package org.apache.hadoop.crypto.key;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.fs.Path;
import org.apache.ranger.credentialapi.CredentialReader;
import org.apache.ranger.kms.dao.DaoManager;
import org.apache.ranger.plugin.util.AutoClosableLock;
import org.apache.ranger.plugin.util.JsonUtilsV2;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStoreProvider.class */
public class RangerKeyStoreProvider extends KeyProvider {
    private static final Logger logger = LoggerFactory.getLogger(RangerKeyStoreProvider.class);
    public static final String SCHEME_NAME = "dbks";
    public static final String KMS_CONFIG_DIR = "kms.config.dir";
    public static final String DBKS_SITE_XML = "dbks-site.xml";
    public static final String ENCRYPTION_KEY = "ranger.db.encrypt.key.password";
    private static final String KEY_METADATA = "KeyMetadata";
    private static final String CREDENTIAL_PATH = "ranger.ks.jpa.jdbc.credential.provider.path";
    private static final String MK_CREDENTIAL_ALIAS = "ranger.ks.masterkey.credential.alias";
    private static final String DB_CREDENTIAL_ALIAS = "ranger.ks.jpa.jdbc.credential.alias";
    private static final String DB_PASSWORD = "ranger.ks.jpa.jdbc.password";
    private static final String HSM_ENABLED = "ranger.ks.hsm.enabled";
    private static final String HSM_PARTITION_PASSWORD_ALIAS = "ranger.ks.hsm.partition.password.alias";
    private static final String HSM_PARTITION_PASSWORD = "ranger.ks.hsm.partition.password";
    private static final String KEYSECURE_ENABLED = "ranger.kms.keysecure.enabled";
    private static final String KEYSECURE_USERNAME = "ranger.kms.keysecure.login.username";
    private static final String KEYSECURE_PASSWORD_ALIAS = "ranger.kms.keysecure.login.password.alias";
    private static final String KEYSECURE_PASSWORD = "ranger.kms.keysecure.login.password";
    private static final String KEYSECURE_LOGIN = "ranger.kms.keysecure.login";
    private static final String AZURE_KEYVAULT_ENABLED = "ranger.kms.azurekeyvault.enabled";
    private static final String AZURE_CLIENT_SECRET_ALIAS = "ranger.kms.azure.client.secret.alias";
    private static final String AZURE_CLIENT_SECRET = "ranger.kms.azure.client.secret";
    private static final String TENCENT_KMS_ENABLED = "ranger.kms.tencentkms.enabled";
    private static final String TENCENT_CLIENT_SECRET = "ranger.kms.tencent.client.secret";
    private static final String TENCENT_CLIENT_SECRET_ALIAS = "ranger.kms.tencent.client.secret.alias";
    private static final String IS_GCP_ENABLED = "ranger.kms.gcp.enabled";
    private final RangerKeyStore dbStore;
    private final char[] masterKey;
    private final Map<String, KeyProvider.Metadata> cache;
    private final ReadWriteLock lock;
    private final boolean keyVaultEnabled;
    private boolean changed;

    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStoreProvider$Factory.class */
    public static class Factory extends KeyProviderFactory {
        public KeyProvider createProvider(URI uri, Configuration configuration) {
            if (RangerKeyStoreProvider.logger.isDebugEnabled()) {
                RangerKeyStoreProvider.logger.debug("==> createProvider({})", uri);
            }
            RangerKeyStoreProvider rangerKeyStoreProvider = null;
            try {
                if (RangerKeyStoreProvider.SCHEME_NAME.equals(uri.getScheme())) {
                    rangerKeyStoreProvider = new RangerKeyStoreProvider(configuration);
                } else {
                    RangerKeyStoreProvider.logger.warn(uri.getScheme() + ": unrecognized schema");
                }
            } catch (Throwable th) {
                RangerKeyStoreProvider.logger.error("createProvider() error", th);
            }
            if (RangerKeyStoreProvider.logger.isDebugEnabled()) {
                RangerKeyStoreProvider.logger.debug("<== createProvider({})", uri);
            }
            return rangerKeyStoreProvider;
        }
    }

