package oracle.hadoop.security.container;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FSDataOutputStream;
import org.apache.hadoop.fs.FileAlreadyExistsException;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.LocalFileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.hdfs.protocol.AclException;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.mapreduce.Job;
import org.apache.hadoop.mapreduce.JobContext;
import org.apache.hadoop.security.Credentials;

/* loaded from: input_file:oracle/hadoop/security/container/SecureContainer.class */
public class SecureContainer {
    private final KeyStore keyStore;
    private final char[] storePassword;
    private final char[] entryPassword = getClass().getSimpleName().toCharArray();
    private static final String KEY_STORE_PASSWORD_ALIAS = "oracle.hadoop.secureContainer.password";
    private static final String KEY_STORE_PATH_ALIAS = "oracle.hadoop.secureContainer.ks.path";
    private static FsPermission FILE_PERMISSIONS_600 = new FsPermission(FsAction.READ_WRITE, FsAction.NONE, FsAction.NONE);
    private static FsPermission FILE_PERMISSIONS_700 = new FsPermission(FsAction.ALL, FsAction.NONE, FsAction.NONE);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/hadoop/security/container/SecureContainer$ALIAS_TYPE.class */
    public enum ALIAS_TYPE {
        DATA,
        FILENAME
    }

    public static SecureContainer newContainer() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        return create(null, generateOneTimePassword());
    }

    public void saveContainer(Path path, Job job) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        Configuration configuration = job.getConfiguration();
        FileSystem fileSystem = path.getFileSystem(configuration);
        if (fileSystem.exists(path)) {
            throw new FileAlreadyExistsException();
        }
        OutputStream create = FileSystem.create(fileSystem, path, FILE_PERMISSIONS_600);
        Throwable th = null;
        try {
            removeACLs(path, fileSystem, FILE_PERMISSIONS_600);
            this.keyStore.store(create, this.storePassword);
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            fileSystem.deleteOnExit(path);
            fileSystem.setReplication(path, (short) configuration.getInt("mapreduce.client.submit.file.replication", 10));
            Credentials credentials = job.getCredentials();
            saveKeyStorePath(path, credentials);
            savePassword(this.storePassword, credentials);
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public static SecureContainer loadContainer(JobContext jobContext) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        Credentials credentials = jobContext.getCredentials();
        Path keyStorePath = getKeyStorePath(credentials);
        FSDataInputStream open = keyStorePath.getFileSystem(jobContext.getConfiguration()).open(keyStorePath);
        Throwable th = null;
        try {
            try {
                SecureContainer create = create(open, getPassword(credentials));
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return create;
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    private static Path getKeyStorePath(Credentials credentials) throws CharacterCodingException {
        return new Path(new String(bytesToChars(credentials.getSecretKey(new Text(KEY_STORE_PATH_ALIAS)))));
    }

    private static void saveKeyStorePath(Path path, Credentials credentials) throws UnsupportedEncodingException {
        credentials.addSecretKey(new Text(KEY_STORE_PATH_ALIAS), charsToBytes(path.toString().toCharArray()));
    }

    private static void savePassword(char[] cArr, Credentials credentials) {
        credentials.addSecretKey(new Text(KEY_STORE_PASSWORD_ALIAS), charsToBytes(cArr));
    }

    private static char[] getPassword(Credentials credentials) {
        return bytesToChars(credentials.getSecretKey(new Text(KEY_STORE_PASSWORD_ALIAS)));
    }

    private static byte[] charsToBytes(char[] cArr) {
        byte[] bArr = new byte[cArr.length * 2];
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN);
        for (char c : cArr) {
            order.putChar(c);
        }
        return bArr;
    }

    private static char[] bytesToChars(byte[] bArr) {
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN);
        char[] cArr = new char[bArr.length / 2];
        for (int i = 0; i < cArr.length; i++) {
            cArr[i] = order.getChar();
        }
        return cArr;
    }

    private static SecureContainer create(InputStream inputStream, char[] cArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance("jceks");
        keyStore.load(inputStream, cArr);
        return new SecureContainer(keyStore, cArr);
    }

    private SecureContainer(KeyStore keyStore, char[] cArr) {
        this.keyStore = keyStore;
        this.storePassword = cArr;
    }

    private String getInternalAlias(ALIAS_TYPE alias_type, String str) {
        return alias_type + "." + str;
    }

    private void addEntryInternal(ALIAS_TYPE alias_type, String str, byte[] bArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(getInternalAlias(alias_type, str), new SecretKeySpec(bArr, "AES"), this.entryPassword, null);
    }

    private byte[] getEntryInternal(ALIAS_TYPE alias_type, String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        String internalAlias = getInternalAlias(alias_type, str);
        if (this.keyStore.containsAlias(internalAlias)) {
            return ((SecretKeySpec) this.keyStore.getKey(internalAlias, this.entryPassword)).getEncoded();
        }
        return null;
    }

    public void addEntry(String str, byte[] bArr) throws KeyStoreException {
        addEntryInternal(ALIAS_TYPE.DATA, str, bArr);
    }

    public void addEntry(String str, char[] cArr) throws KeyStoreException {
        addEntryInternal(ALIAS_TYPE.DATA, str, charsToBytes(cArr));
    }

