package org.apache.knox.gateway.services.security.impl;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.HashMap;
import java.util.Map;
import org.apache.knox.gateway.GatewayMessages;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.ServiceLifecycleException;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
import org.apache.knox.gateway.services.security.CryptoService;
import org.apache.knox.gateway.services.security.EncryptionResult;
import org.apache.knox.gateway.services.security.KeystoreService;
import org.apache.knox.gateway.services.security.KeystoreServiceException;

/* loaded from: input_file:org/apache/knox/gateway/services/security/impl/DefaultCryptoService.class */
public class DefaultCryptoService implements CryptoService {
    private static final GatewayMessages LOG = (GatewayMessages) MessagesFactory.get(GatewayMessages.class);
    private AliasService as = null;
    private KeystoreService ks = null;
    private HashMap<String, ConfigurableEncryptor> encryptorCache = new HashMap<>();
    private GatewayConfig config = null;

    public void setKeystoreService(KeystoreService keystoreService) {
        this.ks = keystoreService;
    }

    public void setAliasService(AliasService aliasService) {
        this.as = aliasService;
    }

    public void init(GatewayConfig gatewayConfig, Map<String, String> map) throws ServiceLifecycleException {
        this.config = gatewayConfig;
        if (this.as == null) {
            throw new ServiceLifecycleException("Alias service is not set");
        }
    }

    public void start() throws ServiceLifecycleException {
    }

    public void stop() throws ServiceLifecycleException {
    }

    public void createAndStoreEncryptionKeyForCluster(String str, String str2) {
        try {
            this.as.generateAliasForCluster(str, str2);
        } catch (AliasServiceException e) {
            e.printStackTrace();
        }
    }

    public EncryptionResult encryptForCluster(String str, String str2, byte[] bArr) {
        char[] cArr = null;
        try {
            cArr = this.as.getPasswordFromAliasForCluster(str, str2);
        } catch (AliasServiceException e) {
            e.printStackTrace();
        }
        if (cArr == null) {
            return null;
        }
        try {
            return getEncryptor(str, cArr).encrypt(bArr);
        } catch (InvalidKeyException e2) {
            LOG.failedToEncryptPasswordForCluster(str, e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            LOG.failedToEncryptPasswordForCluster(str, e3);
            return null;
        } catch (Exception e4) {
            LOG.failedToEncryptPasswordForCluster(str, e4);
            return null;
        }
    }

    public byte[] decryptForCluster(String str, String str2, String str3) {
        return decryptForCluster(str, str2, str3.getBytes(StandardCharsets.UTF_8), null, null);
    }

    public byte[] decryptForCluster(String str, String str2, byte[] bArr, byte[] bArr2, byte[] bArr3) {
        try {
            char[] passwordFromAliasForCluster = this.as.getPasswordFromAliasForCluster(str, str2);
            if (passwordFromAliasForCluster != null) {
                try {
                    return getEncryptor(str, passwordFromAliasForCluster).decrypt(bArr3, bArr2, bArr);
                } catch (Exception e) {
                    LOG.failedToDecryptPasswordForCluster(str, e);
                }
            } else {
                LOG.failedToDecryptCipherForClusterNullPassword(str);
            }
            return null;
        } catch (AliasServiceException e2) {
            LOG.failedToDecryptCipherForClusterNullPassword(str);
            return null;
        }
    }

    public boolean verify(String str, String str2, String str3, byte[] bArr) {
        boolean z = false;
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(this.ks.getKeystoreForGateway().getCertificate(str2).getPublicKey());
            signature.update(str3.getBytes(StandardCharsets.UTF_8));
            z = signature.verify(bArr);
        } catch (InvalidKeyException e) {
            LOG.failedToVerifySignature(e);
        } catch (KeyStoreException e2) {
            LOG.failedToVerifySignature(e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.failedToVerifySignature(e3);
        } catch (SignatureException e4) {
            LOG.failedToVerifySignature(e4);
        } catch (KeystoreServiceException e5) {
            LOG.failedToVerifySignature(e5);
        }
        LOG.signatureVerified(z);
        return z;
    }

    public byte[] sign(String str, String str2, String str3) {
        try {
            PrivateKey privateKey = (PrivateKey) this.ks.getKeyForGateway(str2, this.as.getGatewayIdentityPassphrase());
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(str3.getBytes(StandardCharsets.UTF_8));
            return signature.sign();
        } catch (AliasServiceException e) {
            LOG.failedToSignData(e);
            return null;
        } catch (InvalidKeyException e2) {
            LOG.failedToSignData(e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            LOG.failedToSignData(e3);
            return null;
        } catch (SignatureException e4) {
            LOG.failedToSignData(e4);
            return null;
        } catch (KeystoreServiceException e5) {
            LOG.failedToSignData(e5);
            return null;
        }
    }

    private final ConfigurableEncryptor getEncryptor(String str, char[] cArr) {
        ConfigurableEncryptor configurableEncryptor;
        synchronized (this.encryptorCache) {
            ConfigurableEncryptor configurableEncryptor2 = this.encryptorCache.get(str);
            if (configurableEncryptor2 == null) {
                configurableEncryptor2 = new ConfigurableEncryptor(String.valueOf(cArr));
                configurableEncryptor2.init(this.config);
                this.encryptorCache.put(str, configurableEncryptor2);
            }
            configurableEncryptor = configurableEncryptor2;
        }
        return configurableEncryptor;
    }
}
