package org.apache.accumulo.core.security.crypto;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PushbackInputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.security.crypto.CryptoModule;
import org.apache.log4j.Logger;

@Deprecated
/* loaded from: input_file:org/apache/accumulo/core/security/crypto/DefaultCryptoModule.class */
public class DefaultCryptoModule implements CryptoModule {
    private static final String ENCRYPTION_HEADER_MARKER = "---Log File Encrypted (v1)---";
    private static Logger log = Logger.getLogger(DefaultCryptoModule.class);

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public OutputStream getEncryptingOutputStream(OutputStream outputStream, Map<String, String> map) throws IOException {
        log.debug("Initializing crypto output stream");
        String str = map.get(Property.CRYPTO_CIPHER_SUITE.getKey());
        if (str.equals("NullCipher")) {
            return outputStream;
        }
        String str2 = map.get(Property.CRYPTO_CIPHER_ALGORITHM_NAME.getKey());
        SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom(map.get(Property.CRYPTO_SECURE_RNG.getKey()), map.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
        byte[] bArr = new byte[Integer.parseInt(map.get(Property.CRYPTO_CIPHER_KEY_LENGTH.getKey())) / 8];
        Map<CryptoModule.CryptoInitProperty, Object> hashMap = new HashMap<>();
        secureRandom.nextBytes(bArr);
        hashMap.put(CryptoModule.CryptoInitProperty.PLAINTEXT_SESSION_KEY, bArr);
        SecretKeyEncryptionStrategy secretKeyEncryptionStrategy = CryptoModuleFactory.getSecretKeyEncryptionStrategy(map.get(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey()));
        SecretKeyEncryptionStrategyContext newContext = secretKeyEncryptionStrategy.getNewContext();
        newContext.setPlaintextSecretKey(bArr);
        newContext.setContext(map);
        SecretKeyEncryptionStrategyContext encryptSecretKey = secretKeyEncryptionStrategy.encryptSecretKey(newContext);
        byte[] encryptedSecretKey = encryptSecretKey.getEncryptedSecretKey();
        String opaqueKeyEncryptionKeyID = encryptSecretKey.getOpaqueKeyEncryptionKeyID();
        OutputStream encryptingOutputStream = getEncryptingOutputStream(outputStream, map, hashMap);
        byte[] bArr2 = (byte[]) hashMap.get(CryptoModule.CryptoInitProperty.INITIALIZATION_VECTOR);
        DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
        dataOutputStream.writeUTF(ENCRYPTION_HEADER_MARKER);
        dataOutputStream.writeUTF(str);
        dataOutputStream.writeUTF(str2);
        dataOutputStream.writeInt(bArr2.length);
        dataOutputStream.write(bArr2);
        dataOutputStream.writeUTF(opaqueKeyEncryptionKeyID);
        dataOutputStream.writeInt(encryptedSecretKey.length);
        dataOutputStream.write(encryptedSecretKey);
        return encryptingOutputStream;
    }

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public InputStream getDecryptingInputStream(InputStream inputStream, Map<String, String> map) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        String readUTF = dataInputStream.readUTF();
        log.debug("Read encryption header");
        if (!readUTF.equals(ENCRYPTION_HEADER_MARKER)) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new DataOutputStream(byteArrayOutputStream).writeUTF(readUTF);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            PushbackInputStream pushbackInputStream = new PushbackInputStream(inputStream, byteArray.length);
            pushbackInputStream.unread(byteArray);
            return pushbackInputStream;
        }
        Object readUTF2 = dataInputStream.readUTF();
        Object readUTF3 = dataInputStream.readUTF();
        int readInt = dataInputStream.readInt();
        byte[] bArr = new byte[readInt];
        dataInputStream.read(bArr, 0, readInt);
        String readUTF4 = dataInputStream.readUTF();
        byte[] bArr2 = new byte[dataInputStream.readInt()];
        dataInputStream.read(bArr2);
        SecretKeyEncryptionStrategy secretKeyEncryptionStrategy = CryptoModuleFactory.getSecretKeyEncryptionStrategy(map.get(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey()));
        SecretKeyEncryptionStrategyContext newContext = secretKeyEncryptionStrategy.getNewContext();
        newContext.setOpaqueKeyEncryptionKeyID(readUTF4);
        newContext.setContext(map);
        newContext.setEncryptedSecretKey(bArr2);
        Object plaintextSecretKey = secretKeyEncryptionStrategy.decryptSecretKey(newContext).getPlaintextSecretKey();
        Map<CryptoModule.CryptoInitProperty, Object> hashMap = new HashMap<>();
        hashMap.put(CryptoModule.CryptoInitProperty.CIPHER_SUITE, readUTF2);
        hashMap.put(CryptoModule.CryptoInitProperty.ALGORITHM_NAME, readUTF3);
        hashMap.put(CryptoModule.CryptoInitProperty.PLAINTEXT_SESSION_KEY, plaintextSecretKey);
        hashMap.put(CryptoModule.CryptoInitProperty.INITIALIZATION_VECTOR, bArr);
        return getDecryptingInputStream(dataInputStream, map, hashMap);
    }

