package com.cloudera.cmf.security;

import com.cloudera.api.dao.impl.RedirectLinkGenerator;
import com.cloudera.cmf.Constants;
import com.google.common.base.Preconditions;
import com.google.common.collect.Maps;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/cloudera/cmf/security/CmfKeyStore.class */
public class CmfKeyStore {
    private final char[] password;
    private KeyStore keyStore;

    public CmfKeyStore(String str, String str2) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        this(str, str2, null);
    }

    public CmfKeyStore(String str, String str2, byte[] bArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        Preconditions.checkNotNull(str);
        this.password = str.toCharArray();
        this.keyStore = KeyStore.getInstance(str2);
        load(bArr);
    }

    private void load(byte[] bArr) throws CertificateException, NoSuchAlgorithmException, IOException {
        ByteArrayInputStream byteArrayInputStream = null;
        if (bArr != null) {
            byteArrayInputStream = new ByteArrayInputStream(bArr);
        }
        this.keyStore.load(byteArrayInputStream, this.password);
    }

    public void add(String str, String str2) throws UnsupportedEncodingException, KeyStoreException {
        String str3 = "AES";
        if (Constants.FIPS_COMPLIANT_MODE) {
            str3 = "HMACSHA512";
            String str4 = Constants.ALT_FIPS_CIPHER_ALGO;
            if (!StringUtils.isEmpty(str4)) {
                str3 = str4;
            }
        }
        this.keyStore.setKeyEntry(str, new SecretKeySpec(str2.getBytes(RedirectLinkGenerator.ENCODE_SCHEME), str3), this.password, null);
    }

    public byte[] encrypt() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        this.keyStore.store(byteArrayOutputStream, this.password);
        return byteArrayOutputStream.toByteArray();
    }

    public Map<String, Key> decrypt() throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, UnrecoverableKeyException {
        HashMap newHashMap = Maps.newHashMap();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Preconditions.checkState(this.keyStore.isKeyEntry(nextElement), "only key entries are supported");
            newHashMap.put(nextElement, this.keyStore.getKey(nextElement, this.password));
        }
        return newHashMap;
    }

    public boolean equalsDecrypted(CmfKeyStore cmfKeyStore) throws UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        if (this == cmfKeyStore) {
            return true;
        }
        try {
            return Maps.difference(decrypt(), cmfKeyStore.decrypt()).areEqual();
        } catch (IOException e) {
            return false;
        }
    }
}
