package org.apache.hadoop.crypto.key;

import com.microsoft.azure.keyvault.KeyVaultClient;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Arrays;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.kms.dao.DaoManager;

/* loaded from: input_file:org/apache/hadoop/crypto/key/JKS2RangerUtil.class */
public class JKS2RangerUtil {
    private static final String AZURE_KEYVAULT_ENABLED = "ranger.kms.azurekeyvault.enabled";
    private static final String AZURE_KEYVAULT_SSL_ENABLED = "ranger.kms.azure.keyvault.ssl.enabled";
    private static final String AZURE_CLIENT_ID = "ranger.kms.azure.client.id";
    private static final String AZURE_CLIENT_SECRET = "ranger.kms.azure.client.secret";
    private static final String AZURE_KEYVAULT_CERTIFICATE_PATH = "ranger.kms.azure.keyvault.certificate.path";
    private static final String AZURE_KEYVAULT_CERTIFICATE_PASSWORD = "ranger.kms.azure.keyvault.certificate.password";
    private static final String AZURE_CLIENT_SECRET_ALIAS = "ranger.kms.azure.client.secret.alias";
    private static final String CREDENTIAL_PATH = "ranger.ks.jpa.jdbc.credential.provider.path";
    private static final String DEFAULT_KEYSTORE_TYPE = "jceks";
    private static final String ENCRYPTION_KEY = "ranger.db.encrypt.key.password";
    private static final String KEYSECURE_ENABLED = "ranger.kms.keysecure.enabled";
    private static final String KEYSECURE_USERNAME = "ranger.kms.keysecure.login.username";
    private static final String KEYSECURE_PASSWORD = "ranger.kms.keysecure.login.password";
    private static final String KEYSECURE_PASSWORD_ALIAS = "ranger.kms.keysecure.login.password.alias";
    private static final String KEYSECURE_LOGIN = "ranger.kms.keysecure.login";

    public static void showUsage() {
        System.err.println("USAGE: java " + JKS2RangerUtil.class.getName() + " <KMS_FileName> [KeyStoreType]");
        System.err.println(" If KeyStoreType is not provided, it will be considered as jceks");
        System.err.println(" When execution of this utility, it will prompt for both keystore password and key password.");
    }

    public static void main(String[] strArr) {
        if (strArr.length == 0) {
            System.err.println("Invalid number of parameters found.");
            showUsage();
            System.exit(1);
            return;
        }
        String str = strArr[0];
        File file = new File(str);
        if (!file.exists()) {
            System.err.println("File: [" + file.getAbsolutePath() + "] does not exists.");
            showUsage();
            System.exit(1);
        }
        String str2 = strArr.length == 2 ? strArr[1] : DEFAULT_KEYSTORE_TYPE;
        try {
            KeyStore.getInstance(str2);
        } catch (KeyStoreException e) {
            System.err.println("ERROR: Unable to get valid keystore for the type [" + str2 + "]");
            showUsage();
            System.exit(1);
        }
        new JKS2RangerUtil().doImportKeysFromJKS(str, str2);
        System.out.println("Keys from " + str + " has been successfully imported into RangerDB.");
        System.exit(0);
    }

    private static void getFromJceks(Configuration configuration, String str, String str2, String str3) {
        String decryptedString;
        if (configuration != null) {
            String str4 = configuration.get(str);
            String str5 = configuration.get(str2);
            if (str4 == null || str5 == null || (decryptedString = CredentialReader.getDecryptedString(str4.trim(), str5.trim())) == null || decryptedString.trim().isEmpty() || decryptedString.trim().equalsIgnoreCase("none")) {
                return;
            }
            configuration.set(str3, decryptedString);
        }
    }

