package com.cloudera.keytrustee;

import com.cloudera.keytrustee.dao.ClouderaKMSDao;
import com.cloudera.keytrustee.dao.DaoManager;
import com.cloudera.keytrustee.entity.DeleteStatusChange;
import com.cloudera.keytrustee.entity.Deposit;
import com.cloudera.keytrustee.entity.KeyOption;
import com.cloudera.keytrustee.entity.KeyOptionAttribute;
import com.cloudera.keytrustee.entity.MetaBlob;
import com.cloudera.keytrustee.entity.StatusChange;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.DigestInputStream;
import java.security.DigestOutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.SealedObject;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore.class */
public class ClouderaKeyStore extends KeyStoreSpi {
    private static final Logger LOG;
    private DaoManager daoManager;
    private KeyStoreAttributeStorageHelper storageHelper;
    public static final String ORIGINAL_DEPOSIT_CREATION_TIMESTAMP = "original_deposit_creation_timestamp";
    private final Hashtable<String, List<SecretKeyEntry>> keyEntries = new Hashtable<>();
    private final Hashtable<String, SecretKeyEntry> deltaEntries = new Hashtable<>();
    private final Hashtable<String, MetadataKeyEntry> metaEntries = new Hashtable<>();
    private final Hashtable<String, String> versionEntries = new Hashtable<>();
    private final Set<String> deletedKeyNames = new HashSet();
    private ReadWriteLock lock = new ReentrantReadWriteLock(true);
    private Lock readLock = this.lock.readLock();
    private Lock writeLock = this.lock.writeLock();
    private final String SECRET_KEY_HASH_WORD = "Key Trustee Lives";
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore$Alias.class */
    public static final class Alias {
        private String name;
        private String version;

        public Alias(String str) throws IOException {
            this.name = null;
            this.version = null;
            Preconditions.checkNotNull(str);
            this.name = str;
        }

        public Alias(Deposit deposit) throws IOException {
            this.name = null;
            this.version = null;
            this.name = deposit.getName();
            this.version = deposit.getUuid();
        }

        public String getName() {
            return this.name;
        }

        public String getVersion() {
            return this.version;
        }

        public String getVersionName() {
            return null != this.version ? this.version : this.name;
        }

        public boolean isVersionName() {
            return this.version != null;
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore$KeyEntry.class */
    private static class KeyEntry {
        Date date;

        private KeyEntry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore$KeyStoreAttributeStorageHelper.class */
    public interface KeyStoreAttributeStorageHelper {
        void updateDeltaEntryAttributesBeforeStore(Map<String, String> map) throws IOException;

        MetaBlob getMetaBlobForHsmKeyName(String str) throws IOException;
    }

    /* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore$MetadataKeyEntry.class */
    public static final class MetadataKeyEntry implements Key {
        Date date;
        String cipher_field;
        int bit_length;
        String description;
        Map<String, String> attributes;
        String versions;
        String original_id;
        int version_number;

        public MetadataKeyEntry() {
        }

        public MetadataKeyEntry(String str, int i, String str2, Map<String, String> map, Date date, String str3, int i2) {
            this.cipher_field = str;
            this.bit_length = i;
            this.description = str2;
            this.attributes = map;
            this.date = date;
            this.versions = str3;
            this.version_number = i2;
        }

        public MetadataKeyEntry(SecretKeyEntry secretKeyEntry) {
            this(secretKeyEntry, 1);
        }

        public MetadataKeyEntry(SecretKeyEntry secretKeyEntry, int i) {
            this.cipher_field = secretKeyEntry.cipher_field;
            this.bit_length = secretKeyEntry.bit_length;
            this.description = secretKeyEntry.description;
            this.attributes = secretKeyEntry.attributes;
            this.date = secretKeyEntry.date;
            this.versions = secretKeyEntry.version;
            this.version_number = i;
        }

        public Date getDate() {
            return this.date;
        }

        public String getCipher_field() {
            return this.cipher_field;
        }

        public int getBit_length() {
            return this.bit_length;
        }

        public String getDescription() {
            return this.description;
        }

        public Map<String, String> getAttributes() {
            return this.attributes;
        }

        public String getOriginal_id() {
            return this.original_id;
        }

        public int getVersion_number() {
            return this.version_number;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return this.cipher_field;
        }

