package com.cloudera.keytrustee.hsm;

import com.cloudera.keytrustee.HSMKeyProvider;
import com.cloudera.keytrustee.entity.MetaBlob;
import com.cloudera.keytrustee.util.HSMKeyProviderConfiguration;
import com.ncipher.provider.km.nCipherKM;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/cloudera/keytrustee/hsm/nCipherHelper.class */
public class nCipherHelper extends HsmHelper {
    public static final String SCHEME_NAME = "ncipher.sworld";
    public static final String THALES_BLOB_PREFIX = "key_jcecsp_";
    public static final String THALES_BLOB_FILENAME_SUFFIX_KEY = "THALES_BLOB_FILENAME";
    public static final String THALES_BLOB_DATA_ATTRIBUTE_KEY = "THALES_BLOB_DATA";
    public static final String THALES_KEYSTORE_ID_ATTRIBUTE_KEY = "THALES_KEYSTORE_ID";
    private static final Logger LOG = LoggerFactory.getLogger(nCipherHelper.class);
    private String keyStoreId;
    private boolean dirtyKeyStoreId;
    private String kmDataLocalDir;
    Map<String, String> jceAliasToBlobFilenameSuffixMap;
    Map<String, byte[]> blobFilenameSuffixToBlobMap;

    public nCipherHelper(HSMKeyProviderConfiguration hSMKeyProviderConfiguration) throws IOException {
        this(hSMKeyProviderConfiguration.getHSMPassword(), hSMKeyProviderConfiguration.getThalesDataDir());
    }

    nCipherHelper(String str, String str2) throws IOException {
        super(new nCipherKM(), str);
        this.dirtyKeyStoreId = false;
        this.jceAliasToBlobFilenameSuffixMap = new HashMap();
        this.blobFilenameSuffixToBlobMap = new HashMap();
        this.keyStoreId = null;
        this.kmDataLocalDir = str2;
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public final void setKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        super.setKeyEntry(str, key, cArr, certificateArr);
        try {
            this.jceAliasToBlobFilenameSuffixMap.put(str, super.getKeyStore().getKey(str, cArr).getKey().getIdent());
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeyStoreException(e);
        }
    }

