package org.wso2.carbon.identity.secret.mgt.core;

import java.util.List;
import org.apache.commons.codec.Charsets;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.secret.mgt.core.constant.SecretConstants;
import org.wso2.carbon.identity.secret.mgt.core.dao.SecretDAO;
import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementClientException;
import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementException;
import org.wso2.carbon.identity.secret.mgt.core.exception.SecretManagementServerException;
import org.wso2.carbon.identity.secret.mgt.core.internal.SecretManagerComponentDataHolder;
import org.wso2.carbon.identity.secret.mgt.core.model.Secret;
import org.wso2.carbon.identity.secret.mgt.core.model.Secrets;
import org.wso2.carbon.identity.secret.mgt.core.util.SecretUtils;

/* loaded from: input_file:org/wso2/carbon/identity/secret/mgt/core/SecretManagerImpl.class */
public class SecretManagerImpl implements SecretManager {
    private static final Log log = LogFactory.getLog(SecretManagerImpl.class);
    private final List<SecretDAO> secretDAOS = SecretManagerComponentDataHolder.getInstance().getSecretDAOS();

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public Secret addSecret(Secret secret) throws SecretManagementException {
        validateSecretManagerEnabled();
        validateSecretCreateRequest(secret);
        secret.setSecretId(SecretUtils.generateUniqueID());
        secret.setSecretValue(getEncryptedSecret(secret.getSecretValue(), secret.getSecretName()));
        getSecretDAO().addSecret(secret);
        if (log.isDebugEnabled()) {
            log.debug("Secret: " + secret.getSecretName() + " added successfully");
        }
        return secret;
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public Secret getSecret(String str) throws SecretManagementException {
        validateSecretManagerEnabled();
        validateSecretRetrieveRequest(str);
        Secret secretByName = getSecretDAO().getSecretByName(str, getTenantId());
        if (secretByName == null) {
            if (log.isDebugEnabled()) {
                log.debug("No secret found for the secretName: " + str);
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DOES_NOT_EXISTS, str, null);
        }
        if (log.isDebugEnabled()) {
            log.debug("Secret: " + str + " is retrieved successfully.");
        }
        return secretByName;
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public Secrets getSecrets() throws SecretManagementException {
        validateSecretManagerEnabled();
        List secrets = getSecretDAO().getSecrets(getTenantId());
        if (secrets == null) {
            if (log.isDebugEnabled()) {
                log.debug("No secret found for the tenant: " + getTenantDomain());
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRETS_DOES_NOT_EXISTS, null);
        }
        if (log.isDebugEnabled()) {
            log.debug("All secrets of tenant: " + getTenantDomain() + " are retrieved successfully.");
        }
        return new Secrets(secrets);
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public Secret getSecretById(String str) throws SecretManagementException {
        validateSecretManagerEnabled();
        if (StringUtils.isBlank(str)) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_INVALID_SECRET_ID, str);
        }
        Secret secretById = getSecretDAO().getSecretById(str, getTenantId());
        if (secretById == null) {
            if (log.isDebugEnabled()) {
                log.debug("No secret found for the secretId: " + str);
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_ID_DOES_NOT_EXISTS, str);
        }
        if (log.isDebugEnabled()) {
            log.debug("Secret: " + secretById.getSecretName() + " is retrieved successfully.");
        }
        return secretById;
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public void deleteSecret(String str) throws SecretManagementException {
        validateSecretManagerEnabled();
        validateSecretDeleteRequest(str);
        if (!isSecretExist(str)) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DOES_NOT_EXISTS, str);
        }
        getSecretDAO().deleteSecretByName(str, getTenantId());
        if (log.isDebugEnabled()) {
            log.debug("Secret: " + str + " is deleted successfully.");
        }
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public void deleteSecretById(String str) throws SecretManagementException {
        validateSecretManagerEnabled();
        if (StringUtils.isBlank(str)) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_INVALID_SECRET_ID, str);
        }
        if (!isSecretExistsById(str)) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_ID_DOES_NOT_EXISTS, str);
        }
        getSecretDAO().deleteSecretById(str, getTenantId());
        if (log.isDebugEnabled()) {
            log.debug("Secret id: " + str + " in tenant: " + getTenantDomain() + " deleted successfully.");
        }
    }

