package org.apache.hadoop.crypto.key;

import com.microsoft.azure.keyvault.KeyVaultClient;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.DigestInputStream;
import java.security.DigestOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SealedObject;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.JavaKeyStoreProvider;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.RangerKeyStoreProvider;
import org.apache.ranger.entity.XXRangerKeyStore;
import org.apache.ranger.kms.dao.DaoManager;
import org.apache.ranger.kms.dao.RangerKMSDao;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.type.TypeReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore.class */
public class RangerKeyStore extends KeyStoreSpi {
    private static final String KEY_METADATA = "KeyMetadata";
    private static final String AZURE_KEYVAULT_ENABLED = "ranger.kms.azurekeyvault.enabled";
    private static final String METADATA_FIELDNAME = "metadata";
    private static final int NUMBER_OF_BITS_PER_BYTE = 8;
    private static final String SECRET_KEY_HASH_WORD = "Apache Ranger";
    private final RangerKMSDao kmsDao;
    private final RangerKMSMKI masterKeyProvider;
    private final boolean keyVaultEnabled;
    private volatile Map<String, Object> keyEntries;
    private final Map<String, Object> deltaEntries;
    private static final Logger logger = LoggerFactory.getLogger(RangerKeyStore.class);
    private static final String KEY_NAME_VALIDATION = "[a-z,A-Z,0-9](?!.*--)(?!.*__)(?!.*-_)(?!.*_-)[\\w\\-\\_]*";
    private static final Pattern pattern = Pattern.compile(KEY_NAME_VALIDATION);

    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore$KeyByteMetadata.class */
    public static class KeyByteMetadata implements Key, Serializable {
        private KeyProvider.Metadata metadata;
        private byte[] keyByte;
        private static final long serialVersionUID = 8405872419967874451L;

        private KeyByteMetadata(KeyProvider.Metadata metadata, byte[] bArr) {
            this.metadata = metadata;
            this.keyByte = bArr;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return this.metadata.getCipher();
        }

        @Override // java.security.Key
        public String getFormat() {
            return RangerKeyStore.KEY_METADATA;
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return this.keyByte;
        }

        private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
            byte[] serialize = this.metadata.serialize();
            objectOutputStream.writeInt(serialize.length);
            objectOutputStream.write(serialize);
            objectOutputStream.writeInt(this.keyByte.length);
            objectOutputStream.write(this.keyByte);
        }

        private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            byte[] bArr = new byte[objectInputStream.readInt()];
            objectInputStream.readFully(bArr);
            byte[] bArr2 = new byte[objectInputStream.readInt()];
            objectInputStream.readFully(bArr2);
            this.metadata = new KeyProvider.Metadata(bArr);
            this.keyByte = bArr2;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore$KeyEntry.class */
    private static class KeyEntry {
        Date date = new Date();

        private KeyEntry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore$RangerSealedObject.class */
    public static class RangerSealedObject extends SealedObject {
        private static final long serialVersionUID = -7551578543434362070L;

        protected RangerSealedObject(SealedObject sealedObject) {
            super(sealedObject);
        }

        protected RangerSealedObject(Serializable serializable, Cipher cipher) throws IllegalBlockSizeException, IOException {
            super(serializable, cipher);
        }

        public AlgorithmParameters getParameters() throws NoSuchAlgorithmException, IOException {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBEWithMD5AndTripleDES");
            algorithmParameters.init(((SealedObject) this).encodedParams);
            return algorithmParameters;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore$SecretKeyByteEntry.class */
    public static final class SecretKeyByteEntry {
        final Date date;
        final byte[] key;
        final String cipher_field;
        final int bit_length;
        final String description;
        final String attributes;
        final int version;

        SecretKeyByteEntry(byte[] bArr, String str, int i, String str2, int i2, String str3) {
            this(new Date(), bArr, str, i, str2, i2, str3);
        }

        SecretKeyByteEntry(Date date, byte[] bArr, String str, int i, String str2, int i2, String str3) {
            this.date = date;
            this.key = bArr;
            this.cipher_field = str;
            this.bit_length = i;
            this.description = str2;
            this.version = i2;
            this.attributes = str3;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStore$SecretKeyEntry.class */
    public static final class SecretKeyEntry {
        final Date date;
        final SealedObject sealedKey;
        final String cipher_field;
        final int bit_length;
        final String description;
        final String attributes;
        final int version;

        SecretKeyEntry(SealedObject sealedObject, String str, int i, String str2, int i2, String str3) {
            this(new Date(), sealedObject, str, i, str2, i2, str3);
        }