    public String getBlobFilenameSuffixFromHSMKeyName(String str) {
        return this.jceAliasToBlobFilenameSuffixMap.get(str);
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void addToBlobFilenameSuffixMap(String str, String str2) {
        if (null == str || this.jceAliasToBlobFilenameSuffixMap.containsKey(str)) {
            LOG.warn("Attempt to add mapping from HSM JCE Key Name [" + str + "] to filename suffix [" + str2 + "] failed. Mapping already exists to [" + this.jceAliasToBlobFilenameSuffixMap.get(str) + "].");
        } else {
            this.jceAliasToBlobFilenameSuffixMap.put(str, str2);
        }
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void refreshDepositGroupRuntimeState() throws IOException {
        this.keyStoreId = super.loadHSMHelperDepositGroupAttribute(THALES_KEYSTORE_ID_ATTRIBUTE_KEY);
        MetaBlob metaBlob = this.metaBlob;
        if (null == metaBlob || null == this.keyStoreId) {
            return;
        }
        if (!this.keyStoreId.equals(metaBlob.getName())) {
            LOG.error("Passed metablob name [{}] does not equal keystore id [{}].", metaBlob.getName(), this.keyStoreId);
            return;
        }
        String blobFileLocationForSuffix = getBlobFileLocationForSuffix(this.keyStoreId);
        if (new File(blobFileLocationForSuffix).exists()) {
            return;
        }
        LOG.info("KeyStore Blob File [{}] does not exist. Creating.", blobFileLocationForSuffix);
        putBlobBytesToFile(metaBlob.getBlob(), blobFileLocationForSuffix);
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void saveKeyFile(MetaBlob metaBlob) throws IOException {
        super.saveKeyFile(metaBlob);
        String blobFileLocationForSuffix = getBlobFileLocationForSuffix(metaBlob.getName());
        if (new File(blobFileLocationForSuffix).exists()) {
            return;
        }
        LOG.info("KeyStore Blob File [{}] does not exist. Creating.", blobFileLocationForSuffix);
        putBlobBytesToFile(metaBlob.getBlob(), blobFileLocationForSuffix);
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void updateAttributesAfterHsmStore(Map<String, String> map) throws IOException {
        if (map.containsKey(HSMKeyProvider.HSM_KEY_NAME_KEY)) {
            map.put(THALES_BLOB_FILENAME_SUFFIX_KEY, this.jceAliasToBlobFilenameSuffixMap.get(map.get(HSMKeyProvider.HSM_KEY_NAME_KEY)));
        }
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public MetaBlob getMetaBlobForHsmKeyName(String str) throws IOException {
        String str2 = this.jceAliasToBlobFilenameSuffixMap.get(str);
        return new MetaBlob(str2, getBlobBytesFromFile(getBlobFileLocationForSuffix(str2)));
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void loadKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException {
        super.loadKeyStore();
        storeKeyStore();
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    public void storeKeyStore() throws CertificateException, NoSuchAlgorithmException, IOException {
        super.storeKeyStore();
        verifyKeyStoreIdAndWriteLocalData();
        if (this.dirtyKeyStoreId) {
            String str = this.keyStoreId;
            String blobFileLocationForSuffix = getBlobFileLocationForSuffix(this.keyStoreId);
            byte[] blobBytesFromFile = getBlobBytesFromFile(blobFileLocationForSuffix);
            if (null == blobBytesFromFile) {
                throw new IOException("Could not retrieve Thales blob data [" + blobFileLocationForSuffix + "]");
            }
            setMetaBlob(new MetaBlob(str, blobBytesFromFile));
            super.storeHSMHelperDepositGroupAttribute(THALES_KEYSTORE_ID_ATTRIBUTE_KEY, this.keyStoreId, this.metaBlob);
            if (LOG.isInfoEnabled()) {
                LOG.info("Thales Keystore id [" + this.keyStoreId + "] stored in database.");
            }
        }
    }

    public static byte[] getBlobBytesFromFile(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        byte[] bArr = new byte[fileInputStream.available()];
        fileInputStream.read(bArr);
        fileInputStream.close();
        return bArr;
    }

    public static void putBlobBytesToFile(byte[] bArr, String str) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(bArr);
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    public String getBlobFileLocationForSuffix(String str) {
        return this.kmDataLocalDir + File.separator + THALES_BLOB_PREFIX + str;
    }

    private void verifyKeyStoreIdAndWriteLocalData() throws IOException, NoSuchAlgorithmException, CertificateException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(40);
        try {
            super.getKeyStore().store(byteArrayOutputStream, this.password.toCharArray());
            String byteArrayOutputStream2 = byteArrayOutputStream.toString();
            if (null != this.keyStoreId) {
                if (!this.keyStoreId.equals(byteArrayOutputStream.toString())) {
                    throw new IOException("Loaded Thales key store id [" + byteArrayOutputStream2 + "] doesn't match stored key store id [" + this.keyStoreId + "].");
                }
                return;
            }
            this.keyStoreId = byteArrayOutputStream.toString();
            this.dirtyKeyStoreId = true;
            if (LOG.isInfoEnabled()) {
                LOG.info("Thales Keystore id updated from null to [" + this.keyStoreId + "].");
            }
        } catch (KeyStoreException e) {
            throw new IOException("Could not retrieve Thales key store id: " + e.getMessage(), e);
        }
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    protected InputStream getKeyStoreInitializer() {
        ByteArrayInputStream byteArrayInputStream = null;
        if (null != this.keyStoreId) {
            byteArrayInputStream = new ByteArrayInputStream(getKeyStoreId().getBytes());
        }
        return byteArrayInputStream;
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    protected String getScheme() {
        return SCHEME_NAME;
    }

    @Override // com.cloudera.keytrustee.hsm.HsmHelper
    protected SecureRandom getSecureRandom() throws NoSuchAlgorithmException, NoSuchProviderException {
        return SecureRandom.getInstance("RNG", "nCipherKM");
    }

    private String getKeyStoreId() {
        return this.keyStoreId;
    }
}
