package org.openmetadata.service.fernet;

import com.google.common.annotations.VisibleForTesting;
import com.macasaet.fernet.Key;
import com.macasaet.fernet.StringValidator;
import com.macasaet.fernet.Token;
import com.macasaet.fernet.Validator;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import lombok.NonNull;
import org.openmetadata.csv.CsvUtil;
import org.openmetadata.schema.api.fernet.FernetConfiguration;
import org.openmetadata.service.OpenMetadataApplicationConfig;
import org.openmetadata.service.exception.CatalogExceptionMessage;
import org.openmetadata.service.security.auth.BotTokenCache;

/* loaded from: input_file:org/openmetadata/service/fernet/Fernet.class */
public class Fernet {
    private static Fernet instance;
    private String fernetKey;
    public static final String FERNET_PREFIX = "fernet:";
    public static final String FERNET_NO_ENCRYPTION = "no_encryption_at_rest";
    private final Validator<String> validator = new StringValidator() { // from class: org.openmetadata.service.fernet.Fernet.1
        public TemporalAmount getTimeToLive() {
            return Duration.ofSeconds(Instant.MAX.getEpochSecond());
        }
    };

    private Fernet() {
    }

    public static Fernet getInstance() {
        if (instance == null) {
            instance = new Fernet();
        }
        return instance;
    }

    public void setFernetKey(OpenMetadataApplicationConfig openMetadataApplicationConfig) {
        FernetConfiguration fernetConfiguration = openMetadataApplicationConfig.getFernetConfiguration();
        if (fernetConfiguration == null || FERNET_NO_ENCRYPTION.equals(fernetConfiguration.getFernetKey())) {
            return;
        }
        setFernetKey(fernetConfiguration.getFernetKey());
    }

    @VisibleForTesting
    public void setFernetKey(String str) {
        if (str != null) {
            this.fernetKey = str.replace("/", "_").replace("+", "-").replace("=", BotTokenCache.EMPTY_STRING);
        } else {
            this.fernetKey = null;
        }
    }

    public boolean isKeyDefined() {
        return this.fernetKey != null;
    }

    public String encrypt(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("secret is marked non-null but is null");
        }
        if (str.startsWith(FERNET_PREFIX)) {
            throw new IllegalArgumentException(CatalogExceptionMessage.FIELD_ALREADY_TOKENIZED);
        }
        if (isKeyDefined()) {
            return "fernet:" + Token.generate(new Key(this.fernetKey.split(CsvUtil.SEPARATOR)[0]), str).serialise();
        }
        throw new IllegalArgumentException(CatalogExceptionMessage.FERNET_KEY_NULL);
    }

    public static boolean isTokenized(String str) {
        return str != null && str.startsWith(FERNET_PREFIX);
    }

    public String decrypt(String str) {
        if (!isKeyDefined()) {
            throw new IllegalArgumentException(CatalogExceptionMessage.FERNET_KEY_NULL);
        }
        if (str == null || !str.startsWith(FERNET_PREFIX)) {
            throw new IllegalArgumentException(CatalogExceptionMessage.FIELD_NOT_TOKENIZED);
        }
        return (String) Token.fromString(str.split(FERNET_PREFIX, 2)[1]).validateAndDecrypt((List) Arrays.stream(this.fernetKey.split(CsvUtil.SEPARATOR)).map(Key::new).collect(Collectors.toList()), this.validator);
    }

    public String decryptIfApplies(String str) {
        return isTokenized(str) ? decrypt(str) : str;
    }

    public String encryptIfApplies(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("secret is marked non-null but is null");
        }
        return isTokenized(str) ? str : encrypt(str);
    }
}
