package org.wso2.carbon.apimgt.core.impl;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.core.configuration.models.FileEncryptionConfigurations;
import org.wso2.carbon.apimgt.core.exception.APIManagementException;
import org.wso2.carbon.apimgt.core.exception.APIMgtDAOException;
import org.wso2.carbon.apimgt.core.internal.ServiceReferenceHolder;
import org.wso2.carbon.apimgt.core.util.APIFileUtils;
import org.wso2.carbon.apimgt.core.util.APIMgtConstants;
import org.wso2.carbon.secvault.SecureVault;
import org.wso2.carbon.secvault.SecureVaultUtils;
import org.wso2.carbon.secvault.exception.SecureVaultException;

/* loaded from: input_file:org/wso2/carbon/apimgt/core/impl/FileEncryptionUtility.class */
public class FileEncryptionUtility {
    private static final int AES_Key_Size = 128;
    public static final String CARBON_HOME = "carbon.home";
    private FileEncryptionConfigurations config;
    private String aesKeyFileLocation;
    private SecureVault secureVault;
    private static final Logger log = LoggerFactory.getLogger(FileEncryptionUtility.class);
    private static final FileEncryptionUtility instance = new FileEncryptionUtility();
    public static final String SECURITY_DIR = File.separator + "resources" + File.separator + "security";

    public static FileEncryptionUtility getInstance() {
        return instance;
    }

    public void init() throws APIManagementException {
        setConfig(ServiceReferenceHolder.getInstance().getAPIMConfiguration().getFileEncryptionConfigurations());
        setAesKeyFileLocation();
        setSecureVault(ServiceReferenceHolder.getInstance().getSecureVault());
        if (this.secureVault == null) {
            throw new APIManagementException("Secure vault OSGi service cannot be accessed");
        }
        createAndStoreAESKey();
    }

    public void encryptFile(String str, String str2) throws APIManagementException {
        InputStream inputStream = null;
        CipherOutputStream cipherOutputStream = null;
        try {
            try {
                Cipher cipher = Cipher.getInstance(APIMgtConstants.EncryptionConstants.AES);
                cipher.init(1, new SecretKeySpec(getAESKey(), APIMgtConstants.EncryptionConstants.AES));
                Files.deleteIfExists(Paths.get(str2, new String[0]));
                inputStream = APIFileUtils.readFileContentAsStream(str);
                cipherOutputStream = new CipherOutputStream(new FileOutputStream(str2), cipher);
                IOUtils.copy(inputStream, cipherOutputStream);
                APIFileUtils.deleteFile(str);
                log.debug("Successfully encrypted file using stored AES key");
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(cipherOutputStream);
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new APIManagementException("Error while encrypting the file at " + str, e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            IOUtils.closeQuietly(cipherOutputStream);
            throw th;
        }
    }

    public String readFromEncryptedFile(String str) throws APIManagementException {
        try {
            try {
                if (!Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
                    throw new APIManagementException("File to decrypt does not exist");
                }
                Cipher cipher = Cipher.getInstance(APIMgtConstants.EncryptionConstants.AES);
                cipher.init(2, new SecretKeySpec(getAESKey(), APIMgtConstants.EncryptionConstants.AES));
                CipherInputStream cipherInputStream = new CipherInputStream(APIFileUtils.readFileContentAsStream(str), cipher);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                IOUtils.copy(cipherInputStream, byteArrayOutputStream);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                log.debug("Successfully decrypted file using stored AES key");
                String str2 = new String(SecureVaultUtils.toChars(byteArray));
                IOUtils.closeQuietly(cipherInputStream);
                IOUtils.closeQuietly(byteArrayOutputStream);
                return str2;
            } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new APIManagementException("Error while decrypting file " + str, e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) null);
            IOUtils.closeQuietly((OutputStream) null);
            throw th;
        }
    }

    public void encryptFiles() throws APIManagementException {
        List<String> filesToEncrypt = getConfig().getFilesToEncrypt();
        String str = System.getProperty(CARBON_HOME) + SECURITY_DIR + File.separator;
        for (String str2 : filesToEncrypt) {
            encryptFile(str + str2, str + "encrypted" + str2);
        }
    }

    void createAndStoreAESKey() throws APIManagementException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(APIMgtConstants.EncryptionConstants.AES);
            keyGenerator.init(AES_Key_Size);
            String str = new String(SecureVaultUtils.toChars(SecureVaultUtils.base64Encode(getSecureVault().encrypt(keyGenerator.generateKey().getEncoded()))));
            Files.deleteIfExists(Paths.get(getAesKeyFileLocation(), new String[0]));
            APIFileUtils.createFile(getAesKeyFileLocation());
            APIFileUtils.writeToFile(getAesKeyFileLocation(), str);
            log.debug("AES key successfully created and stored");
        } catch (NoSuchAlgorithmException | SecureVaultException | IOException | APIMgtDAOException e) {
            throw new APIManagementException("Error while creating or storing created AES key", e);
        }
    }

    private byte[] getAESKey() throws APIManagementException {
        try {
            return getSecureVault().decrypt(SecureVaultUtils.base64Decode(SecureVaultUtils.toBytes(APIFileUtils.readFileContentAsText(getAesKeyFileLocation()))));
        } catch (SecureVaultException e) {
            throw new APIManagementException("Error while decrypting AES key", (Throwable) e);
        } catch (APIMgtDAOException e2) {
            throw new APIManagementException("Error while retrieving stored AES key", e2);
        }
    }

    public FileEncryptionConfigurations getConfig() {
        return this.config;
    }

    public void setConfig(FileEncryptionConfigurations fileEncryptionConfigurations) {
        this.config = fileEncryptionConfigurations;
    }

    String getAesKeyFileLocation() {
        return this.aesKeyFileLocation;
    }

    void setAesKeyFileLocation() {
        this.aesKeyFileLocation = System.getProperty(CARBON_HOME) + SECURITY_DIR + File.separator + APIMgtConstants.EncryptionConstants.ENCRYPTED_AES_KEY_FILE;
    }

    SecureVault getSecureVault() {
        return this.secureVault;
    }

    void setSecureVault(SecureVault secureVault) {
        this.secureVault = secureVault;
    }
}
