package com.cloudera.keytrustee.hsm;

import com.cloudera.keytrustee.DepositGroupManager;
import com.cloudera.keytrustee.entity.Deposit;
import com.cloudera.keytrustee.entity.DepositGroup;
import com.cloudera.keytrustee.entity.DepositGroupAttribute;
import com.cloudera.keytrustee.entity.MetaBlob;
import com.cloudera.keytrustee.util.HSMKeyProviderConfiguration;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/hsm/HsmHelper.class */
public abstract class HsmHelper {
    public static String LUNA_HELPER = LunaHelper.SCHEME_NAME;
    public static String NCIPHER_HELPER = "nCipher";
    public static String INGRIAN_HELPER = "IngrianProvider";
    private static final Logger LOG = LoggerFactory.getLogger(HsmHelper.class);
    private DepositGroupManager depositGroupManager;
    private Map<String, String> attributes = new HashMap();
    protected MetaBlob metaBlob;
    protected Provider provider;
    protected KeyStore keyStore;
    protected String password;
    protected SecureRandom secureRandom;

    public static HsmHelper getHsmHelper(HSMKeyProviderConfiguration hSMKeyProviderConfiguration) throws IOException {
        String hSMProvider = hSMKeyProviderConfiguration.getHSMProvider();
        if (hSMProvider.equalsIgnoreCase(NCIPHER_HELPER)) {
            return new nCipherHelper(hSMKeyProviderConfiguration);
        }
        if (hSMProvider.equalsIgnoreCase(LUNA_HELPER)) {
            return new LunaHelper(hSMKeyProviderConfiguration);
        }
        if (hSMProvider.equalsIgnoreCase(INGRIAN_HELPER)) {
            return new IngrianHelper(hSMKeyProviderConfiguration.getUsername(), hSMKeyProviderConfiguration.getPassword());
        }
        return null;
    }

    public HsmHelper(Provider provider, String str) throws IOException {
        this.provider = provider;
        this.password = str;
        Security.insertProviderAt(this.provider, Security.getProviders().length);
        try {
            this.keyStore = KeyStore.getInstance(getScheme(), this.provider);
            LOG.info("KeyStore created with schema {} for provider {}", getScheme(), this.provider);
        } catch (KeyStoreException e) {
            LOG.error("Exception while trying to initialize HsmHelper", e);
            throw new IOException(e);
        }
    }

    public final void setDepositGroupManager(DepositGroupManager depositGroupManager) throws IOException {
        this.depositGroupManager = depositGroupManager;
        updateDepositGroupManagerInfoFromDb();
        refreshDepositGroupRuntimeState();
    }

    private void updateDepositGroupManagerInfoFromDb() throws IOException {
        DepositGroup depositGroup = this.depositGroupManager.getDepositGroup();
        for (DepositGroupAttribute depositGroupAttribute : depositGroup.getAttributes()) {
            this.attributes.put(depositGroupAttribute.getKey(), depositGroupAttribute.getValue());
        }
        setMetaBlob(depositGroup.getMetaBlob());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setMetaBlob(MetaBlob metaBlob) throws IOException {
        this.metaBlob = metaBlob;
    }

    public void setKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, key, cArr, certificateArr);
    }

    public abstract void refreshDepositGroupRuntimeState() throws IOException;

    protected abstract InputStream getKeyStoreInitializer();

    protected abstract SecureRandom getSecureRandom() throws NoSuchAlgorithmException, NoSuchProviderException;

    protected abstract String getScheme();

    public void loadKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException {
        this.keyStore.load(getKeyStoreInitializer(), this.password.toCharArray());
        LOG.debug("KeyStore loaded");
    }

    public void storeKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException {
    }

    protected Provider getProvider() {
        return this.provider;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public Cipher getCipherInstance(String str) throws NoSuchPaddingException, NoSuchAlgorithmException {
        return Cipher.getInstance(str, this.provider);
    }

    public SecureRandom getHSMSecureRandom() throws NoSuchProviderException, NoSuchAlgorithmException {
        if (null == this.secureRandom) {
            this.secureRandom = getSecureRandom();
        }
        return this.secureRandom;
    }

    public void getNextSecureRandomBytes(byte[] bArr) throws NoSuchProviderException, NoSuchAlgorithmException {
        getHSMSecureRandom().nextBytes(bArr);
    }

    public SecretKey generateSecretKey(String str, int i, String str2) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(str2), this.provider);
        keyGenerator.init(i);
        return keyGenerator.generateKey();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAlgorithm(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.util.List] */
    protected List<Deposit> getDeposits() {
        ArrayList arrayList = new ArrayList();
        if (null != this.depositGroupManager) {
            arrayList = (List) this.depositGroupManager.getDepositGroup().getDeposits();
        }
        return arrayList;
    }

    public void updateDepositGroupAttributes(List<DepositGroupAttribute> list) throws IOException {
        if (null == this.attributes || null == list) {
            return;
        }
        for (DepositGroupAttribute depositGroupAttribute : list) {
            LOG.info("Updating deposit group attribute [{}] to [{}].", depositGroupAttribute.getKey(), depositGroupAttribute.getValue());
            this.attributes.put(depositGroupAttribute.getKey(), depositGroupAttribute.getValue());
        }
    }

    public void updateDepositGroupMetaBlob(MetaBlob metaBlob) throws IOException {
        LOG.info("Updating deposit group metablob to [{}].", metaBlob.getName());
        this.metaBlob = metaBlob;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeHSMHelperDepositGroupAttribute(String str, String str2, MetaBlob metaBlob) {
        if (null == this.depositGroupManager) {
            LOG.warn("HSM helper does not have access to deposit group manager. Attribute [{}] not stored.", str);
            return;
        }
        if (this.attributes.containsKey(str)) {
            LOG.info("HSM helper attribute [{}] updated from old value [{}] to new value [{}].", new Object[]{str, this.attributes.get(str), str2});
        }
        this.attributes.put(str, str2);
        DepositGroup depositGroup = this.depositGroupManager.getDepositGroup();
        depositGroup.setAttributes(this.attributes);
        if (null != metaBlob) {
            depositGroup.setMetaBlob(metaBlob);
        }
        this.depositGroupManager.dbOperationStore();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String loadHSMHelperDepositGroupAttribute(String str) {
        String str2 = null;
        if (null != this.depositGroupManager) {
            str2 = this.attributes.get(str);
        } else if (LOG.isWarnEnabled()) {
            LOG.warn("HSM helper does not have access to deposit group manager. Attribute [" + str + "] is null.");
        }
        return str2;
    }

    public void updateAttributesAfterHsmStore(Map<String, String> map) throws IOException {
    }

    public void addToBlobFilenameSuffixMap(String str, String str2) {
    }

    public void saveKeyFile(MetaBlob metaBlob) throws IOException {
    }

    public MetaBlob getMetaBlobForHsmKeyName(String str) throws IOException {
        return null;
    }
}
