package com.datastax.bdp.cassandra.crypto;

import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.config.ClientConfigurationBuilder;
import com.datastax.bdp.config.ClientConfigurationFactory;
import com.datastax.bdp.server.DseDaemon;
import com.datastax.bdp.system.DseSystemKeyspace;
import com.datastax.bdp.util.Addresses;
import com.datastax.bdp.util.DseConnectionUtil;
import com.datastax.driver.core.Cluster;
import com.datastax.driver.core.ResultSet;
import com.datastax.driver.core.Row;
import com.datastax.driver.core.Session;
import com.datastax.dse.byos.shade.com.google.common.collect.Maps;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Iterator;
import java.util.UUID;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.cassandra.concurrent.TPCUtils;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.cql3.UntypedResultSet;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.db.KeyspaceNotDefinedException;
import org.apache.cassandra.db.ReadCommand;
import org.apache.cassandra.db.ReadResponse;
import org.apache.cassandra.db.SinglePartitionReadCommand;
import org.apache.cassandra.db.Slices;
import org.apache.cassandra.db.SystemKeyspace;
import org.apache.cassandra.db.filter.ClusteringIndexSliceFilter;
import org.apache.cassandra.db.filter.ColumnFilter;
import org.apache.cassandra.db.partitions.UnfilteredPartitionIterator;
import org.apache.cassandra.db.partitions.UnfilteredPartitionIterators;
import org.apache.cassandra.db.rows.FlowablePartitions;
import org.apache.cassandra.exceptions.InvalidRequestException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.exceptions.UnavailableException;
import org.apache.cassandra.net.FailureResponse;
import org.apache.cassandra.net.MessageCallback;
import org.apache.cassandra.net.MessagingService;
import org.apache.cassandra.net.Response;
import org.apache.cassandra.schema.TableMetadata;
import org.apache.cassandra.service.StorageService;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.cassandra.utils.Pair;
import org.apache.cassandra.utils.UUIDGen;
import org.apache.cassandra.utils.time.ApolloTime;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/crypto/ReplicatedKeyProvider.class */
public class ReplicatedKeyProvider implements IMultiKeyProvider {
    private static final Logger logger;
    private static final int HEADER_VERSION_SIZE = 1;
    private static final int UUID_HASH_SIZE = 16;
    private static final int UUID_SIZE = 16;
    private static final SecureRandom random;
    private final SystemKey systemKey;
    private final LocalFileSystemKeyProvider localKeyProvider;
    private final ConcurrentMap<String, Pair<UUID, SecretKey>> writeKeys = Maps.newConcurrentMap();
    private final ConcurrentMap<String, SecretKey> readKeys = Maps.newConcurrentMap();
    private static volatile Cluster cluster;
    private static volatile Session session;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/crypto/ReplicatedKeyProvider$DriverRowWrapper.class */
    public static class DriverRowWrapper implements RowWrapper {
        private final Row row;

        private DriverRowWrapper(Row row) {
            this.row = row;
        }

        @Override // com.datastax.bdp.cassandra.crypto.ReplicatedKeyProvider.RowWrapper
        public UUID getUUID(String str) {
            return this.row.getUUID(str);
        }

        @Override // com.datastax.bdp.cassandra.crypto.ReplicatedKeyProvider.RowWrapper
        public String getString(String str) {
            return this.row.getString(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/crypto/ReplicatedKeyProvider$RemoteReadCallback.class */
    public class RemoteReadCallback implements MessageCallback<ReadResponse> {
        final ReadCommand command;
        volatile UnfilteredPartitionIterator results = null;
        CountDownLatch latch = new CountDownLatch(1);

        RemoteReadCallback(ReadCommand readCommand) {
            this.command = readCommand;
        }

        @Override // org.apache.cassandra.net.MessageCallback
        public void onResponse(Response<ReadResponse> response) {
            this.results = FlowablePartitions.toPartitions(response.payload().data(this.command), DseSystemKeyspace.EncryptedKeys);
            this.latch.countDown();
        }

        @Override // org.apache.cassandra.net.MessageCallback
        public void onFailure(FailureResponse<ReadResponse> failureResponse) {
        }

        @Override // org.apache.cassandra.net.MessageCallback
        public void onTimeout(InetAddress inetAddress) {
        }

        public UnfilteredPartitionIterator getResults() {
            try {
                this.latch.await(DatabaseDescriptor.getReadRpcTimeout(), TimeUnit.MILLISECONDS);
                return this.results;
            } catch (InterruptedException e) {
                throw new AssertionError(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/crypto/ReplicatedKeyProvider$ResultSetRowWrapper.class */
    public static class ResultSetRowWrapper implements RowWrapper {
        private final UntypedResultSet.Row row;

        private ResultSetRowWrapper(UntypedResultSet.Row row) {
            this.row = row;
        }