    private void doImportKeysFromJKS(String str, String str2) {
        KeyVaultClient authentication;
        try {
            try {
                char[] passwordFromConsole = ConsoleUtil.getPasswordFromConsole("Enter Password for the keystore FILE :");
                char[] passwordFromConsole2 = ConsoleUtil.getPasswordFromConsole("Enter Password for the KEY(s) stored in the keystore:");
                Configuration dBKSConf = RangerKeyStoreProvider.getDBKSConf();
                DaoManager daoManager = new RangerKMSDB(dBKSConf).getDaoManager();
                RangerKeyStore rangerKeyStore = new RangerKeyStore(daoManager);
                char[] cArr = null;
                String str3 = dBKSConf.get("ranger.db.encrypt.key.password");
                FileInputStream fileInputStream = null;
                if (dBKSConf != null && StringUtils.isNotEmpty(dBKSConf.get(KEYSECURE_ENABLED)) && dBKSConf.get(KEYSECURE_ENABLED).equalsIgnoreCase("true")) {
                    getFromJceks(dBKSConf, CREDENTIAL_PATH, KEYSECURE_PASSWORD_ALIAS, KEYSECURE_PASSWORD);
                    dBKSConf.set(KEYSECURE_LOGIN, dBKSConf.get(KEYSECURE_USERNAME).trim() + ":" + dBKSConf.get(KEYSECURE_PASSWORD));
                    RangerSafenetKeySecure rangerSafenetKeySecure = new RangerSafenetKeySecure(dBKSConf);
                    rangerSafenetKeySecure.generateMasterKey(str3);
                    cArr = rangerSafenetKeySecure.getMasterKey(str3).toCharArray();
                } else if (dBKSConf != null && StringUtils.isNotEmpty(dBKSConf.get(AZURE_KEYVAULT_ENABLED)) && dBKSConf.get(AZURE_KEYVAULT_ENABLED).equalsIgnoreCase("true")) {
                    getFromJceks(dBKSConf, CREDENTIAL_PATH, AZURE_CLIENT_SECRET_ALIAS, AZURE_CLIENT_SECRET);
                    String str4 = dBKSConf.get(AZURE_CLIENT_ID);
                    if (StringUtils.isEmpty(str4)) {
                        throw new Exception("Azure Key Vault is enabled and client id is not configured");
                    }
                    String str5 = dBKSConf.get(AZURE_CLIENT_SECRET);
                    if (dBKSConf != null && StringUtils.isNotEmpty(dBKSConf.get(AZURE_KEYVAULT_SSL_ENABLED)) && dBKSConf.get(AZURE_KEYVAULT_SSL_ENABLED).equalsIgnoreCase("false")) {
                        try {
                            authentication = new KeyVaultClient(new AzureKeyVaultClientAuthenticator(str4, str5));
                        } catch (Exception e) {
                            throw new Exception("Error while getting key vault client object with client id and client secret : " + e);
                        }
                    } else {
                        try {
                            AzureKeyVaultClientAuthenticator azureKeyVaultClientAuthenticator = new AzureKeyVaultClientAuthenticator(str4);
                            String str6 = dBKSConf.get(AZURE_KEYVAULT_CERTIFICATE_PATH);
                            if (StringUtils.isEmpty(str6)) {
                                throw new Exception("Azure Key Vault is enabled. Please provide client secret or certificate path for authentication.");
                            }
                            String str7 = dBKSConf.get(AZURE_KEYVAULT_CERTIFICATE_PASSWORD);
                            authentication = !StringUtils.isEmpty(str7) ? azureKeyVaultClientAuthenticator.getAuthentication(str6, str7) : azureKeyVaultClientAuthenticator.getAuthentication(str6, "");
                        } catch (Exception e2) {
                            throw new Exception("Error while getting key vault client object with client id and certificate. Error :  : " + e2);
                        }
                    }
                    boolean z = false;
                    if (authentication != null) {
                        try {
                            rangerKeyStore = new RangerKeyStore(daoManager, dBKSConf, authentication);
                            RangerKeyVaultKeyGenerator rangerKeyVaultKeyGenerator = new RangerKeyVaultKeyGenerator(dBKSConf, authentication);
                            if (rangerKeyVaultKeyGenerator != null) {
                                z = rangerKeyVaultKeyGenerator.generateMasterKey(str3);
                            }
                        } catch (Exception e3) {
                            throw new Exception("Error while generating master key and master key secret in Azure key vault. Error :  : " + e3);
                        }
                    }
                    if (z) {
                        cArr = null;
                    }
                } else {
                    RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
                    rangerMasterKey.generateMasterKey(str3);
                    cArr = rangerMasterKey.getMasterKey(str3).toCharArray();
                }
                try {
                    fileInputStream = new FileInputStream(new File(str));
                    rangerKeyStore.engineLoadKeyStoreFile(fileInputStream, passwordFromConsole, passwordFromConsole2, cArr, str2);
                    rangerKeyStore.engineStore(null, cArr);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e4) {
                            throw new RuntimeException("ERROR:  Unable to close file stream for [" + str + "]", e4);
                        }
                    }
                    Arrays.fill(passwordFromConsole, ' ');
                    Arrays.fill(passwordFromConsole2, ' ');
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (Exception e5) {
                            throw new RuntimeException("ERROR:  Unable to close file stream for [" + str + "]", e5);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                throw new RuntimeException("Unable to import keys from [" + str + "] due to exception.", th2);
            }
        } catch (Throwable th3) {
            Arrays.fill((char[]) null, ' ');
            Arrays.fill((char[]) null, ' ');
            throw th3;
        }
    }
}