        SecretKeyEntry(Date date, SealedObject sealedObject, String str, int i, String str2, int i2, String str3) {
            this.date = date;
            this.sealedKey = sealedObject;
            this.cipher_field = str;
            this.bit_length = i;
            this.description = str2;
            this.version = i2;
            this.attributes = str3;
        }
    }

    public RangerKeyStore(DaoManager daoManager) {
        this(daoManager, false, (RangerKMSMKI) null);
    }

    public RangerKeyStore(DaoManager daoManager, Configuration configuration, KeyVaultClient keyVaultClient) {
        this.keyEntries = new ConcurrentHashMap();
        this.deltaEntries = new ConcurrentHashMap();
        this.kmsDao = daoManager != null ? daoManager.getRangerKMSDao() : null;
        this.masterKeyProvider = new RangerAzureKeyVaultKeyGenerator(configuration, keyVaultClient);
        this.keyVaultEnabled = configuration != null && StringUtils.equalsIgnoreCase(configuration.get(AZURE_KEYVAULT_ENABLED), "true");
    }

    public RangerKeyStore(DaoManager daoManager, boolean z, RangerKMSMKI rangerKMSMKI) {
        this.keyEntries = new ConcurrentHashMap();
        this.deltaEntries = new ConcurrentHashMap();
        this.kmsDao = daoManager != null ? daoManager.getRangerKMSDao() : null;
        this.masterKeyProvider = rangerKMSMKI;
        this.keyVaultEnabled = z;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineGetKey({})", str);
        }
        String convertAlias = convertAlias(str);
        Object obj = this.keyEntries.get(convertAlias);
        Key key = null;
        if (obj instanceof SecretKeyEntry) {
            try {
                key = unsealKey(((SecretKeyEntry) obj).sealedKey, cArr);
            } catch (Exception e) {
                logger.error("engineGetKey({}) error", convertAlias, e);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineGetKey({}): ret={}", convertAlias, key);
        }
        return key;
    }

    public byte[] engineGetDecryptedZoneKeyByte(String str) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineGetDecryptedZoneKeyByte({})", str);
        }
        String convertAlias = convertAlias(str);
        Object obj = this.keyEntries.get(convertAlias);
        byte[] bArr = null;
        try {
            if (obj instanceof SecretKeyByteEntry) {
                bArr = this.masterKeyProvider.decryptZoneKey(((SecretKeyByteEntry) obj).key);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("<== engineGetDecryptedZoneKeyByte({}): ret={}", convertAlias, bArr);
            }
            return bArr;
        } catch (Exception e) {
            throw new Exception("Error while decrypting zone key. Name : " + convertAlias + " Error : " + e);
        }
    }

    public Key engineGetDecryptedZoneKey(String str) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineGetDecryptedZoneKey({})", str);
        }
        KeyByteMetadata keyByteMetadata = new KeyByteMetadata(engineGetKeyMetadata(str), engineGetDecryptedZoneKeyByte(str));
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineGetDecryptedZoneKey({}): ret={}", str, keyByteMetadata);
        }
        return keyByteMetadata;
    }

    public KeyProvider.Metadata engineGetKeyMetadata(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineGetKeyMetadata({})", str);
        }
        String convertAlias = convertAlias(str);
        Object obj = this.keyEntries.get(convertAlias);
        KeyProvider.Metadata metadata = null;
        if (obj instanceof SecretKeyByteEntry) {
            SecretKeyByteEntry secretKeyByteEntry = (SecretKeyByteEntry) obj;
            Map map = null;
            try {
                map = (Map) new ObjectMapper().readValue(secretKeyByteEntry.attributes, new TypeReference<Map<String, String>>() { // from class: org.apache.hadoop.crypto.key.RangerKeyStore.1
                });
            } catch (IOException e) {
                logger.error("engineGetKeyMetadata({}): invalid attribute string data", convertAlias, e);
            }
            metadata = new KeyProvider.Metadata(secretKeyByteEntry.cipher_field, secretKeyByteEntry.bit_length, secretKeyByteEntry.description, map, secretKeyByteEntry.date, secretKeyByteEntry.version);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineGetKeyMetadata({}): ret={}", convertAlias, metadata);
        }
        return metadata;
    }

