package org.apache.hive.common.util;

import com.huawei.hadoop.security.crypter.AppProperties;
import com.huawei.hadoop.security.crypter.AppRuntimeException;
import com.huawei.hadoop.security.crypter.CrypterUtil;
import com.huawei.hadoop.security.crypter.EncryptDecryptException;
import com.huawei.hadoop.security.crypter.ShellUtil;
import com.huawei.hadoop.security.crypter.util.KeyGen;
import com.huawei.us.common.random.UsSecureRandom;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import jodd.util.StringPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hive/common/util/EncryptDecryptUtil.class */
public class EncryptDecryptUtil {
    private static final Logger LOG = LoggerFactory.getLogger(EncryptDecryptUtil.class);
    private static final String CERT_PWD_PATH = "CERT_PWD_PATH";
    private static final String ENCRYPTED_SUFFIX = "(encrypted)";

    public static String encrypt(String str) {
        if (null == str) {
            LOG.error("The input is null.");
            return null;
        }
        try {
            return CustomEncryptDecryptUtil.isCustomEncryptDecryptAvailable ? CustomEncryptDecryptUtil.customEncrypt(str) : CrypterUtil.encrypt(str);
        } catch (Exception e) {
            LOG.error("Failed to encode.", e);
            return null;
        }
    }

    public static String decrypt(String str) {
        if (null == str) {
            LOG.error("The input is null.");
            return null;
        }
        try {
            return CustomEncryptDecryptUtil.isCustomEncryptDecryptAvailable ? CustomEncryptDecryptUtil.customDecrypt(str) : CrypterUtil.decrypt(str);
        } catch (Exception e) {
            LOG.error("Failed to decode.", e);
            return null;
        }
    }

    public static String encrypt(String str, String str2) {
        if (null == str || null == str2) {
            LOG.error("The input or password is null.");
            return null;
        }
        try {
            return CustomEncryptDecryptUtil.isCustomEncryptDecryptAvailable ? CustomEncryptDecryptUtil.customEncrypt(str, str2) : encryptCbc(str, str2);
        } catch (Exception e) {
            LOG.error("Failed to encode.", e);
            return null;
        }
    }

    public static String decrypt(String str, String str2) {
        if (null == str || null == str2) {
            LOG.error("The input or password is null.");
            return null;
        }
        try {
            if (CustomEncryptDecryptUtil.isCustomEncryptDecryptAvailable) {
                return CustomEncryptDecryptUtil.customDecrypt(str, str2);
            }
            if (str2.endsWith(ENCRYPTED_SUFFIX)) {
                str2 = decryptSparkSecret(str2);
            }
            return decryptCbc(str, str2);
        } catch (Exception e) {
            LOG.error("Failed to decode.", e);
            return null;
        }
    }

    public static String parseByte2HexStr(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                hexString = '0' + hexString;
            }
            sb.append(hexString.toUpperCase());
        }
        return sb.toString();
    }

    public static byte[] parseHexStr2Byte(String str) {
        if (str.length() < 1) {
            return null;
        }
        byte[] bArr = new byte[str.length() / 2];
        for (int i = 0; i < str.length() / 2; i++) {
            bArr[i] = (byte) ((Integer.parseInt(str.substring(i * 2, (i * 2) + 1), 16) * 16) + Integer.parseInt(str.substring((i * 2) + 1, (i * 2) + 2), 16));
        }
        return bArr;
    }

    public static String parseDecryptedPwd() {
        return decrypt(getCertPwd());
    }

