package org.apache.hadoop.hive.ql.udf.generic;

import com.huawei.us.common.random.UsSecureRandom;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.hive.ql.exec.Description;
import org.apache.hadoop.hive.ql.exec.UDFArgumentException;
import org.apache.hadoop.hive.ql.metadata.HiveException;
import org.apache.hadoop.hive.ql.udf.generic.GenericUDF;
import org.apache.hadoop.hive.serde2.objectinspector.ConstantObjectInspector;
import org.apache.hadoop.hive.serde2.objectinspector.ObjectInspector;
import org.apache.hadoop.hive.serde2.objectinspector.ObjectInspectorConverters;
import org.apache.hadoop.hive.serde2.objectinspector.PrimitiveObjectInspector;
import org.apache.hadoop.hive.serde2.objectinspector.primitive.PrimitiveObjectInspectorFactory;
import org.apache.hadoop.hive.serde2.objectinspector.primitive.PrimitiveObjectInspectorUtils;
import org.apache.hadoop.io.BytesWritable;
import org.apache.hadoop.io.Text;

@Description(name = "secure_aes_encrypt", value = "_FUNC_(input string/binary, key string/binary) - Encrypt input using AES.", extended = "AES (Advanced Encryption Standard) algorithm. Example: > SELECT base64(_FUNC_('ABC', '1234567890123456'));\n 'y6Ss+zCYObpCbgfWfyNWTw=='")
/* loaded from: input_file:org/apache/hadoop/hive/ql/udf/generic/GenericUDFSecureAesEncrypt.class */
public class GenericUDFSecureAesEncrypt extends GenericUDF {
    protected transient ObjectInspectorConverters.Converter[] converters = new ObjectInspectorConverters.Converter[2];
    protected transient PrimitiveObjectInspector.PrimitiveCategory[] inputTypes = new PrimitiveObjectInspector.PrimitiveCategory[2];
    protected final BytesWritable output = new BytesWritable();
    protected transient boolean isStr0;
    protected transient boolean isStr1;
    protected transient boolean isKeyConstant;
    protected transient Cipher cipher;
    protected transient String password;

    @Override // org.apache.hadoop.hive.ql.udf.generic.GenericUDF
    public ObjectInspector initialize(ObjectInspector[] objectInspectorArr) throws UDFArgumentException {
        checkArgsSize(objectInspectorArr, 2, 2);
        checkArgPrimitive(objectInspectorArr, 0);
        checkArgPrimitive(objectInspectorArr, 1);
        if (canParam0BeStr()) {
            checkArgGroups(objectInspectorArr, 0, this.inputTypes, PrimitiveObjectInspectorUtils.PrimitiveGrouping.STRING_GROUP, PrimitiveObjectInspectorUtils.PrimitiveGrouping.BINARY_GROUP);
        } else {
            checkArgGroups(objectInspectorArr, 0, this.inputTypes, PrimitiveObjectInspectorUtils.PrimitiveGrouping.BINARY_GROUP);
        }
        checkArgGroups(objectInspectorArr, 1, this.inputTypes, PrimitiveObjectInspectorUtils.PrimitiveGrouping.STRING_GROUP, PrimitiveObjectInspectorUtils.PrimitiveGrouping.BINARY_GROUP);
        boolean z = PrimitiveObjectInspectorUtils.getPrimitiveGrouping(this.inputTypes[0]) == PrimitiveObjectInspectorUtils.PrimitiveGrouping.STRING_GROUP;
        this.isStr0 = z;
        if (z) {
            obtainStringConverter(objectInspectorArr, 0, this.inputTypes, this.converters);
        } else {
            GenericUDFParamUtils.obtainBinaryConverter(objectInspectorArr, 0, this.inputTypes, this.converters);
        }
        this.isKeyConstant = objectInspectorArr[1] instanceof ConstantObjectInspector;
        if (!this.isKeyConstant) {
            throw new UDFArgumentException("key must be input");
        }
        byte[] bArr = null;
        boolean z2 = PrimitiveObjectInspectorUtils.getPrimitiveGrouping(this.inputTypes[1]) == PrimitiveObjectInspectorUtils.PrimitiveGrouping.STRING_GROUP;
        this.isStr1 = z2;
        if (z2) {
            String constantStringValue = getConstantStringValue(objectInspectorArr, 1);
            if (constantStringValue != null) {
                bArr = constantStringValue.getBytes();
            }
        } else {
            BytesWritable constantBytesValue = GenericUDFParamUtils.getConstantBytesValue(objectInspectorArr, 1);
            if (constantBytesValue != null) {
                bArr = constantBytesValue.getBytes();
            }
        }
        this.password = new String(bArr);
        try {
            this.cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            return PrimitiveObjectInspectorFactory.writableBinaryObjectInspector;
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.hadoop.hive.ql.udf.generic.GenericUDF
    public Object evaluate(GenericUDF.DeferredObject[] deferredObjectArr) throws HiveException {
        byte[] bytes;
        byte[] aesFunction;
        if (this.isStr0) {
            Text textValue = GenericUDFParamUtils.getTextValue(deferredObjectArr, 0, this.converters);
            if (textValue == null) {
                return null;
            }
            bytes = textValue.getBytes();
        } else {
            BytesWritable binaryValue = GenericUDFParamUtils.getBinaryValue(deferredObjectArr, 0, this.converters);
            if (binaryValue == null) {
                return null;
            }
            bytes = binaryValue.getBytes();
        }
        if (bytes == null || (aesFunction = aesFunction(bytes)) == null) {
            return null;
        }
        this.output.set(aesFunction, 0, aesFunction.length);
        return this.output;
    }

    protected byte[] aesFunction(byte[] bArr) {
        try {
            byte[] genIV = genIV();
            byte[] genSalt = genSalt();
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(this.password.toCharArray(), genSalt, 65536, 256)).getEncoded(), "AES");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(genIV));
            return parseByte2HexStr(join(join(genIV, genSalt), cipher.doFinal(bArr))).getBytes();
        } catch (Exception e) {
            return null;
        }
    }

    private byte[] join(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    public String parseByte2HexStr(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                hexString = '0' + hexString;
            }
            sb.append(hexString.toUpperCase());
        }
        return sb.toString();
    }

    protected boolean canParam0BeStr() {
        return true;
    }

    private byte[] genIV() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[16];
        UsSecureRandom.getInstance().nextBytes(bArr);
        return bArr;
    }

    private byte[] genSalt() throws NoSuchAlgorithmException {
        try {
            byte[] bArr = new byte[16];
            UsSecureRandom.getInstance().nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.hive.ql.udf.generic.GenericUDF
    public String getFuncName() {
        return "secure_aes_encrypt";
    }

    @Override // org.apache.hadoop.hive.ql.udf.generic.GenericUDF
    public String getDisplayString(String[] strArr) {
        return getStandardDisplayString(getFuncName(), strArr);
    }
}
