package org.wso2.carbon.dataservices.core.security;

import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.dataservices.core.internal.DataServicesDSComponent;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.securevault.DecryptionProvider;

/* loaded from: input_file:org/wso2/carbon/dataservices/core/security/SecureVaultResolver.class */
public class SecureVaultResolver {
    private static final String SECURE_VAULT_LOOKUP_PLACEHOLDER_PREFIX = "{wso2:vault-lookup('";
    private static final String SECURE_VAULT_LOOKUP_PLACEHOLDER_SUFFIX = "')}";
    private static Log log = LogFactory.getLog(SecureVaultResolver.class);
    private static final String SECURE_VAULT_REGEX = "\\{(wso2:vault-lookup\\('(.*?)'\\))\\}";
    private static Pattern vaultLookupPattern = Pattern.compile(SECURE_VAULT_REGEX);

    private SecureVaultResolver() {
    }

    public static boolean checkVaultLookupPattersExists(String str) {
        return vaultLookupPattern.matcher(str).find();
    }

    public static String resolve(String str) throws RegistryException {
        return getSecret(StringUtils.substringBetween(str, SECURE_VAULT_LOOKUP_PLACEHOLDER_PREFIX, SECURE_VAULT_LOOKUP_PLACEHOLDER_SUFFIX));
    }

    private static String getSecret(String str) throws RegistryException {
        UserRegistry configSystemRegistry = DataServicesDSComponent.getRegistryService().getConfigSystemRegistry();
        String str2 = null;
        if (configSystemRegistry != null && configSystemRegistry.resourceExists("/repository/components/secure-vault")) {
            str2 = configSystemRegistry.get("/repository/components/secure-vault").getProperty(str);
        }
        if (str2 == null) {
            log.error("Calling for a non existence alias: " + str);
            return str;
        }
        DecryptionProvider decryptionProvider = CipherInitializer.getInstance().getDecryptionProvider();
        if (decryptionProvider != null) {
            return new String(decryptionProvider.decrypt(str2.trim().getBytes()));
        }
        log.error("Can not proceed decryption due to the secret repository initialization error");
        return str;
    }
}
