package com.datastax.bdp.cassandra.crypto;

import com.datastax.bdp.util.FileSystemUtil;
import com.datastax.dse.byos.shade.com.google.common.collect.Maps;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.Reader;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.concurrent.ConcurrentMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.agrona.concurrent.status.CountersReader;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/datastax/bdp/cassandra/crypto/LocalFileSystemKeyProvider.class */
public class LocalFileSystemKeyProvider implements IKeyProvider {
    private static final SecureRandom random = new SecureRandom();
    private final File keyFile;
    private ConcurrentMap<String, SecretKey> keys = Maps.newConcurrentMap();

    public LocalFileSystemKeyProvider(File file) throws IOException {
        this.keyFile = file;
        if (!file.exists()) {
            if (!file.getParentFile().exists() && !file.getParentFile().mkdirs()) {
                throw new IOException("Failed to create directory: " + file.getParentFile());
            }
            if (!file.createNewFile()) {
                throw new IOException("Failed to create file: " + file);
            }
            if (!file.setWritable(true, true)) {
                throw new IOException("File not writeable: " + file);
            }
            if (!file.setReadable(true, true)) {
                throw new IOException("File not readable: " + file);
            }
            if (FileSystemUtil.enabled && FileSystemUtil.chmod(file.getPath(), CountersReader.FULL_LABEL_LENGTH) != 0) {
                throw new IOException("Could not set file permissions to 0600 for: " + file);
            }
        }
        loadKeys();
    }

    @Override // com.datastax.bdp.cassandra.crypto.IKeyProvider
    public SecretKey getSecretKey(String str, int i) throws KeyAccessException, KeyGenerationException {
        try {
            String mapKey = getMapKey(str, i);
            SecretKey secretKey = this.keys.get(mapKey);
            if (secretKey == null) {
                secretKey = generateNewKey(str, i);
                checkKey(str, secretKey);
                SecretKey putIfAbsent = this.keys.putIfAbsent(mapKey, secretKey);
                if (putIfAbsent == null) {
                    appendKey(str, i, secretKey);
                } else {
                    secretKey = putIfAbsent;
                }
            }
            return secretKey;
        } catch (IOException e) {
            throw new KeyGenerationException("Could not write secret key: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyGenerationException("Failed to generate secret key: " + e2.getMessage(), e2);
        }
    }

    private void checkKey(String str, SecretKey secretKey) throws KeyGenerationException {
        try {
            Cipher.getInstance(str).init(1, secretKey, random);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new KeyGenerationException("Error generating secret key: " + e.getMessage(), e);
        }
    }

    private SecretKey generateNewKey(String str, int i) throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(getKeyType(str));
        keyGenerator.init(i, random);
        return keyGenerator.generateKey();
    }

    private String getMapKey(String str, int i) {
        return str + ":" + i;
    }

    private synchronized void appendKey(String str, int i, SecretKey secretKey) throws IOException {
        PrintStream printStream = null;
        try {
            printStream = new PrintStream(new FileOutputStream(this.keyFile, true));
            printStream.println(str + ":" + i + ":" + Base64.encodeBase64String(secretKey.getEncoded()));
            IOUtils.closeQuietly((OutputStream) printStream);
        } catch (Throwable th) {
            IOUtils.closeQuietly((OutputStream) printStream);
            throw th;
        }
    }

    private synchronized void loadKeys() throws IOException {
        this.keys.clear();
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(this.keyFile)));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    IOUtils.closeQuietly((Reader) bufferedReader);
                    return;
                }
                String[] split = readLine.split(":");
                String str = split[0];
                this.keys.put(getMapKey(str, Integer.parseInt(split[1])), new SecretKeySpec(Base64.decodeBase64(split[2].getBytes()), getKeyType(str)));
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Reader) bufferedReader);
            throw th;
        }
    }

    private String getKeyType(String str) {
        return str.replaceAll("/.*", "");
    }
}