        @Override // java.security.Key
        public String getFormat() {
            return "MetadataKey";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return new byte[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/keytrustee/ClouderaKeyStore$SecretKeyEntry.class */
    public static final class SecretKeyEntry {
        Date date;
        SealedObject sealedDeposit;
        String cipher_field;
        int bit_length;
        String description;
        Map<String, String> attributes;
        String version;
        String original_id;
        String uuid;

        private SecretKeyEntry() {
        }
    }

    public String getNewVersion() {
        if (this.deltaEntries.size() == 0) {
            return null;
        }
        if ($assertionsDisabled || this.deltaEntries.size() == 1) {
            return ((SecretKeyEntry) this.deltaEntries.values().toArray()[0]).version;
        }
        throw new AssertionError();
    }

    public long getNextDepositSeqNum() {
        return new ClouderaKMSDao(this.daoManager).getNextDepositSequenceNumber();
    }

    public long getNextStatusChangeSeqNum() {
        return new ClouderaKMSDao(this.daoManager).getNextStatusChangeSequenceNumber();
    }

    public List<DeleteStatusChange> findDeleteStatusChangeSeqNumGreaterThan(Long l) {
        return new ClouderaKMSDao(this.daoManager).findDeleteStatusChangeGreaterThan(l);
    }

    public ClouderaKeyStore(DaoManager daoManager) {
        this.daoManager = daoManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setStorageHelper(KeyStoreAttributeStorageHelper keyStoreAttributeStorageHelper) {
        this.storageHelper = keyStoreAttributeStorageHelper;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v86, types: [java.util.List] */
    public void addKeyEntry(String str, Key key, char[] cArr, String str2, int i, String str3, String str4, Map<String, String> map) throws KeyStoreException {
        try {
            Alias alias = new Alias(str);
            SecretKeyEntry secretKeyEntry = new SecretKeyEntry();
            try {
                this.writeLock.lock();
                synchronized (this.deltaEntries) {
                    try {
                        try {
                            Class<?> cls = Class.forName("com.sun.crypto.provider.KeyProtector");
                            Constructor<?> declaredConstructor = cls.getDeclaredConstructor(char[].class);
                            declaredConstructor.setAccessible(true);
                            Object newInstance = declaredConstructor.newInstance(cArr);
                            secretKeyEntry.date = new Date();
                            Method declaredMethod = cls.getDeclaredMethod("seal", Key.class);
                            declaredMethod.setAccessible(true);
                            secretKeyEntry.sealedDeposit = (SealedObject) declaredMethod.invoke(newInstance, key);
                            secretKeyEntry.cipher_field = str2;
                            secretKeyEntry.bit_length = i;
                            secretKeyEntry.description = str3;
                            secretKeyEntry.version = str4;
                            LOG.debug("Version info for key [{}] is [{}]", str, str4);
                            if (key == null || key.getEncoded() == null) {
                                LOG.trace("key is null");
                            } else {
                                LOG.trace("Pre-sealed encoded key length [{}]", Integer.valueOf(key.getEncoded().length));
                            }
                            secretKeyEntry.attributes = map;
                            this.deltaEntries.put(alias.getName(), secretKeyEntry);
                            if (!$assertionsDisabled && this.deltaEntries.size() != 1) {
                                throw new AssertionError(true);
                            }
                        } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                            LOG.error(e.getMessage());
                            throw new KeyStoreException(e.getMessage());
                        }
                    } catch (AssertionError e2) {
                        LOG.error("AssertionError due to deltaEntries being more than 1.", e2.getMessage());
                        throw new KeyStoreException(e2.getMessage());
                    } catch (Exception e3) {
                        LOG.error(e3.getMessage());
                        throw new KeyStoreException(e3.getMessage());
                    }
                }
                synchronized (this.keyEntries) {
                    try {
                        ArrayList arrayList = new ArrayList();
                        if (this.keyEntries.containsKey(alias.getName())) {
                            arrayList = (List) this.keyEntries.get(alias.getName());
                        }
                        arrayList.add(secretKeyEntry);
                        this.keyEntries.put(alias.getName(), arrayList);
                    } catch (Exception e4) {
                        LOG.error(e4.getMessage());
                        throw new KeyStoreException(e4.getMessage());
                    }
                }
                synchronized (this.metaEntries) {
                    this.metaEntries.put(str4, new MetadataKeyEntry(secretKeyEntry));
                }
                synchronized (this.versionEntries) {
                    try {
                        this.versionEntries.put(str4, str);
                    } catch (Exception e5) {
                        LOG.error(e5.getMessage());
                        throw new KeyStoreException(e5.getMessage());
                    }
                }
            } finally {
                this.writeLock.unlock();
            }
        } catch (IOException e6) {
            LOG.error(e6.getMessage());
            throw new KeyStoreException(e6.getMessage());
        }
    }

