package org.apache.hadoop.crypto.key;

import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerHSM.class */
public class RangerHSM implements RangerKMSMKI {
    static final Logger logger = Logger.getLogger(RangerHSM.class);
    private String passwd;
    private String alias;
    private String partitionName;
    private KeyStore myStore;
    private String hsm_keystore;
    private static final String MK_CIPHER = "AES";
    private static final int MK_KeySize = 128;
    private static final String PARTITION_PASSWORD = "ranger.ks.hsm.partition.password";
    private static final String PARTITION_NAME = "ranger.ks.hsm.partition.name";
    private static final String HSM_TYPE = "ranger.ks.hsm.type";

    public RangerHSM() {
        this.passwd = null;
        this.alias = "RangerKMSKey";
        this.partitionName = null;
        this.myStore = null;
        this.hsm_keystore = null;
    }

    public RangerHSM(Configuration configuration) {
        this.passwd = null;
        this.alias = "RangerKMSKey";
        this.partitionName = null;
        this.myStore = null;
        this.hsm_keystore = null;
        logger.info("RangerHSM provider");
        this.passwd = configuration.get(PARTITION_PASSWORD);
        this.partitionName = configuration.get(PARTITION_NAME);
        this.hsm_keystore = configuration.get(HSM_TYPE);
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(("tokenlabel:" + this.partitionName).getBytes());
            logger.debug("Loading HSM tokenlabel : " + this.partitionName);
            this.myStore = KeyStore.getInstance("Luna");
            this.myStore.load(byteArrayInputStream, this.passwd.toCharArray());
            if (this.myStore == null) {
                logger.error("Luna not found. Please verify the Ranger KMS HSM configuration setup.");
            }
        } catch (IOException e) {
            logger.error("Unexpected IOException while loading keystore : " + e.getMessage());
        } catch (KeyStoreException e2) {
            logger.error("Unable to create keystore object : " + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            logger.error("Unexpected NoSuchAlgorithmException while loading keystore : " + e3.getMessage());
        } catch (CertificateException e4) {
            logger.error("Unexpected CertificateException while loading keystore : " + e4.getMessage());
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerHSM.generateMasterKey()");
        }
        if (this.myStore == null || this.myStore.size() >= 1) {
            return false;
        }
        try {
            logger.info("Generating AES Master Key for HSM Provider");
            KeyGenerator keyGenerator = KeyGenerator.getInstance(MK_CIPHER, this.hsm_keystore);
            keyGenerator.init(MK_KeySize);
            this.myStore.setKeyEntry(this.alias, keyGenerator.generateKey(), str.toCharArray(), (Certificate[]) null);
            return true;
        } catch (Exception e) {
            logger.error("generateMasterKey : Exception during Ranger Master Key Generation - " + e.getMessage());
            return false;
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) throws Throwable {
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerHSM.getMasterKey()");
        }
        if (this.myStore == null) {
            return null;
        }
        try {
            if (logger.isDebugEnabled()) {
                logger.debug("Searching for Ranger Master Key in Luna Keystore");
            }
            if (!this.myStore.containsAlias(this.alias)) {
                return null;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Ranger Master Key is present in Keystore");
            }
            return Base64.encode(((SecretKey) this.myStore.getKey(this.alias, str.toCharArray())).getEncoded());
        } catch (Exception e) {
            logger.error("getMasterKey : Exception searching for Ranger Master Key - " + e.getMessage());
            return null;
        }
    }

    public boolean setMasterKey(String str, byte[] bArr) {
        if (this.myStore == null) {
            return false;
        }
        try {
            this.myStore.setKeyEntry(this.alias, new SecretKeySpec(bArr, MK_CIPHER), str.toCharArray(), (Certificate[]) null);
            return true;
        } catch (KeyStoreException e) {
            logger.error("setMasterKey : Exception while setting Master Key - " + e.getMessage());
            return false;
        }
    }
}