    public void addSecureKeyByteEntry(String str, Key key, String str2, int i, String str3, int i2, String str4) throws KeyStoreException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> addSecureKeyByteEntry({})", str);
        }
        try {
            SecretKeyByteEntry secretKeyByteEntry = new SecretKeyByteEntry(this.masterKeyProvider.encryptZoneKey(key), str2, i, str3, i2, str4);
            String convertAlias = convertAlias(str);
            this.deltaEntries.put(convertAlias, secretKeyByteEntry);
            this.keyEntries.put(convertAlias, secretKeyByteEntry);
            if (logger.isDebugEnabled()) {
                logger.debug("<== addSecureKeyByteEntry({})", convertAlias);
            }
        } catch (Exception e) {
            logger.error("addSecureKeyByteEntry({})", str, e);
            throw new KeyStoreException(e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineGetCreationDate({})", str);
        }
        String convertAlias = convertAlias(str);
        Object obj = this.keyEntries.get(convertAlias);
        Date date = null;
        if (obj != null) {
            KeyEntry keyEntry = (KeyEntry) obj;
            if (keyEntry.date != null) {
                date = new Date(keyEntry.date.getTime());
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineGetCreationDate({}): ret={}", convertAlias, date);
        }
        return date;
    }

    public void addKeyEntry(String str, Key key, char[] cArr, String str2, int i, String str3, int i2, String str4) throws KeyStoreException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> addKeyEntry({})", str);
        }
        try {
            SecretKeyEntry secretKeyEntry = new SecretKeyEntry(sealKey(key, cArr), str2, i, str3, i2, str4);
            String convertAlias = convertAlias(str);
            this.deltaEntries.put(convertAlias, secretKeyEntry);
            this.keyEntries.put(convertAlias, secretKeyEntry);
            if (logger.isDebugEnabled()) {
                logger.debug("<== addKeyEntry({})", convertAlias);
            }
        } catch (Exception e) {
            logger.error("addKeyEntry({}) error", str, e);
            throw new KeyStoreException(e.getMessage());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineDeleteEntry({})", str);
        }
        String convertAlias = convertAlias(str);
        dbOperationDelete(convertAlias);
        this.keyEntries.remove(convertAlias);
        this.deltaEntries.remove(convertAlias);
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineDeleteEntry({})", convertAlias);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(new HashSet(this.keyEntries.keySet()));
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        String convertAlias = convertAlias(str);
        boolean containsKey = this.keyEntries.containsKey(convertAlias);
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineContainsAlias({}): ret={}", convertAlias, Boolean.valueOf(containsKey));
        }
        return containsKey;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        int size = this.keyEntries.size();
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineSize(): ret={}", Integer.valueOf(size));
        }
        return size;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineStore()");
        }
        if (this.keyVaultEnabled) {
            for (Map.Entry<String, Object> entry : this.deltaEntries.entrySet()) {
                Long valueOf = Long.valueOf(((SecretKeyByteEntry) entry.getValue()).date.getTime());
                SecretKeyByteEntry secretKeyByteEntry = (SecretKeyByteEntry) entry.getValue();
                dbOperationStore(mapObjectToEntity(entry.getKey(), valueOf, secretKeyByteEntry.key, secretKeyByteEntry.cipher_field, secretKeyByteEntry.bit_length, secretKeyByteEntry.description, secretKeyByteEntry.version, secretKeyByteEntry.attributes));
            }
        } else {
            if (cArr == null) {
                throw new IllegalArgumentException("Ranger Master Key can't be null");
            }
            MessageDigest keyedMessageDigest = getKeyedMessageDigest(cArr);
            byte[] digest = keyedMessageDigest.digest();
            for (Map.Entry<String, Object> entry2 : this.deltaEntries.entrySet()) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                DataOutputStream dataOutputStream = new DataOutputStream(new DigestOutputStream(byteArrayOutputStream, keyedMessageDigest));
                Throwable th = null;
                try {
                    ObjectOutputStream objectOutputStream = new ObjectOutputStream(dataOutputStream);
                    Throwable th2 = null;
                    try {
                        try {
                            objectOutputStream.writeObject(((SecretKeyEntry) entry2.getValue()).sealedKey);
                            dataOutputStream.write(digest);
                            dataOutputStream.flush();
                            Long valueOf2 = Long.valueOf(((SecretKeyEntry) entry2.getValue()).date.getTime());
                            SecretKeyEntry secretKeyEntry = (SecretKeyEntry) entry2.getValue();
                            dbOperationStore(mapObjectToEntity(entry2.getKey(), valueOf2, byteArrayOutputStream.toByteArray(), secretKeyEntry.cipher_field, secretKeyEntry.bit_length, secretKeyEntry.description, secretKeyEntry.version, secretKeyEntry.attributes));
                            if (objectOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        objectOutputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    objectOutputStream.close();
                                }
                            }
                            if (dataOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        dataOutputStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    dataOutputStream.close();
                                }
                            }
                        } catch (Throwable th5) {
                            th2 = th5;
                            throw th5;
                        }
                    } catch (Throwable th6) {
                        if (objectOutputStream != null) {
                            if (th2 != null) {
                                try {
                                    objectOutputStream.close();
                                } catch (Throwable th7) {
                                    th2.addSuppressed(th7);
                                }
                            } else {
                                objectOutputStream.close();
                            }
                        }
                        throw th6;
                    }
                } catch (Throwable th8) {
                    if (dataOutputStream != null) {
                        if (0 != 0) {
                            try {
                                dataOutputStream.close();
                            } catch (Throwable th9) {
                                th.addSuppressed(th9);
                            }
                        } else {
                            dataOutputStream.close();
                        }
                    }
                    throw th8;
                }
            }
        }
        this.deltaEntries.clear();
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineStore()");
        }
    }

