package org.apache.parquet.crypto.keytools;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hudi.common.util.StringUtils;
import org.apache.hudi.common.util.collection.Pair;
import org.apache.hudi.exception.HoodieEncryptionException;
import org.apache.hudi.exception.HoodieIOException;
import org.apache.hudi.kms.AESEK;
import org.apache.hudi.kms.KerberosEntity;
import org.apache.hudi.kms.KmsEntity;
import org.apache.hudi.kms.RangerKmsClient;
import org.apache.hudi.org.apache.hadoop.hbase.util.Addressing;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.apache.parquet.crypto.KeyAccessDeniedException;
import org.apache.parquet.crypto.ParquetCryptoRuntimeException;

/* loaded from: input_file:org/apache/parquet/crypto/keytools/HuaweiKmsClient.class */
public class HuaweiKmsClient implements KmsClient {
    private String userName;
    private transient RangerKmsClient rangerKmsClient;
    private transient Map<String, Pair<String, AESEK>> masterKeyMap = new HashMap();
    private static final Logger LOG = LogManager.getLogger(HuaweiKmsClient.class);
    private static final AESEK AESEK_FOOTER = new AESEK(KmsHelper.ENCRYPTION_FOOTER_VALUE, new byte[]{91, 41, 73, -113, -120, 36, 69, 82, -79, -127, 7, 124, 55, 22, -118, -111}, new byte[]{55, 4, -67, -25, -63, -119, 99, 61, 81, 24, -96, 57, -29, -101, -52, -34, 100, -68, -37, 83, -127, 47, 84, 78, 63, 119, -93, -29, 100, 108, -20, -86});

    public synchronized void initialize(Configuration configuration, String str, String str2, String str3) throws KeyAccessDeniedException {
        String[] split = configuration.get(KmsHelper.PARQUET_KMS_INSTANCE_URL).split(Addressing.HOSTNAME_PORT_SEPARATOR);
        try {
            this.userName = UserGroupInformation.getCurrentUser().getShortUserName();
            this.rangerKmsClient = new RangerKmsClient(new KmsEntity(split[0], split[1], this.userName), new KerberosEntity(), true);
            String[] split2 = configuration.get(KmsHelper.ENCRYPTION_COLUMN_KEY_IDS).split(";");
            String[] split3 = configuration.get(KmsHelper.ENCRYPTION_COLUMN_KEYS).split(";");
            LOG.debug("current parquet: parquet.encryption.key.ids:  " + configuration.get(KmsHelper.ENCRYPTION_COLUMN_KEY_IDS));
            LOG.debug("current parquet: parquet.encryption.column.keys:  " + configuration.get(KmsHelper.ENCRYPTION_COLUMN_KEYS));
            for (int i = 0; i < split2.length; i++) {
                try {
                    String[] split4 = split2[i].trim().split(Addressing.HOSTNAME_PORT_SEPARATOR);
                    String[] split5 = split3[i].trim().split(Addressing.HOSTNAME_PORT_SEPARATOR);
                    if (split4.length != 2) {
                        throw new IllegalArgumentException("Key '" + split2[i] + "' is not formatted correctly");
                    }
                    if (split5.length != 2) {
                        throw new IllegalArgumentException("Key '" + split3[i] + "' is not formatted correctly");
                    }
                    String trim = split4[0].trim();
                    String trim2 = split5[0].trim();
                    if (!this.masterKeyMap.containsKey(trim2)) {
                        String str4 = configuration.get(KmsHelper.PARQUET_KMS_AES_EKS + trim);
                        if (StringUtils.isNullOrEmpty(str4)) {
                            throw new IllegalArgumentException("ase for column: '" + split3[i] + "' aes key is not found in current env");
                        }
                        this.masterKeyMap.put(trim2, Pair.of(trim, str4.equals("dump") ? AESEK_FOOTER : (AESEK) AESEK.fromJsonString(configuration.get(KmsHelper.PARQUET_KMS_AES_EKS + trim), AESEK.class)));
                    }
                } catch (Exception e) {
                    throw new HoodieEncryptionException("failed to initialize Kms client", e);
                }
            }
            LOG.info("init ranger kms client finished");
        } catch (IOException e2) {
            throw new HoodieIOException("failed to get login user", e2);
        }
    }

    public synchronized String wrapKey(byte[] bArr, String str) throws KeyAccessDeniedException {
        Pair<String, AESEK> of = str.equals(KmsHelper.ENCRYPTION_FOOTER_VALUE) ? Pair.of("dump", AESEK_FOOTER) : this.masterKeyMap.get(str);
        if (null == of) {
            throw new ParquetCryptoRuntimeException("Key not found: " + of);
        }
        try {
            this.rangerKmsClient.getKmsEntity().setKeyId(of.getLeft());
            return this.rangerKmsClient.encrypt(bArr, of.getRight());
        } catch (Exception e) {
            throw new KeyAccessDeniedException(String.format("failed to encrypt eek for current user: %s", this.userName), e);
        }
    }

    public synchronized byte[] unwrapKey(String str, String str2) throws KeyAccessDeniedException {
        Pair<String, AESEK> of = str2.equals(KmsHelper.ENCRYPTION_FOOTER_VALUE) ? Pair.of("dump", AESEK_FOOTER) : this.masterKeyMap.get(str2);
        try {
            if (null == of) {
                throw new ParquetCryptoRuntimeException("Key not found: " + of);
            }
            try {
                this.rangerKmsClient.getKmsEntity().setKeyId(of.getLeft());
                return this.rangerKmsClient.decrypt(str, of.getRight());
            } catch (Exception e) {
                throw new KeyAccessDeniedException(String.format("failed to encrypt eek for current user: %s", this.userName), e);
            }
        } catch (Exception e2) {
            throw new KeyAccessDeniedException(String.format("failed to encrypt eek for current user: %s", this.userName), e2);
        }
    }
}
