package org.wso2.cloud.secrets.utils;

import com.google.gson.Gson;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.wso2.cloud.secrets.exception.EncryptionException;
import org.wso2.cloud.secrets.model.InputSecretIdentifiers;
import org.wso2.cloud.secrets.model.Secret;

/* loaded from: input_file:org/wso2/cloud/secrets/utils/EncryptionUtils.class */
public class EncryptionUtils {
    public static void encryptPlainTextSecretsUsingCertString(List<Secret> list, String str) {
        if (list == null) {
            throw new EncryptionException("No input secret data to input");
        }
        if (str == null || str.isEmpty()) {
            throw new EncryptionException("No certificate provided");
        }
        Security.addProvider(new BouncyCastleProvider());
        String property = System.getProperty("org.wso2.cloud.cipher.transformation");
        if (property == null) {
            property = "RSA";
        }
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
            Cipher cipher = Cipher.getInstance(property);
            cipher.init(1, generateCertificate);
            list.forEach(secret -> {
                secret.setEncryptedPassword(performEncryption(cipher, secret.getPassword()));
            });
        } catch (InvalidKeyException | NoSuchAlgorithmException | CertificateException | NoSuchPaddingException e) {
            throw new EncryptionException("Error when initializing the cipher", e);
        }
    }

    private static String performEncryption(Cipher cipher, String str) {
        if (str == null || str.isEmpty()) {
            throw new EncryptionException("Password is either null or an empty string");
        }
        try {
            return DatatypeConverter.printBase64Binary(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new EncryptionException("Error when encrypting the provided password", e);
        }
    }

    public static InputSecretIdentifiers loadInputSecrets() {
        String property = System.getProperty("org.wso2.cloud.secrets.input");
        try {
            return (InputSecretIdentifiers) new Gson().fromJson((Reader) Files.newBufferedReader(Paths.get(property, new String[0])), InputSecretIdentifiers.class);
        } catch (IOException e) {
            throw new EncryptionException("Unable to read the source file: " + property, e);
        }
    }

    public static void validateSystemPropertyBasedInput() {
        validateSystemPropertyValue("org.wso2.cloud.secrets.input", "System property for source file with secret identifiers 'org.wso2.cloud.secrets.input' not defined or file name resolves to an empty string");
        validateSystemPropertyValue(Constants.SOURCE_AZURE_KEY_VAULT_NAME_SYS_PROPERTY_KEY, "System property for source Key Vault 'org.wso2.cloud.vault.source.name' not defined or source Key Vault name resolves to an empty string");
        validateSystemPropertyValue(Constants.TARGET_AZURE_KEY_VAULT_NAME_SYS_PROPERTY_KEY, "System property for target Key Vault 'org.wso2.cloud.vault.target.name' not defined or target Key Vault name resolves to an empty string");
        validateSystemPropertyValue("org.wso2.cloud.vault.encryption.key", "System property for Azure Key Vault Certificate name 'org.wso2.cloud.vault.encryption.key' not defined or Certificate name resolves to an empty string");
        validateSystemPropertyValue("org.wso2.cloud.vault.sp.id", "System property for Azure AD Service Principal Application ID 'org.wso2.cloud.vault.sp.id' not defined or Service Principal ID resolves to an empty string");
        validateSystemPropertyValue("org.wso2.cloud.vault.sp.key", "System property for Azure AD Service Principal Key 'org.wso2.cloud.vault.sp.key' not defined or Service Principal Key resolves to an empty string");
        validateSystemPropertyValue("org.wso2.cloud.vault.tenant.id", "System property for Azure Tenant ID 'org.wso2.cloud.vault.tenant.id' not defined or Azure Key Vault Tenant ID resolves to an empty string");
    }

    private static void validateSystemPropertyValue(String str, String str2) {
        if (str == null || str.isEmpty()) {
            throw new EncryptionException("Invalid system property name: Name cannot be null or an empty string");
        }
        String property = System.getProperty(str);
        if (property == null || property.isEmpty()) {
            if (str2 != null && !str2.isEmpty()) {
                throw new EncryptionException(str2);
            }
            throw new EncryptionException("System property " + str + " not set");
        }
    }
}