    public void dbOperationStore(XXRangerKeyStore xXRangerKeyStore) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> dbOperationStore({})", xXRangerKeyStore.getAlias());
        }
        try {
            if (this.kmsDao != null) {
                XXRangerKeyStore findByAlias = this.kmsDao.findByAlias(xXRangerKeyStore.getAlias());
                boolean z = true;
                if (findByAlias == null) {
                    findByAlias = new XXRangerKeyStore();
                    z = false;
                }
                XXRangerKeyStore mapToEntityBean = mapToEntityBean(xXRangerKeyStore, findByAlias);
                if (z) {
                    this.kmsDao.update(mapToEntityBean);
                } else {
                    this.kmsDao.create(mapToEntityBean);
                }
            }
        } catch (Exception e) {
            logger.error("dbOperationStore({}) error", xXRangerKeyStore.getAlias(), e);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== dbOperationStore({})", xXRangerKeyStore.getAlias());
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        DataInputStream dataInputStream;
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineLoad()");
        }
        List<XXRangerKeyStore> dbOperationLoad = dbOperationLoad();
        if (dbOperationLoad == null || dbOperationLoad.size() < 1) {
            if (logger.isDebugEnabled()) {
                logger.debug("RangerKeyStore might be null or key is not present in the database.");
                return;
            }
            return;
        }
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        if (this.keyVaultEnabled) {
            for (XXRangerKeyStore xXRangerKeyStore : dbOperationLoad) {
                byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(xXRangerKeyStore.getEncoded());
                String alias = xXRangerKeyStore.getAlias();
                SecretKeyByteEntry secretKeyByteEntry = new SecretKeyByteEntry(new Date(xXRangerKeyStore.getCreatedDate().longValue()), parseBase64Binary, xXRangerKeyStore.getCipher(), xXRangerKeyStore.getBitLength(), xXRangerKeyStore.getDescription(), xXRangerKeyStore.getVersion(), xXRangerKeyStore.getAttributes());
                logger.debug("engineLoad(): loaded key {}", xXRangerKeyStore.getAlias());
                concurrentHashMap.put(alias, secretKeyByteEntry);
            }
        } else {
            MessageDigest keyedMessageDigest = cArr != null ? getKeyedMessageDigest(cArr) : null;
            byte[] bArr = new byte[0];
            if (keyedMessageDigest != null) {
                bArr = keyedMessageDigest.digest();
            }
            for (XXRangerKeyStore xXRangerKeyStore2 : dbOperationLoad) {
                byte[] parseBase64Binary2 = DatatypeConverter.parseBase64Binary(xXRangerKeyStore2.getEncoded());
                if (parseBase64Binary2 == null || parseBase64Binary2.length <= 0) {
                    logger.error("No Key found for alias {}", xXRangerKeyStore2.getAlias());
                } else {
                    inputStream = new ByteArrayInputStream(parseBase64Binary2);
                }
                if (bArr != null) {
                    int i = 0;
                    for (int length = bArr.length - 1; length >= 0; length--) {
                        if (bArr[length] != parseBase64Binary2[parseBase64Binary2.length - (1 + i)]) {
                            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException("Password verification failed");
                            logger.error("Keystore was tampered with, or password was incorrect.", unrecoverableKeyException);
                            throw new IOException("Keystore was tampered with, or password was incorrect", unrecoverableKeyException);
                        }
                        i++;
                    }
                }
                if (cArr != null) {
                    try {
                        dataInputStream = new DataInputStream(new DigestInputStream(inputStream, keyedMessageDigest));
                    } catch (ClassNotFoundException e) {
                        throw new IOException(e.getMessage());
                    }
                } else {
                    dataInputStream = new DataInputStream(inputStream);
                }
                DataInputStream dataInputStream2 = dataInputStream;
                Throwable th = null;
                try {
                    try {
                        ObjectInputStream objectInputStream = new ObjectInputStream(dataInputStream2);
                        Throwable th2 = null;
                        try {
                            try {
                                SealedObject sealedObject = (SealedObject) objectInputStream.readObject();
                                if (objectInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            objectInputStream.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        objectInputStream.close();
                                    }
                                }
                                if (dataInputStream2 != null) {
                                    if (0 != 0) {
                                        try {
                                            dataInputStream2.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        dataInputStream2.close();
                                    }
                                }
                                SecretKeyEntry secretKeyEntry = new SecretKeyEntry(new Date(xXRangerKeyStore2.getCreatedDate().longValue()), sealedObject, xXRangerKeyStore2.getCipher(), xXRangerKeyStore2.getBitLength(), xXRangerKeyStore2.getDescription(), xXRangerKeyStore2.getVersion(), xXRangerKeyStore2.getAttributes());
                                logger.debug("engineLoad(): loaded key {}", xXRangerKeyStore2.getAlias());
                                concurrentHashMap.put(xXRangerKeyStore2.getAlias(), secretKeyEntry);
                            } catch (Throwable th5) {
                                th2 = th5;
                                throw th5;
                            }
                        } catch (Throwable th6) {
                            if (objectInputStream != null) {
                                if (th2 != null) {
                                    try {
                                        objectInputStream.close();
                                    } catch (Throwable th7) {
                                        th2.addSuppressed(th7);
                                    }
                                } else {
                                    objectInputStream.close();
                                }
                            }
                            throw th6;
                        }
                    } catch (Throwable th8) {
                        th = th8;
                        throw th8;
                    }
                } catch (Throwable th9) {
                    if (dataInputStream2 != null) {
                        if (th != null) {
                            try {
                                dataInputStream2.close();
                            } catch (Throwable th10) {
                                th.addSuppressed(th10);
                            }
                        } else {
                            dataInputStream2.close();
                        }
                    }
                    throw th9;
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("engineLoad(): loaded {} keys", Integer.valueOf(concurrentHashMap.size()));
        }
        this.keyEntries = concurrentHashMap;
        if (logger.isDebugEnabled()) {
            logger.debug("engineLoad(): keyEntries switched with {} keys", Integer.valueOf(concurrentHashMap.size()));
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
    }

