConsoleUtil.getPasswordFromConsole("Enter Password for the KEY(s) stored in the keystore:");
                Configuration dBKSConf = RangerKeyStoreProvider.getDBKSConf();
                DaoManager daoManager = new RangerKMSDB(dBKSConf).getDaoManager();
                RangerKeyStore rangerKeyStore = new RangerKeyStore(daoManager);
                String str3 = dBKSConf.get("ranger.db.encrypt.key.password");
                if (dBKSConf != null && StringUtils.isNotEmpty(dBKSConf.get(KEYSECURE_ENABLED)) && dBKSConf.get(KEYSECURE_ENABLED).equalsIgnoreCase("true")) {
                    getFromJceks(dBKSConf, CREDENTIAL_PATH, KEYSECURE_PASSWORD_ALIAS, KEYSECURE_PASSWORD);
                    dBKSConf.set(KEYSECURE_LOGIN, dBKSConf.get(KEYSECURE_USERNAME).trim() + ":" + dBKSConf.get(KEYSECURE_PASSWORD));
                    charArray = new RangerSafenetKeySecure(dBKSConf).getMasterKey(str3).toCharArray();
                } else {
                    charArray = new RangerMasterKey(daoManager).getMasterKey(str3).toCharArray();
                }
                FileOutputStream fileOutputStream = null;
                try {
                    fileOutputStream = new FileOutputStream(new File(str));
                    rangerKeyStore.engineLoadToKeyStoreFile(fileOutputStream, passwordFromConsole, passwordFromConsole2, charArray, str2);
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e) {
                            throw new RuntimeException("ERROR:  Unable to close file stream for [" + str + "]", e);
                        }
                    }
                    Arrays.fill(passwordFromConsole, ' ');
                    Arrays.fill(passwordFromConsole2, ' ');
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (Exception e2) {
                            throw new RuntimeException("ERROR:  Unable to close file stream for [" + str + "]", e2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                throw new RuntimeException("Unable to export keys to [" + str + "] due to exception.", th2);
            }
        } catch (Throwable th3) {
            Arrays.fill((char[]) null, ' ');
            Arrays.fill((char[]) null, ' ');
            throw th3;
        }
    }

    private static void getFromJceks(Configuration configuration, String str, String str2, String str3) {
        String decryptedString;
        if (configuration != null) {
            String str4 = configuration.get(str);
            String str5 = configuration.get(str2);
            if (str4 == null || str5 == null || (decryptedString = CredentialReader.getDecryptedString(str4.trim(), str5.trim())) == null || decryptedString.trim().isEmpty() || decryptedString.trim().equalsIgnoreCase("none")) {
                return;
            }
            configuration.set(str3, decryptedString);
        }
    }
}