    public static String getCertPwd() {
        String str = System.getenv(CERT_PWD_PATH);
        if (null == str) {
            LOG.error("The env \"CERT_PWD_PATH\" is null.");
            return null;
        }
        try {
            FileReader fileReader = null;
            BufferedReader bufferedReader = null;
            try {
                try {
                    fileReader = new FileReader(new File(str.trim()).getCanonicalPath());
                    bufferedReader = new BufferedReader(fileReader);
                    String readLine = bufferedReader.readLine();
                    String trim = readLine == null ? "" : readLine.trim();
                    if (null != bufferedReader) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                        }
                    }
                    if (null != fileReader) {
                        try {
                            fileReader.close();
                        } catch (IOException e2) {
                        }
                    }
                    int indexOf = trim.indexOf(StringPool.EQUALS);
                    if (-1 == indexOf || indexOf == trim.length() - 1) {
                        LOG.error("The encrypted key does not contain '=' or '=' is the last char, = index:{}", Integer.valueOf(indexOf));
                        return null;
                    }
                    LOG.info("get certKey successful");
                    return trim.substring(indexOf + 1);
                } catch (Throwable th) {
                    if (null != bufferedReader) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                        }
                    }
                    if (null != fileReader) {
                        try {
                            fileReader.close();
                        } catch (IOException e4) {
                        }
                    }
                    throw th;
                }
            } catch (IOException e5) {
                LOG.error("Read certKey from file failed.", e5);
                if (null != bufferedReader) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e6) {
                    }
                }
                if (null != fileReader) {
                    try {
                        fileReader.close();
                    } catch (IOException e7) {
                    }
                }
                return null;
            }
        } catch (IOException e8) {
            LOG.error("Canonical path failed.", e8);
            return null;
        }
    }

    private static byte[] genIV() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[16];
        UsSecureRandom.getInstance().nextBytes(bArr);
        return bArr;
    }

    private static byte[] join(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static int getKeyLength() {
        String str = AppProperties.get("crypt_aes_cbc_key_length");
        if (null == str) {
            str = AppProperties.get("crypt_keygen_key_length");
            if (null == str) {
                return 256;
            }
        }
        try {
            int parseInt = Integer.parseInt(str);
            if (parseInt == 128 || parseInt == 192 || parseInt == 256) {
                return parseInt;
            }
            throw new AppRuntimeException("Config Error. Key Length should be 128, 192 or 256");
        } catch (NumberFormatException e) {
            throw new AppRuntimeException("NumberFormatException. Please check config: crypt_aes_cbc_key_length");
        }
    }

    private static byte[] genSalt() throws AppRuntimeException {
        try {
            byte[] bArr = new byte[16];
            UsSecureRandom.getInstance().nextBytes(bArr);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new AppRuntimeException(e);
        }
    }

    private static String encryptCbc(String str, String str2) throws Exception {
        byte[] genIV = genIV();
        byte[] genSalt = genSalt();
        SecretKeySpec secretKeySpec = new SecretKeySpec(KeyGen.genKey(str2, genSalt, getKeyLength(), KeyGen.getIterationCount()).getEncoded(), "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, secretKeySpec, new IvParameterSpec(genIV));
        return parseByte2HexStr(join(join(genIV, genSalt), cipher.doFinal(str.getBytes())));
    }

    private static String decryptCbc(String str, String str2) throws Exception {
        byte[] parseHexStr2Byte = parseHexStr2Byte(str);
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[parseHexStr2Byte.length - 32];
        System.arraycopy(parseHexStr2Byte, 0, bArr, 0, 16);
        System.arraycopy(parseHexStr2Byte, 16, bArr2, 0, 16);
        System.arraycopy(parseHexStr2Byte, 32, bArr3, 0, bArr3.length);
        SecretKeySpec secretKeySpec = new SecretKeySpec(KeyGen.genKey(str2, bArr2, getKeyLength(), KeyGen.getIterationCount()).getEncoded(), "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return new String(cipher.doFinal(bArr3), "UTF-8");
    }

    private static String decryptSparkSecret(String str) throws EncryptDecryptException {
        return (str == null || !str.endsWith(ENCRYPTED_SUFFIX)) ? str : ShellUtil.decrypt(str.substring(0, str.lastIndexOf(ENCRYPTED_SUFFIX)));
    }
}