    @Override // org.wso2.carbon.identity.secret.mgt.core.SecretManager
    public Secret replaceSecret(Secret secret) throws SecretManagementException {
        validateSecretManagerEnabled();
        validateSecretReplaceRequest(secret);
        secret.setSecretId(generateSecretId(secret.getSecretName()));
        secret.setSecretValue(getEncryptedSecret(secret.getSecretValue(), secret.getSecretName()));
        getSecretDAO().replaceSecret(secret);
        if (log.isDebugEnabled()) {
            log.debug(secret.getSecretName() + " secret replaced successfully.");
        }
        return secret;
    }

    private void validateSecretRetrieveRequest(String str) throws SecretManagementException {
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid secret identifier with secretName: " + str + ".");
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_GET_REQUEST_INVALID, null);
        }
    }

    private void validateSecretDeleteRequest(String str) throws SecretManagementException {
        if (StringUtils.isEmpty(str)) {
            if (log.isDebugEnabled()) {
                log.debug("Error identifying the secret with secret name: " + str + ".");
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DELETE_REQUEST_REQUIRED, null);
        }
        if (isSecretExist(str)) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("A secret with the name: " + str + " does not exists.");
        }
        throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DOES_NOT_EXISTS, str);
    }

    private void validateSecretCreateRequest(Secret secret) throws SecretManagementException {
        if (StringUtils.isEmpty(secret.getSecretName()) || StringUtils.isEmpty(secret.getSecretValue())) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_ADD_REQUEST_INVALID, null);
        }
        if (isSecretExist(secret.getSecretName())) {
            if (log.isDebugEnabled()) {
                log.debug("A secret with the name: " + secret.getSecretName() + " does not exists.");
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_ALREADY_EXISTS, secret.getSecretName());
        }
        if (StringUtils.isEmpty(secret.getTenantDomain())) {
            secret.setTenantDomain(getTenantDomain());
        }
    }

    private void validateSecretReplaceRequest(Secret secret) throws SecretManagementException {
        if (StringUtils.isEmpty(secret.getSecretName()) || StringUtils.isEmpty(secret.getSecretValue())) {
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_REPLACE_REQUEST_INVALID, null);
        }
        if (!isSecretExist(secret.getSecretName())) {
            if (log.isDebugEnabled()) {
                log.debug("A secret with the name: " + secret.getSecretName() + " does not exists.");
            }
            throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DOES_NOT_EXISTS, secret.getSecretName());
        }
        if (StringUtils.isEmpty(secret.getTenantDomain())) {
            secret.setTenantDomain(getTenantDomain());
        }
    }

    private SecretDAO getSecretDAO() throws SecretManagementException {
        if (this.secretDAOS.isEmpty()) {
            throw SecretUtils.handleServerException(SecretConstants.ErrorMessages.ERROR_CODE_GET_DAO, "secretDAOs");
        }
        return this.secretDAOS.get(this.secretDAOS.size() - 1);
    }

    private void validateSecretManagerEnabled() throws SecretManagementServerException {
        if (!SecretManagerComponentDataHolder.getInstance().isSecretManagementEnabled()) {
            throw SecretUtils.handleServerException(SecretConstants.ErrorMessages.ERROR_CODE_SECRET_MANAGER_NOT_ENABLED, SecretConstants.DB_TABLE_NAME);
        }
    }

    private int getTenantId() {
        return PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
    }

    private String getTenantDomain() {
        return PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    }

    private boolean isSecretExist(String str) throws SecretManagementException {
        try {
            getSecret(str);
            return true;
        } catch (SecretManagementClientException e) {
            if (SecretConstants.ErrorMessages.ERROR_CODE_SECRET_DOES_NOT_EXISTS.getCode().equals(e.getErrorCode())) {
                return false;
            }
            throw e;
        }
    }

    private boolean isSecretExistsById(String str) throws SecretManagementException {
        if (!StringUtils.isBlank(str)) {
            return getSecretDAO().isExistingSecret(str, getTenantId());
        }
        if (log.isDebugEnabled()) {
            log.debug("A secret with the id: " + str + " does not exists.");
        }
        throw SecretUtils.handleClientException(SecretConstants.ErrorMessages.ERROR_CODE_INVALID_SECRET_ID, str);
    }

    private String generateSecretId(String str) throws SecretManagementException {
        String generateUniqueID;
        if (isSecretExist(str)) {
            generateUniqueID = getSecret(str).getSecretId();
        } else {
            generateUniqueID = SecretUtils.generateUniqueID();
            if (log.isDebugEnabled()) {
                log.debug("Secret id generated: " + generateUniqueID);
            }
        }
        return generateUniqueID;
    }

    private String getEncryptedSecret(String str, String str2) throws SecretManagementServerException {
        try {
            return encrypt(str);
        } catch (CryptoException e) {
            throw SecretUtils.handleServerException(SecretConstants.ErrorMessages.ERROR_CODE_GET_SECRET, str2, e);
        }
    }

    private String encrypt(String str) throws CryptoException {
        return CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(str.getBytes(Charsets.UTF_8));
    }
}
