package org.apache.parquet.crypto.keytools;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hudi.common.model.HoodieRecord;
import org.apache.hudi.common.table.timeline.HoodieTimeline;
import org.apache.hudi.common.util.CollectionUtils;
import org.apache.hudi.common.util.StringUtils;
import org.apache.hudi.exception.HoodieEncryptionException;
import org.apache.hudi.exception.HoodieException;
import org.apache.hudi.kms.EncryptEk;
import org.apache.hudi.kms.KerberosEntity;
import org.apache.hudi.kms.KmsEntity;
import org.apache.hudi.kms.RangerKmsClient;

/* loaded from: input_file:org/apache/parquet/crypto/keytools/KmsHelper.class */
public class KmsHelper {
    public static final String CRYPTO_FACTORY_CLASS = "parquet.crypto.factory.class";
    public static final String DEFAULT_FACTORY_CLASS = "org.apache.parquet.crypto.keytools.HuaweiPropertiesDrivenCryptoFactory";
    public static final String ENCRYPTION_KMS_CLIENT_CLASS = "parquet.encryption.kms.client.class";
    public static final String DEFAULT_ENCRYPTION_KMS_CLIENT_CLASS = "org.apache.parquet.crypto.keytools.HuaweiKmsClient";
    public static final String ENCRYPTION_COLUMN_KEYS = "parquet.encryption.column.keys";
    public static final String ENCRYPTION_FOOTER_KEY = "parquet.encryption.footer.key";
    public static final String ENCRYPTION_FOOTER_VALUE = "footer";
    public static final String PARQUET_KMS_INSTANCE_URL = "parquet.kms.instance.url";
    public static final String ENCRYPTION_COLUMN_KEY_IDS = "parquet.encryption.key.ids";
    public static final String PARQUET_KMS_AES_EKS = "parquet.kms.aes.eks";
    public static final Map<String, String> KMS_CACHE_CLEAR = new HashMap();
    public static final List<String> ENCRYPTION_KEYS;

    public static Map<String, String> setUpEncryptionParameters(Map<String, String> map) {
        return setUpEncryptionParameters(map, Collections.emptyList(), Collections.emptyList());
    }

    public static Map<String, String> setUpEncryptionParameters(Map<String, String> map, List<String> list, List<String> list2) {
        String str = map.get(ENCRYPTION_COLUMN_KEYS);
        if (StringUtils.isNullOrEmpty(str)) {
            return map;
        }
        HashMap hashMap = new HashMap();
        hashMap.putAll(map);
        String str2 = (String) hashMap.get(PARQUET_KMS_INSTANCE_URL);
        if (StringUtils.isNullOrEmpty(str2)) {
            throw new HoodieException("Kms address must be specified for encryption table");
        }
        String[] split = str.split(";");
        StringBuffer stringBuffer = new StringBuffer();
        HashMap hashMap2 = new HashMap();
        hashMap.put(ENCRYPTION_FOOTER_KEY, ENCRYPTION_FOOTER_VALUE);
        for (int i = 0; i < split.length; i++) {
            String[] split2 = split[i].trim().split(":");
            if (split2.length != 2) {
                throw new IllegalArgumentException("Key '" + split[i] + "' is not formatted correctly");
            }
            String trim = split2[0].trim();
            String trim2 = split2[1].trim();
            Arrays.stream(trim2.split(",")).forEach(str3 -> {
                if (!list.contains(str3)) {
                    throw new HoodieEncryptionException(String.format("encryption column %s should exists in hudi table", str3));
                }
                if (list2.contains(str3) || HoodieRecord.HOODIE_META_COLUMNS.contains(str3)) {
                    throw new HoodieEncryptionException(String.format("partition column or hoodie meta column not support encryption", new Object[0]));
                }
            });
            if (!hashMap2.containsKey(trim)) {
                hashMap2.put(trim, getEk(str2, trim));
            }
            stringBuffer.append(((String) hashMap2.get(trim)) + ":" + trim2 + ";");
        }
        hashMap.put(ENCRYPTION_COLUMN_KEY_IDS, str);
        hashMap.put(ENCRYPTION_COLUMN_KEYS, stringBuffer.substring(0, stringBuffer.length() - 1));
        if (!hashMap.containsKey(CRYPTO_FACTORY_CLASS)) {
            hashMap.put(CRYPTO_FACTORY_CLASS, DEFAULT_FACTORY_CLASS);
        }
        if (!hashMap.containsKey(ENCRYPTION_KMS_CLIENT_CLASS)) {
            hashMap.put(ENCRYPTION_KMS_CLIENT_CLASS, DEFAULT_ENCRYPTION_KMS_CLIENT_CLASS);
        }
        return hashMap;
    }

    public static Map<String, String> getEncryptionMap(Map<String, String> map) throws Exception {
        return getEncryptionMap(map, Collections.emptyList());
    }

    public static Map<String, String> getEncryptionMap(Map<String, String> map, List<String> list) throws Exception {
        HashMap hashMap = new HashMap();
        if (StringUtils.isNullOrEmpty(map.get(ENCRYPTION_COLUMN_KEYS))) {
            return hashMap;
        }
        String str = map.get(PARQUET_KMS_INSTANCE_URL);
        if (StringUtils.isNullOrEmpty(str)) {
            throw new HoodieException("Kms address must be specified for encryption table");
        }
        String[] split = str.split(":");
        RangerKmsClient rangerKmsClient = new RangerKmsClient(new KmsEntity(split[0], split[1], "fake"), new KerberosEntity(), true);
        rangerKmsClient.init();
        return getEncryptionMap(map, list, rangerKmsClient);
    }