    /* loaded from: input_file:org/apache/hadoop/crypto/key/RangerKeyStoreProvider$KeyMetadata.class */
    public static class KeyMetadata implements Key, Serializable {
        private static final long serialVersionUID = 8405872419967874451L;
        KeyProvider.Metadata metadata;

        /* JADX INFO: Access modifiers changed from: protected */
        public KeyMetadata(KeyProvider.Metadata metadata) {
            this.metadata = metadata;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return this.metadata.getCipher();
        }

        @Override // java.security.Key
        public String getFormat() {
            return RangerKeyStoreProvider.KEY_METADATA;
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return new byte[0];
        }

        private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
            byte[] serialize = this.metadata.serialize();
            objectOutputStream.writeInt(serialize.length);
            objectOutputStream.write(serialize);
        }

        private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
            byte[] bArr = new byte[objectInputStream.readInt()];
            objectInputStream.readFully(bArr);
            this.metadata = new KeyProvider.Metadata(bArr);
        }
    }

    public RangerKeyStoreProvider(Configuration configuration) throws Throwable {
        super(configuration);
        this.cache = new HashMap();
        this.lock = new ReentrantReadWriteLock(true);
        this.changed = false;
        if (logger.isDebugEnabled()) {
            logger.debug("==> RangerKeyStoreProvider(conf)");
        }
        Configuration dBKSConf = getDBKSConf();
        getFromJceks(dBKSConf, CREDENTIAL_PATH, MK_CREDENTIAL_ALIAS, "ranger.db.encrypt.key.password");
        getFromJceks(dBKSConf, CREDENTIAL_PATH, DB_CREDENTIAL_ALIAS, DB_PASSWORD);
        getFromJceks(dBKSConf, CREDENTIAL_PATH, HSM_PARTITION_PASSWORD_ALIAS, HSM_PARTITION_PASSWORD);
        String str = dBKSConf.get("ranger.db.encrypt.key.password");
        if (str == null || str.trim().equals("") || str.trim().equals("_") || str.trim().equals("crypted")) {
            throw new IOException("The Ranger MasterKey Password is empty or not a valid Password");
        }
        boolean z = dBKSConf.getBoolean(HSM_ENABLED, false);
        boolean z2 = dBKSConf.getBoolean(KEYSECURE_ENABLED, false);
        boolean z3 = dBKSConf.getBoolean(AZURE_KEYVAULT_ENABLED, false);
        boolean z4 = dBKSConf.getBoolean(IS_GCP_ENABLED, false);
        boolean z5 = dBKSConf.getBoolean(TENCENT_KMS_ENABLED, false);
        this.keyVaultEnabled = z3 || z4 || z5;
        DaoManager daoManager = new RangerKMSDB(dBKSConf).getDaoManager();
        if (z) {
            logger.info("Ranger KMS HSM is enabled for storing master key.");
            String str2 = dBKSConf.get(HSM_PARTITION_PASSWORD);
            if (str2 == null || str2.trim().equals("") || str2.trim().equals("_") || str2.trim().equals("crypted")) {
                throw new IOException("Partition Password doesn't exists");
            }
            RangerHSM rangerHSM = new RangerHSM(dBKSConf);
            this.dbStore = new RangerKeyStore(daoManager);
            this.masterKey = generateAndGetMasterKey(rangerHSM, str);
        } else if (z2) {
            logger.info("KeySecure is enabled for storing the master key.");
            getFromJceks(dBKSConf, CREDENTIAL_PATH, KEYSECURE_PASSWORD_ALIAS, KEYSECURE_PASSWORD);
            dBKSConf.set(KEYSECURE_LOGIN, dBKSConf.get(KEYSECURE_USERNAME).trim() + ":" + dBKSConf.get(KEYSECURE_PASSWORD));
            RangerSafenetKeySecure rangerSafenetKeySecure = new RangerSafenetKeySecure(dBKSConf);
            this.dbStore = new RangerKeyStore(daoManager);
            this.masterKey = generateAndGetMasterKey(rangerSafenetKeySecure, str);
        } else if (z3) {
            logger.info("Azure Key Vault is enabled for storing the master key.");
            getFromJceks(dBKSConf, CREDENTIAL_PATH, AZURE_CLIENT_SECRET_ALIAS, AZURE_CLIENT_SECRET);
            try {
                RangerAzureKeyVaultKeyGenerator rangerAzureKeyVaultKeyGenerator = new RangerAzureKeyVaultKeyGenerator(dBKSConf);
                rangerAzureKeyVaultKeyGenerator.onInitialization();
                rangerAzureKeyVaultKeyGenerator.generateMasterKey(str);
                this.dbStore = new RangerKeyStore(daoManager, true, (RangerKMSMKI) rangerAzureKeyVaultKeyGenerator);
                this.masterKey = null;
            } catch (Exception e) {
                throw new Exception("Error while generating master key and master key secret in Azure Key Vault. Error : " + e);
            }
        } else if (z5) {
            logger.info("Ranger KMS Tencent KMS is enabled for storing master key.");
            getFromJceks(dBKSConf, CREDENTIAL_PATH, TENCENT_CLIENT_SECRET_ALIAS, TENCENT_CLIENT_SECRET);
            try {
                RangerTencentKMSProvider rangerTencentKMSProvider = new RangerTencentKMSProvider(dBKSConf);
                rangerTencentKMSProvider.onInitialization();
                rangerTencentKMSProvider.generateMasterKey(str);
                this.dbStore = new RangerKeyStore(daoManager, true, (RangerKMSMKI) rangerTencentKMSProvider);
                this.masterKey = null;
            } catch (Exception e2) {
                throw new Exception("Error while generating master key and master key secret in Tencent KMS. Error : " + e2);
            }
        } else if (z4) {
            logger.info("Google Cloud HSM is enabled for storing the master key.");
            RangerGoogleCloudHSMProvider rangerGoogleCloudHSMProvider = new RangerGoogleCloudHSMProvider(dBKSConf);
            rangerGoogleCloudHSMProvider.onInitialization();
            rangerGoogleCloudHSMProvider.generateMasterKey(str);
            this.dbStore = new RangerKeyStore(daoManager, true, (RangerKMSMKI) rangerGoogleCloudHSMProvider);
            this.masterKey = null;
        } else {
            logger.info("Ranger KMS Database is enabled for storing master key.");
            RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
            this.dbStore = new RangerKeyStore(daoManager);
            this.masterKey = generateAndGetMasterKey(rangerMasterKey, str);
        }
        reloadKeys();
    }

