package org.apache.cassandra.security;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.Key;
import java.security.KeyStore;
import org.apache.cassandra.config.TransparentDataEncryptionOptions;
import org.apache.cassandra.io.util.File;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/security/JKSKeyProvider.class */
public class JKSKeyProvider implements KeyProvider {
    private static final Logger logger = LoggerFactory.getLogger(JKSKeyProvider.class);
    static final String PROP_KEYSTORE = "keystore";
    static final String PROP_KEYSTORE_PW = "keystore_password";
    static final String PROP_KEYSTORE_TYPE = "store_type";
    static final String PROP_KEY_PW = "key_password";
    private final KeyStore store;
    private final boolean isJceks;
    private final TransparentDataEncryptionOptions options;

    public JKSKeyProvider(TransparentDataEncryptionOptions transparentDataEncryptionOptions) {
        this.options = transparentDataEncryptionOptions;
        logger.info("initializing keystore from file {}", transparentDataEncryptionOptions.get("keystore"));
        try {
            InputStream newInputStream = Files.newInputStream(File.getPath(transparentDataEncryptionOptions.get("keystore"), new String[0]), new OpenOption[0]);
            try {
                this.store = KeyStore.getInstance(transparentDataEncryptionOptions.get(PROP_KEYSTORE_TYPE));
                this.store.load(newInputStream, transparentDataEncryptionOptions.get(PROP_KEYSTORE_PW).toCharArray());
                this.isJceks = this.store.getType().equalsIgnoreCase("jceks");
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("couldn't load keystore", e);
        }
    }

    @Override // org.apache.cassandra.security.KeyProvider
    public Key getSecretKey(String str) throws IOException {
        if (this.isJceks) {
            str = str.toLowerCase();
        }
        try {
            String str2 = this.options.get(PROP_KEY_PW);
            if (str2 == null || str2.isEmpty()) {
                str2 = this.options.get(PROP_KEYSTORE_PW);
            }
            Key key = this.store.getKey(str, str2.toCharArray());
            if (key == null) {
                throw new IOException(String.format("key %s was not found in keystore", str));
            }
            return key;
        } catch (Exception e) {
            throw new IOException("unable to load key from keystore");
        }
    }
}
