package org.apache.hadoop.crypto.key;

import java.io.IOException;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.tools.CommandShell;
import org.apache.hadoop.util.ToolRunner;

/* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell.class */
public class KeyShell extends CommandShell {
    private static final String USAGE_PREFIX = "Usage: hadoop key [generic options]\n";
    private static final String COMMANDS = "   [-help]\n   [create <keyname> [-cipher <cipher>] [-size <size>]\n                     [-description <description>]\n                     [-attr <attribute=value>]\n                     [-provider <provider>] [-strict]\n                     [-help]]\n   [roll <keyname> [-provider <provider>] [-strict] [-help]]\n   [delete <keyname> [-provider <provider>] [-strict] [-f] [-help]]\n   [list [-provider <provider>] [-strict] [-metadata] [-help]]\n   [invalidateCache <keyname> [-provider <provider>] [-help]]\n";
    private static final String LIST_METADATA = "keyShell.list.metadata";

    @VisibleForTesting
    public static final String NO_VALID_PROVIDERS = "There are no valid (non-transient) providers configured.\nNo action has been taken. Use the -provider option to specify\na provider. If you want to use a transient provider then you\nMUST use the -provider argument.";
    private boolean interactive = true;
    private boolean strict = false;
    private boolean userSuppliedProvider = false;

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$Command.class */
    private abstract class Command extends CommandShell.SubCommand {
        protected KeyProvider provider;

        private Command() {
            super();
            this.provider = null;
        }

        protected KeyProvider getKeyProvider() {
            KeyProvider keyProvider = null;
            try {
                List<KeyProvider> providers = KeyProviderFactory.getProviders(KeyShell.this.getConf());
                if (!KeyShell.this.userSuppliedProvider) {
                    Iterator<KeyProvider> it = providers.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        KeyProvider next = it.next();
                        if (!next.isTransient()) {
                            keyProvider = next;
                            break;
                        }
                    }
                } else {
                    keyProvider = providers.get(0);
                }
            } catch (IOException e) {
                e.printStackTrace(KeyShell.this.getErr());
            }
            if (keyProvider == null) {
                KeyShell.this.getOut().println("There are no valid (non-transient) providers configured.\nNo action has been taken. Use the -provider option to specify\na provider. If you want to use a transient provider then you\nMUST use the -provider argument.");
            }
            return keyProvider;
        }

        protected void printProviderWritten() {
            KeyShell.this.getOut().println(this.provider + " has been updated.");
        }

        protected void warnIfTransientProvider() {
            if (this.provider.isTransient()) {
                KeyShell.this.getOut().println("WARNING: you are modifying a transient provider.");
            }
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public abstract void execute() throws Exception;

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public abstract String getUsage();
    }

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$CreateCommand.class */
    private class CreateCommand extends Command {
        public static final String USAGE = "create <keyname> [-cipher <cipher>] [-size <size>]\n                     [-description <description>]\n                     [-attr <attribute=value>]\n                     [-provider <provider>] [-strict]\n                     [-help]";
        public static final String DESC = "The create subcommand creates a new key for the name specified\nby the <keyname> argument within the provider specified by the\n-provider argument. You may specify a cipher with the -cipher\nargument. The default cipher is currently \"AES/CTR/NoPadding\".\nThe default keysize is 128. You may specify the requested key\nlength using the -size argument. Arbitrary attribute=value\nstyle attributes may be specified using the -attr argument.\n-attr may be specified multiple times, once per attribute.\n";
        private final String keyName;
        private final KeyProvider.Options options;