    public String getLatestVersion(String str) {
        try {
            this.readLock.lock();
            if (!this.keyEntries.containsKey(str)) {
                return null;
            }
            List<SecretKeyEntry> list = this.keyEntries.get(str);
            String str2 = list.get(list.size() - 1).version;
            this.readLock.unlock();
            return str2;
        } finally {
            this.readLock.unlock();
        }
    }

    public List<String> getVersions(String str) {
        try {
            this.readLock.lock();
            if (!this.keyEntries.containsKey(str)) {
                this.readLock.unlock();
                return null;
            }
            List<SecretKeyEntry> list = this.keyEntries.get(str);
            ArrayList arrayList = new ArrayList();
            Iterator<SecretKeyEntry> it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().version);
            }
            return arrayList;
        } finally {
            this.readLock.unlock();
        }
    }

    public List<String> getHSMKeyName(String str) {
        if (!this.keyEntries.containsKey(str)) {
            return null;
        }
        List<SecretKeyEntry> list = this.keyEntries.get(str);
        ArrayList arrayList = new ArrayList();
        Iterator<SecretKeyEntry> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().attributes.get(HSMKeyProvider.HSM_KEY_NAME_KEY));
        }
        return arrayList;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            this.readLock.lock();
            Key key = null;
            SecretKeyEntry secretKeyEntry = null;
            boolean z = false;
            String keyName = getKeyName(str);
            LOG.debug("Version {} maps to key {}", str, keyName);
            if (this.keyEntries.containsKey(keyName)) {
                Iterator<SecretKeyEntry> it = this.keyEntries.get(keyName).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    SecretKeyEntry next = it.next();
                    if (next.version == str) {
                        secretKeyEntry = next;
                        break;
                    }
                }
                if (secretKeyEntry == null) {
                    LOG.debug("Unable to find key version {}.", str);
                }
            } else {
                LOG.debug("Unable to find the key name {}.", keyName);
            }
            if (null != secretKeyEntry) {
                if (secretKeyEntry instanceof MetadataKeyEntry) {
                    z = true;
                }
                if (!z) {
                    try {
                        Class<?> cls = Class.forName("com.sun.crypto.provider.KeyProtector");
                        Constructor<?> declaredConstructor = cls.getDeclaredConstructor(char[].class);
                        declaredConstructor.setAccessible(true);
                        Object newInstance = declaredConstructor.newInstance(cArr);
                        Method declaredMethod = cls.getDeclaredMethod("unseal", SealedObject.class);
                        declaredMethod.setAccessible(true);
                        key = (Key) declaredMethod.invoke(newInstance, secretKeyEntry.sealedDeposit);
                        LOG.trace("Unsealed encoded key length [{}]", Integer.valueOf(key.getEncoded().length));
                    } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                        LOG.error(e.getMessage());
                    }
                }
            }
            return key;
        } finally {
            this.readLock.unlock();
        }
    }

    public MetadataKeyEntry engineGetMetadata(String str, char[] cArr) {
        return engineGetMetadata(str, null, cArr);
    }

    public MetadataKeyEntry engineGetMetadata(String str, String str2, char[] cArr) {
        return engineGetMetadata(str, str2, cArr, false);
    }