    public static Configuration getDBKSConf() {
        Configuration configuration = getConfiguration(true, "dbks-site.xml");
        getFromJceks(configuration, CREDENTIAL_PATH, MK_CREDENTIAL_ALIAS, "ranger.db.encrypt.key.password");
        getFromJceks(configuration, CREDENTIAL_PATH, DB_CREDENTIAL_ALIAS, DB_PASSWORD);
        return configuration;
    }

    public KeyProvider.KeyVersion createKey(String str, byte[] bArr, KeyProvider.Options options) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> createKey({})", str);
        }
        AutoClosableLock.AutoClosableWriteLock autoClosableWriteLock = new AutoClosableLock.AutoClosableWriteLock(this.lock);
        Throwable th = null;
        try {
            reloadKeys();
            if (this.dbStore.engineContainsAlias(str) || this.cache.containsKey(str)) {
                throw new IOException("Key " + str + " already exists");
            }
            KeyProvider.Metadata metadata = new KeyProvider.Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1);
            if (options.getBitLength() != 8 * bArr.length) {
                throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * bArr.length));
            }
            KeyProvider.KeyVersion innerSetKeyVersion = innerSetKeyVersion(str, buildVersionName(str, 0), bArr, metadata);
            if (autoClosableWriteLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableWriteLock.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    autoClosableWriteLock.close();
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("<== createKey({})", str);
            }
            return innerSetKeyVersion;
        } catch (Throwable th3) {
            if (autoClosableWriteLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableWriteLock.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    autoClosableWriteLock.close();
                }
            }
            throw th3;
        }
    }