        public CreateCommand(String str, KeyProvider.Options options) {
            super();
            this.keyName = str;
            this.options = options;
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public boolean validate() {
            boolean z = true;
            try {
                this.provider = getKeyProvider();
                if (this.provider == null) {
                    z = false;
                } else if (this.provider.needsPassword()) {
                    if (KeyShell.this.strict) {
                        KeyShell.this.getOut().println(this.provider.noPasswordError());
                        z = false;
                    } else {
                        KeyShell.this.getOut().println(this.provider.noPasswordWarning());
                    }
                }
            } catch (IOException e) {
                e.printStackTrace(KeyShell.this.getErr());
            }
            if (this.keyName == null) {
                KeyShell.this.getOut().println("Please provide a <keyname>.  See the usage description with -help.");
                z = false;
            }
            return z;
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public void execute() throws IOException, NoSuchAlgorithmException {
            warnIfTransientProvider();
            try {
                this.provider.createKey(this.keyName, this.options);
                this.provider.flush();
                KeyShell.this.getOut().println(this.keyName + " has been successfully created with options " + this.options.toString() + ".");
                printProviderWritten();
            } catch (IOException e) {
                KeyShell.this.getOut().println(this.keyName + " has not been created.");
                throw e;
            } catch (InvalidParameterException e2) {
                KeyShell.this.getOut().println(this.keyName + " has not been created.");
                throw e2;
            } catch (NoSuchAlgorithmException e3) {
                KeyShell.this.getOut().println(this.keyName + " has not been created.");
                throw e3;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public String getUsage() {
            return "create <keyname> [-cipher <cipher>] [-size <size>]\n                     [-description <description>]\n                     [-attr <attribute=value>]\n                     [-provider <provider>] [-strict]\n                     [-help]:\n\nThe create subcommand creates a new key for the name specified\nby the <keyname> argument within the provider specified by the\n-provider argument. You may specify a cipher with the -cipher\nargument. The default cipher is currently \"AES/CTR/NoPadding\".\nThe default keysize is 128. You may specify the requested key\nlength using the -size argument. Arbitrary attribute=value\nstyle attributes may be specified using the -attr argument.\n-attr may be specified multiple times, once per attribute.\n";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$DeleteCommand.class */
    private class DeleteCommand extends Command {
        public static final String USAGE = "delete <keyname> [-provider <provider>] [-strict] [-f] [-help]";
        public static final String DESC = "The delete subcommand deletes all versions of the key\nspecified by the <keyname> argument from within the\nprovider specified by -provider. The command asks for\nuser confirmation unless -f is specified. If -strict is\nsupplied, fail immediately if the provider requires a\npassword and none is given.";
        private String keyName;
        private boolean cont;

        public DeleteCommand(String str) {
            super();
            this.keyName = null;
            this.cont = true;
            this.keyName = str;
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public boolean validate() {
            this.provider = getKeyProvider();
            if (this.provider == null) {
                return false;
            }
            if (this.keyName == null) {
                KeyShell.this.getOut().println("There is no keyName specified. Please specify a <keyname>. See the usage description with -help.");
                return false;
            }
            if (!KeyShell.this.interactive) {
                return true;
            }
            try {
                this.cont = ToolRunner.confirmPrompt("You are about to DELETE all versions of  key " + this.keyName + " from KeyProvider " + this.provider + ". Continue? ");
                if (!this.cont) {
                    KeyShell.this.getOut().println(this.keyName + " has not been deleted.");
                }
                return this.cont;
            } catch (IOException e) {
                KeyShell.this.getOut().println(this.keyName + " will not be deleted. " + KeyShell.this.prettifyException(e));
                return true;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public void execute() throws IOException {
            warnIfTransientProvider();
            KeyShell.this.getOut().println("Deleting key: " + this.keyName + " from KeyProvider: " + this.provider);
            if (this.cont) {
                try {
                    this.provider.deleteKey(this.keyName);
                    this.provider.flush();
                    KeyShell.this.getOut().println(this.keyName + " has been successfully deleted.");
                    printProviderWritten();
                } catch (IOException e) {
                    KeyShell.this.getOut().println(this.keyName + " has not been deleted.");
                    throw e;
                }
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public String getUsage() {
            return "delete <keyname> [-provider <provider>] [-strict] [-f] [-help]:\n\nThe delete subcommand deletes all versions of the key\nspecified by the <keyname> argument from within the\nprovider specified by -provider. The command asks for\nuser confirmation unless -f is specified. If -strict is\nsupplied, fail immediately if the provider requires a\npassword and none is given.";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$InvalidateCacheCommand.class */
    private class InvalidateCacheCommand extends Command {
        public static final String USAGE = "invalidateCache <keyname> [-provider <provider>] [-help]";
        public static final String DESC = "The invalidateCache subcommand invalidates the cached key versions\nof the specified key, on the provider indicated using the -provider argument.\n";
        private String keyName;