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public OutputStream getEncryptingOutputStream(OutputStream outputStream, Map<String, String> map, Map<CryptoModule.CryptoInitProperty, Object> map2) {
        log.debug("Initializing crypto output stream");
        String str = map.get(Property.CRYPTO_CIPHER_SUITE.getKey());
        if (str.equals("NullCipher")) {
            return outputStream;
        }
        String str2 = map.get(Property.CRYPTO_CIPHER_ALGORITHM_NAME.getKey());
        String str3 = map.get(Property.CRYPTO_SECURE_RNG.getKey());
        String str4 = map.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey());
        int parseInt = Integer.parseInt(map.get(Property.CRYPTO_CIPHER_KEY_LENGTH.getKey()));
        log.debug(String.format("Using cipher suite \"%s\" (algorithm \"%s\") with key length %d with RNG \"%s\" and RNG provider \"%s\" and key encryption strategy %s", str, str2, Integer.valueOf(parseInt), str3, str4, map.get(Property.CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey())));
        SecureRandom secureRandom = DefaultCryptoModuleUtils.getSecureRandom(str3, str4);
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(str);
        byte[] bArr = (byte[]) map2.get(CryptoModule.CryptoInitProperty.PLAINTEXT_SESSION_KEY);
        byte[] bArr2 = (byte[]) map2.get(CryptoModule.CryptoInitProperty.INITIALIZATION_VECTOR);
        if (bArr2 != null) {
            try {
                cipher.init(1, new SecretKeySpec(bArr, str2), new IvParameterSpec(bArr2));
            } catch (InvalidAlgorithmParameterException e) {
                log.error("Accumulo encountered an unknown error in generating the secret key object (SecretKeySpec) for an encrypted stream");
                throw new RuntimeException(e);
            } catch (InvalidKeyException e2) {
                log.error("Accumulo encountered an unknown error in generating the secret key object (SecretKeySpec) for an encrypted stream");
                throw new RuntimeException(e2);
            }
        } else {
            try {
                cipher.init(1, new SecretKeySpec(bArr, str2), secureRandom);
                map2.put(CryptoModule.CryptoInitProperty.INITIALIZATION_VECTOR, cipher.getIV());
            } catch (InvalidKeyException e3) {
                log.error("Accumulo encountered an unknown error in generating the secret key object (SecretKeySpec) for the write-ahead log");
                throw new RuntimeException(e3);
            }
        }
        return new BufferedOutputStream(new CipherOutputStream(outputStream, cipher));
    }

    @Override // org.apache.accumulo.core.security.crypto.CryptoModule
    public InputStream getDecryptingInputStream(InputStream inputStream, Map<String, String> map, Map<CryptoModule.CryptoInitProperty, Object> map2) throws IOException {
        String str = map.get(Property.CRYPTO_CIPHER_SUITE.getKey());
        String str2 = map.get(Property.CRYPTO_CIPHER_ALGORITHM_NAME.getKey());
        String str3 = (String) map2.get(CryptoModule.CryptoInitProperty.CIPHER_SUITE);
        String str4 = (String) map2.get(CryptoModule.CryptoInitProperty.ALGORITHM_NAME);
        byte[] bArr = (byte[]) map2.get(CryptoModule.CryptoInitProperty.INITIALIZATION_VECTOR);
        byte[] bArr2 = (byte[]) map2.get(CryptoModule.CryptoInitProperty.PLAINTEXT_SESSION_KEY);
        if (bArr == null || bArr2 == null || str3 == null || str4 == null) {
            log.error("Called getDecryptingInputStream() without proper crypto init params.  Need initVector, plaintext key, cipher suite and algorithm name");
            throw new RuntimeException("Called getDecryptingInputStream() without initialization vector and/or plaintext session key");
        }
        if (!str3.equals(str) || !str4.equals(str2)) {
            log.warn(String.format("Configured cipher suite and algorithm (\"%s\" and \"%s\") is different from cipher suite found in log file (\"%s\" and \"%s\")", str, str2, str3, str4));
        }
        Cipher cipher = DefaultCryptoModuleUtils.getCipher(str3);
        try {
            cipher.init(2, new SecretKeySpec(bArr2, str4), new IvParameterSpec(bArr));
            return new BufferedInputStream(new CipherInputStream(inputStream, cipher));
        } catch (InvalidAlgorithmParameterException e) {
            log.error("Error when trying to initialize cipher with initialization vector");
            throw new RuntimeException(e);
        } catch (InvalidKeyException e2) {
            log.error("Error when trying to initialize cipher with secret key");
            throw new RuntimeException(e2);
        }
    }
}