    public MetadataKeyEntry engineGetMetadata(String str, String str2, char[] cArr, boolean z) {
        try {
            this.readLock.lock();
            MetadataKeyEntry metadataKeyEntry = null;
            boolean z2 = true;
            MetadataKeyEntry metadataKeyEntry2 = null;
            String latestVersion = (str2 == null || (z && str2 != null)) ? getLatestVersion(str) : str2;
            if (null != latestVersion && this.metaEntries.containsKey(latestVersion)) {
                metadataKeyEntry = this.metaEntries.get(latestVersion);
            }
            if (null != metadataKeyEntry) {
                if (metadataKeyEntry instanceof MetadataKeyEntry) {
                    metadataKeyEntry2 = metadataKeyEntry;
                } else if (metadataKeyEntry != null) {
                    SecretKeyEntry secretKeyEntry = (SecretKeyEntry) metadataKeyEntry;
                    metadataKeyEntry2 = new MetadataKeyEntry();
                    metadataKeyEntry2.attributes = secretKeyEntry.attributes;
                    metadataKeyEntry2.bit_length = secretKeyEntry.bit_length;
                    metadataKeyEntry2.cipher_field = secretKeyEntry.cipher_field;
                    metadataKeyEntry2.date = secretKeyEntry.date;
                    metadataKeyEntry2.description = secretKeyEntry.description;
                    metadataKeyEntry2.original_id = secretKeyEntry.original_id;
                    metadataKeyEntry2.versions = secretKeyEntry.version;
                }
            } else {
                LOG.trace("Found no meta entry for [{}].", latestVersion);
            }
            if (z && !str2.equals(latestVersion)) {
                z2 = false;
                LOG.info("Attempting to find legacy version name matching [{}].", str2);
                Map<String, String> attributes = metadataKeyEntry2.getAttributes();
                for (String str3 : attributes.keySet()) {
                    if (str3.startsWith(HSMKeyProvider.LEGACY_KEY_VERSION_NAME)) {
                        LOG.info("Found legacy version attribute [{}]", str3);
                        String str4 = attributes.get(str3);
                        LOG.info("Found legacy version name [{}]", str4);
                        if (str4.equals(str2)) {
                            LOG.info("Found legacy version name matching requested version name.");
                            z2 = true;
                        }
                    }
                }
            }
            if (!z2) {
                metadataKeyEntry2 = null;
            }
            return metadataKeyEntry2;
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        Date date = null;
        if (!this.versionEntries.containsKey(str)) {
            LOG.error("Unable to find a key with give versionName : {}", str);
        }
        Object obj = this.metaEntries.get(str);
        if (null != obj) {
            if (obj instanceof MetadataKeyEntry) {
                date = ((MetadataKeyEntry) obj).getDate();
            }
            if (obj instanceof SecretKeyEntry) {
                date = ((SecretKeyEntry) obj).date;
            }
        }
        return date;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        engineDeleteEntry(str, new Date().getTime());
    }

    public void engineDeleteEntry(String str, long j) throws KeyStoreException {
        try {
            this.writeLock.lock();
            List<String> versions = getVersions(str);
            synchronized (this.versionEntries) {
                Iterator<String> it = versions.iterator();
                while (it.hasNext()) {
                    this.versionEntries.remove(it.next());
                }
            }
            synchronized (this.keyEntries) {
                dbOperationDelete(str, j);
                this.keyEntries.remove(str);
            }
            synchronized (this.deltaEntries) {
                this.deltaEntries.remove(str);
            }
            synchronized (this.metaEntries) {
                Iterator<String> it2 = versions.iterator();
                while (it2.hasNext()) {
                    this.metaEntries.remove(it2.next());
                }
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private void dbOperationDelete(String str, long j) {
        try {
            if (this.daoManager != null) {
                new ClouderaKMSDao(this.daoManager).deactivateByName(str, j);
            }
        } catch (Exception e) {
            LOG.error(e.getMessage());
            e.printStackTrace();
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return this.keyEntries.keys();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        boolean z = false;
        try {
            Alias alias = new Alias(str);
            z = alias.isVersionName() ? this.metaEntries.containsKey(alias.getVersionName()) : this.keyEntries.containsKey(alias.getName());
        } catch (IOException e) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Invalid name or versions name: " + str);
            }
        }
        return z;
    }

