package org.apache.hadoop.hive.serde2;

import java.io.File;
import java.io.IOException;
import java.util.List;
import java.util.Properties;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.cache.redis.RedisCacheConstants;
import org.apache.hadoop.hive.serde.serdeConstants;
import org.apache.hadoop.hive.serde2.ByteStream;
import org.apache.hadoop.hive.serde2.typeinfo.TypeInfo;
import org.apache.hive.common.util.AESCoder;
import org.apache.hive.common.util.EncryptDecryptUtil;
import org.apache.hive.common.util.HDFSUtils;
import org.apache.hive.common.util.TokenEncryptUtil;

/* loaded from: input_file:org/apache/hadoop/hive/serde2/AESRewriter.class */
public class AESRewriter extends AbstractFieldRewriter {
    private static final Log LOG = LogFactory.getLog(AESRewriter.class);
    private static final String CODER = "coder";
    private static final int FILEPERMISSION = 504;
    private static final String WCC_TYPE = "wcc";
    private static final String SCC_TYPE = "scc";
    private String type;
    private byte[] secretKey = null;
    private IvParameterSpec ivspec;
    private String encodeMode;

    @Override // org.apache.hadoop.hive.serde2.AbstractFieldRewriter, org.apache.hadoop.hive.serde2.FieldRewriter
    public void init(List<String> list, List<TypeInfo> list2, Properties properties, Configuration configuration) throws IOException {
        String var = HiveConf.getVar(configuration, HiveConf.ConfVars.HIVE_KEYCHAIN_DIR);
        if (null == var || var.isEmpty()) {
            LOG.error("Key chain url is empty.");
            return;
        }
        String property = properties.getProperty("name");
        if (null == property || property.isEmpty()) {
            LOG.error("Failed to get table name,propertie value of name is null.");
            return;
        }
        String[] split = property.split("\\.");
        if (split.length != 2) {
            LOG.error("Split in table name should be between 0 and 2.Table name is " + property);
            return;
        }
        String str = split[0];
        String str2 = split[1];
        Path path = new Path(var);
        FileSystem fileSystem = new Path(var).getFileSystem(configuration);
        if (!fileSystem.exists(path)) {
            FsPermission fsPermission = new FsPermission((short) 504);
            fileSystem.mkdirs(path);
            fileSystem.setOwner(path, System.getenv("HIVE_DEFAULT_USER"), System.getenv(RedisCacheConstants.METASTORE_SERVICE_GROUP));
            fileSystem.setPermission(path, fsPermission);
        }
        StringBuilder sb = new StringBuilder();
        sb.append(var);
        sb.append('/');
        sb.append(str);
        sb.append('/');
        sb.append(str2);
        sb.append('/');
        sb.append(CODER);
        String property2 = properties.getProperty(serdeConstants.COLUMN_ENCODE_KEYPATH);
        if (StringUtils.isEmpty(property2)) {
            return;
        }
        String str3 = property2 + File.separator + CODER;
        LOG.info("column encode keyfile is: " + str3);
        Path path2 = new Path(str3);
        try {
        } catch (Exception e) {
            LOG.error("Error while trying to decrypt secret key which read from key chain.", e);
        }
        if (!path2.getFileSystem(configuration).exists(path2)) {
            LOG.warn("AES key file is not exist,database name is :" + str + ",table name is :" + str2);
            return;
        }
        byte[] readSecretKeyFile = HDFSUtils.readSecretKeyFile(path2, configuration);
        if (null == readSecretKeyFile) {
            LOG.error("Content of secret key getting from hdfs is null. ");
            return;
        }
        this.type = properties.getProperty(serdeConstants.COLUMN_ENCODE_TYPE);
        properties.setProperty("fs.defaultFS", configuration.get("fs.defaultFS"));
        if (!WCC_TYPE.equals(this.type) && !SCC_TYPE.equals(this.type)) {
            this.secretKey = AESCoder.doCryption(readSecretKeyFile, AESCoder.initSecondRoundKey(AESRewriter.class.getName().getBytes()), 2);
        } else if (TokenEncryptUtil.isInHiveServer()) {
            String decrypt = EncryptDecryptUtil.decrypt(new String(readSecretKeyFile, "utf-8"));
            this.secretKey = EncryptDecryptUtil.parseHexStr2Byte(decrypt);
            this.ivspec = new IvParameterSpec(this.secretKey, 0, 16);
            String str4 = properties.getProperty("name") + TokenEncryptUtil.SECRET_KEY;
            if (configuration.get(str4) == null || !decrypt.equals(configuration.get(str4))) {
                configuration.set(str4, decrypt);
                if (configuration instanceof HiveConf) {
                    ((HiveConf) configuration).setSparkConfigUpdated(true);
                }
            }
        } else if (TokenEncryptUtil.isInTezChild()) {
            this.secretKey = EncryptDecryptUtil.parseHexStr2Byte(getTezSecretKey(properties));
            this.ivspec = new IvParameterSpec(this.secretKey, 0, 16);
        } else {
            this.secretKey = EncryptDecryptUtil.parseHexStr2Byte(getSecretKeyFromContext(properties));
            this.ivspec = new IvParameterSpec(this.secretKey, 0, 16);
        }
        LOG.info("**** initialize secret key successful. ****");
    }

    @Override // org.apache.hadoop.hive.serde2.AbstractFieldRewriter, org.apache.hadoop.hive.serde2.FieldRewriter
    public void encode(int i, ByteStream.Input input, ByteStream.Output output) throws IOException {
        if (null == this.secretKey) {
            LOG.error("Secret key of AES is null,encode column fails.");
            return;
        }
        try {
            output.write(Base64.encodeBase64((WCC_TYPE.equals(this.type) || SCC_TYPE.equals(this.type)) ? AESCoder.doCryptionCBC(input.toBytes(), this.secretKey, this.ivspec, 1) : AESCoder.doCryption(input.toBytes(), this.secretKey, 1)));
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Override // org.apache.hadoop.hive.serde2.AbstractFieldRewriter, org.apache.hadoop.hive.serde2.FieldRewriter
    public void decode(int i, ByteStream.Input input, ByteStream.Output output) throws IOException {
        byte[] bytes = input.toBytes();
        if (null == this.secretKey) {
            LOG.error("Secret key of AES is null,decode column fails.");
            return;
        }
        try {
            byte[] decodeBase64 = Base64.decodeBase64(bytes);
            output.write((WCC_TYPE.equals(this.type) || SCC_TYPE.equals(this.type)) ? AESCoder.doCryptionCBC(decodeBase64, this.secretKey, this.ivspec, 2) : AESCoder.doCryption(decodeBase64, this.secretKey, 2));
        } catch (Exception e) {
            throw new IOException(e);
        }
    }
}