        @Override // com.datastax.bdp.cassandra.crypto.ReplicatedKeyProvider.RowWrapper
        public UUID getUUID(String str) {
            return this.row.getUUID(str);
        }

        @Override // com.datastax.bdp.cassandra.crypto.ReplicatedKeyProvider.RowWrapper
        public String getString(String str) {
            return this.row.getString(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/crypto/ReplicatedKeyProvider$RowWrapper.class */
    public interface RowWrapper {
        UUID getUUID(String str);

        String getString(String str);
    }

    public ReplicatedKeyProvider(SystemKey systemKey, File file) throws IOException {
        LocalFileSystemKeyProvider localFileSystemKeyProvider;
        if (!$assertionsDisabled && systemKey == null) {
            throw new AssertionError();
        }
        this.systemKey = systemKey;
        try {
            localFileSystemKeyProvider = new LocalFileSystemKeyProvider(file);
        } catch (IOException e) {
            localFileSystemKeyProvider = null;
        }
        this.localKeyProvider = localFileSystemKeyProvider;
    }

    private void fetchRemoteKeys() {
        TableMetadata tableMetadata = DseSystemKeyspace.EncryptedKeys;
        SinglePartitionReadCommand create = SinglePartitionReadCommand.create(tableMetadata, ApolloTime.systemClockSecondsAsInt(), tableMetadata.partitioner.decorateKey(ByteBufferUtil.bytes(this.systemKey.getName())), ColumnFilter.all(tableMetadata), new ClusteringIndexSliceFilter(Slices.ALL, false));
        for (InetAddress inetAddress : SystemKeyspace.getHostIds().keySet()) {
            if (!Addresses.Internode.isLocalEndpoint(inetAddress)) {
                RemoteReadCallback remoteReadCallback = new RemoteReadCallback(create);
                MessagingService.instance().send(create.requestTo(inetAddress), remoteReadCallback);
                UnfilteredPartitionIterator results = remoteReadCallback.getResults();
                if (results != null) {
                    Iterator<UntypedResultSet.Row> it2 = QueryProcessor.resultify(String.format("SELECT * FROM %s.%s", DseSystemKeyspace.NAME, DseSystemKeyspace.ENCRYPTED_KEYS), UnfilteredPartitionIterators.filter(results, ApolloTime.systemClockSecondsAsInt())).iterator();
                    while (it2.hasNext()) {
                        UntypedResultSet.Row next = it2.next();
                        String mapKey = getMapKey(next.getString("cipher"), next.getInt("strength"), next.getUUID("key_id"));
                        String mapKey2 = getMapKey(next.getString("cipher"), next.getInt("strength"));
                        try {
                            SecretKey decodeKey = decodeKey(next.getString("key"), next.getString("cipher"));
                            this.readKeys.put(mapKey, decodeKey);
                            this.writeKeys.putIfAbsent(mapKey2, Pair.create(next.getUUID("key_id"), decodeKey));
                        } catch (IOException e) {
                            logger.warn("Unable to decode key {}", next.getUUID("key_id"), e);
                            throw new AssertionError(e);
                        }
                    }
                    return;
                }
            }
        }
    }

    private static RowWrapper querySingleRow(String str, boolean z) throws KeyAccessException {
        if (DseDaemon.isDaemonMode()) {
            try {
                UntypedResultSet processBlocking = z ? (UntypedResultSet) TPCUtils.blockingGet(QueryProcessor.executeOnceInternal(str, new Object[0])) : QueryProcessor.processBlocking(str, ConsistencyLevel.ONE);
                if (processBlocking == null || processBlocking.size() <= 0) {
                    return null;
                }
                return new ResultSetRowWrapper(processBlocking.one());
            } catch (RequestValidationException e) {
                throw new KeyAccessException(e);
            }
        }
        if (!$assertionsDisabled && z) {
            throw new AssertionError();
        }
        try {
            ResultSet execute = getCachedSession().execute(str);
            if (null == execute || execute.isExhausted()) {
                return null;
            }
            return new DriverRowWrapper(execute.one());
        } catch (Exception e2) {
            throw new KeyAccessException(e2);
        }
    }

    private static Session getCachedSession() throws Exception {
        return (null == session || session.isClosed()) ? getSynchronizedSession() : session;
    }

    private static synchronized Session getSynchronizedSession() throws Exception {
        if (null != session && !session.isClosed()) {
            return session;
        }
        session = getCachedCluster().connect();
        return session;
    }