    public void deleteKey(String str) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> deleteKey({})", str);
        }
        AutoClosableLock.AutoClosableWriteLock autoClosableWriteLock = new AutoClosableLock.AutoClosableWriteLock(this.lock);
        Throwable th = null;
        try {
            reloadKeys();
            KeyProvider.Metadata metadata = getMetadata(str);
            if (metadata == null) {
                throw new IOException("Key " + str + " does not exist");
            }
            for (int i = 0; i < metadata.getVersions(); i++) {
                String buildVersionName = buildVersionName(str, i);
                try {
                    if (this.dbStore.engineContainsAlias(buildVersionName)) {
                        this.dbStore.engineDeleteEntry(buildVersionName);
                    }
                } catch (KeyStoreException e) {
                    throw new IOException("Problem removing " + buildVersionName, e);
                }
            }
            try {
                if (this.dbStore.engineContainsAlias(str)) {
                    this.dbStore.engineDeleteEntry(str);
                }
                this.cache.remove(str);
                this.changed = true;
                if (autoClosableWriteLock != null) {
                    if (0 != 0) {
                        try {
                            autoClosableWriteLock.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        autoClosableWriteLock.close();
                    }
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("<== deleteKey({})", str);
                }
            } catch (KeyStoreException e2) {
                throw new IOException("Problem removing " + str + " from " + this, e2);
            }
        } catch (Throwable th3) {
            if (autoClosableWriteLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableWriteLock.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    autoClosableWriteLock.close();
                }
            }
            throw th3;
        }
    }

    public void flush() throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> flush()");
        }
        if (this.changed) {
            try {
                AutoClosableLock.AutoClosableWriteLock autoClosableWriteLock = new AutoClosableLock.AutoClosableWriteLock(this.lock);
                Throwable th = null;
                try {
                    try {
                        this.dbStore.engineStore(null, this.masterKey);
                        reloadKeys();
                        this.changed = false;
                        if (autoClosableWriteLock != null) {
                            if (0 != 0) {
                                try {
                                    autoClosableWriteLock.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                autoClosableWriteLock.close();
                            }
                        }
                    } finally {
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new IOException("No such algorithm storing key", e);
                } catch (CertificateException e2) {
                    throw new IOException("Certificate exception storing key", e2);
                }
            } catch (IOException e3) {
                reloadKeys();
                throw e3;
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== flush()");
        }
    }

    public KeyProvider.KeyVersion getKeyVersion(String str) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getKeyVersion({})", str);
        }
        KeyProvider.KeyVersion keyVersion = null;
        AutoClosableLock.AutoClosableReadLock autoClosableReadLock = new AutoClosableLock.AutoClosableReadLock(this.lock);
        Throwable th = null;
        try {
            if (this.keyVaultEnabled) {
                try {
                    boolean engineContainsAlias = this.dbStore.engineContainsAlias(str);
                    if (!engineContainsAlias) {
                        this.dbStore.engineLoad(null, this.masterKey);
                        engineContainsAlias = this.dbStore.engineContainsAlias(str);
                    }
                    if (engineContainsAlias) {
                        try {
                            byte[] engineGetDecryptedZoneKeyByte = this.dbStore.engineGetDecryptedZoneKeyByte(str);
                            if (engineGetDecryptedZoneKeyByte != null && engineGetDecryptedZoneKeyByte.length > 0) {
                                keyVersion = new KeyProvider.KeyVersion(getBaseName(str), str, engineGetDecryptedZoneKeyByte);
                            }
                        } catch (Exception e) {
                            throw new RuntimeException("Error while getting decrypted key." + e);
                        }
                    }
                } catch (NoSuchAlgorithmException e2) {
                    throw new IOException("Can't get algorithm for key " + e2.getMessage());
                } catch (CertificateException e3) {
                    throw new IOException("Certificate exception storing key", e3);
                }
            } else {
                SecretKeySpec secretKeySpec = null;
                try {
                    boolean engineContainsAlias2 = this.dbStore.engineContainsAlias(str);
                    if (!engineContainsAlias2) {
                        this.dbStore.engineLoad(null, this.masterKey);
                        engineContainsAlias2 = this.dbStore.engineContainsAlias(str);
                    }
                    if (engineContainsAlias2) {
                        secretKeySpec = (SecretKeySpec) this.dbStore.engineGetKey(str, this.masterKey);
                    }
                    if (secretKeySpec != null) {
                        keyVersion = new KeyProvider.KeyVersion(getBaseName(str), str, secretKeySpec.getEncoded());
                    }
                } catch (NoSuchAlgorithmException e4) {
                    throw new IOException("Can't get algorithm for key " + secretKeySpec, e4);
                } catch (UnrecoverableKeyException e5) {
                    throw new IOException("Can't recover key " + secretKeySpec, e5);
                } catch (CertificateException e6) {
                    throw new IOException("Certificate exception storing key", e6);
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("<== getKeyVersion({})", str);
            }
            return keyVersion;
        } finally {
            if (autoClosableReadLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableReadLock.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    autoClosableReadLock.close();
                }
            }
        }
    }

