package org.wso2.carbon.is.migration.util;

import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.util.CipherHolder;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.is.migration.internal.ISMigrationServiceDataHolder;

/* loaded from: input_file:org/wso2/carbon/is/migration/util/SecondaryUserstoreCryptoUtil.class */
public class SecondaryUserstoreCryptoUtil {
    private static final String CIPHER_TRANSFORMATION_SYSTEM_PROPERTY = "org.wso2.CipherTransformation";
    private static Log log = LogFactory.getLog(SecondaryUserstoreCryptoUtil.class);
    private static SecondaryUserstoreCryptoUtil instance = new SecondaryUserstoreCryptoUtil();
    private String primaryKeyStoreAlias;
    private String primaryKeyStoreKeyPass;
    private Gson gson = new Gson();

    private SecondaryUserstoreCryptoUtil() {
        ServerConfigurationService serverConfigurationService = ISMigrationServiceDataHolder.getServerConfigurationService();
        this.primaryKeyStoreAlias = serverConfigurationService.getFirstProperty("Security.KeyStore.KeyAlias");
        this.primaryKeyStoreKeyPass = serverConfigurationService.getFirstProperty("Security.KeyStore.KeyPassword");
    }

    public static SecondaryUserstoreCryptoUtil getInstance() {
        return instance;
    }

    public byte[] encrypt(byte[] bArr, String str, boolean z) throws CryptoException {
        Cipher cipher;
        byte[] doFinal;
        try {
            Certificate[] certificateChain = KeyStoreManager.getInstance(Constant.SUPER_TENANT_ID, ISMigrationServiceDataHolder.getServerConfigurationService(), ISMigrationServiceDataHolder.getRegistryService()).getPrimaryKeyStore().getCertificateChain(this.primaryKeyStoreAlias);
            boolean z2 = false;
            if (str != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Cipher transformation for encryption : " + str);
                }
                cipher = Cipher.getInstance(str, "BC");
                z2 = true;
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Default Cipher transformation for encryption : RSA");
                }
                cipher = Cipher.getInstance("RSA", "BC");
            }
            cipher.init(1, certificateChain[0].getPublicKey());
            if (z2 && bArr.length == 0) {
                doFinal = "".getBytes();
                if (log.isDebugEnabled()) {
                    log.debug("Empty value for plainTextBytes null will persist to DB");
                }
            } else {
                doFinal = cipher.doFinal(bArr);
            }
            if (z2 && z) {
                doFinal = CryptoUtil.getDefaultCryptoUtil().createSelfContainedCiphertext(doFinal, str, certificateChain[0]);
            }
            return doFinal;
        } catch (Exception e) {
            throw new CryptoException("Error during encryption", e);
        }
    }

    public byte[] encrypt(byte[] bArr) throws CryptoException {
        return encrypt(bArr, System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY), true);
    }

    public String encryptAndBase64Encode(byte[] bArr) throws CryptoException {
        return Base64.encode(encrypt(bArr));
    }

    public byte[] decrypt(byte[] bArr, String str) throws CryptoException {
        byte[] doFinal;
        try {
            PrivateKey privateKey = (PrivateKey) KeyStoreManager.getInstance(Constant.SUPER_TENANT_ID, ISMigrationServiceDataHolder.getServerConfigurationService(), ISMigrationServiceDataHolder.getRegistryService()).getPrimaryKeyStore().getKey(this.primaryKeyStoreAlias, this.primaryKeyStoreKeyPass.toCharArray());
            Cipher cipher = str != null ? Cipher.getInstance(str, "BC") : Cipher.getInstance("RSA", "BC");
            cipher.init(2, privateKey);
            if (bArr.length == 0) {
                doFinal = "".getBytes();
                if (log.isDebugEnabled()) {
                    log.debug("Empty value for plainTextBytes null will persist to DB");
                }
            } else {
                doFinal = cipher.doFinal(bArr);
            }
            return doFinal;
        } catch (Exception e) {
            throw new CryptoException("errorDuringDecryption", e);
        }
    }

    public byte[] base64DecodeAndDecrypt(String str, String str2) throws CryptoException {
        return decrypt(Base64.decode(str), str2);
    }

    public boolean isSelfContainedCipherText(byte[] bArr) {
        return cipherTextToCipherHolder(bArr) != null;
    }

    public boolean base64DecodeAndIsSelfContainedCipherText(String str) throws CryptoException {
        return isSelfContainedCipherText(Base64.decode(str));
    }

    public CipherHolder cipherTextToCipherHolder(byte[] bArr) {
        try {
            return (CipherHolder) this.gson.fromJson(new String(bArr, Charset.defaultCharset()), CipherHolder.class);
        } catch (JsonSyntaxException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Deserialization failed since cipher string is not representing cipher with metadata");
            return null;
        }
    }
}