    private static Cluster getCachedCluster() throws Exception {
        return (null == cluster || cluster.isClosed()) ? getSynchronizedCluster() : cluster;
    }

    private static synchronized Cluster getSynchronizedCluster() throws Exception {
        if (null != cluster && !cluster.isClosed()) {
            return cluster;
        }
        String property = System.getProperty("dse.replicatedkeyprovider.client");
        String property2 = System.getProperty("dse.replicatedkeyprovider.username");
        String property3 = System.getProperty("dse.replicatedkeyprovider.password");
        ClientConfiguration clientConfiguration = ClientConfigurationFactory.getClientConfiguration();
        cluster = DseConnectionUtil.createCluster(new ClientConfigurationBuilder(clientConfiguration).withCassandraHost(null == property ? clientConfiguration.getCassandraHost() : InetAddress.getByName(property)).build(), property2, property3, null);
        return cluster;
    }

    private static RowWrapper querySingleRow(String str) throws KeyAccessException {
        return querySingleRow(str, false);
    }

    private static RowWrapper querySingleRowWithLocalRetry(String str) throws KeyAccessException {
        if (StorageService.instance.isStarting() && DseDaemon.isDaemonMode()) {
            return querySingleRow(str, true);
        }
        try {
            return querySingleRow(str, false);
        } catch (UnavailableException e) {
            return querySingleRow(str, true);
        }
    }

    @Override // com.datastax.bdp.cassandra.crypto.IKeyProvider
    public SecretKey getSecretKey(String str, int i) throws KeyAccessException, KeyGenerationException {
        try {
            return getWriteKey(getKeyType(str), i).right;
        } catch (Throwable th) {
            if (((th.getCause() instanceof KeyspaceNotDefinedException) || (th.getCause() instanceof InvalidRequestException)) && this.localKeyProvider != null) {
                return this.localKeyProvider.getSecretKey(str, i);
            }
            throw th;
        }
    }

    private SecretKey generateNewKey(String str, int i) throws IOException, NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(getKeyType(str));
        keyGenerator.init(i, random);
        return keyGenerator.generateKey();
    }

    private String getMapKey(String str, int i) {
        return str + ":" + i;
    }

    private String getMapKey(String str, int i, UUID uuid) {
        return getMapKey(str, i) + ":" + uuid;
    }

    private static String getKeyType(String str) {
        return str.replaceAll("/.*", "");
    }

    private String encodeKey(SecretKey secretKey) throws IOException {
        return Base64.encodeBase64String(this.systemKey.encrypt(secretKey.getEncoded()));
    }

    private SecretKey decodeKey(String str, String str2) throws IOException {
        return new SecretKeySpec(this.systemKey.decrypt(Base64.decodeBase64(str)), getKeyType(str2));
    }

    private Pair<UUID, SecretKey> getWriteKey(String str, int i) throws KeyGenerationException, KeyAccessException {
        String mapKey = getMapKey(str, i);
        Pair<UUID, SecretKey> pair = this.writeKeys.get(mapKey);
        if (pair == null && StorageService.instance.isBootstrapMode()) {
            fetchRemoteKeys();
            pair = this.writeKeys.get(mapKey);
        }
        if (pair == null) {
            RowWrapper querySingleRowWithLocalRetry = querySingleRowWithLocalRetry(String.format("SELECT * FROM %s.%s WHERE key_file='%s' AND cipher='%s' AND strength=%s LIMIT 1;", DseSystemKeyspace.NAME, DseSystemKeyspace.ENCRYPTED_KEYS, this.systemKey.getName(), str, Integer.valueOf(i)));
            if (querySingleRowWithLocalRetry != null) {
                UUID uuid = querySingleRowWithLocalRetry.getUUID("key_id");
                try {
                    SecretKey decodeKey = decodeKey(querySingleRowWithLocalRetry.getString("key"), str);
                    pair = Pair.create(uuid, decodeKey);
                    Pair<UUID, SecretKey> putIfAbsent = this.writeKeys.putIfAbsent(mapKey, pair);
                    this.readKeys.put(getMapKey(str, i, uuid), decodeKey);
                    if (putIfAbsent != null) {
                        pair = putIfAbsent;
                    }
                } catch (IOException e) {
                    throw new KeyAccessException(e);
                }
            } else {
                UUID timeUUID = UUIDGen.getTimeUUID();
                try {
                    SecretKey generateNewKey = generateNewKey(str, i);
                    try {
                        querySingleRow(String.format("INSERT INTO %s.%s (key_file, cipher, strength, key_id, key) VALUES ('%s', '%s', %s, %s, '%s')", DseSystemKeyspace.NAME, DseSystemKeyspace.ENCRYPTED_KEYS, this.systemKey.getName(), str, Integer.valueOf(i), timeUUID.toString(), encodeKey(generateNewKey)));
                        pair = Pair.create(timeUUID, generateNewKey);
                        this.writeKeys.put(mapKey, pair);
                        this.readKeys.put(getMapKey(str, i, timeUUID), generateNewKey);
                    } catch (IOException e2) {
                        throw new KeyGenerationException(e2);
                    }
                } catch (IOException | NoSuchAlgorithmException e3) {
                    throw new KeyGenerationException(e3);
                }
            }
        }
        return pair;
    }