    public boolean engineContainsDeletedAlias(String str) {
        return this.deletedKeyNames.contains(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.keyEntries.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        try {
            this.writeLock.lock();
            synchronized (this.deltaEntries) {
                if (cArr == null) {
                    throw new IllegalArgumentException("Cloudera Master Key can't be null");
                }
                Enumeration<String> keys = this.deltaEntries.keys();
                while (keys.hasMoreElements()) {
                    dbOperationStore(createKmsDeposit(keys.nextElement(), cArr));
                }
                clearDeltaEntries();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Deposit createKmsDeposit(String str, char[] cArr) throws IOException, NoSuchAlgorithmException {
        Deposit mapObjectToEntity;
        try {
            this.readLock.lock();
            MessageDigest keyedMessageDigest = getKeyedMessageDigest(cArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(new DigestOutputStream(byteArrayOutputStream, keyedMessageDigest));
            byte[] digest = keyedMessageDigest.digest();
            ObjectOutputStream objectOutputStream = null;
            String latestVersion = getLatestVersion(str);
            LOG.debug("Creating KMS deposit object for name [{}] and key version [{}]", str, latestVersion);
            synchronized (this.deltaEntries) {
                try {
                    SecretKeyEntry secretKeyEntry = this.deltaEntries.get(str);
                    objectOutputStream = new ObjectOutputStream(dataOutputStream);
                    objectOutputStream.writeObject(secretKeyEntry.sealedDeposit);
                    dataOutputStream.write(digest);
                    dataOutputStream.flush();
                    Date date = secretKeyEntry.date;
                    SecretKeyEntry secretKeyEntry2 = secretKeyEntry;
                    updateDeltaEntryAttributesBeforeStore(secretKeyEntry2.attributes);
                    MetaBlob metaBlobForHsmKeyName = getMetaBlobForHsmKeyName(secretKeyEntry2.attributes.get(HSMKeyProvider.HSM_KEY_NAME_KEY));
                    mapObjectToEntity = mapObjectToEntity(str, date, byteArrayOutputStream.toByteArray(), secretKeyEntry2.cipher_field, secretKeyEntry2.bit_length, secretKeyEntry2.description, secretKeyEntry2.version, secretKeyEntry2.attributes);
                    secretKeyEntry2.uuid = mapObjectToEntity.getUuid();
                    mapObjectToEntity.setMetaBlob(metaBlobForHsmKeyName);
                    MetadataKeyEntry metadataKeyEntry = this.metaEntries.get(latestVersion);
                    LOG.debug("Found metadata [{}] for key version [{}]", metadataKeyEntry, latestVersion);
                    String str2 = metadataKeyEntry.getAttributes().get(ORIGINAL_DEPOSIT_CREATION_TIMESTAMP);
                    if (StringUtils.isNotEmpty(str2)) {
                        mapObjectToEntity.setOriginalCreationTime(new Timestamp(Long.valueOf(str2).longValue()));
                    }
                    metadataKeyEntry.getAttributes().remove(ORIGINAL_DEPOSIT_CREATION_TIMESTAMP);
                    if (objectOutputStream != null) {
                        objectOutputStream.close();
                    } else {
                        dataOutputStream.close();
                    }
                } catch (Throwable th) {
                    if (objectOutputStream != null) {
                        objectOutputStream.close();
                    } else {
                        dataOutputStream.close();
                    }
                    throw th;
                }
            }
            return mapObjectToEntity;
        } finally {
            this.readLock.unlock();
        }
    }

    private void updateDeltaEntryAttributesBeforeStore(Map<String, String> map) throws IOException {
        if (null != this.storageHelper) {
            this.storageHelper.updateDeltaEntryAttributesBeforeStore(map);
        }
    }

    private MetaBlob getMetaBlobForHsmKeyName(String str) throws IOException {
        MetaBlob metaBlob = null;
        if (null != this.storageHelper) {
            metaBlob = this.storageHelper.getMetaBlobForHsmKeyName(str);
        }
        return metaBlob;
    }

