package org.apache.hadoop.crypto.key;

import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.conf.Configuration;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/hadoop/crypto/key/RangerSafenetKeySecure.class */
public class RangerSafenetKeySecure implements RangerKMSMKI {
    static final Logger logger = Logger.getLogger(RangerSafenetKeySecure.class);
    private final String alias;
    private final String providerType;
    private KeyStore myStore;
    private final String adp;
    private Provider provider;
    private static final String MK_ALGO = "AES";
    private final int mkSize;
    private static final int MK_KeySize = 256;
    private String pkcs11CfgFilePath;
    private static final String CFGFILEPATH = "ranger.kms.keysecure.sunpkcs11.cfg.filepath";
    private static final String MK_KEYSIZE = "ranger.kms.keysecure.masterkey.size";
    private static final String ALIAS = "ranger.kms.keysecure.masterkey.name";
    private static final String PROVIDER = "ranger.kms.keysecure.provider.type";
    private static final String KEYSECURE_LOGIN = "ranger.kms.keysecure.login";

    public RangerSafenetKeySecure(Configuration configuration) throws Exception {
        this.pkcs11CfgFilePath = null;
        this.mkSize = configuration.getInt(MK_KEYSIZE, MK_KeySize);
        this.alias = configuration.get(ALIAS, "RANGERMK");
        this.providerType = configuration.get(PROVIDER, "SunPKCS11");
        this.adp = configuration.get(KEYSECURE_LOGIN);
        this.pkcs11CfgFilePath = configuration.get(CFGFILEPATH);
        try {
            if (getJavaVersion() <= 8) {
                this.provider = (Provider) Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(String.class).newInstance(this.pkcs11CfgFilePath);
            } else {
                Method declaredMethod = Provider.class.getDeclaredMethod("configure", String.class);
                this.provider = Security.getProvider(this.providerType);
                if (this.provider != null) {
                    this.provider = (Provider) declaredMethod.invoke(this.provider, this.pkcs11CfgFilePath);
                }
            }
            if (this.provider != null) {
                Security.addProvider(this.provider);
                this.myStore = KeyStore.getInstance("PKCS11", this.provider);
            } else {
                logger.error("Provider was not initialize for Ranger Safenet Key Secure.");
            }
            if (this.myStore != null) {
                this.myStore.load(null, this.adp.toCharArray());
            } else {
                logger.error("Safenet Keysecure not found. Please verify the Ranger KMS Safenet Keysecure configuration setup.");
            }
        } catch (IOException e) {
            throw new IOException("Unexpected IOException while loading keystore : " + e.getMessage());
        } catch (NoSuchMethodException e2) {
            throw new NoSuchMethodException("Unexpected NoSuchMethodException while loading keystore : " + e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw new NoSuchAlgorithmException("Unexpected NoSuchAlgorithmException while loading keystore : " + e3.getMessage());
        } catch (CertificateException e4) {
            throw new CertificateException("Unexpected CertificateException while loading keystore : " + e4.getMessage());
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public boolean generateMasterKey(String str) {
        if (this.myStore == null) {
            return false;
        }
        try {
            if (this.myStore.containsAlias(this.alias)) {
                return true;
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(MK_ALGO, this.provider);
            keyGenerator.init(this.mkSize);
            this.myStore.setKeyEntry(this.alias, keyGenerator.generateKey(), str.toCharArray(), (Certificate[]) null);
            return true;
        } catch (Exception e) {
            logger.error("generateMasterKey : Exception during Ranger Master Key Generation - " + e);
            return false;
        }
    }

    @Override // org.apache.hadoop.crypto.key.RangerKMSMKI
    public String getMasterKey(String str) throws Throwable {
        SecretKey secretKey;
        if (this.myStore == null) {
            return null;
        }
        try {
            if (!this.myStore.containsAlias(this.alias) || (secretKey = (SecretKey) this.myStore.getKey(this.alias, str.toCharArray())) == null) {
                return null;
            }
            return Base64.encode(secretKey.getEncoded());
        } catch (Exception e) {
            logger.error("getMasterKey : Exception searching for Ranger Master Key - " + e.getMessage());
            return null;
        }
    }

    public boolean setMasterKey(String str, byte[] bArr, Configuration configuration) {
        if (this.myStore == null) {
            return false;
        }
        try {
            this.myStore.setKeyEntry(this.alias, new SecretKeySpec(bArr, MK_ALGO), str.toCharArray(), (Certificate[]) null);
            return true;
        } catch (Exception e) {
            logger.error("setMasterKey : Exception while setting Master Key - " + e.getMessage());
            return false;
        }
    }

    private int getJavaVersion() {
        String property = System.getProperty("java.version");
        if (property.startsWith("1.")) {
            property = property.substring(2, 3);
        } else {
            int indexOf = property.indexOf(".");
            if (indexOf != -1) {
                property = property.substring(0, indexOf);
            }
        }
        return Integer.parseInt(property);
    }
}