    private SecretKey getReadKey(String str, int i, UUID uuid) throws KeyAccessException {
        String mapKey = getMapKey(str, i, uuid);
        SecretKey secretKey = this.readKeys.get(mapKey);
        if (secretKey == null && StorageService.instance.isBootstrapMode()) {
            fetchRemoteKeys();
            secretKey = this.readKeys.get(mapKey);
        }
        if (secretKey == null) {
            RowWrapper querySingleRowWithLocalRetry = querySingleRowWithLocalRetry(String.format("SELECT * FROM %s.%s WHERE key_file='%s' AND cipher='%s' AND strength=%s AND key_id=%s;", DseSystemKeyspace.NAME, DseSystemKeyspace.ENCRYPTED_KEYS, this.systemKey.getName(), str, Integer.valueOf(i), uuid));
            if (querySingleRowWithLocalRetry == null) {
                throw new KeyAccessException(String.format("Unable to find key for cipher=%s strength=%s id=%s", str, Integer.valueOf(i), uuid));
            }
            try {
                secretKey = decodeKey(querySingleRowWithLocalRetry.getString("key"), str);
                this.readKeys.put(mapKey, secretKey);
            } catch (IOException e) {
                throw new KeyAccessException(e);
            }
        }
        return secretKey;
    }

    @Override // com.datastax.bdp.cassandra.crypto.IMultiKeyProvider
    public SecretKey writeHeader(String str, int i, ByteBuffer byteBuffer) throws KeyGenerationException, KeyAccessException {
        try {
            Pair<UUID, SecretKey> writeKey = getWriteKey(getKeyType(str), i);
            ByteBuffer allocate = ByteBuffer.allocate(16);
            allocate.putLong(writeKey.left.getMostSignificantBits());
            allocate.putLong(writeKey.left.getLeastSignificantBits());
            try {
                byte[] digest = MessageDigest.getInstance("MD5").digest(allocate.array());
                byteBuffer.put((byte) 0);
                byteBuffer.put(allocate.array());
                byteBuffer.put(digest);
                return writeKey.right;
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (((th.getCause() instanceof KeyspaceNotDefinedException) || (th.getCause() instanceof InvalidRequestException)) && this.localKeyProvider != null) {
                return this.localKeyProvider.getSecretKey(str, i);
            }
            throw th;
        }
    }

    @Override // com.datastax.bdp.cassandra.crypto.IMultiKeyProvider
    public SecretKey readHeader(String str, int i, ByteBuffer byteBuffer) throws KeyAccessException, KeyGenerationException {
        SecretKey secretKey = null;
        ByteBuffer duplicate = byteBuffer.duplicate();
        if (duplicate.get() == 0 && duplicate.limit() >= 32) {
            byte[] bArr = new byte[16];
            duplicate.get(bArr);
            byte[] bArr2 = new byte[16];
            duplicate.get(bArr2);
            try {
                if (ArrayUtils.isEquals(bArr2, MessageDigest.getInstance("MD5").digest(bArr))) {
                    ByteBuffer wrap = ByteBuffer.wrap(bArr);
                    secretKey = getReadKey(getKeyType(str), i, new UUID(wrap.getLong(), wrap.getLong()));
                    byteBuffer.position(duplicate.position());
                }
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }
        if (secretKey == null) {
            if (this.localKeyProvider == null) {
                throw new KeyAccessException(String.format("Unable to find key for cipher=%s strength=%s", str, Integer.valueOf(i)));
            }
            secretKey = this.localKeyProvider.getSecretKey(str, i);
        }
        return secretKey;
    }

    @Override // com.datastax.bdp.cassandra.crypto.IMultiKeyProvider
    public int headerLength() {
        return 33;
    }

    static {
        $assertionsDisabled = !ReplicatedKeyProvider.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger((Class<?>) ReplicatedKeyProvider.class);
        random = new SecureRandom();
        cluster = null;
        session = null;
    }
}
