package org.forgerock.openidm.config.crypto;

import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.codehaus.jackson.map.ObjectMapper;
import org.forgerock.json.crypto.JsonCryptoException;
import org.forgerock.json.fluent.JsonPointer;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.fluent.JsonValueException;
import org.forgerock.openidm.config.InternalErrorException;
import org.forgerock.openidm.config.InvalidException;
import org.forgerock.openidm.config.JSONEnhancedConfig;
import org.forgerock.openidm.config.installer.JSONConfigInstaller;
import org.forgerock.openidm.config.installer.JSONPrettyPrint;
import org.forgerock.openidm.core.IdentityServer;
import org.forgerock.openidm.crypto.CryptoService;
import org.forgerock.openidm.metadata.MetaDataProvider;
import org.forgerock.openidm.metadata.WaitForMetaData;
import org.forgerock.openidm.metadata.impl.ProviderListener;
import org.forgerock.openidm.metadata.impl.ProviderTracker;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/config/crypto/ConfigCrypto.class */
public class ConfigCrypto {
    static final Logger logger = LoggerFactory.getLogger(ConfigCrypto.class);
    static ServiceTracker cryptoTracker;
    static ConfigCrypto instance;
    BundleContext context;
    String alias;
    ProviderTracker providerTracker;
    ProviderListener delayedHandler;
    ObjectMapper mapper = new ObjectMapper();
    JSONPrettyPrint prettyPrint = new JSONPrettyPrint();

    private ConfigCrypto(BundleContext bundleContext, ProviderListener providerListener) {
        this.alias = "openidm-config-default";
        this.context = bundleContext;
        this.delayedHandler = providerListener;
        this.alias = IdentityServer.getInstance().getProperty("openidm.config.crypto.alias", "openidm-config-default");
        logger.info("Using keystore alias {} to handle config encryption", this.alias);
        this.providerTracker = new ProviderTracker(bundleContext, providerListener, false);
    }

    public static synchronized ConfigCrypto getInstance(BundleContext bundleContext, ProviderListener providerListener) {
        if (instance == null) {
            instance = new ConfigCrypto(bundleContext, providerListener);
        }
        return instance;
    }

    public List<JsonPointer> getPropertiesToEncrypt(String str, String str2, JsonValue jsonValue) throws WaitForMetaData {
        List<JsonPointer> propertiesToEncrypt;
        WaitForMetaData waitForMetaData = null;
        Iterator<MetaDataProvider> it = this.providerTracker.getProviders().iterator();
        while (it.hasNext()) {
            try {
                propertiesToEncrypt = it.next().getPropertiesToEncrypt(str, str2, jsonValue);
            } catch (WaitForMetaData e) {
                waitForMetaData = e;
            }
            if (propertiesToEncrypt != null) {
                return propertiesToEncrypt;
            }
        }
        if (waitForMetaData != null) {
            throw waitForMetaData;
        }
        return null;
    }

    public Dictionary encrypt(String str, String str2, Dictionary dictionary) throws InvalidException, InternalErrorException, WaitForMetaData {
        return encrypt(str, str2, dictionary, parse(dictionary, str));
    }

    public Dictionary encrypt(String str, String str2, Dictionary dictionary, JsonValue jsonValue) throws WaitForMetaData {
        Dictionary hashtable = dictionary == null ? new Hashtable() : dictionary;
        List<JsonPointer> propertiesToEncrypt = getPropertiesToEncrypt(str, str2, jsonValue);
        if (logger.isTraceEnabled()) {
            logger.trace("Properties to encrypt for {} {}: {}", new Object[]{str, str2, propertiesToEncrypt});
        }
        if (propertiesToEncrypt != null && !propertiesToEncrypt.isEmpty()) {
            CryptoService cryptoService = getCryptoService(this.context);
            for (JsonPointer jsonPointer : propertiesToEncrypt) {
                logger.trace("Handling property to encrypt {}", jsonPointer);
                JsonValue jsonValue2 = jsonValue.get(jsonPointer);
                if (null != jsonValue2 && !jsonValue2.isNull() && !cryptoService.isEncrypted(jsonValue2)) {
                    if (logger.isTraceEnabled()) {
                        logger.trace("Encrypting {} with cipher {} and alias {}", new Object[]{jsonPointer, "AES/CBC/PKCS5Padding", this.alias});
                    }
                    try {
                        jsonValue.put(jsonPointer, cryptoService.encrypt(jsonValue2, "AES/CBC/PKCS5Padding", this.alias).getValue());
                    } catch (JsonCryptoException e) {
                        throw new InternalErrorException("Failure during encryption of configuration " + str + "-" + str2 + " for property " + jsonPointer.toString() + " : " + e.getMessage(), e);
                    }
                }
            }
        }
        try {
            hashtable.put(JSONConfigInstaller.JSON_CONFIG_PROPERTY, this.prettyPrint.getWriter().writeValueAsString(jsonValue.asMap()));
            if (logger.isDebugEnabled()) {
                logger.debug("Config with senstiive data encrypted {} {} : {}", new Object[]{str, str2, hashtable});
            }
            return hashtable;
        } catch (Exception e2) {
            throw new InternalErrorException("Failure in writing formatted and encrypted configuration " + str + "-" + str2 + " : " + e2.getMessage(), e2);
        }
    }

    public JsonValue parse(Dictionary<String, Object> dictionary, String str) throws InvalidException, InternalErrorException {
        JsonValue jsonValue = new JsonValue(new HashMap());
        if (dictionary != null) {
            Map map = null;
            String str2 = (String) dictionary.get(JSONConfigInstaller.JSON_CONFIG_PROPERTY);
            if (str2 != null) {
                try {
                    if (str2.trim().length() > 0) {
                        map = (Map) this.mapper.readValue(str2, Map.class);
                    }
                } catch (Exception e) {
                    throw new InvalidException("Configuration for " + str + " could not be parsed and may not be valid JSON : " + e.getMessage(), e);
                }
            }
            try {
                jsonValue = new JsonValue(map);
            } catch (JsonValueException e2) {
                throw new InvalidException("Component configuration for " + str + " is invalid: " + e2.getMessage(), e2);
            }
        }
        logger.debug("Parsed configuration for {}", str);
        return jsonValue;
    }

    private CryptoService getCryptoService(BundleContext bundleContext) throws InternalErrorException {
        try {
            synchronized (JSONEnhancedConfig.class) {
                if (cryptoTracker == null) {
                    cryptoTracker = new ServiceTracker(bundleContext, bundleContext.createFilter("(objectClass=" + CryptoService.class.getName() + ")"), (ServiceTrackerCustomizer) null);
                    cryptoTracker.open();
                }
            }
            CryptoService cryptoService = (CryptoService) cryptoTracker.waitForService(5000L);
            if (cryptoService != null) {
                logger.trace("Obtained crypto service");
                return cryptoService;
            }
            logger.warn("Failed to get crypto service to handle configuration encryption");
            if (logger.isTraceEnabled()) {
                logger.trace("List of available service {}", Arrays.asList(bundleContext.getAllServiceReferences((String) null, (String) null)));
            }
            throw new InternalErrorException("Configuration handling could not locate cryptography service to encrypt configuration. Cryptography service is not registered..");
        } catch (Exception e) {
            logger.warn("Exception in getting crypto service to handle configuration encryption", e);
            throw new InternalErrorException("Exception in getting cryptography service to encrypt configuration " + e.getMessage(), e);
        }
    }
}
