package com.databricks.jdbc.auth;

import com.databricks.internal.fasterxml.jackson.databind.ObjectMapper;
import com.databricks.internal.sdk.core.DatabricksException;
import com.databricks.internal.sdk.core.oauth.Token;
import com.databricks.internal.sdk.core.oauth.TokenCache;
import com.databricks.internal.sdk.core.utils.SerDeUtils;
import com.databricks.jdbc.log.JdbcLogger;
import com.databricks.jdbc.log.JdbcLoggerFactory;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/databricks/jdbc/auth/EncryptedFileTokenCache.class */
public class EncryptedFileTokenCache implements TokenCache {
    private static final String ALGORITHM = "AES";
    private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";
    private static final String SECRET_KEY_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final int ITERATION_COUNT = 65536;
    private static final int KEY_LENGTH = 256;
    private static final int IV_SIZE = 16;
    private final Path cacheFile;
    private final ObjectMapper mapper;
    private final String passphrase;
    private static final JdbcLogger LOGGER = JdbcLoggerFactory.getLogger((Class<?>) EncryptedFileTokenCache.class);
    private static final byte[] SALT = "DatabricksJdbcTokenCache".getBytes();

    public EncryptedFileTokenCache(Path path, String str) {
        Objects.requireNonNull(path, "cacheFilePath must be defined");
        Objects.requireNonNull(str, "passphrase must be defined for encrypted token cache");
        this.cacheFile = path;
        this.mapper = SerDeUtils.createMapper();
        this.passphrase = str;
    }

    @Override // com.databricks.internal.sdk.core.oauth.TokenCache
    public void save(Token token) throws DatabricksException {
        try {
            Files.createDirectories(this.cacheFile.getParent(), new FileAttribute[0]);
            Files.write(this.cacheFile, encrypt(this.mapper.writeValueAsString(token).getBytes(StandardCharsets.UTF_8)), new OpenOption[0]);
            File file = this.cacheFile.toFile();
            file.setReadable(false, false);
            file.setReadable(true, true);
            file.setWritable(false, false);
            file.setWritable(true, true);
            LOGGER.debug("Successfully saved encrypted token to cache: %s", this.cacheFile);
        } catch (Exception e) {
            throw new DatabricksException("Failed to save token cache: " + e.getMessage(), e);
        }
    }

    @Override // com.databricks.internal.sdk.core.oauth.TokenCache
    public Token load() {
        try {
            if (!Files.exists(this.cacheFile, new LinkOption[0])) {
                LOGGER.debug("No token cache file found at: %s", this.cacheFile);
                return null;
            }
            try {
                Token token = (Token) this.mapper.readValue(new String(decrypt(Files.readAllBytes(this.cacheFile)), StandardCharsets.UTF_8), Token.class);
                LOGGER.debug("Successfully loaded encrypted token from cache: %s", this.cacheFile);
                return token;
            } catch (Exception e) {
                LOGGER.debug("Failed to decrypt token cache: %s", e.getMessage());
                return null;
            }
        } catch (Exception e2) {
            LOGGER.debug("Failed to load token from cache: %s", e2.getMessage());
            return null;
        }
    }

    private SecretKey generateSecretKey() throws Exception {
        return new SecretKeySpec(SecretKeyFactory.getInstance(SECRET_KEY_ALGORITHM).generateSecret(new PBEKeySpec(this.passphrase.toCharArray(), SALT, 65536, 256)).getEncoded(), ALGORITHM);
    }

    private byte[] encrypt(byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        cipher.init(1, generateSecretKey(), new IvParameterSpec(bArr2));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr3 = new byte[bArr2.length + doFinal.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(doFinal, 0, bArr3, bArr2.length, doFinal.length);
        return Base64.getEncoder().encode(bArr3);
    }

    private byte[] decrypt(byte[] bArr) throws Exception {
        byte[] decode = Base64.getDecoder().decode(bArr);
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[decode.length - 16];
        System.arraycopy(decode, 0, bArr2, 0, 16);
        System.arraycopy(decode, 16, bArr3, 0, bArr3.length);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(2, generateSecretKey(), new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }
}
