package com.cloudera.keytrustee;

import com.cloudera.keytrustee.dao.DaoManager;
import com.cloudera.keytrustee.dao.DaoUtil;
import com.cloudera.keytrustee.dao.MasterKeyDao;
import com.cloudera.keytrustee.entity.EncryptedMasterKey;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/ClouderaMasterKey.class */
public class ClouderaMasterKey {
    private static final Logger LOG = LoggerFactory.getLogger(ClouderaMasterKey.class);
    public static final String PBE_ALGORITHM = "PBEWithMD5AndTripleDES";
    private DaoManager daoManager;

    public ClouderaMasterKey(DaoManager daoManager) {
        this.daoManager = daoManager;
    }

    public void generateKey(String str) {
        MasterKeyDao masterKeyDao = new MasterKeyDao(this.daoManager);
        if (masterKeyDao.getAll().isEmpty()) {
            KeyGenerator keyGenerator = null;
            try {
                keyGenerator = KeyGenerator.getInstance("AES");
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            SecretKeyFactory secretKeyFactory = null;
            try {
                secretKeyFactory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
            } catch (NoSuchAlgorithmException e2) {
                e2.printStackTrace();
            }
            PBEKeySpec pbeKeySpec = getPbeKeySpec(str);
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pbeKeySpec.getSalt(), pbeKeySpec.getIterationCount());
            SecretKey secretKey = null;
            try {
                secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
            } catch (InvalidKeySpecException e3) {
                e3.printStackTrace();
            }
            Cipher cipher = null;
            try {
                cipher = Cipher.getInstance(secretKey.getAlgorithm());
            } catch (NoSuchAlgorithmException e4) {
                e4.printStackTrace();
            } catch (NoSuchPaddingException e5) {
                e5.printStackTrace();
            }
            try {
                cipher.init(1, secretKey, pBEParameterSpec);
            } catch (InvalidAlgorithmParameterException e6) {
                e6.printStackTrace();
            } catch (InvalidKeyException e7) {
                e7.printStackTrace();
            }
            byte[] bArr = null;
            try {
                bArr = cipher.doFinal(generateKey.getEncoded());
            } catch (BadPaddingException e8) {
                e8.printStackTrace();
            } catch (IllegalBlockSizeException e9) {
                e9.printStackTrace();
            }
            EncryptedMasterKey encryptedMasterKey = new EncryptedMasterKey();
            encryptedMasterKey.setUuid(DaoUtil.genUuid());
            encryptedMasterKey.setCipher("AES");
            encryptedMasterKey.setBitlength(256);
            encryptedMasterKey.setKeyValue(Base64.encodeBase64URLSafeString(bArr));
            try {
                if (this.daoManager != null && masterKeyDao.getAllCount().longValue() < 1) {
                    masterKeyDao.create(encryptedMasterKey).getUuid();
                }
            } catch (Exception e10) {
                e10.printStackTrace();
            }
        }
    }

    private PBEKeySpec getPbeKeySpec(String str) {
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        byte[] bArr = new byte[8];
        System.arraycopy(messageDigest.digest(str.getBytes()), 0, bArr, 0, 8);
        return new PBEKeySpec(str.toCharArray(), bArr, str.toCharArray().length + 1);
    }

    public String getMasterKey(String str) throws Throwable {
        try {
            if (this.daoManager == null) {
                return null;
            }
            MasterKeyDao masterKeyDao = new MasterKeyDao(this.daoManager);
            List<EncryptedMasterKey> all = masterKeyDao.getAll();
            if (all.size() < 1) {
                throw new Exception("No Master Key exists");
            }
            if (all.size() > 1) {
                throw new Exception("More than one Master Key exists");
            }
            byte[] decodeBase64 = Base64.decodeBase64(masterKeyDao.getById(all.get(0).getUuid()).getKeyValue());
            if (decodeBase64 == null || decodeBase64.length <= 0) {
                throw new Exception("No Master Key Found");
            }
            return decryptMasterKey(decodeBase64, str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private String decryptMasterKey(byte[] bArr, String str) throws Throwable {
        return Base64.encodeBase64URLSafeString(getMasterKeyFromBytes(decryptKey(bArr, getPbeKeySpec(str))).getEncoded());
    }

    private SecretKey getPasswordKey(PBEKeySpec pBEKeySpec) throws Throwable {
        return SecretKeyFactory.getInstance(PBE_ALGORITHM).generateSecret(pBEKeySpec);
    }

    private byte[] decryptKey(byte[] bArr, PBEKeySpec pBEKeySpec) throws Throwable {
        SecretKey passwordKey = getPasswordKey(pBEKeySpec);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(pBEKeySpec.getSalt(), pBEKeySpec.getIterationCount());
        Cipher cipher = Cipher.getInstance(passwordKey.getAlgorithm());
        cipher.init(2, passwordKey, pBEParameterSpec);
        return cipher.doFinal(bArr);
    }

    private SecretKey getMasterKeyFromBytes(byte[] bArr) throws Throwable {
        return new SecretKeySpec(bArr, "AES");
    }
}