    private Deposit mapObjectToEntity(String str, Date date, byte[] bArr, String str2, int i, String str3, String str4, Map<String, String> map) {
        Deposit deposit = new Deposit(str4);
        deposit.setOriginalCreationTime(new Timestamp(date.getTime()));
        KeyOption keyOption = new KeyOption();
        ArrayList arrayList = new ArrayList();
        deposit.setCreateTime(date);
        deposit.setAlias(str);
        deposit.setDescription(str3);
        deposit.setContent(DatatypeConverter.printBase64Binary(bArr));
        deposit.setUuid(str4);
        keyOption.setCreateTime(date);
        keyOption.setCipher(str2);
        keyOption.setBitLength(i);
        deposit.setKeyOption(keyOption);
        for (String str5 : map.keySet()) {
            arrayList.add(new KeyOptionAttribute(str5, map.get(str5)));
        }
        deposit.getKeyOption().setAttributes(arrayList);
        return deposit;
    }

    private void dbOperationStore(Deposit deposit) {
        try {
            if (this.daoManager != null) {
                ClouderaKMSDao clouderaKMSDao = new ClouderaKMSDao(this.daoManager);
                Deposit findActiveByVersion = clouderaKMSDao.findActiveByVersion(deposit.getUuid());
                boolean z = true;
                if (findActiveByVersion == null) {
                    findActiveByVersion = new Deposit();
                    findActiveByVersion.setSequenceNumber(0L);
                    z = false;
                }
                Deposit copyDeposit = copyDeposit(deposit, findActiveByVersion);
                if (z) {
                    LOG.warn("Updating deposit {}", copyDeposit.getUuid());
                    clouderaKMSDao.update(copyDeposit);
                } else {
                    clouderaKMSDao.create(copyDeposit);
                }
            }
        } catch (Exception e) {
            LOG.error(e.getMessage());
            e.printStackTrace();
        }
    }

    private Deposit copyDeposit(Deposit deposit, Deposit deposit2) {
        KeyOption keyOption = deposit2.getKeyOption();
        KeyOption keyOption2 = deposit.getKeyOption();
        if (null != keyOption2) {
            if (null == keyOption) {
                keyOption = new KeyOption();
                deposit2.setKeyOption(keyOption);
            }
            copyOption(keyOption2, keyOption);
        } else {
            deposit.setKeyOption(null);
        }
        deposit2.setAlias(deposit.getAlias());
        deposit2.setDescription(deposit.getDescription());
        deposit2.setContent(deposit.getContent());
        deposit2.setCreateTime(deposit.getCreateTime());
        deposit2.setOriginalCreationTime(deposit.getOriginalCreationTime());
        deposit2.setUuid(deposit.getUuid());
        deposit2.setMetaBlob(deposit.getMetaBlob());
        deposit2.setSequenceNumber(deposit.getSequenceNumber());
        keyOption.setCreateTime(deposit.getKeyOption().getCreateTime());
        keyOption.setCipher(deposit.getKeyOption().getCipher());
        keyOption.setBitLength(deposit.getKeyOption().getBitLength());
        keyOption.setVersion(deposit.getKeyOption().getVersion());
        return deposit2;
    }

    private void copyOption(KeyOption keyOption, KeyOption keyOption2) {
        keyOption2.getAttributes();
        List<KeyOptionAttribute> attributes = keyOption.getAttributes();
        ArrayList arrayList = new ArrayList();
        copyAttributes(attributes, arrayList);
        keyOption2.setAttributes(arrayList);
        keyOption2.setVersion(keyOption.getVersion());
        keyOption2.setCipher(keyOption.getCipher());
        keyOption2.setCreateTime(keyOption.getCreateTime());
        keyOption2.setBitLength(keyOption.getBitLength());
        keyOption2.setDescription(keyOption.getDescription());
        keyOption2.setState(keyOption.getState());
        keyOption2.setExpirationTime(keyOption.getExpirationTime());
    }