        InvalidateCacheCommand(String str) {
            super();
            this.keyName = null;
            this.keyName = str;
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public boolean validate() {
            boolean z = true;
            this.provider = getKeyProvider();
            if (this.provider == null) {
                KeyShell.this.getOut().println("Invalid provider.");
                z = false;
            }
            if (this.keyName == null) {
                KeyShell.this.getOut().println("Please provide a <keyname>.\nSee the usage description by using -help.");
                z = false;
            }
            return z;
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public void execute() throws NoSuchAlgorithmException, IOException {
            try {
                warnIfTransientProvider();
                KeyShell.this.getOut().println("Invalidating cache on KeyProvider: " + this.provider + "\n  for key name: " + this.keyName);
                this.provider.invalidateCache(this.keyName);
                KeyShell.this.getOut().println("Cached keyversions of " + this.keyName + " has been successfully invalidated.");
                printProviderWritten();
            } catch (IOException e) {
                KeyShell.this.getOut().println("Cannot invalidate cache for key: " + this.keyName + " within KeyProvider: " + this.provider + ".");
                throw e;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public String getUsage() {
            return "invalidateCache <keyname> [-provider <provider>] [-help]:\n\nThe invalidateCache subcommand invalidates the cached key versions\nof the specified key, on the provider indicated using the -provider argument.\n";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$ListCommand.class */
    private class ListCommand extends Command {
        public static final String USAGE = "list [-provider <provider>] [-strict] [-metadata] [-help]";
        public static final String DESC = "The list subcommand displays the keynames contained within\na particular provider as configured in core-site.xml or\nspecified with the -provider argument. -metadata displays\nthe metadata. If -strict is supplied, fail immediately if\nthe provider requires a password and none is given.";
        private boolean metadata;

        private ListCommand() {
            super();
            this.metadata = false;
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public boolean validate() {
            boolean z = true;
            this.provider = getKeyProvider();
            if (this.provider == null) {
                z = false;
            }
            this.metadata = KeyShell.this.getConf().getBoolean(KeyShell.LIST_METADATA, false);
            return z;
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public void execute() throws IOException {
            try {
                List<String> keys = this.provider.getKeys();
                KeyShell.this.getOut().println("Listing keys for KeyProvider: " + this.provider);
                if (this.metadata) {
                    KeyProvider.Metadata[] keysMetadata = this.provider.getKeysMetadata((String[]) keys.toArray(new String[keys.size()]));
                    for (int i = 0; i < keysMetadata.length; i++) {
                        KeyShell.this.getOut().println(keys.get(i) + " : " + keysMetadata[i]);
                    }
                } else {
                    Iterator<String> it = keys.iterator();
                    while (it.hasNext()) {
                        KeyShell.this.getOut().println(it.next());
                    }
                }
            } catch (IOException e) {
                KeyShell.this.getOut().println("Cannot list keys for KeyProvider: " + this.provider);
                throw e;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public String getUsage() {
            return "list [-provider <provider>] [-strict] [-metadata] [-help]:\n\nThe list subcommand displays the keynames contained within\na particular provider as configured in core-site.xml or\nspecified with the -provider argument. -metadata displays\nthe metadata. If -strict is supplied, fail immediately if\nthe provider requires a password and none is given.";
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/hadoop-common-3.3.3.jar:org/apache/hadoop/crypto/key/KeyShell$RollCommand.class */
    private class RollCommand extends Command {
        public static final String USAGE = "roll <keyname> [-provider <provider>] [-strict] [-help]";
        public static final String DESC = "The roll subcommand creates a new version for the specified key\nwithin the provider indicated using the -provider argument.\nIf -strict is supplied, fail immediately if the provider requires\na password and none is given.";
        private String keyName;

        public RollCommand(String str) {
            super();
            this.keyName = null;
            this.keyName = str;
        }