    public void engineLoadKeyStoreFile(InputStream inputStream, char[] cArr, char[] cArr2, char[] cArr3, String str) throws IOException {
        IOException iOException;
        int length;
        String algorithm;
        int parseInt;
        int length2;
        String algorithm2;
        int parseInt2;
        SecretKeySpec secretKeySpec;
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineLoadKeyStoreFile()");
        }
        if (this.keyVaultEnabled) {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(inputStream, cArr);
                this.deltaEntries.clear();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    String[] split = nextElement.split("@");
                    Key key = keyStore.getKey(nextElement, cArr2);
                    if (key instanceof JavaKeyStoreProvider.KeyMetadata) {
                        Field declaredField = JavaKeyStoreProvider.KeyMetadata.class.getDeclaredField(METADATA_FIELDNAME);
                        declaredField.setAccessible(true);
                        KeyProvider.Metadata metadata = (KeyProvider.Metadata) declaredField.get((JavaKeyStoreProvider.KeyMetadata) key);
                        length2 = metadata.getBitLength();
                        algorithm2 = metadata.getAlgorithm();
                        parseInt2 = metadata.getVersions();
                        Constructor declaredConstructor = RangerKeyStoreProvider.KeyMetadata.class.getDeclaredConstructor(KeyProvider.Metadata.class);
                        declaredConstructor.setAccessible(true);
                        key = (Key) declaredConstructor.newInstance(metadata);
                        secretKeySpec = new SecretKeySpec(key.getEncoded(), getAlgorithm(metadata.getAlgorithm()));
                    } else if (key instanceof KeyByteMetadata) {
                        KeyProvider.Metadata metadata2 = ((KeyByteMetadata) key).metadata;
                        algorithm2 = metadata2.getCipher();
                        parseInt2 = metadata2.getVersions();
                        length2 = metadata2.getBitLength();
                        if (key.getEncoded() == null || key.getEncoded().length <= 0) {
                            KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(metadata2.getCipher()));
                            keyGenerator.init(metadata2.getBitLength());
                            secretKeySpec = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), getAlgorithm(metadata2.getCipher()));
                        } else {
                            secretKeySpec = new SecretKeySpec(key.getEncoded(), getAlgorithm(metadata2.getAlgorithm()));
                        }
                    } else if (key instanceof RangerKeyStoreProvider.KeyMetadata) {
                        KeyProvider.Metadata metadata3 = ((RangerKeyStoreProvider.KeyMetadata) key).metadata;
                        length2 = metadata3.getBitLength();
                        algorithm2 = metadata3.getCipher();
                        parseInt2 = metadata3.getVersions();
                        if (key.getEncoded() == null || key.getEncoded().length <= 0) {
                            KeyGenerator keyGenerator2 = KeyGenerator.getInstance(getAlgorithm(metadata3.getCipher()));
                            keyGenerator2.init(metadata3.getBitLength());
                            secretKeySpec = new SecretKeySpec(keyGenerator2.generateKey().getEncoded(), getAlgorithm(metadata3.getCipher()));
                        } else {
                            secretKeySpec = new SecretKeySpec(key.getEncoded(), getAlgorithm(metadata3.getAlgorithm()));
                        }
                    } else {
                        length2 = key.getEncoded().length * NUMBER_OF_BITS_PER_BYTE;
                        algorithm2 = key.getAlgorithm();
                        parseInt2 = split.length == 2 ? Integer.parseInt(split[1]) + 1 : 1;
                        secretKeySpec = (key.getEncoded() == null || key.getEncoded().length <= 0) ? null : new SecretKeySpec(key.getEncoded(), getAlgorithm(key.getAlgorithm()));
                    }
                    String str2 = split[0];
                    validateKeyName(str2);
                    this.deltaEntries.put(nextElement, new SecretKeyByteEntry(keyStore.getCreationDate(nextElement), this.masterKeyProvider.encryptZoneKey(secretKeySpec), algorithm2, length2, key.getFormat() + " - " + keyStore.getType(), parseInt2, "{\"key.acl.name\":\"" + str2 + "\"}"));
                }
            } finally {
            }
        } else {
            try {
                KeyStore keyStore2 = KeyStore.getInstance(str);
                keyStore2.load(inputStream, cArr);
                this.deltaEntries.clear();
                Enumeration<String> aliases2 = keyStore2.aliases();
                while (aliases2.hasMoreElements()) {
                    String nextElement2 = aliases2.nextElement();
                    String[] split2 = nextElement2.split("@");
                    Key key2 = keyStore2.getKey(nextElement2, cArr2);
                    if (key2 instanceof JavaKeyStoreProvider.KeyMetadata) {
                        Field declaredField2 = JavaKeyStoreProvider.KeyMetadata.class.getDeclaredField(METADATA_FIELDNAME);
                        declaredField2.setAccessible(true);
                        KeyProvider.Metadata metadata4 = (KeyProvider.Metadata) declaredField2.get((JavaKeyStoreProvider.KeyMetadata) key2);
                        length = metadata4.getBitLength();
                        algorithm = metadata4.getAlgorithm();
                        parseInt = metadata4.getVersions();
                        Constructor declaredConstructor2 = RangerKeyStoreProvider.KeyMetadata.class.getDeclaredConstructor(KeyProvider.Metadata.class);
                        declaredConstructor2.setAccessible(true);
                        key2 = (Key) declaredConstructor2.newInstance(metadata4);
                    } else if (key2 instanceof RangerKeyStoreProvider.KeyMetadata) {
                        KeyProvider.Metadata metadata5 = ((RangerKeyStoreProvider.KeyMetadata) key2).metadata;
                        length = metadata5.getBitLength();
                        algorithm = metadata5.getCipher();
                        parseInt = metadata5.getVersions();
                    } else {
                        length = key2.getEncoded().length * NUMBER_OF_BITS_PER_BYTE;
                        algorithm = key2.getAlgorithm();
                        parseInt = split2.length == 2 ? Integer.parseInt(split2[1]) + 1 : 1;
                    }
                    String str3 = split2[0];
                    validateKeyName(str3);
                    try {
                        Class<?> cls = Class.forName("com.sun.crypto.provider.KeyProtector");
                        Constructor<?> declaredConstructor3 = cls.getDeclaredConstructor(char[].class);
                        declaredConstructor3.setAccessible(true);
                        Object newInstance = declaredConstructor3.newInstance(cArr3);
                        Method declaredMethod = cls.getDeclaredMethod("seal", Key.class);
                        declaredMethod.setAccessible(true);
                        this.deltaEntries.put(nextElement2, new SecretKeyEntry(keyStore2.getCreationDate(nextElement2), (SealedObject) declaredMethod.invoke(newInstance, key2), algorithm, length, key2.getFormat() + " - " + keyStore2.getType(), parseInt, "{\"key.acl.name\":\"" + str3 + "\"}"));
                    } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                        logger.error(e.getMessage());
                        throw new IOException(e.getMessage());
                    }
                }
            } finally {
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== engineLoadKeyStoreFile()");
        }
    }

