package org.forgerock.openidm.crypto.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import org.codehaus.jackson.map.ObjectMapper;
import org.forgerock.json.crypto.JsonCrypto;
import org.forgerock.json.crypto.JsonCryptoException;
import org.forgerock.json.crypto.JsonCryptoTransformer;
import org.forgerock.json.crypto.JsonEncryptor;
import org.forgerock.json.crypto.simple.SimpleDecryptor;
import org.forgerock.json.crypto.simple.SimpleEncryptor;
import org.forgerock.json.crypto.simple.SimpleKeyStoreSelector;
import org.forgerock.json.fluent.JsonException;
import org.forgerock.json.fluent.JsonTransformer;
import org.forgerock.json.fluent.JsonValue;
import org.forgerock.json.fluent.JsonValueException;
import org.forgerock.openidm.core.IdentityServer;
import org.forgerock.openidm.crypto.CryptoService;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.ComponentException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/forgerock/openidm/crypto/impl/CryptoServiceImpl.class */
public class CryptoServiceImpl implements CryptoService {
    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoServiceImpl.class);
    private BundleContext context;
    private SimpleKeyStoreSelector keySelector;
    private final ArrayList<JsonTransformer> decryptionTransformers = new ArrayList<>();
    private final ObjectMapper mapper = new ObjectMapper();

    private InputStream openStream(String str) throws IOException {
        FileInputStream fileInputStream = null;
        if (str != null) {
            File fileForPath = IdentityServer.getFileForPath(str);
            if (fileForPath.exists()) {
                fileInputStream = new FileInputStream(fileForPath);
            } else {
                LOGGER.error("ERROR - KeyStore not found under CryptoService#location {}", fileForPath.getAbsolutePath());
            }
        }
        return fileInputStream;
    }

    public void activate(BundleContext bundleContext) {
        LOGGER.debug("Activating cryptography service");
        this.context = bundleContext;
        try {
            int i = 0;
            String property = IdentityServer.getInstance().getProperty("openidm.keystore.password");
            if (property != null) {
                String property2 = IdentityServer.getInstance().getProperty("openidm.keystore.type", KeyStore.getDefaultType());
                String property3 = IdentityServer.getInstance().getProperty("openidm.keystore.provider");
                String property4 = IdentityServer.getInstance().getProperty("openidm.keystore.location");
                try {
                    LOGGER.info("Activating cryptography service of type: {} provider: {} location: {}", new Object[]{property2, property3, property4});
                    KeyStore keyStore = (property3 == null || property3.trim().length() == 0) ? KeyStore.getInstance(property2) : KeyStore.getInstance(property2, property3);
                    InputStream openStream = openStream(property4);
                    if (null != openStream) {
                        char[] unfold = Main.unfold(property);
                        keyStore.load(openStream, property == null ? null : unfold);
                        this.keySelector = new SimpleKeyStoreSelector(keyStore, new String(unfold));
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            LOGGER.info("Available cryptography key: {}", aliases.nextElement());
                            i++;
                        }
                    }
                    this.decryptionTransformers.add(new JsonCryptoTransformer(new SimpleDecryptor(this.keySelector)));
                } catch (IOException e) {
                    LOGGER.error("IOException when loading KeyStore file of type: " + property2 + " provider: " + property3 + " location:" + property4, e);
                    throw new RuntimeException("IOException when loading KeyStore file of type: " + property2 + " provider: " + property3 + " location:" + property4 + " message: " + e.getMessage(), e);
                } catch (GeneralSecurityException e2) {
                    LOGGER.error("GeneralSecurityException when loading KeyStore file", e2);
                    throw new RuntimeException("GeneralSecurityException when loading KeyStore file of type: " + property2 + " provider: " + property3 + " location:" + property4 + " message: " + e2.getMessage(), e2);
                }
            }
            LOGGER.info("CryptoService is initialized with {} keys.", Integer.valueOf(i));
        } catch (JsonValueException e3) {
            LOGGER.error("Exception when loading CryptoService configuration", e3);
            throw new ComponentException("Configuration error", e3);
        }
    }

    public void deactivate(BundleContext bundleContext) {
        this.decryptionTransformers.clear();
        this.keySelector = null;
        this.context = null;
        LOGGER.info("CryptoService stopped.");
    }

    public JsonEncryptor getEncryptor(String str, String str2) throws JsonCryptoException {
        Key select = this.keySelector.select(str2);
        if (select != null) {
            return new SimpleEncryptor(str, select, str2);
        }
        String str3 = "Encryption key " + str2 + " not found";
        LOGGER.error(str3);
        throw new JsonCryptoException(str3);
    }

    public List<JsonTransformer> getDecryptionTransformers() {
        return this.decryptionTransformers;
    }

    public JsonValue encrypt(JsonValue jsonValue, String str, String str2) throws JsonCryptoException, JsonException {
        JsonValue jsonValue2 = null;
        if (jsonValue != null) {
            JsonEncryptor encryptor = getEncryptor(str, str2);
            jsonValue2 = new JsonCrypto(encryptor.getType(), encryptor.encrypt(jsonValue)).toJsonValue();
        }
        return jsonValue2;
    }

    public JsonValue decrypt(JsonValue jsonValue) throws JsonException {
        JsonValue jsonValue2 = null;
        if (jsonValue != null) {
            JsonValue jsonValue3 = new JsonValue(jsonValue);
            jsonValue3.getTransformers().addAll(0, getDecryptionTransformers());
            jsonValue3.applyTransformers();
            jsonValue2 = jsonValue3.copy();
        }
        return jsonValue2;
    }

    public JsonValue decrypt(String str) throws JsonException {
        return decrypt(parseStringified(str));
    }

    public boolean isEncrypted(JsonValue jsonValue) {
        return JsonCrypto.isJsonCrypto(jsonValue);
    }

    public boolean isEncrypted(String str) {
        boolean z = false;
        if (str != null && str.startsWith("{\"$crypto\":{") && str.endsWith("\"}}")) {
            try {
                z = JsonCrypto.isJsonCrypto(parseStringified(str));
            } catch (JsonException e) {
                z = false;
            }
        }
        return z;
    }

    private JsonValue parseStringified(String str) {
        try {
            return new JsonValue((Map) this.mapper.readValue(str, Map.class));
        } catch (IOException e) {
            throw new JsonException("String passed into parsing is not valid JSON", e);
        }
    }
}