        @Override // org.apache.hadoop.tools.CommandShell.SubCommand
        public boolean validate() {
            boolean z = true;
            this.provider = getKeyProvider();
            if (this.provider == null) {
                z = false;
            }
            if (this.keyName == null) {
                KeyShell.this.getOut().println("Please provide a <keyname>.\nSee the usage description by using -help.");
                z = false;
            }
            return z;
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public void execute() throws NoSuchAlgorithmException, IOException {
            try {
                warnIfTransientProvider();
                KeyShell.this.getOut().println("Rolling key version from KeyProvider: " + this.provider + "\n  for key name: " + this.keyName);
                try {
                    this.provider.rollNewVersion(this.keyName);
                    this.provider.flush();
                    KeyShell.this.getOut().println(this.keyName + " has been successfully rolled.");
                    printProviderWritten();
                } catch (NoSuchAlgorithmException e) {
                    KeyShell.this.getOut().println("Cannot roll key: " + this.keyName + " within KeyProvider: " + this.provider + ".");
                    throw e;
                }
            } catch (IOException e2) {
                KeyShell.this.getOut().println("Cannot roll key: " + this.keyName + " within KeyProvider: " + this.provider + ".");
                throw e2;
            }
        }

        @Override // org.apache.hadoop.crypto.key.KeyShell.Command, org.apache.hadoop.tools.CommandShell.SubCommand
        public String getUsage() {
            return "roll <keyname> [-provider <provider>] [-strict] [-help]:\n\nThe roll subcommand creates a new version for the specified key\nwithin the provider indicated using the -provider argument.\nIf -strict is supplied, fail immediately if the provider requires\na password and none is given.";
        }
    }

    @Override // org.apache.hadoop.tools.CommandShell
    protected int init(String[] strArr) throws IOException {
        KeyProvider.Options options = KeyProvider.options(getConf());
        HashMap hashMap = new HashMap();
        int i = 0;
        while (i < strArr.length) {
            boolean z = i < strArr.length - 1;
            if (strArr[i].equals("create")) {
                String str = "-help";
                if (z) {
                    i++;
                    str = strArr[i];
                }
                setSubCommand(new CreateCommand(str, options));
                if ("-help".equals(str)) {
                    return 1;
                }
            } else if (strArr[i].equals("delete")) {
                String str2 = "-help";
                if (z) {
                    i++;
                    str2 = strArr[i];
                }
                setSubCommand(new DeleteCommand(str2));
                if ("-help".equals(str2)) {
                    return 1;
                }
            } else if (strArr[i].equals("roll")) {
                String str3 = "-help";
                if (z) {
                    i++;
                    str3 = strArr[i];
                }
                setSubCommand(new RollCommand(str3));
                if ("-help".equals(str3)) {
                    return 1;
                }
            } else if ("list".equals(strArr[i])) {
                setSubCommand(new ListCommand());
            } else if ("invalidateCache".equals(strArr[i])) {
                String str4 = "-help";
                if (z) {
                    i++;
                    str4 = strArr[i];
                }
                setSubCommand(new InvalidateCacheCommand(str4));
                if ("-help".equals(str4)) {
                    return 1;
                }
            } else if ("-size".equals(strArr[i]) && z) {
                i++;
                options.setBitLength(Integer.parseInt(strArr[i]));
            } else if ("-cipher".equals(strArr[i]) && z) {
                i++;
                options.setCipher(strArr[i]);
            } else if ("-description".equals(strArr[i]) && z) {
                i++;
                options.setDescription(strArr[i]);
            } else if ("-attr".equals(strArr[i]) && z) {
                i++;
                String[] split = strArr[i].split("=", 2);
                String trim = split[0].trim();
                String trim2 = split[1].trim();
                if (trim.isEmpty() || trim2.isEmpty()) {
                    getOut().println("\nAttributes must be in attribute=value form, or quoted\nlike \"attribute = value\"\n");
                    return 1;
                }
                if (hashMap.containsKey(trim)) {
                    getOut().println("\nEach attribute must correspond to only one value:\nattribute \"" + trim + "\" was repeated\n");
                    return 1;
                }
                hashMap.put(trim, trim2);
            } else if ("-provider".equals(strArr[i]) && z) {
                this.userSuppliedProvider = true;
                i++;
                getConf().set("hadoop.security.key.provider.path", strArr[i]);
            } else if ("-metadata".equals(strArr[i])) {
                getConf().setBoolean(LIST_METADATA, true);
            } else if ("-f".equals(strArr[i]) || "-force".equals(strArr[i])) {
                this.interactive = false;
            } else {
                if (!strArr[i].equals("-strict")) {
                    if ("-help".equals(strArr[i])) {
                        return 1;
                    }
                    ToolRunner.printGenericCommandUsage(getErr());
                    return 1;
                }
                this.strict = true;
            }
            i++;
        }
        if (hashMap.isEmpty()) {
            return 0;
        }
        options.setAttributes(hashMap);
        return 0;
    }