    public List<KeyProvider.KeyVersion> getKeyVersions(String str) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getKeyVersions({})", str);
        }
        ArrayList arrayList = new ArrayList();
        AutoClosableLock.AutoClosableReadLock autoClosableReadLock = new AutoClosableLock.AutoClosableReadLock(this.lock);
        Throwable th = null;
        try {
            try {
                KeyProvider.Metadata metadata = getMetadata(str);
                if (metadata != null) {
                    int versions = metadata.getVersions();
                    for (int i = 0; i < versions; i++) {
                        KeyProvider.KeyVersion keyVersion = getKeyVersion(buildVersionName(str, i));
                        if (keyVersion != null) {
                            arrayList.add(keyVersion);
                        }
                    }
                }
                if (autoClosableReadLock != null) {
                    if (0 != 0) {
                        try {
                            autoClosableReadLock.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        autoClosableReadLock.close();
                    }
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("<== getKeyVersions({}): count={}", str, Integer.valueOf(arrayList.size()));
                }
                return arrayList;
            } finally {
            }
        } catch (Throwable th3) {
            if (autoClosableReadLock != null) {
                if (th != null) {
                    try {
                        autoClosableReadLock.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    autoClosableReadLock.close();
                }
            }
            throw th3;
        }
    }

    public List<String> getKeys() throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getKeys()");
        }
        ArrayList arrayList = new ArrayList();
        reloadKeys();
        Enumeration<String> engineAliases = this.dbStore.engineAliases();
        while (engineAliases.hasMoreElements()) {
            String nextElement = engineAliases.nextElement();
            if (!nextElement.contains("@")) {
                arrayList.add(nextElement);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== getKeys(): count={}", Integer.valueOf(arrayList.size()));
        }
        return arrayList;
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r9v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00d5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:89:0x00d5 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00d0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:87:0x00d0 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v3, types: [org.apache.ranger.plugin.util.AutoClosableLock$AutoClosableReadLock] */
    public KeyProvider.Metadata getMetadata(String str) throws IOException {
        ?? r9;
        ?? r10;
        if (logger.isDebugEnabled()) {
            logger.debug("==> getMetadata({})", str);
        }
        boolean z = false;
        try {
            try {
                AutoClosableLock.AutoClosableReadLock autoClosableReadLock = new AutoClosableLock.AutoClosableReadLock(this.lock);
                Throwable th = null;
                KeyProvider.Metadata metadata = this.cache.get(str);
                if (metadata == null) {
                    if (!this.dbStore.engineContainsAlias(str)) {
                        this.dbStore.engineLoad(null, this.masterKey);
                    }
                    if (this.dbStore.engineContainsAlias(str)) {
                        if (this.keyVaultEnabled) {
                            metadata = this.dbStore.engineGetKeyMetadata(str);
                            z = metadata != null;
                        } else {
                            Key engineGetKey = this.dbStore.engineGetKey(str, this.masterKey);
                            if (engineGetKey != null) {
                                metadata = ((KeyMetadata) engineGetKey).metadata;
                                z = metadata != null;
                            }
                        }
                    }
                }
                if (autoClosableReadLock != null) {
                    if (0 != 0) {
                        try {
                            autoClosableReadLock.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        autoClosableReadLock.close();
                    }
                }
                if (metadata != null && z) {
                    AutoClosableLock.AutoClosableTryWriteLock autoClosableTryWriteLock = new AutoClosableLock.AutoClosableTryWriteLock(this.lock);
                    Throwable th3 = null;
                    try {
                        if (autoClosableTryWriteLock.isLocked()) {
                            this.cache.put(str, metadata);
                        } else {
                            logger.debug("{} not added to cache - writeLock couldn't be obtained", str);
                        }
                    } finally {
                        if (autoClosableTryWriteLock != null) {
                            if (0 != 0) {
                                try {
                                    autoClosableTryWriteLock.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                autoClosableTryWriteLock.close();
                            }
                        }
                    }
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("<== getMetadata({}): ret={}", str, metadata);
                }
                return metadata;
            } catch (Throwable th5) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th6) {
                            r10.addSuppressed(th6);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th5;
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("Can't get algorithm for " + str, e);
        } catch (UnrecoverableKeyException e2) {
            throw new IOException("Can't recover key for " + str, e2);
        } catch (Exception e3) {
            throw new IOException("Please try again ", e3);
        }
    }

