package net.snowflake.ingest.internal.org.apache.parquet.crypto.keytools;

import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import net.snowflake.ingest.internal.org.apache.hadoop.conf.Configuration;
import net.snowflake.ingest.internal.org.apache.parquet.crypto.KeyAccessDeniedException;
import net.snowflake.ingest.internal.org.apache.parquet.crypto.ParquetCryptoRuntimeException;
import net.snowflake.ingest.internal.shaded.parquet.com.fasterxml.jackson.core.type.TypeReference;
import net.snowflake.ingest.internal.shaded.parquet.com.fasterxml.jackson.databind.ObjectMapper;

/* loaded from: input_file:net/snowflake/ingest/internal/org/apache/parquet/crypto/keytools/LocalWrapKmsClient.class */
public abstract class LocalWrapKmsClient implements KmsClient {
    public static final String LOCAL_WRAP_NO_KEY_VERSION = "NO_VERSION";
    protected String kmsInstanceID;
    protected String kmsInstanceURL;
    protected String kmsToken;
    protected Configuration hadoopConfiguration;
    private ConcurrentMap<String, byte[]> masterKeyCache;

    /* loaded from: input_file:net/snowflake/ingest/internal/org/apache/parquet/crypto/keytools/LocalWrapKmsClient$LocalKeyWrap.class */
    static class LocalKeyWrap {
        public static final String LOCAL_WRAP_KEY_VERSION_FIELD = "masterKeyVersion";
        public static final String LOCAL_WRAP_ENCRYPTED_KEY_FIELD = "encryptedKey";
        private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
        private String encryptedEncodedKey;
        private String masterKeyVersion;

        private LocalKeyWrap(String str, String str2) {
            this.masterKeyVersion = str;
            this.encryptedEncodedKey = str2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String createSerialized(String str) {
            HashMap hashMap = new HashMap(2);
            hashMap.put(LOCAL_WRAP_KEY_VERSION_FIELD, LocalWrapKmsClient.LOCAL_WRAP_NO_KEY_VERSION);
            hashMap.put(LOCAL_WRAP_ENCRYPTED_KEY_FIELD, str);
            try {
                return OBJECT_MAPPER.writeValueAsString(hashMap);
            } catch (IOException e) {
                throw new ParquetCryptoRuntimeException("Failed to serialize local key wrap map", e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static LocalKeyWrap parse(String str) {
            try {
                Map map = (Map) OBJECT_MAPPER.readValue(new StringReader(str), new TypeReference<Map<String, String>>() { // from class: net.snowflake.ingest.internal.org.apache.parquet.crypto.keytools.LocalWrapKmsClient.LocalKeyWrap.1
                });
                return new LocalKeyWrap((String) map.get(LOCAL_WRAP_KEY_VERSION_FIELD), (String) map.get(LOCAL_WRAP_ENCRYPTED_KEY_FIELD));
            } catch (IOException e) {
                throw new ParquetCryptoRuntimeException("Failed to parse local key wrap json " + str, e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getMasterKeyVersion() {
            return this.masterKeyVersion;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getEncryptedKey() {
            return this.encryptedEncodedKey;
        }
    }

    @Override // net.snowflake.ingest.internal.org.apache.parquet.crypto.keytools.KmsClient
    public void initialize(Configuration configuration, String str, String str2, String str3) {
        this.kmsInstanceID = str;
        this.kmsInstanceURL = str2;
        this.masterKeyCache = new ConcurrentHashMap();
        this.hadoopConfiguration = configuration;
        this.kmsToken = str3;
        initializeInternal();
    }

    @Override // net.snowflake.ingest.internal.org.apache.parquet.crypto.keytools.KmsClient
    public String wrapKey(byte[] bArr, String str) throws KeyAccessDeniedException {
        return LocalKeyWrap.createSerialized(KeyToolkit.encryptKeyLocally(bArr, this.masterKeyCache.computeIfAbsent(str, str2 -> {
            return getKeyFromServer(str);
        }), str.getBytes(StandardCharsets.UTF_8)));
    }

    @Override // net.snowflake.ingest.internal.org.apache.parquet.crypto.keytools.KmsClient
    public byte[] unwrapKey(String str, String str2) throws KeyAccessDeniedException {
        LocalKeyWrap parse = LocalKeyWrap.parse(str);
        String masterKeyVersion = parse.getMasterKeyVersion();
        if (LOCAL_WRAP_NO_KEY_VERSION.equals(masterKeyVersion)) {
            return KeyToolkit.decryptKeyLocally(parse.getEncryptedKey(), this.masterKeyCache.computeIfAbsent(str2, str3 -> {
                return getKeyFromServer(str2);
            }), str2.getBytes(StandardCharsets.UTF_8));
        }
        throw new ParquetCryptoRuntimeException("Master key versions are not supported for local wrapping: " + masterKeyVersion);
    }

    private byte[] getKeyFromServer(String str) {
        this.kmsToken = this.hadoopConfiguration.getTrimmed(KeyToolkit.KEY_ACCESS_TOKEN_PROPERTY_NAME);
        byte[] masterKeyFromServer = getMasterKeyFromServer(str);
        int length = masterKeyFromServer.length;
        if (16 == length || 24 == length || 32 == length) {
            return masterKeyFromServer;
        }
        throw new ParquetCryptoRuntimeException("Wrong length: " + length + " of AES key: " + str);
    }

    protected abstract byte[] getMasterKeyFromServer(String str) throws KeyAccessDeniedException;

    protected abstract void initializeInternal() throws KeyAccessDeniedException;
}
