package org.springframework.cloud.config.server;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.config.encrypt.EncryptorFactory;
import org.springframework.cloud.config.encrypt.KeyFormatException;
import org.springframework.cloud.config.environment.Environment;
import org.springframework.cloud.config.environment.PropertySource;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.security.rsa.crypto.RsaKeyHolder;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;

@RequestMapping({"${spring.cloud.config.server.prefix:}"})
@RestController
/* loaded from: input_file:org/springframework/cloud/config/server/EncryptionController.class */
public class EncryptionController {
    private static Log logger = LogFactory.getLog(EncryptionController.class);
    private TextEncryptor encryptor;

    @Autowired(required = false)
    public void setEncryptor(TextEncryptor textEncryptor) {
        this.encryptor = textEncryptor;
    }

    @RequestMapping(value = {"/key"}, method = {RequestMethod.GET})
    public String getPublicKey() {
        if (this.encryptor instanceof RsaKeyHolder) {
            return this.encryptor.getPublicKey();
        }
        throw new KeyNotAvailableException();
    }

    @RequestMapping(value = {"/key"}, method = {RequestMethod.POST}, params = {"password"})
    public ResponseEntity<Map<String, Object>> uploadKeyStore(@RequestParam("file") MultipartFile multipartFile, @RequestParam("password") String str, @RequestParam("alias") String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "OK");
        try {
            this.encryptor = new RsaSecretEncryptor(new KeyStoreKeyFactory(new ByteArrayResource(multipartFile.getBytes()), str.toCharArray()).getKeyPair(str2));
            hashMap.put("publicKey", this.encryptor.getPublicKey());
            return new ResponseEntity<>(hashMap, HttpStatus.CREATED);
        } catch (IOException e) {
            throw new KeyFormatException();
        }
    }

    @RequestMapping(value = {"/key"}, method = {RequestMethod.POST}, params = {"!password"})
    public ResponseEntity<Map<String, Object>> uploadKey(@RequestBody String str, @RequestHeader("Content-Type") MediaType mediaType) {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "OK");
        this.encryptor = new EncryptorFactory().create(stripFormData(str, mediaType, false));
        if (this.encryptor instanceof RsaKeyHolder) {
            hashMap.put("publicKey", this.encryptor.getPublicKey());
        }
        return new ResponseEntity<>(hashMap, HttpStatus.CREATED);
    }

    @ExceptionHandler({KeyFormatException.class})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> keyFormat() {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "BAD_REQUEST");
        hashMap.put("description", "Key data not in correct format (PEM or jks keystore)");
        return new ResponseEntity<>(hashMap, HttpStatus.BAD_REQUEST);
    }

    @ExceptionHandler({KeyNotAvailableException.class})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> keyUnavailable() {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "NOT_FOUND");
        hashMap.put("description", "No public key available");
        return new ResponseEntity<>(hashMap, HttpStatus.NOT_FOUND);
    }

    @RequestMapping(value = {"encrypt/status"}, method = {RequestMethod.GET})
    public Map<String, Object> status() {
        if (this.encryptor == null) {
            throw new KeyNotInstalledException();
        }
        return Collections.singletonMap("status", "OK");
    }

    @RequestMapping(value = {"encrypt"}, method = {RequestMethod.POST})
    public String encrypt(@RequestBody String str, @RequestHeader("Content-Type") MediaType mediaType) {
        if (this.encryptor == null) {
            throw new KeyNotInstalledException();
        }
        return this.encryptor.encrypt(stripFormData(str, mediaType, false));
    }

    @RequestMapping(value = {"decrypt"}, method = {RequestMethod.POST})
    public String decrypt(@RequestBody String str, @RequestHeader("Content-Type") MediaType mediaType) {
        if (this.encryptor == null) {
            throw new KeyNotInstalledException();
        }
        try {
            return this.encryptor.decrypt(stripFormData(str, mediaType, true));
        } catch (IllegalArgumentException e) {
            throw new InvalidCipherException();
        }
    }

    private String stripFormData(String str, MediaType mediaType, boolean z) {
        if (str.endsWith("=") && !mediaType.equals(MediaType.TEXT_PLAIN)) {
            try {
                str = URLDecoder.decode(str, "UTF-8");
                if (z) {
                    str = str.replace(" ", "+");
                }
            } catch (UnsupportedEncodingException e) {
            }
            String substring = str.substring(0, str.length() - 1);
            if (z) {
                if (str.endsWith("=") && str.length() / 2 != (str.length() + 1) / 2) {
                    try {
                        Hex.decode(substring);
                        return substring;
                    } catch (IllegalArgumentException e2) {
                        if (Base64.isBase64(str.getBytes())) {
                            return str;
                        }
                    }
                }
                return str;
            }
            str = substring;
        }
        return str;
    }

    @ExceptionHandler({KeyNotInstalledException.class})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> notInstalled() {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "NO_KEY");
        hashMap.put("description", "No key was installed for encryption service");
        return new ResponseEntity<>(hashMap, HttpStatus.NOT_FOUND);
    }

    @ExceptionHandler({InvalidCipherException.class})
    @ResponseBody
    public ResponseEntity<Map<String, Object>> invalidCipher() {
        HashMap hashMap = new HashMap();
        hashMap.put("status", "INVALID");
        hashMap.put("description", "Text not encrypted with this key");
        return new ResponseEntity<>(hashMap, HttpStatus.BAD_REQUEST);
    }

    public Environment decrypt(Environment environment) {
        String str;
        String decrypt;
        Environment environment2 = new Environment(environment.getName(), environment.getLabel());
        for (PropertySource propertySource : environment.getPropertySources()) {
            LinkedHashMap linkedHashMap = new LinkedHashMap(propertySource.getSource());
            Iterator it = new LinkedHashSet(linkedHashMap.entrySet()).iterator();
            while (it.hasNext()) {
                Map.Entry entry = (Map.Entry) it.next();
                Object key = entry.getKey();
                String obj = key.toString();
                String obj2 = entry.getValue().toString();
                if (obj2.startsWith("{cipher}")) {
                    linkedHashMap.remove(key);
                    if (this.encryptor == null) {
                        linkedHashMap.put(obj, obj2);
                    } else {
                        if (obj2 == null) {
                            decrypt = null;
                        } else {
                            try {
                                decrypt = this.encryptor.decrypt(obj2.substring("{cipher}".length()));
                            } catch (Exception e) {
                                str = "<n/a>";
                                obj = "invalid." + obj;
                                logger.warn("Cannot decrypt key: " + key + " (" + e.getClass() + ": " + e.getMessage() + ")");
                            }
                        }
                        str = decrypt;
                        linkedHashMap.put(obj, str);
                    }
                }
            }
            environment2.add(new PropertySource(propertySource.getName(), linkedHashMap));
        }
        return environment2;
    }
}
