package org.apache.orc.impl;

import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.util.List;
import java.util.Random;
import javax.crypto.spec.SecretKeySpec;
import jodd.util.StringPool;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.orc.EncryptionAlgorithm;
import org.apache.orc.impl.HadoopShims;
import org.apache.orc.impl.HadoopShimsPre2_3;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/hive-exec-3.1.1.jar:org/apache/orc/impl/HadoopShimsPre2_7.class */
public class HadoopShimsPre2_7 implements HadoopShims {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HadoopShimsPre2_7.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/hive-exec-3.1.1.jar:org/apache/orc/impl/HadoopShimsPre2_7$KeyProviderImpl.class */
    public static class KeyProviderImpl implements HadoopShims.KeyProvider {
        private final KeyProvider provider;
        private final Random random;

        KeyProviderImpl(KeyProvider keyProvider, Random random) {
            this.provider = keyProvider;
            this.random = random;
        }

        @Override // org.apache.orc.impl.HadoopShims.KeyProvider
        public List<String> getKeyNames() throws IOException {
            return this.provider.getKeys();
        }

        @Override // org.apache.orc.impl.HadoopShims.KeyProvider
        public HadoopShims.KeyMetadata getCurrentKeyVersion(String str) throws IOException {
            KeyProvider.Metadata metadata = this.provider.getMetadata(str);
            return new HadoopShims.KeyMetadata(str, metadata.getVersions() - 1, HadoopShimsPre2_7.findAlgorithm(metadata));
        }

        @Override // org.apache.orc.impl.HadoopShims.KeyProvider
        public HadoopShims.LocalKey createLocalKey(HadoopShims.KeyMetadata keyMetadata) throws IOException {
            EncryptionAlgorithm algorithm = keyMetadata.getAlgorithm();
            byte[] bArr = new byte[algorithm.getIvLength()];
            this.random.nextBytes(bArr);
            try {
                return new HadoopShims.LocalKey(new SecretKeySpec(((KeyProviderCryptoExtension) this.provider).decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion.createForDecryption(keyMetadata.getKeyName(), HadoopShimsPre2_7.buildKeyVersionName(keyMetadata), bArr, algorithm.getZeroKey())).getMaterial(), algorithm.getAlgorithm()), bArr);
            } catch (GeneralSecurityException e) {
                throw new IOException("Can't create local encryption key for " + keyMetadata, e);
            }
        }

        @Override // org.apache.orc.impl.HadoopShims.KeyProvider
        public Key decryptLocalKey(HadoopShims.KeyMetadata keyMetadata, byte[] bArr) throws IOException {
            EncryptionAlgorithm algorithm = keyMetadata.getAlgorithm();
            try {
                return new SecretKeySpec(((KeyProviderCryptoExtension) this.provider).decryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion.createForDecryption(keyMetadata.getKeyName(), HadoopShimsPre2_7.buildKeyVersionName(keyMetadata), bArr, algorithm.getZeroKey())).getMaterial(), algorithm.getAlgorithm());
            } catch (GeneralSecurityException e) {
                return null;
            }
        }
    }

    @Override // org.apache.orc.impl.HadoopShims
    public HadoopShims.DirectDecompressor getDirectDecompressor(HadoopShims.DirectCompressionType directCompressionType) {
        return HadoopShimsPre2_6.getDecompressor(directCompressionType);
    }

    @Override // org.apache.orc.impl.HadoopShims
    public HadoopShims.ZeroCopyReaderShim getZeroCopyReader(FSDataInputStream fSDataInputStream, HadoopShims.ByteBufferPoolShim byteBufferPoolShim) throws IOException {
        return ZeroCopyShims.getZeroCopyReader(fSDataInputStream, byteBufferPoolShim);
    }

    @Override // org.apache.orc.impl.HadoopShims
    public boolean endVariableLengthBlock(OutputStream outputStream) {
        return false;
    }

    static String buildKeyVersionName(HadoopShims.KeyMetadata keyMetadata) {
        return keyMetadata.getKeyName() + StringPool.AT + keyMetadata.getVersion();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HadoopShims.KeyProvider createKeyProvider(Configuration configuration, Random random) throws IOException {
        List<KeyProvider> providers = KeyProviderFactory.getProviders(configuration);
        if (providers.size() != 0) {
            return new KeyProviderImpl(providers.get(0), random);
        }
        LOG.info("Can't get KeyProvider for ORC encryption from hadoop.security.key.provider.path.");
        return new HadoopShimsPre2_3.NullKeyProvider();
    }

    static EncryptionAlgorithm findAlgorithm(KeyProvider.Metadata metadata) {
        String cipher = metadata.getCipher();
        if (!cipher.startsWith("AES/")) {
            throw new IllegalArgumentException("ORC column encryption only supports AES and not " + cipher);
        }
        int bitLength = metadata.getBitLength();
        if (bitLength == 128) {
            return EncryptionAlgorithm.AES_128;
        }
        if (bitLength != 256) {
            LOG.info("ORC column encryption does not support " + bitLength + " bit keys. Using 256 bits instead.");
        }
        return EncryptionAlgorithm.AES_256;
    }

    @Override // org.apache.orc.impl.HadoopShims
    public HadoopShims.KeyProvider getKeyProvider(Configuration configuration, Random random) throws IOException {
        return createKeyProvider(configuration, random);
    }
}