    private void copyAttributes(List<KeyOptionAttribute> list, List<KeyOptionAttribute> list2) {
        for (KeyOptionAttribute keyOptionAttribute : list) {
            list2.add(new KeyOptionAttribute(keyOptionAttribute.getKey(), keyOptionAttribute.getValue()));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v104, types: [java.util.List] */
    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        try {
            this.writeLock.lock();
            if (!$assertionsDisabled && null != inputStream) {
                throw new AssertionError();
            }
            synchronized (this.keyEntries) {
                List<Deposit> dbOperationLoad = dbOperationLoad();
                List<Deposit> dbOperationLoadInactive = dbOperationLoadInactive();
                if (dbOperationLoad == null || dbOperationLoad.size() < 1) {
                    return;
                }
                this.keyEntries.clear();
                MessageDigest keyedMessageDigest = getKeyedMessageDigest(cArr);
                byte[] digest = keyedMessageDigest.digest();
                for (Deposit deposit : dbOperationLoad) {
                    DataInputStream keyedIntegrityCheckedInputStream = getKeyedIntegrityCheckedInputStream(cArr, keyedMessageDigest, digest, deposit);
                    ObjectInputStream objectInputStream = null;
                    try {
                        SecretKeyEntry secretKeyEntry = new SecretKeyEntry();
                        Alias alias = new Alias(deposit);
                        secretKeyEntry.date = deposit.getCreateTime();
                        secretKeyEntry.cipher_field = deposit.getKeyOption().getCipher();
                        secretKeyEntry.bit_length = deposit.getKeyOption().getBitLength();
                        secretKeyEntry.description = deposit.getDescription();
                        secretKeyEntry.version = deposit.getUuid();
                        secretKeyEntry.uuid = deposit.getUuid();
                        List<KeyOptionAttribute> attributes = deposit.getKeyOption().getAttributes();
                        secretKeyEntry.attributes = new HashMap(attributes.size());
                        for (KeyOptionAttribute keyOptionAttribute : attributes) {
                            secretKeyEntry.attributes.put(keyOptionAttribute.getKey(), keyOptionAttribute.getValue());
                        }
                        try {
                            ObjectInputStream objectInputStream2 = new ObjectInputStream(keyedIntegrityCheckedInputStream);
                            secretKeyEntry.sealedDeposit = (SealedObject) objectInputStream2.readObject();
                            ArrayList arrayList = new ArrayList();
                            if (this.keyEntries.containsKey(alias.getName())) {
                                arrayList = (List) this.keyEntries.get(alias.getName());
                            }
                            arrayList.add(secretKeyEntry);
                            this.keyEntries.put(alias.getName(), arrayList);
                            if (this.versionEntries.containsKey(secretKeyEntry.version)) {
                                LOG.trace("Key version [{}] already in cache. ", secretKeyEntry.version);
                            } else {
                                this.versionEntries.put(secretKeyEntry.version, alias.getName());
                                LOG.debug("Key version [{}] added to cache. ", secretKeyEntry.version);
                            }
                            synchronized (this.metaEntries) {
                                this.metaEntries.put(secretKeyEntry.version, new MetadataKeyEntry(secretKeyEntry, deposit.getVersion()));
                            }
                            if (objectInputStream2 != null) {
                                objectInputStream2.close();
                            } else {
                                keyedIntegrityCheckedInputStream.close();
                            }
                        } catch (ClassNotFoundException e) {
                            throw new IOException(e.getMessage());
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            objectInputStream.close();
                        } else {
                            keyedIntegrityCheckedInputStream.close();
                        }
                        throw th;
                    }
                }
                Iterator<Deposit> it = dbOperationLoadInactive.iterator();
                while (it.hasNext()) {
                    this.deletedKeyNames.add(it.next().getAlias());
                }
                this.writeLock.unlock();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private DataInputStream getKeyedIntegrityCheckedInputStream(char[] cArr, MessageDigest messageDigest, byte[] bArr, Deposit deposit) throws IOException {
        ByteArrayInputStream byteArrayInputStream = null;
        byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(deposit.getContent());
        if (parseBase64Binary == null || parseBase64Binary.length <= 0) {
            LOG.error("No Key found for alias " + deposit.getAlias());
        } else {
            byteArrayInputStream = new ByteArrayInputStream(parseBase64Binary);
        }
        if (bArr != null) {
            int i = 0;
            for (int length = bArr.length - 1; length >= 0; length--) {
                if (bArr[length] != parseBase64Binary[parseBase64Binary.length - (1 + i)]) {
                    throw ((IOException) new IOException("Keystore was tampered with, or password was incorrect").initCause(new UnrecoverableKeyException("Password verification failed")));
                }
                i++;
            }
        }
        return cArr != null ? new DataInputStream(new DigestInputStream(byteArrayInputStream, messageDigest)) : new DataInputStream(byteArrayInputStream);
    }

