package org.apache.hadoop.crypto.key;

import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.models.KeyAttributes;
import com.microsoft.azure.keyvault.models.KeyOperationResult;
import com.microsoft.azure.keyvault.models.custom.KeyBundle;
import com.microsoft.azure.keyvault.requests.CreateKeyRequest;
import com.microsoft.azure.keyvault.webkey.JsonWebKeyEncryptionAlgorithm;
import com.microsoft.azure.keyvault.webkey.JsonWebKeyType;
import com.microsoft.rest.ServiceCallback;
import java.security.Key;
import org.apache.hadoop.conf.Configuration;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyVaultKeyGenerator.class */
public class RangerKeyVaultKeyGenerator implements RangerKMSMKI {
    static final Logger logger = Logger.getLogger(RangerKeyVaultKeyGenerator.class);
    private static final String AZURE_KEYVAULT_URL = "ranger.kms.azurekeyvault.url";
    private static final String AZURE_MASTER_KEY_ALIAS = "ranger.kms.azure.masterkey.name";
    private static final String AZURE_MASTER_KEY_TYPE = "ranger.kms.azure.masterkey.type";
    private static final String ZONE_KEY_ENCRYPTION_ALGO = "ranger.kms.azure.zonekey.encryption.algorithm";
    private String keyVaultURL;
    private String azureMasterKey;
    private String azureMasterKeyType;
    private String zoneKeyEncryptionAlgo;
    private KeyVaultClient keyVaultClient;
    private KeyBundle masterKeyBundle;

    public RangerKeyVaultKeyGenerator(Configuration configuration, KeyVaultClient keyVaultClient) {
        this.keyVaultURL = configuration.get(AZURE_KEYVAULT_URL);
        this.azureMasterKey = configuration.get(AZURE_MASTER_KEY_ALIAS);
        this.azureMasterKeyType = configuration.get(AZURE_MASTER_KEY_TYPE);
        this.zoneKeyEncryptionAlgo = configuration.get(ZONE_KEY_ENCRYPTION_ALGO);
        this.keyVaultClient = keyVaultClient;
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) throws Exception {
        JsonWebKeyType jsonWebKeyType;
        if (this.keyVaultClient == null) {
            throw new Exception("Key Vault Client is null. Please check the azure related configuration.");
        }
        try {
            this.masterKeyBundle = this.keyVaultClient.getKey(this.keyVaultURL, this.azureMasterKey);
            if (this.masterKeyBundle != null) {
                logger.info("Azure Master key exist with name :" + this.azureMasterKey + " with key identifier " + this.masterKeyBundle.key().kid());
                return true;
            }
            try {
                String str2 = this.azureMasterKeyType;
                boolean z = -1;
                switch (str2.hashCode()) {
                    case -2094959101:
                        if (str2.equals("RSA_HSM")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2206:
                        if (str2.equals("EC")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 78080:
                        if (str2.equals("OCT")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 81440:
                        if (str2.equals("RSA")) {
                            z = false;
                            break;
                        }
                        break;
                    case 2040189313:
                        if (str2.equals("EC_HSM")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        jsonWebKeyType = JsonWebKeyType.RSA;
                        break;
                    case true:
                        jsonWebKeyType = JsonWebKeyType.RSA_HSM;
                        break;
                    case true:
                        jsonWebKeyType = JsonWebKeyType.EC;
                        break;
                    case RangerKMSDB.DB_FLAVOR_POSTGRES /* 3 */:
                        jsonWebKeyType = JsonWebKeyType.EC_HSM;
                        break;
                    case RangerKMSDB.DB_FLAVOR_SQLSERVER /* 4 */:
                        jsonWebKeyType = JsonWebKeyType.OCT;
                        break;
                    default:
                        jsonWebKeyType = JsonWebKeyType.RSA;
                        break;
                }
                this.masterKeyBundle = (KeyBundle) this.keyVaultClient.createKeyAsync(new CreateKeyRequest.Builder(this.keyVaultURL, this.azureMasterKey, jsonWebKeyType).withAttributes(new KeyAttributes().withEnabled(true).withNotBefore(new DateTime())).build(), (ServiceCallback) null).get();
                return true;
            } catch (Exception e) {
                throw new Exception("Error while creating master key  : " + e.getMessage());
            }
        } catch (Exception e2) {
            throw new Exception("Error while getting existing master key from Azure.  Master Key Name : " + this.azureMasterKey + " . Key Vault URL : " + this.keyVaultURL + " . Error : " + e2.getMessage());
        }
    }

    public byte[] encryptZoneKey(Key key) throws Exception {
        JsonWebKeyEncryptionAlgorithm zoneKeyEncryptionAlgo = getZoneKeyEncryptionAlgo();
        if (this.masterKeyBundle == null) {
            this.masterKeyBundle = this.keyVaultClient.getKey(this.keyVaultURL, this.azureMasterKey);
        }
        try {
            return ((KeyOperationResult) this.keyVaultClient.encryptAsync(this.masterKeyBundle.key().kid(), zoneKeyEncryptionAlgo, key.getEncoded(), (ServiceCallback) null).get()).result();
        } catch (Exception e) {
            throw new Exception("Error while encrypting zone key." + e);
        }
    }

    public byte[] dencryptZoneKey(byte[] bArr) throws Exception {
        JsonWebKeyEncryptionAlgorithm zoneKeyEncryptionAlgo = getZoneKeyEncryptionAlgo();
        if (this.masterKeyBundle == null) {
            this.masterKeyBundle = this.keyVaultClient.getKey(this.keyVaultURL, this.azureMasterKey);
        }
        try {
            return ((KeyOperationResult) this.keyVaultClient.decryptAsync(this.masterKeyBundle.key().kid(), zoneKeyEncryptionAlgo, bArr, (ServiceCallback) null).get()).result();
        } catch (Exception e) {
            throw new Exception("Error while decrypting zone key." + e);
        }
    }

    private JsonWebKeyEncryptionAlgorithm getZoneKeyEncryptionAlgo() {
        JsonWebKeyEncryptionAlgorithm jsonWebKeyEncryptionAlgorithm;
        String str = this.zoneKeyEncryptionAlgo;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1868738169:
                if (str.equals("RSA1_5")) {
                    z = 2;
                    break;
                }
                break;
            case -1067751344:
                if (str.equals("RSA_OAEP_256")) {
                    z = true;
                    break;
                }
                break;
            case -519031620:
                if (str.equals("RSA_OAEP")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                jsonWebKeyEncryptionAlgorithm = JsonWebKeyEncryptionAlgorithm.RSA_OAEP;
                break;
            case true:
                jsonWebKeyEncryptionAlgorithm = JsonWebKeyEncryptionAlgorithm.RSA_OAEP_256;
                break;
            case true:
                jsonWebKeyEncryptionAlgorithm = JsonWebKeyEncryptionAlgorithm.RSA1_5;
                break;
            default:
                jsonWebKeyEncryptionAlgorithm = JsonWebKeyEncryptionAlgorithm.RSA_OAEP;
                break;
        }
        return jsonWebKeyEncryptionAlgorithm;
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) {
        return null;
    }
}
