package com.datastax.bdp.config;

import com.datastax.bdp.cassandra.crypto.LocalSystemKey;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.TlsKmipConnection;
import java.io.IOException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.commons.lang.StringUtils;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:com/datastax/bdp/config/KmipHostOptions.class */
public class KmipHostOptions {
    public String hosts;
    public String keystore_path;
    public String keystore_type;
    public String keystore_password;
    public String truststore_path;
    public String truststore_type;
    public String truststore_password;
    public Integer timeout;
    public String protocol;
    public String cipher_suites;
    public String password_encryption_key_name;
    public long key_cache_millis;
    public long key_cache_update_millis;

    public KmipHostOptions() {
        this.hosts = null;
        this.keystore_path = null;
        this.keystore_type = null;
        this.keystore_password = null;
        this.truststore_path = null;
        this.truststore_type = null;
        this.truststore_password = null;
        this.timeout = null;
        this.protocol = null;
        this.cipher_suites = null;
        this.password_encryption_key_name = null;
        this.key_cache_millis = Duration.ofMinutes(5L).toMillis();
        this.key_cache_update_millis = 0L;
    }

    private KmipHostOptions(KmipHostOptions kmipHostOptions) {
        this.hosts = null;
        this.keystore_path = null;
        this.keystore_type = null;
        this.keystore_password = null;
        this.truststore_path = null;
        this.truststore_type = null;
        this.truststore_password = null;
        this.timeout = null;
        this.protocol = null;
        this.cipher_suites = null;
        this.password_encryption_key_name = null;
        this.key_cache_millis = Duration.ofMinutes(5L).toMillis();
        this.key_cache_update_millis = 0L;
        this.hosts = kmipHostOptions.hosts;
        this.keystore_path = kmipHostOptions.keystore_path;
        this.keystore_type = kmipHostOptions.keystore_type;
        this.keystore_password = kmipHostOptions.keystore_password;
        this.truststore_path = kmipHostOptions.truststore_path;
        this.truststore_type = kmipHostOptions.truststore_type;
        this.truststore_password = kmipHostOptions.truststore_password;
        this.timeout = kmipHostOptions.timeout;
        this.protocol = kmipHostOptions.protocol;
        this.cipher_suites = kmipHostOptions.cipher_suites;
        this.password_encryption_key_name = kmipHostOptions.password_encryption_key_name;
        this.key_cache_millis = kmipHostOptions.key_cache_millis;
        this.key_cache_update_millis = kmipHostOptions.key_cache_update_millis;
    }

    public Map<String, String> getConnectionOptions() {
        HashMap hashMap = new HashMap();
        if (this.keystore_path != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_KEY_STORE, this.keystore_path);
        }
        if (this.keystore_type != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_KEY_STORE_TYPE, this.keystore_type);
        }
        if (this.keystore_password != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_KEY_STORE_PASSWORD, this.keystore_password);
        }
        if (this.truststore_path != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_TRUST_STORE, this.truststore_path);
        }
        if (this.truststore_type != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_TRUST_STORE_TYPE, this.truststore_type);
        }
        if (this.truststore_password != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_TRUST_STORE_PASSWORD, this.truststore_password);
        }
        if (this.timeout != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_TIMEOUT, this.timeout.toString());
        }
        if (this.cipher_suites != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_SSL_CIPHER_SUITES, this.cipher_suites);
        }
        if (this.protocol != null) {
            hashMap.put(TlsKmipConnection.COM_CRYPTSOFT_KMIP_SSL_PROTOCOL, this.protocol);
        }
        return hashMap;
    }

    public List<String> getHosts() {
        if (this.hosts == null) {
            return Collections.emptyList();
        }
        String[] split = this.hosts.split(",");
        ArrayList arrayList = new ArrayList(split.length);
        for (int i = 0; i < split.length; i++) {
            split[i] = split[i].trim();
            if (!split[i].isEmpty()) {
                arrayList.add(split[i]);
            }
        }
        return arrayList;
    }

    public KmipHostOptions decryptIfNeeded() {
        if (!passwordEncryptionEnabled()) {
            return this;
        }
        try {
            LocalSystemKey key = LocalSystemKey.getKey(this.password_encryption_key_name);
            KmipHostOptions kmipHostOptions = new KmipHostOptions(this);
            kmipHostOptions.keystore_password = key.decrypt(this.keystore_password);
            kmipHostOptions.truststore_password = key.decrypt(this.truststore_password);
            kmipHostOptions.password_encryption_key_name = null;
            return kmipHostOptions;
        } catch (IOException e) {
            throw new ConfigurationException(String.format("Configured password encryption key: %s cannot be used due to: %s", this.password_encryption_key_name, e.getMessage()), e);
        }
    }

    public boolean passwordEncryptionEnabled() {
        return StringUtils.isNotBlank(this.password_encryption_key_name);
    }

    public String getPasswordEncryptionKeyName() {
        return this.password_encryption_key_name;
    }
}
