package com.evolveum.midpoint.init;

import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.ProtectedData;
import com.evolveum.midpoint.prism.crypto.SecretsProvider;
import com.evolveum.midpoint.prism.crypto.SecretsResolver;
import com.evolveum.midpoint.prism.impl.crypto.KeyStoreBasedProtectorImpl;
import com.evolveum.midpoint.util.SingleLocalizableMessage;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.prism.xml.ns._public.types_3.ExternalDataType;
import java.nio.ByteBuffer;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/system-init-4.9.3.jar:com/evolveum/midpoint/init/ConfigurableProtector.class */
public class ConfigurableProtector extends KeyStoreBasedProtectorImpl implements SecretsResolver {
    private final Map<String, SecretsProvider<?>> providers = new ConcurrentHashMap();

    @Override // com.evolveum.midpoint.prism.crypto.SecretsResolver
    public void addSecretsProvider(@NotNull SecretsProvider<?> secretsProvider) {
        this.providers.put(secretsProvider.getIdentifier(), secretsProvider);
    }

    @Override // com.evolveum.midpoint.prism.crypto.SecretsResolver
    public void removeSecretsProvider(@NotNull SecretsProvider<?> secretsProvider) {
        this.providers.remove(secretsProvider.getIdentifier());
    }

    @Override // com.evolveum.midpoint.prism.crypto.SecretsResolver
    @NotNull
    public List<SecretsProvider<?>> getSecretsProviders() {
        return List.copyOf(this.providers.values());
    }

    @Override // com.evolveum.midpoint.prism.crypto.SecretsResolver
    @NotNull
    public String resolveSecretString(@NotNull String str, @NotNull String str2) throws EncryptionException {
        ExternalDataType externalDataType = new ExternalDataType();
        externalDataType.setProvider(str);
        externalDataType.setKey(str2);
        return (String) resolveExternalData(externalDataType, String.class);
    }

    @Override // com.evolveum.midpoint.prism.crypto.SecretsResolver
    @NotNull
    public ByteBuffer resolveSecretBinary(@NotNull String str, @NotNull String str2) throws EncryptionException {
        ExternalDataType externalDataType = new ExternalDataType();
        externalDataType.setProvider(str);
        externalDataType.setKey(str2);
        return (ByteBuffer) resolveExternalData(externalDataType, ByteBuffer.class);
    }

    @Override // com.evolveum.midpoint.prism.impl.crypto.BaseProtector, com.evolveum.midpoint.prism.crypto.Protector
    public <T> void decrypt(ProtectedData<T> protectedData) throws EncryptionException, SchemaException {
        ExternalDataType externalData = protectedData.getExternalData();
        if (externalData == null) {
            super.decrypt(protectedData);
        } else {
            protectedData.setClearBytes(((ByteBuffer) resolveExternalData(externalData, ByteBuffer.class)).array());
        }
    }

    @Override // com.evolveum.midpoint.prism.impl.crypto.BaseProtector, com.evolveum.midpoint.prism.crypto.Protector
    public String decryptString(ProtectedData<String> protectedData) throws EncryptionException {
        ExternalDataType externalData = protectedData.getExternalData();
        return externalData == null ? super.decryptString(protectedData) : (String) resolveExternalData(externalData, String.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.prism.impl.crypto.KeyStoreBasedProtectorImpl, com.evolveum.midpoint.prism.impl.crypto.BaseProtector
    public <T> byte[] decryptBytes(ProtectedData<T> protectedData) throws SchemaException, EncryptionException {
        ExternalDataType externalData = protectedData.getExternalData();
        return externalData == null ? super.decryptBytes(protectedData) : ((ByteBuffer) resolveExternalData(externalData, ByteBuffer.class)).array();
    }

    private <T> T resolveExternalData(ExternalDataType externalDataType, Class<T> cls) throws EncryptionException {
        Object secretBinary;
        String provider = externalDataType.getProvider();
        String key = externalDataType.getKey();
        if (provider == null) {
            throw new EncryptionException(new SingleLocalizableMessage("ConfigurableProtector.noProvider", new Object[]{key}, "No provider specified for key " + key));
        }
        if (key == null) {
            throw new EncryptionException(new SingleLocalizableMessage("ConfigurableProtector.noKey", new Object[]{provider}, "No key specified for provider " + provider));
        }
        SecretsProvider<?> secretsProvider = this.providers.get(provider);
        if (secretsProvider == null) {
            throw new EncryptionException(new SingleLocalizableMessage("ConfigurableProtector.unknownProviderIdentifier", new Object[]{provider}, "No secrets provider with identifier " + provider + " found"));
        }
        if (cls == String.class) {
            secretBinary = secretsProvider.getSecretString(key);
        } else {
            if (cls != ByteBuffer.class) {
                throw new EncryptionException(new SingleLocalizableMessage("ConfigurableProtector.unsupportedExternalDataType", new Object[]{cls}, "Unsupported external data type " + cls));
            }
            secretBinary = secretsProvider.getSecretBinary(key);
        }
        if (secretBinary == null) {
            throw new EncryptionException(new SingleLocalizableMessage("ConfigurableProtector.noSecretWithKey", new Object[]{key, provider}, "No secret with key " + key + " found in provider " + provider));
        }
        return (T) secretBinary;
    }

    @Override // com.evolveum.midpoint.prism.impl.crypto.KeyStoreBasedProtectorImpl, com.evolveum.midpoint.prism.crypto.Protector
    public <T> void encrypt(ProtectedData<T> protectedData) throws EncryptionException {
        if (protectedData.getExternalData() == null) {
            super.encrypt(protectedData);
        } else {
            protectedData.destroyCleartext();
        }
    }
}
