package org.apache.syncope.core.util;

import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.common.types.CipherAlgorithm;
import org.jasypt.digest.StandardStringDigester;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.bcrypt.BCrypt;
import org.springframework.security.crypto.codec.Base64;

/* loaded from: input_file:org/apache/syncope/core/util/Encryptor.class */
public final class Encryptor {
    private static final Logger LOG = LoggerFactory.getLogger(Encryptor.class);
    private static final Map<String, Encryptor> INSTANCES = new ConcurrentHashMap();
    private static final String DEFAULT_SECRET_KEY = "1abcdefghilmnopqrstuvz2!";
    private static final int DEFAULT_SALT_ITERATIONS = 1;
    private static final int DEFAULT_SALT_SIZE_BYTES = 8;
    private static final boolean DEFAULT_IPOPSIER = true;
    private static final boolean DEFAULT_IPOSIMBD = true;
    private static final boolean DEFAULT_ULSSC = true;
    private static String secretKey;
    private static Integer saltIterations;
    private static Integer saltSizeBytes;
    private static Boolean ipopsier;
    private static Boolean iposimbd;
    private static Boolean ulssc;
    private SecretKeySpec keySpec;

    public static Encryptor getInstance() {
        return getInstance(secretKey);
    }

    public static Encryptor getInstance(String str) {
        String str2 = StringUtils.isBlank(str) ? DEFAULT_SECRET_KEY : str;
        Encryptor encryptor = INSTANCES.get(str2);
        if (encryptor == null) {
            encryptor = new Encryptor(str2);
            INSTANCES.put(str2, encryptor);
        }
        return encryptor;
    }

    private Encryptor(String str) {
        String str2 = str;
        if (str2.length() < 16) {
            StringBuilder sb = new StringBuilder(str2);
            for (int i = 0; i < 16 - str2.length(); i++) {
                sb.append('0');
            }
            str2 = sb.toString();
            LOG.debug("actualKey too short, adding some random characters");
        }
        try {
            this.keySpec = new SecretKeySpec(ArrayUtils.subarray(str2.getBytes("UTF-8"), 0, 16), CipherAlgorithm.AES.getAlgorithm());
        } catch (Exception e) {
            LOG.error("Error during key specification", e);
        }
    }

    public String encode(String str, CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        String str2 = null;
        if (str != null) {
            if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) {
                byte[] bytes = str.getBytes("UTF-8");
                Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
                cipher.init(1, this.keySpec);
                str2 = new String(Base64.encode(cipher.doFinal(bytes)));
            } else {
                str2 = cipherAlgorithm == CipherAlgorithm.BCRYPT ? BCrypt.hashpw(str, BCrypt.gensalt()) : getDigester(cipherAlgorithm).digest(str);
            }
        }
        return str2;
    }

    public boolean verify(String str, CipherAlgorithm cipherAlgorithm, String str2) {
        boolean z = false;
        if (str != null) {
            if (cipherAlgorithm != null) {
                try {
                    if (cipherAlgorithm != CipherAlgorithm.AES) {
                        z = cipherAlgorithm == CipherAlgorithm.BCRYPT ? BCrypt.checkpw(str, str2) : getDigester(cipherAlgorithm).matches(str, str2);
                    }
                } catch (Exception e) {
                    LOG.error("Could not verify encoded value", e);
                }
            }
            z = encode(str, cipherAlgorithm).equals(str2);
        }
        return z;
    }

    public String decode(String str, CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        String str2 = null;
        if (str != null && cipherAlgorithm == CipherAlgorithm.AES) {
            byte[] bytes = str.getBytes("UTF-8");
            Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm());
            cipher.init(2, this.keySpec);
            str2 = new String(cipher.doFinal(Base64.decode(bytes)), "UTF-8");
        }
        return str2;
    }

    private StandardStringDigester getDigester(CipherAlgorithm cipherAlgorithm) {
        StandardStringDigester standardStringDigester = new StandardStringDigester();
        if (cipherAlgorithm.getAlgorithm().startsWith("S-")) {
            standardStringDigester.setAlgorithm(cipherAlgorithm.getAlgorithm().replaceFirst("S\\-", ""));
            standardStringDigester.setIterations(saltIterations.intValue());
            standardStringDigester.setSaltSizeBytes(saltSizeBytes.intValue());
            standardStringDigester.setInvertPositionOfPlainSaltInEncryptionResults(ipopsier.booleanValue());
            standardStringDigester.setInvertPositionOfSaltInMessageBeforeDigesting(iposimbd.booleanValue());
            standardStringDigester.setUseLenientSaltSizeCheck(ulssc.booleanValue());
        } else {
            standardStringDigester.setAlgorithm(cipherAlgorithm.getAlgorithm());
            standardStringDigester.setIterations(1);
            standardStringDigester.setSaltSizeBytes(0);
        }
        standardStringDigester.setStringOutputType("hexadecimal");
        return standardStringDigester;
    }

    static {
        InputStream inputStream = null;
        try {
            try {
                inputStream = Encryptor.class.getResourceAsStream("/security.properties");
                Properties properties = new Properties();
                properties.load(inputStream);
                secretKey = properties.getProperty("secretKey");
                saltIterations = Integer.valueOf(properties.getProperty("digester.saltIterations"));
                saltSizeBytes = Integer.valueOf(properties.getProperty("digester.saltSizeBytes"));
                ipopsier = Boolean.valueOf(properties.getProperty("digester.invertPositionOfPlainSaltInEncryptionResults"));
                iposimbd = Boolean.valueOf(properties.getProperty("digester.invertPositionOfSaltInMessageBeforeDigesting"));
                ulssc = Boolean.valueOf(properties.getProperty("digester.useLenientSaltSizeCheck"));
                IOUtils.closeQuietly(inputStream);
            } catch (Exception e) {
                LOG.error("Could not read security parameters", e);
                IOUtils.closeQuietly(inputStream);
            }
            if (secretKey == null) {
                secretKey = DEFAULT_SECRET_KEY;
                LOG.debug("secretKey not found, reverting to default");
            }
            if (saltIterations == null) {
                saltIterations = 1;
                LOG.debug("digester.saltIterations not found, reverting to default");
            }
            if (saltSizeBytes == null) {
                saltSizeBytes = Integer.valueOf(DEFAULT_SALT_SIZE_BYTES);
                LOG.debug("digester.saltSizeBytes not found, reverting to default");
            }
            if (ipopsier == null) {
                ipopsier = true;
                LOG.debug("digester.invertPositionOfPlainSaltInEncryptionResults not found, reverting to default");
            }
            if (iposimbd == null) {
                iposimbd = true;
                LOG.debug("digester.invertPositionOfSaltInMessageBeforeDigesting not found, reverting to default");
            }
            if (ulssc == null) {
                ulssc = true;
                LOG.debug("digester.useLenientSaltSizeCheck not found, reverting to default");
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }
}