    public void engineLoadToKeyStoreFile(OutputStream outputStream, char[] cArr, char[] cArr2, char[] cArr3, String str) throws IOException {
        Key engineGetKey;
        KeyProvider.Metadata metadata;
        if (logger.isDebugEnabled()) {
            logger.debug("==> engineLoadToKeyStoreFile()");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            if (keyStore != null) {
                keyStore.load(null, cArr);
                engineLoad(null, cArr3);
                Enumeration<String> engineAliases = engineAliases();
                while (engineAliases.hasMoreElements()) {
                    String nextElement = engineAliases.nextElement();
                    if (this.keyVaultEnabled) {
                        engineGetKey = engineGetDecryptedZoneKey(nextElement);
                    } else {
                        engineGetKey = engineGetKey(nextElement, cArr3);
                        if ((engineGetKey instanceof RangerKeyStoreProvider.KeyMetadata) && (metadata = ((RangerKeyStoreProvider.KeyMetadata) engineGetKey).metadata) != null) {
                            engineGetKey = new RangerKeyStoreProvider.KeyMetadata(metadata);
                        }
                    }
                    keyStore.setKeyEntry(nextElement, engineGetKey, cArr2, null);
                }
                keyStore.store(outputStream, cArr);
            }
        } catch (Throwable th) {
            logger.error("Unable to load keystore file", th);
            throw new IOException(th);
        }
    }

