package org.apache.hadoop.crypto.key;

import com.microsoft.azure.keyvault.KeyVaultClient;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.ranger.entity.XXRangerKeyStore;
import org.apache.ranger.kms.dao.DaoManager;

/* loaded from: input_file:org/apache/hadoop/crypto/key/DBToAzureKeyVault.class */
public class DBToAzureKeyVault {
    private static final String AZURE_CLIENT_ID = "ranger.kms.azure.client.id";
    private static final String AZURE_CLIENT_SECRET = "ranger.kms.azure.client.secret";
    private static final String AZURE_MASTER_KEY_ALIAS = "ranger.kms.azure.masterkey.name";
    private static final String AZURE_KEYVAULT_CERTIFICATE_PATH = "ranger.kms.azure.keyvault.certificate.path";
    private static final String AZURE_KEYVAULT_URL = "ranger.kms.azurekeyvault.url";
    private static final String ENCRYPTION_KEY = "ranger.db.encrypt.key.password";
    private static final String AZURE_MASTER_KEY_TYPE = "ranger.kms.azure.masterkey.type";
    private static final String ZONE_KEY_ENCRYPTION_ALGO = "ranger.kms.azure.zonekey.encryption.algorithm";
    private RangerKeyStore dbStore;

    public static void showUsage() {
        System.err.println("USAGE: java " + DBToAzureKeyVault.class.getName() + " <azureMasterKeyName> <azureMasterKeyType> <zoneKeyEncryptionAlgo> <azureKeyVaultUrl> <azureClientId> <isSSLEnabled> <clientSecret / Certificate Path>");
    }

    public static void main(String[] strArr) {
        if (strArr.length < 7) {
            System.err.println("Invalid number of parameters found.");
            showUsage();
            System.exit(1);
            return;
        }
        Configuration dBKSConf = RangerKeyStoreProvider.getDBKSConf();
        String str = strArr[0];
        if (str == null || str.trim().isEmpty()) {
            System.err.println("Azure master key name not provided.");
            showUsage();
            System.exit(1);
        }
        String str2 = strArr[1];
        if (str2 == null || str2.trim().isEmpty()) {
            System.err.println("Azure master key type not provided.");
            showUsage();
            System.exit(1);
        }
        String str3 = strArr[2];
        if (str3 == null || str3.trim().isEmpty()) {
            System.err.println("Zone Key Encryption algorithm name not provided.");
            showUsage();
            System.exit(1);
        }
        String str4 = strArr[3];
        if (str4 == null || str4.trim().isEmpty()) {
            System.err.println("Azure Key Vault url not provided.");
            showUsage();
            System.exit(1);
        }
        String str5 = strArr[4];
        if (str5 == null || str5.trim().isEmpty()) {
            System.err.println("Azure Client Id is not provided.");
            showUsage();
            System.exit(1);
        }
        String str6 = strArr[5];
        if (str6 == null || str6.trim().isEmpty()) {
            System.err.println("isSSLEnabled not provided.");
            showUsage();
            System.exit(1);
        }
        if (!str6.equalsIgnoreCase("true") && !str6.equalsIgnoreCase("false")) {
            System.err.println("Please provide the valid value for isSSLEnabled");
            showUsage();
            System.exit(1);
        }
        String str7 = strArr[6];
        String str8 = null;
        if (str7 == null || str7.trim().isEmpty()) {
            System.err.println("Please provide Azure client password of certificate password");
            showUsage();
            System.exit(1);
        }
        boolean z = false;
        if (str6.equalsIgnoreCase("true")) {
            z = true;
            if (!str7.endsWith(".pem") && !str7.endsWith(".pfx")) {
                System.err.println("Please provide valid certificate file path E.G .pem /.pfx");
                showUsage();
                System.exit(1);
            } else if (strArr.length > 7 && !StringUtils.isEmpty(strArr[7])) {
                str8 = strArr[7];
            }
        }
        if (new DBToAzureKeyVault().doExportMKToAzureKeyVault(z, str, str2, str3, str5, str4, str7, str8, dBKSConf)) {
            System.out.println("Master Key from Ranger KMS DB has been successfully imported into Azure Key Vault.");
        } else {
            System.out.println("Import of Master Key from DB has been unsuccessful.");
            System.exit(1);
        }
        System.exit(0);
    }

    private boolean doExportMKToAzureKeyVault(boolean z, String str, String str2, String str3, String str4, String str5, String str6, String str7, Configuration configuration) {
        KeyVaultClient keyVaultClient;
        try {
            String str8 = configuration.get("ranger.db.encrypt.key.password");
            if (str8 == null || str8.trim().equals("") || str8.trim().equals("_") || str8.trim().equals("crypted")) {
                throw new IOException("Master Key Jceks does not exists");
            }
            configuration.set(AZURE_MASTER_KEY_TYPE, str2);
            configuration.set(ZONE_KEY_ENCRYPTION_ALGO, str3);
            configuration.set(AZURE_MASTER_KEY_ALIAS, str);
            configuration.set(AZURE_CLIENT_ID, str4);
            configuration.set(AZURE_KEYVAULT_URL, str5);
            DaoManager daoManager = new RangerKMSDB(configuration).getDaoManager();
            if (z) {
                configuration.set(AZURE_KEYVAULT_CERTIFICATE_PATH, str6);
                AzureKeyVaultClientAuthenticator azureKeyVaultClientAuthenticator = new AzureKeyVaultClientAuthenticator(str4);
                keyVaultClient = !StringUtils.isEmpty(str7) ? azureKeyVaultClientAuthenticator.getAuthentication(str6, str7) : azureKeyVaultClientAuthenticator.getAuthentication(str6, "");
            } else {
                configuration.set(AZURE_CLIENT_SECRET, str6);
                keyVaultClient = new KeyVaultClient(new AzureKeyVaultClientAuthenticator(str4, str6));
            }
            if (keyVaultClient == null) {
                System.err.println("Key Vault is null. Please check the azure related configs.");
                System.exit(1);
            }
            RangerAzureKeyVaultKeyGenerator rangerAzureKeyVaultKeyGenerator = new RangerAzureKeyVaultKeyGenerator(configuration, keyVaultClient);
            if (!rangerAzureKeyVaultKeyGenerator.generateMasterKey(str8)) {
                return false;
            }
            this.dbStore = new RangerKeyStore(daoManager, configuration, keyVaultClient);
            char[] charArray = new RangerMasterKey(daoManager).getMasterKey(str8).toCharArray();
            ArrayList arrayList = new ArrayList();
            this.dbStore.engineLoad(null, charArray);
            Enumeration<String> engineAliases = this.dbStore.engineAliases();
            while (engineAliases.hasMoreElements()) {
                String nextElement = engineAliases.nextElement();
                arrayList.add(this.dbStore.convertKeysBetweenRangerKMSAndAzureKeyVault(nextElement, this.dbStore.engineGetKey(nextElement, charArray), rangerAzureKeyVaultKeyGenerator));
            }
            if (arrayList == null || arrayList.isEmpty()) {
                return true;
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                this.dbStore.dbOperationStore((XXRangerKeyStore) it.next());
            }
            return true;
        } catch (Throwable th) {
            throw new RuntimeException("Unable to import Master key from Ranger DB to Azure Key Vault ", th);
        }
    }
}
