package org.wso2.carbon.dataservices.core.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.dataservices.core.sqlparser.LexicalConstants;
import org.wso2.securevault.CipherFactory;
import org.wso2.securevault.CipherOperationMode;
import org.wso2.securevault.DecryptionProvider;
import org.wso2.securevault.EncodingType;
import org.wso2.securevault.commons.MiscellaneousUtil;
import org.wso2.securevault.definition.CipherInformation;
import org.wso2.securevault.definition.IdentityKeyStoreInformation;
import org.wso2.securevault.definition.KeyStoreInformationFactory;
import org.wso2.securevault.definition.TrustKeyStoreInformation;
import org.wso2.securevault.keystore.IdentityKeyStoreWrapper;
import org.wso2.securevault.keystore.TrustKeyStoreWrapper;

/* loaded from: input_file:org/wso2/carbon/dataservices/core/security/CipherInitializer.class */
public class CipherInitializer {
    private static Log log = LogFactory.getLog(CipherInitializer.class);
    private static CipherInitializer cipherInitializer = new CipherInitializer();
    private DecryptionProvider decryptionProvider = null;
    private IdentityKeyStoreWrapper identityKeyStoreWrapper;
    private TrustKeyStoreWrapper trustKeyStoreWrapper;

    public static CipherInitializer getInstance() {
        return cipherInitializer;
    }

    private CipherInitializer() {
        if (init()) {
            initCipherDecryptProvider();
        } else {
            log.error("Either Configuration properties can not be loaded or No secret repositories have been configured please check PRODUCT_HOME/repository/conf/security  refer links related to configure WSO2 Secure vault");
        }
    }

    private boolean init() {
        Properties loadProperties = loadProperties();
        if (loadProperties.isEmpty()) {
            log.error("KeyStore configuration properties cannot be found");
            return false;
        }
        String property = MiscellaneousUtil.getProperty(loadProperties, "secret.manager.conf", "secret-manager.properties");
        Properties loadProperties2 = MiscellaneousUtil.loadProperties(property);
        if (loadProperties2.isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("Configuration properties can not be loaded from : " + property + " Will use synapse properties");
            }
            loadProperties2 = loadProperties;
        }
        String property2 = MiscellaneousUtil.getProperty(loadProperties2, "secretRepositories", (String) null);
        if (property2 == null || "".equals(property2)) {
            log.error("No secret repositories have been configured");
            return false;
        }
        String[] split = property2.split(LexicalConstants.COMMA);
        if (split.length == 0) {
            log.error("No secret repositories have been configured");
            return false;
        }
        IdentityKeyStoreInformation createIdentityKeyStoreInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(loadProperties);
        TrustKeyStoreInformation createTrustKeyStoreInformation = KeyStoreInformationFactory.createTrustKeyStoreInformation(loadProperties);
        String str = null;
        String str2 = null;
        if (createIdentityKeyStoreInformation != null) {
            str = createIdentityKeyStoreInformation.getKeyPasswordProvider().getResolvedSecret();
            str2 = createIdentityKeyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret();
        }
        if (!validatePasswords(str2, str, createTrustKeyStoreInformation != null ? createTrustKeyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret() : null)) {
            log.error("Either Identity or Trust keystore password is mandatory in order to initialized secret manager.");
            return false;
        }
        this.identityKeyStoreWrapper = new IdentityKeyStoreWrapper();
        this.identityKeyStoreWrapper.init(createIdentityKeyStoreInformation, str);
        this.trustKeyStoreWrapper = new TrustKeyStoreWrapper();
        if (createTrustKeyStoreInformation != null) {
            this.trustKeyStoreWrapper.init(createTrustKeyStoreInformation);
        }
        for (String str3 : split) {
            String property3 = MiscellaneousUtil.getProperty(loadProperties2, "secretRepositories." + str3 + LexicalConstants.DOT + "provider", (String) null);
            if (property3 == null || "".equals(property3)) {
                handleException("Repository provider cannot be null.");
            }
            if (log.isDebugEnabled()) {
                log.debug("Initiating a File Based Secret Repository");
            }
        }
        return true;
    }

    private boolean validatePasswords(String str, String str2, String str3) {
        boolean z = false;
        if (str3 != null && !"".equals(str3)) {
            if (log.isDebugEnabled()) {
                log.debug("Trust Store Password cannot be found.");
            }
            z = true;
        } else if (str != null && !"".equals(str) && str2 != null && !"".equals(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Identity Store Password and Identity Store private key Password cannot be found.");
            }
            z = true;
        }
        return z;
    }

    private void initCipherDecryptProvider() {
        if (this.decryptionProvider != null) {
            return;
        }
        Properties loadProperties = loadProperties();
        String cipherTransformation = getCipherTransformation(loadProperties);
        TrustKeyStoreWrapper trustKeyStoreWrapper = "trusted".equals(MiscellaneousUtil.getProperty(loadProperties, ".algorithm", (String) null)) ? this.trustKeyStoreWrapper : this.identityKeyStoreWrapper;
        CipherInformation cipherInformation = new CipherInformation();
        cipherInformation.setAlgorithm(cipherTransformation);
        cipherInformation.setCipherOperationMode(CipherOperationMode.DECRYPT);
        cipherInformation.setInType(EncodingType.BASE64);
        this.decryptionProvider = CipherFactory.createCipher(cipherInformation, trustKeyStoreWrapper);
    }

    private String getCipherTransformation(Properties properties) {
        String property = System.getProperty("org.wso2.CipherTransformation");
        if (property == null) {
            property = "RSA";
        }
        return MiscellaneousUtil.getProperty(properties, "keystore.identity.CipherTransformation", property);
    }

    private static Properties loadProperties() {
        Properties properties = new Properties();
        String property = System.getProperty("conf.location");
        if (property == null) {
            property = Paths.get("repository", "conf").toString();
        }
        String path = Paths.get(property, "security", "secret-conf.properties").toString();
        File file = new File(path);
        if (!file.exists()) {
            return properties;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                properties.load(fileInputStream);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                return properties;
            } finally {
            }
        } catch (IOException e) {
            log.warn("Error loading properties from a file at :" + path, e);
            return properties;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DecryptionProvider getDecryptionProvider() {
        return this.decryptionProvider;
    }

    private static void handleException(String str) {
        log.error(str);
    }
}