    public XXRangerKeyStore convertKeysBetweenRangerKMSAndGCP(String str, Key key, RangerKMSMKI rangerKMSMKI) {
        return convertKeysBetweenRangerKMSAndHSM(str, key, rangerKMSMKI);
    }

    public XXRangerKeyStore convertKeysBetweenRangerKMSAndAzureKeyVault(String str, Key key, RangerKMSMKI rangerKMSMKI) {
        return convertKeysBetweenRangerKMSAndHSM(str, key, rangerKMSMKI);
    }

    public String getAlgorithm(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    private void validateKeyName(String str) {
        if (!pattern.matcher(str).matches()) {
            throw new IllegalArgumentException("Key Name : " + str + ", should start with alpha/numeric letters and can have special characters - (hypen) or _ (underscore)");
        }
    }

    private Object getKeyEntry(String str) {
        return this.keyEntries.get(str);
    }

    private XXRangerKeyStore convertKeysBetweenRangerKMSAndHSM(String str, Key key, RangerKMSMKI rangerKMSMKI) {
        XXRangerKeyStore mapObjectToEntity;
        try {
            SecretKeyEntry secretKeyEntry = (SecretKeyEntry) getKeyEntry(str);
            if (key instanceof RangerKeyStoreProvider.KeyMetadata) {
                KeyProvider.Metadata metadata = ((RangerKeyStoreProvider.KeyMetadata) key).metadata;
                KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(metadata.getCipher()));
                keyGenerator.init(metadata.getBitLength());
                byte[] encryptZoneKey = rangerKMSMKI.encryptZoneKey(new SecretKeySpec(keyGenerator.generateKey().getEncoded(), getAlgorithm(metadata.getCipher())));
                mapObjectToEntity = mapObjectToEntity(str, Long.valueOf(new Date().getTime()), encryptZoneKey, metadata.getCipher(), metadata.getBitLength(), metadata.getDescription(), metadata.getVersions(), secretKeyEntry.attributes);
            } else {
                byte[] encryptZoneKey2 = rangerKMSMKI.encryptZoneKey(key);
                Long valueOf = Long.valueOf(secretKeyEntry.date.getTime());
                int i = secretKeyEntry.version;
                String[] split = str.split("@");
                if (split.length == 2 && Integer.parseInt(split[1]) + 1 != secretKeyEntry.version) {
                    i++;
                }
                mapObjectToEntity = mapObjectToEntity(str, valueOf, encryptZoneKey2, secretKeyEntry.cipher_field, secretKeyEntry.bit_length, secretKeyEntry.description, i, secretKeyEntry.attributes);
            }
            return mapObjectToEntity;
        } catch (Throwable th) {
            throw new RuntimeException("Migration failed between key secure and Ranger DB : ", th);
        }
    }