    public void addEntry(String str, Path path, Job job) throws KeyStoreException, IOException {
        LocalFileSystem local = FileSystem.getLocal(job.getConfiguration());
        FSDataInputStream open = local.open(path);
        Throwable th = null;
        try {
            try {
                byte[] byteArray = IOUtils.toByteArray(open, local.getFileStatus(path).getLen());
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                addEntry(str, byteArray);
                addEntryInternal(ALIAS_TYPE.FILENAME, str, charsToBytes(path.getName().toCharArray()));
            } finally {
            }
        } catch (Throwable th3) {
            if (open != null) {
                if (th != null) {
                    try {
                        open.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    open.close();
                }
            }
            throw th3;
        }
    }

    public byte[] getEntry(String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        return getEntryInternal(ALIAS_TYPE.DATA, str);
    }

    public char[] getEntryAsChars(String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        byte[] entry = getEntry(str);
        if (entry == null) {
            return null;
        }
        return bytesToChars(entry);
    }

    public Path localizeEntry(String str, JobContext jobContext, String str2) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException {
        Path path = new Path(FileSystem.getLocal(jobContext.getConfiguration()).getWorkingDirectory(), str2);
        getEntryAsTempFile(str, path, jobContext);
        return path;
    }

    public Path localizeEntry(String str, JobContext jobContext) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, IOException {
        byte[] entryInternal = getEntryInternal(ALIAS_TYPE.FILENAME, str);
        if (null == entryInternal) {
            return null;
        }
        return localizeEntry(str, jobContext, new String(bytesToChars(entryInternal)));
    }

    private boolean writeDataAsFile(byte[] bArr, String str, Path path, JobContext jobContext) throws IOException {
        if (bArr == null && str == null) {
            return false;
        }
        FileSystem fileSystem = path.getFileSystem(jobContext.getConfiguration());
        if (fileSystem.exists(path)) {
            throw new FileAlreadyExistsException();
        }
        FSDataOutputStream create = FileSystem.create(fileSystem, path, FILE_PERMISSIONS_600);
        Throwable th = null;
        try {
            removeACLs(path, fileSystem, FILE_PERMISSIONS_600);
            if (bArr != null) {
                create.write(bArr);
            } else if (str != null) {
                IOUtils.write(str.toCharArray(), create, Charset.defaultCharset());
            }
            fileSystem.deleteOnExit(path);
            return true;
        } finally {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
        }
    }

    public boolean writeDataAsFile(String str, Path path, JobContext jobContext) throws IOException {
        return writeDataAsFile(null, str, path, jobContext);
    }

    public boolean writeDataAsFile(byte[] bArr, Path path, JobContext jobContext) throws IOException {
        return writeDataAsFile(bArr, null, path, jobContext);
    }

    public boolean getEntryAsTempFile(String str, Path path, JobContext jobContext) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, IOException {
        return writeDataAsFile(getEntry(str), path, jobContext);
    }

    private static void removeACLs(Path path, FileSystem fileSystem, FsPermission fsPermission) throws IOException {
        try {
            if (!fileSystem.getAclStatus(path).getEntries().isEmpty()) {
                fileSystem.removeAcl(path);
                fileSystem.setPermission(path, fsPermission);
            }
        } catch (AclException e) {
        } catch (UnsupportedOperationException e2) {
        }
    }

    public static boolean createTempDir(Path path, Configuration configuration) throws IOException {
        return createTempDir(path, path.getFileSystem(configuration));
    }

    private static boolean createTempDir(Path path, FileSystem fileSystem) throws IOException {
        if (fileSystem.exists(path)) {
            throw new FileAlreadyExistsException();
        }
        boolean mkdirs = fileSystem.mkdirs(path, FILE_PERMISSIONS_700);
        if (mkdirs) {
            removeACLs(path, fileSystem, FILE_PERMISSIONS_700);
            fileSystem.deleteOnExit(path);
        }
        return mkdirs;
    }

    public static Path createRandomizedTempDir(Path path, String str, Configuration configuration) throws IOException {
        if (str.indexOf(47) != -1 || str.indexOf(92) != -1 || str.indexOf(35) != -1) {
            throw new IllegalArgumentException("No #, \\ or / allowed in the names");
        }
        FileSystem fileSystem = path.getFileSystem(configuration);
        SecureRandom secureRandom = new SecureRandom();
        while (true) {
            Path path2 = new Path(path, str + "-" + secureRandom.nextLong());
            if (!fileSystem.exists(path2)) {
                Path path3 = new Path(path2, "lock");
                try {
                    if (createTempDir(path2, fileSystem)) {
                        FSDataOutputStream create = fileSystem.create(path3, false);
                        Throwable th = null;
                        if (create != null) {
                            if (0 != 0) {
                                try {
                                    create.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                create.close();
                            }
                        }
                        fileSystem.setPermission(path3, FILE_PERMISSIONS_600);
                        return path2;
                    }
                    continue;
                } catch (IOException e) {
                    if (!fileSystem.exists(path3)) {
                        throw e;
                    }
                }
            }
        }
    }

    public void deleteContainer(Job job) throws IOException {
        Path keyStorePath = getKeyStorePath(job.getCredentials());
        keyStorePath.getFileSystem(job.getConfiguration()).delete(keyStorePath, true);
    }

    private static char[] generateOneTimePassword() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        return bytesToChars(bArr);
    }
}