    @Override // org.apache.hadoop.tools.CommandShell
    public String getCommandUsage() {
        StringBuffer stringBuffer = new StringBuffer("Usage: hadoop key [generic options]\n   [-help]\n   [create <keyname> [-cipher <cipher>] [-size <size>]\n                     [-description <description>]\n                     [-attr <attribute=value>]\n                     [-provider <provider>] [-strict]\n                     [-help]]\n   [roll <keyname> [-provider <provider>] [-strict] [-help]]\n   [delete <keyname> [-provider <provider>] [-strict] [-f] [-help]]\n   [list [-provider <provider>] [-strict] [-metadata] [-help]]\n   [invalidateCache <keyname> [-provider <provider>] [-help]]\n");
        String repeat = StringUtils.repeat("=", 66);
        stringBuffer.append(repeat + "\n");
        stringBuffer.append("create <keyname> [-cipher <cipher>] [-size <size>]\n                     [-description <description>]\n                     [-attr <attribute=value>]\n                     [-provider <provider>] [-strict]\n                     [-help]:\n\nThe create subcommand creates a new key for the name specified\nby the <keyname> argument within the provider specified by the\n-provider argument. You may specify a cipher with the -cipher\nargument. The default cipher is currently \"AES/CTR/NoPadding\".\nThe default keysize is 128. You may specify the requested key\nlength using the -size argument. Arbitrary attribute=value\nstyle attributes may be specified using the -attr argument.\n-attr may be specified multiple times, once per attribute.\n\n");
        stringBuffer.append(repeat + "\n");
        stringBuffer.append("roll <keyname> [-provider <provider>] [-strict] [-help]:\n\nThe roll subcommand creates a new version for the specified key\nwithin the provider indicated using the -provider argument.\nIf -strict is supplied, fail immediately if the provider requires\na password and none is given.\n");
        stringBuffer.append(repeat + "\n");
        stringBuffer.append("delete <keyname> [-provider <provider>] [-strict] [-f] [-help]:\n\nThe delete subcommand deletes all versions of the key\nspecified by the <keyname> argument from within the\nprovider specified by -provider. The command asks for\nuser confirmation unless -f is specified. If -strict is\nsupplied, fail immediately if the provider requires a\npassword and none is given.\n");
        stringBuffer.append(repeat + "\n");
        stringBuffer.append("list [-provider <provider>] [-strict] [-metadata] [-help]:\n\nThe list subcommand displays the keynames contained within\na particular provider as configured in core-site.xml or\nspecified with the -provider argument. -metadata displays\nthe metadata. If -strict is supplied, fail immediately if\nthe provider requires a password and none is given.\n");
        stringBuffer.append(repeat + "\n");
        stringBuffer.append("invalidateCache <keyname> [-provider <provider>] [-help]:\n\nThe invalidateCache subcommand invalidates the cached key versions\nof the specified key, on the provider indicated using the -provider argument.\n\n");
        return stringBuffer.toString();
    }

    @Override // org.apache.hadoop.tools.CommandShell
    protected void printException(Exception exc) {
        getErr().println("Executing command failed with the following exception: " + prettifyException(exc));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String prettifyException(Exception exc) {
        return exc.getClass().getSimpleName() + ": " + exc.getLocalizedMessage().split("\n")[0];
    }

    public static void main(String[] strArr) throws Exception {
        System.exit(ToolRunner.run(new Configuration(), new KeyShell(), strArr));
    }
}