    private XXRangerKeyStore mapObjectToEntity(String str, Long l, byte[] bArr, String str2, int i, String str3, int i2, String str4) {
        XXRangerKeyStore xXRangerKeyStore = new XXRangerKeyStore();
        xXRangerKeyStore.setAlias(str);
        xXRangerKeyStore.setCreatedDate(l);
        xXRangerKeyStore.setEncoded(DatatypeConverter.printBase64Binary(bArr));
        xXRangerKeyStore.setCipher(str2);
        xXRangerKeyStore.setBitLength(i);
        xXRangerKeyStore.setDescription(str3);
        xXRangerKeyStore.setVersion(i2);
        xXRangerKeyStore.setAttributes(str4);
        return xXRangerKeyStore;
    }

    private void dbOperationDelete(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> dbOperationDelete({})", str);
        }
        try {
            if (this.kmsDao != null) {
                this.kmsDao.deleteByAlias(str);
            }
        } catch (Exception e) {
            logger.error("dbOperationDelete({}) error", str, e);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== dbOperationDelete({})", str);
        }
    }

    private XXRangerKeyStore mapToEntityBean(XXRangerKeyStore xXRangerKeyStore, XXRangerKeyStore xXRangerKeyStore2) {
        xXRangerKeyStore2.setAlias(xXRangerKeyStore.getAlias());
        xXRangerKeyStore2.setCreatedDate(xXRangerKeyStore.getCreatedDate());
        xXRangerKeyStore2.setEncoded(xXRangerKeyStore.getEncoded());
        xXRangerKeyStore2.setCipher(xXRangerKeyStore.getCipher());
        xXRangerKeyStore2.setBitLength(xXRangerKeyStore.getBitLength());
        xXRangerKeyStore2.setDescription(xXRangerKeyStore.getDescription());
        xXRangerKeyStore2.setVersion(xXRangerKeyStore.getVersion());
        xXRangerKeyStore2.setAttributes(xXRangerKeyStore.getAttributes());
        return xXRangerKeyStore2;
    }

    private List<XXRangerKeyStore> dbOperationLoad() {
        if (logger.isDebugEnabled()) {
            logger.debug("==> dbOperationLoad()");
        }
        List<XXRangerKeyStore> list = null;
        try {
            if (this.kmsDao != null) {
                list = this.kmsDao.getAllKeys();
            }
        } catch (Exception e) {
            logger.error("dbOperationLoad() error", e);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== dbOperationLoad(): count={}", Integer.valueOf(list != null ? list.size() : 0));
        }
        return list;
    }

    private MessageDigest getKeyedMessageDigest(char[] cArr) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        byte[] bArr = new byte[cArr.length * 2];
        int i = 0;
        for (int i2 = 0; i2 < cArr.length; i2++) {
            int i3 = i;
            int i4 = i + 1;
            bArr[i3] = (byte) (cArr[i2] >> NUMBER_OF_BITS_PER_BYTE);
            i = i4 + 1;
            bArr[i4] = (byte) cArr[i2];
        }
        messageDigest.update(bArr);
        Arrays.fill(bArr, (byte) 0);
        messageDigest.update(SECRET_KEY_HASH_WORD.getBytes(StandardCharsets.UTF_8));
        return messageDigest;
    }

    private String convertAlias(String str) {
        return str.toLowerCase();
    }

    private SealedObject sealKey(Key key, char[] cArr) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("==> sealKey()");
        }
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
        pBEKeySpec.clearPassword();
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[NUMBER_OF_BITS_PER_BYTE];
        secureRandom.nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 20);
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
        cipher.init(1, generateSecret, pBEParameterSpec);
        RangerSealedObject rangerSealedObject = new RangerSealedObject(key, cipher);
        if (logger.isDebugEnabled()) {
            logger.debug("<== sealKey(): ret={}", rangerSealedObject);
        }
        return rangerSealedObject;
    }

    private Key unsealKey(SealedObject sealedObject, char[] cArr) throws Exception {
        if (logger.isDebugEnabled()) {
            logger.debug("==> unsealKey()");
        }
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndTripleDES");
        PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr);
        SecretKey generateSecret = secretKeyFactory.generateSecret(pBEKeySpec);
        pBEKeySpec.clearPassword();
        AlgorithmParameters parameters = sealedObject instanceof RangerSealedObject ? ((RangerSealedObject) sealedObject).getParameters() : new RangerSealedObject(sealedObject).getParameters();
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndTripleDES");
        cipher.init(2, generateSecret, parameters);
        Key key = (Key) sealedObject.getObject(cipher);
        if (logger.isDebugEnabled()) {
            logger.debug("<== unsealKey(): ret={}", key);
        }
        return key;
    }
}