    public KeyProvider.KeyVersion rollNewVersion(String str, byte[] bArr) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> rollNewVersion({})", str);
        }
        AutoClosableLock.AutoClosableWriteLock autoClosableWriteLock = new AutoClosableLock.AutoClosableWriteLock(this.lock);
        Throwable th = null;
        try {
            reloadKeys();
            KeyProvider.Metadata metadata = getMetadata(str);
            if (metadata == null) {
                throw new IOException("Key " + str + " not found");
            }
            if (metadata.getBitLength() != 8 * bArr.length) {
                throw new IOException("Wrong key length. Required " + metadata.getBitLength() + ", but got " + (8 * bArr.length));
            }
            KeyProvider.KeyVersion innerSetKeyVersion = innerSetKeyVersion(str, buildVersionName(str, metadata.addVersion()), bArr, metadata);
            if (autoClosableWriteLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableWriteLock.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    autoClosableWriteLock.close();
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("<== rollNewVersion({}): ret={}", str, innerSetKeyVersion);
            }
            return innerSetKeyVersion;
        } catch (Throwable th3) {
            if (autoClosableWriteLock != null) {
                if (0 != 0) {
                    try {
                        autoClosableWriteLock.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    autoClosableWriteLock.close();
                }
            }
            throw th3;
        }
    }

    private static Configuration getConfiguration(boolean z, String... strArr) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getConfiguration()");
        }
        Configuration configuration = new Configuration(z);
        String property = System.getProperty("kms.config.dir");
        if (property != null) {
            try {
                if (!new Path(property).isUriPathAbsolute()) {
                    throw new RuntimeException("System property 'kms.config.dir' must be an absolute path: " + property);
                }
                for (String str : strArr) {
                    configuration.addResource(new URL("file://" + new Path(property, str).toUri()));
                }
            } catch (MalformedURLException e) {
                logger.error("getConfiguration() error", e);
                throw new RuntimeException(e);
            }
        } else {
            for (String str2 : strArr) {
                configuration.addResource(str2);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== getConfiguration()");
        }
        return configuration;
    }

    private static void getFromJceks(Configuration configuration, String str, String str2, String str3) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> getFromJceks()");
        }
        if (configuration != null) {
            String str4 = configuration.get(str);
            String str5 = configuration.get(str2);
            if (str4 != null && str5 != null) {
                String decryptedString = CredentialReader.getDecryptedString(str4.trim(), str5.trim(), configuration.get("ranger.keystore.file.type", KeyStore.getDefaultType()));
                if (decryptedString == null || decryptedString.trim().isEmpty() || decryptedString.trim().equalsIgnoreCase("none")) {
                    logger.info("Credential keystore password not applied for KMS; clear text password shall be applicable");
                } else {
                    configuration.set(str3, decryptedString);
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("<== getFromJceks()");
        }
    }