    private List<Deposit> dbOperationLoad() throws IOException {
        try {
            if (this.daoManager != null) {
                return new ClouderaKMSDao(this.daoManager).getAllActiveDeposits();
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private List<Deposit> dbOperationLoadInactive() throws IOException {
        try {
            if (this.daoManager != null) {
                return new ClouderaKMSDao(this.daoManager).getAllInactiveDeposits();
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private Deposit dbOperationFind(String str) throws IOException {
        try {
            if (this.daoManager != null) {
                return new ClouderaKMSDao(this.daoManager).getActiveDeposits(str);
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public String getKeyName(String str) {
        if (str == null || !this.versionEntries.containsKey(str)) {
            return null;
        }
        return this.versionEntries.get(str);
    }

    private MessageDigest getKeyedMessageDigest(char[] cArr) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        byte[] bArr = new byte[cArr.length * 2];
        int i = 0;
        for (int i2 = 0; i2 < cArr.length; i2++) {
            int i3 = i;
            int i4 = i + 1;
            bArr[i3] = (byte) (cArr[i2] >> '\b');
            i = i4 + 1;
            bArr[i4] = (byte) cArr[i2];
        }
        messageDigest.update(bArr);
        for (int i5 = 0; i5 < bArr.length; i5++) {
            bArr[i5] = 0;
        }
        messageDigest.update("Key Trustee Lives".getBytes("UTF8"));
        return messageDigest;
    }

    private void clearDeltaEntries() {
        this.deltaEntries.clear();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearEntries() {
        this.keyEntries.clear();
        this.metaEntries.clear();
        clearDeltaEntries();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Deposit findActiveDepositByVersion(String str) {
        return new ClouderaKMSDao(this.daoManager).findActiveByVersion(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<Deposit> findDepositSeqNumGreaterThan(Long l) {
        return new ClouderaKMSDao(this.daoManager).findVersionsGreaterThan(l);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<DeleteStatusChange> getStatusChangeGreaterThan(Long l) {
        return new ClouderaKMSDao(this.daoManager).findDeleteStatusChangeGreaterThan(l);
    }

    public long handleDeleteDeposit(List<DeleteStatusChange> list) {
        ClouderaKMSDao clouderaKMSDao = new ClouderaKMSDao(this.daoManager);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<DeleteStatusChange> it = list.iterator();
        while (it.hasNext()) {
            String valueOf = String.valueOf(it.next().getDeposit().getUuid());
            if (!statusPresent(valueOf, list.get(0).getOriginalCreationTime().getTime()) && !arrayList2.contains(valueOf)) {
                arrayList.add(clouderaKMSDao.findByVersion(valueOf));
                arrayList2.add(valueOf);
            }
        }
        return clouderaKMSDao.deactivateDeposits(arrayList, list.get(0).getOriginalCreationTime().getTime());
    }

    private boolean statusPresent(String str, long j) {
        boolean z = false;
        if (getStatusChange(str, j) != null) {
            z = true;
        }
        LOG.debug("An entry for depositUUID {} is {}.", str, Boolean.valueOf(z));
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getMaxDepositSeqNum() {
        return new ClouderaKMSDao(this.daoManager).getMaxDepositSeqNam();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long getMaxStatusChangeSeqNum() {
        return new ClouderaKMSDao(this.daoManager).getMaxStatusChangeSeqNum();
    }

    StatusChange getStatusChange(String str, long j) {
        return new ClouderaKMSDao(this.daoManager).getStatusChange(str, j);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List getAllUUIDs() {
        return new ClouderaKMSDao(this.daoManager).getAllUUIDs();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getDepositUUID(String str) {
        return new ClouderaKMSDao(this.daoManager).getDepositUUID(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getAllVersions(String str) {
        return new ClouderaKMSDao(this.daoManager).getVersionsForName(str);
    }

    static {
        $assertionsDisabled = !ClouderaKeyStore.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(ClouderaKeyStore.class);
    }
}
