package org.wso2.carbon.mediation.security.vault;

import java.util.Calendar;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.MessageContext;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.session.UserRegistry;

/* loaded from: input_file:org/wso2/carbon/mediation/security/vault/SecureVaultLookupHandlerImpl.class */
public class SecureVaultLookupHandlerImpl implements SecureVaultLookupHandler {
    private static Log log = LogFactory.getLog(SecureVaultLookupHandlerImpl.class);
    private static SecureVaultLookupHandlerImpl instance = null;
    private ServerConfigurationService serverConfigService;
    private RegistryService registryService;
    UserRegistry registry = null;
    Object decryptlockObj = new Object();

    private SecureVaultLookupHandlerImpl(ServerConfigurationService serverConfigurationService, RegistryService registryService) throws RegistryException {
        this.serverConfigService = serverConfigurationService;
        this.registryService = registryService;
        try {
            init();
        } catch (RegistryException e) {
            throw new RegistryException("Error while intializing the registry");
        }
    }

    public static SecureVaultLookupHandlerImpl getDefaultSecurityService() throws RegistryException {
        return getDefaultSecurityService(SecurityServiceHolder.getInstance().getServerConfigurationService(), SecurityServiceHolder.getInstance().getRegistryService());
    }

    private static SecureVaultLookupHandlerImpl getDefaultSecurityService(ServerConfigurationService serverConfigurationService, RegistryService registryService) throws RegistryException {
        if (instance == null) {
            instance = new SecureVaultLookupHandlerImpl(serverConfigurationService, registryService);
        }
        return instance;
    }

    private void init() throws RegistryException {
        try {
            this.registry = this.registryService.getConfigSystemRegistry();
            initRegistryRepo();
        } catch (RegistryException e) {
            throw new RegistryException("Error while intializing the registry");
        }
    }

    private void initRegistryRepo() throws RegistryException {
        if (isRepoExists()) {
            return;
        }
        this.registry.put(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY, this.registry.newCollection());
    }

    protected boolean isRepoExists() {
        try {
            this.registry.get(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY);
            return true;
        } catch (RegistryException e) {
            return false;
        }
    }

    public String getProviderClass() {
        return getClass().getName();
    }

    @Override // org.wso2.carbon.mediation.security.vault.SecureVaultLookupHandler
    public String evaluate(String str, MessageContext messageContext) throws RegistryException {
        Map<String, Object> decryptedCacheMap = messageContext.getConfiguration().getDecryptedCacheMap();
        if (!decryptedCacheMap.containsKey(str)) {
            return vaultLookup(str, messageContext, decryptedCacheMap);
        }
        SecureVaultCacheContext secureVaultCacheContext = (SecureVaultCacheContext) decryptedCacheMap.get(str);
        String property = messageContext.getConfiguration().getRegistry().getConfigurationProperties().getProperty("cachableDuration");
        if (secureVaultCacheContext.getDateTime().getTime() + ((property == null || property.isEmpty()) ? 10000L : Long.parseLong(property)) >= System.currentTimeMillis()) {
            return secureVaultCacheContext.getDecryptedValue();
        }
        decryptedCacheMap.remove(str);
        return vaultLookup(str, messageContext, decryptedCacheMap);
    }

    private String vaultLookup(String str, MessageContext messageContext, Map<String, Object> map) {
        SecureVaultCacheContext secureVaultCacheContext;
        synchronized (this.decryptlockObj) {
            String secret = new SecretCipherHander(messageContext).getSecret(str);
            if (map == null) {
                return null;
            }
            if (secret.isEmpty() && (secureVaultCacheContext = (SecureVaultCacheContext) map.get(str)) != null) {
                return secureVaultCacheContext.getDecryptedValue();
            }
            map.put(str, new SecureVaultCacheContext(Calendar.getInstance().getTime(), secret));
            return secret;
        }
    }
}