    private char[] generateAndGetMasterKey(RangerKMSMKI rangerKMSMKI, String str) {
        if (logger.isDebugEnabled()) {
            logger.debug("==> generateAndGetMasterKey()");
        }
        try {
            rangerKMSMKI.generateMasterKey(str);
            try {
                char[] charArray = rangerKMSMKI.getMasterKey(str).toCharArray();
                if (logger.isDebugEnabled()) {
                    logger.debug("<== generateAndGetMasterKey()");
                }
                return charArray;
            } catch (Throwable th) {
                throw new RuntimeException("Error while getting Ranger Master key, Error - ", th);
            }
        } catch (Throwable th2) {
            throw new RuntimeException("Error while generating Ranger Master key, Error - ", th2);
        }
    }

    private void loadKeys(char[] cArr) throws NoSuchAlgorithmException, CertificateException, IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> loadKeys()");
        }
        this.dbStore.engineLoad(null, cArr);
        if (logger.isDebugEnabled()) {
            logger.debug("<== loadKeys()");
        }
    }

    private KeyProvider.KeyVersion innerSetKeyVersion(String str, String str2, byte[] bArr, KeyProvider.Metadata metadata) throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> innerSetKeyVersion(name={}, versionName={})", str, str2);
        }
        saveKey(str, metadata);
        try {
            String cipher = metadata.getCipher();
            int bitLength = metadata.getBitLength();
            String description = metadata.getDescription();
            int versions = metadata.getVersions();
            String mapToJson = JsonUtilsV2.mapToJson(metadata.getAttributes());
            if (this.keyVaultEnabled) {
                this.dbStore.addSecureKeyByteEntry(str2, new SecretKeySpec(bArr, cipher), cipher, bitLength, description, versions, mapToJson);
            } else {
                this.dbStore.addKeyEntry(str2, new SecretKeySpec(bArr, cipher), this.masterKey, cipher, bitLength, description, versions, mapToJson);
            }
            this.changed = true;
            KeyProvider.KeyVersion keyVersion = new KeyProvider.KeyVersion(str, str2, bArr);
            if (logger.isDebugEnabled()) {
                logger.debug("<== innerSetKeyVersion(name={}, versionName={}): ret={}", new Object[]{str, str2, keyVersion});
            }
            return keyVersion;
        } catch (Exception e) {
            throw new IOException("Can't store key " + str2, e);
        }
    }

    private void saveKey(String str, KeyProvider.Metadata metadata) throws IOException {
        try {
            String mapToJson = JsonUtilsV2.mapToJson(metadata.getAttributes());
            if (this.keyVaultEnabled) {
                Key keyMetadata = new KeyMetadata(metadata);
                if (keyMetadata.getEncoded().length == 0) {
                    KeyGenerator keyGenerator = KeyGenerator.getInstance(metadata.getAlgorithm());
                    keyGenerator.init(metadata.getBitLength());
                    keyMetadata = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), metadata.getCipher());
                }
                this.dbStore.addSecureKeyByteEntry(str, keyMetadata, metadata.getCipher(), metadata.getBitLength(), metadata.getDescription(), metadata.getVersions(), mapToJson);
            } else {
                this.dbStore.addKeyEntry(str, new KeyMetadata(metadata), this.masterKey, metadata.getAlgorithm(), metadata.getBitLength(), metadata.getDescription(), metadata.getVersions(), mapToJson);
            }
            this.cache.put(str, metadata);
        } catch (Exception e) {
            throw new IOException("Can't set metadata key " + str, e);
        }
    }

    private void reloadKeys() throws IOException {
        if (logger.isDebugEnabled()) {
            logger.debug("==> reloadKeys()");
        }
        try {
            AutoClosableLock.AutoClosableWriteLock autoClosableWriteLock = new AutoClosableLock.AutoClosableWriteLock(this.lock);
            Throwable th = null;
            try {
                this.cache.clear();
                loadKeys(this.masterKey);
                if (autoClosableWriteLock != null) {
                    if (0 != 0) {
                        try {
                            autoClosableWriteLock.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        autoClosableWriteLock.close();
                    }
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("<== reloadKeys()");
                }
            } finally {
            }
        } catch (NoSuchAlgorithmException | CertificateException e) {
            throw new IOException("Can't load Keys");
        }
    }
}