    public static Map<String, String> getEncryptionMap(Map<String, String> map, List<String> list, RangerKmsClient rangerKmsClient) throws Exception {
        HashMap hashMap = new HashMap();
        String[] split = map.get(ENCRYPTION_COLUMN_KEY_IDS).split(";");
        String[] split2 = map.get(ENCRYPTION_COLUMN_KEYS).split(";");
        for (int i = 0; i < split.length; i++) {
            try {
                String[] split3 = split[i].trim().split(":");
                String[] split4 = split2[i].trim().split(":");
                if (split3.length != 2) {
                    throw new IllegalArgumentException("Key '" + split[i] + "' is not formatted correctly");
                }
                if (split4.length != 2) {
                    throw new IllegalArgumentException("Key '" + split2[i] + "' is not formatted correctly");
                }
                String trim = split3[0].trim();
                String trim2 = split4[0].trim();
                String[] split5 = split4[1].split(",");
                rangerKmsClient.getKmsEntity().setKeyId(trim);
                if (!hashMap.containsKey(PARQUET_KMS_AES_EKS + trim)) {
                    if (list.isEmpty()) {
                        hashMap.put(PARQUET_KMS_AES_EKS + trim, rangerKmsClient.getRealEK(new EncryptEk(trim2)).toJson());
                    } else {
                        hashMap.put(PARQUET_KMS_AES_EKS + trim, Arrays.stream(split5).anyMatch(str -> {
                            return list.contains(str);
                        }) ? rangerKmsClient.getRealEK(new EncryptEk(trim2)).toJson() : "dump");
                    }
                }
            } catch (Exception e) {
                throw new HoodieException("failed to get AESEK", e);
            }
        }
        return hashMap;
    }

    private static String getEk(String str, String str2) {
        try {
            String[] split = str.split(":");
            RangerKmsClient rangerKmsClient = new RangerKmsClient(new KmsEntity(split[0], split[1], str2), new KerberosEntity(), true);
            rangerKmsClient.init();
            return rangerKmsClient.getEncryptEk().toString();
        } catch (Exception e) {
            throw new HoodieException(e);
        }
    }

    public static Map<String, String> getEncryptionMapWithUgi(Map<String, String> map, List<String> list, UserGroupInformation userGroupInformation) throws Exception {
        HashMap hashMap = new HashMap();
        if (StringUtils.isNullOrEmpty(map.get(ENCRYPTION_COLUMN_KEYS))) {
            return hashMap;
        }
        String str = map.get(PARQUET_KMS_INSTANCE_URL);
        if (StringUtils.isNullOrEmpty(str)) {
            throw new HoodieException("Kms address must be specified for encryption table");
        }
        String[] split = str.split(":");
        RangerKmsClient rangerKmsClient = new RangerKmsClient(new KmsEntity(split[0], split[1], "fake"), new KerberosEntity(), true);
        rangerKmsClient.init();
        return getEncryptionMapWithUgi(map, list, rangerKmsClient, userGroupInformation);
    }

    public static Map<String, String> getEncryptionMapWithUgi(Map<String, String> map, List<String> list, RangerKmsClient rangerKmsClient, UserGroupInformation userGroupInformation) throws Exception {
        HashMap hashMap = new HashMap();
        String[] split = map.get(ENCRYPTION_COLUMN_KEY_IDS).split(";");
        String[] split2 = map.get(ENCRYPTION_COLUMN_KEYS).split(";");
        for (int i = 0; i < split.length; i++) {
            try {
                String[] split3 = split[i].trim().split(":");
                String[] split4 = split2[i].trim().split(":");
                if (split3.length != 2) {
                    throw new IllegalArgumentException("Key '" + split[i] + "' is not formatted correctly");
                }
                if (split4.length != 2) {
                    throw new IllegalArgumentException("Key '" + split2[i] + "' is not formatted correctly");
                }
                String trim = split3[0].trim();
                String trim2 = split4[0].trim();
                String[] split5 = split4[1].split(",");
                rangerKmsClient.getKmsEntity().setKeyId(trim);
                if (!hashMap.containsKey(PARQUET_KMS_AES_EKS + trim)) {
                    if (list.isEmpty()) {
                        hashMap.put(PARQUET_KMS_AES_EKS + trim, rangerKmsClient.getRealEKWithUgi(new EncryptEk(trim2), userGroupInformation).toJson());
                    } else {
                        hashMap.put(PARQUET_KMS_AES_EKS + trim, Arrays.stream(split5).anyMatch(str -> {
                            return list.contains(str);
                        }) ? rangerKmsClient.getRealEKWithUgi(new EncryptEk(trim2), userGroupInformation).toJson() : "dump");
                    }
                }
            } catch (Exception e) {
                throw new HoodieException("failed to get AESEK", e);
            }
        }
        return hashMap;
    }

    static {
        KMS_CACHE_CLEAR.put("parquet.encryption.cache.lifetime.seconds", HoodieTimeline.INVALID_INSTANT_TS);
        KMS_CACHE_CLEAR.put("parquet.encryption.cache.lifetime.seconds", HoodieTimeline.INVALID_INSTANT_TS);
        ENCRYPTION_KEYS = CollectionUtils.createImmutableList(CRYPTO_FACTORY_CLASS, DEFAULT_FACTORY_CLASS, ENCRYPTION_KMS_CLIENT_CLASS, DEFAULT_ENCRYPTION_KMS_CLIENT_CLASS, ENCRYPTION_COLUMN_KEYS, ENCRYPTION_FOOTER_KEY, PARQUET_KMS_INSTANCE_URL, ENCRYPTION_COLUMN_KEY_IDS);
    }
}
