package org.apache.hadoop.crypto.key;

import com.sun.org.apache.xml.internal.security.utils.Base64;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.kms.dao.DaoManager;

/* loaded from: input_file:org/apache/hadoop/crypto/key/KeySecureToRangerDBMKUtil.class */
public class KeySecureToRangerDBMKUtil {
    private static final String ENCRYPTION_KEY = "ranger.db.encrypt.key.password";
    private static final String KEYSECURE_USERNAME = "ranger.kms.keysecure.login.username";
    private static final String KEYSECURE_PASSWORD = "ranger.kms.keysecure.login.password";
    private static final String KEYSECURE_PASSWORD_ALIAS = "ranger.kms.keysecure.login.password.alias";
    private static final String KEYSECURE_LOGIN = "ranger.kms.keysecure.login";
    private static final String CREDENTIAL_PATH = "ranger.ks.jpa.jdbc.credential.provider.path";

    public static void showUsage() {
        System.err.println("USAGE: java " + KeySecureToRangerDBMKUtil.class.getName() + " <KMS master key password>");
    }

    public static void main(String[] strArr) {
        if (strArr.length != 1) {
            System.err.println("Invalid number of parameters found.");
            showUsage();
            System.exit(1);
            return;
        }
        String str = strArr[0];
        if (str == null || str.trim().isEmpty()) {
            System.err.println("KMS master key password not provided");
            showUsage();
            System.exit(1);
        }
        new KeySecureToRangerDBMKUtil().doImportMKFromKeySecure(str);
        System.out.println("Master Key from Key Secure has been successfully imported into Ranger KMS DB.");
    }

    private void doImportMKFromKeySecure(String str) {
        try {
            Configuration dBKSConf = RangerKeyStoreProvider.getDBKSConf();
            dBKSConf.set("ranger.db.encrypt.key.password", str);
            getFromJceks(dBKSConf, CREDENTIAL_PATH, KEYSECURE_PASSWORD_ALIAS, KEYSECURE_PASSWORD);
            dBKSConf.set(KEYSECURE_LOGIN, dBKSConf.get(KEYSECURE_USERNAME).trim() + ":" + dBKSConf.get(KEYSECURE_PASSWORD));
            DaoManager daoManager = new RangerKMSDB(dBKSConf).getDaoManager();
            String str2 = dBKSConf.get("ranger.db.encrypt.key.password");
            new RangerMasterKey(daoManager).generateMKFromKeySecureMK(str2, Base64.decode(new RangerSafenetKeySecure(dBKSConf).getMasterKey(str2)));
        } catch (Throwable th) {
            throw new RuntimeException("Unable to migrate Master key from KeySecure to Ranger DB", th);
        }
    }

    private static void getFromJceks(Configuration configuration, String str, String str2, String str3) {
        String decryptedString;
        if (configuration != null) {
            String str4 = configuration.get(str);
            String str5 = configuration.get(str2);
            if (str4 == null || str5 == null || (decryptedString = CredentialReader.getDecryptedString(str4.trim(), str5.trim())) == null || decryptedString.trim().isEmpty() || decryptedString.trim().equalsIgnoreCase("none")) {
                return;
            }
            configuration.set(str3, decryptedString);
        }
    }
}
