package org.wso2.carbon.core.util;

import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import javax.crypto.Cipher;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.core.encryption.SymmetricEncryption;
import org.wso2.carbon.core.internal.CarbonCoreDataHolder;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.securevault.definition.CipherInformation;

/* loaded from: input_file:lib/org.wso2.carbon.core-4.4.33.jar:org/wso2/carbon/core/util/CryptoUtil.class */
public class CryptoUtil {
    private static final String CIPHER_TRANSFORMATION_SYSTEM_PROPERTY = "org.wso2.CipherTransformation";
    private String primaryKeyStoreAlias;
    private String internalKeyStoreAlias;
    private String primaryKeyStoreKeyPass;
    private String internalKeyStoreKeyPass;
    private ServerConfigurationService serverConfigService;
    private RegistryService registryService;
    private Gson gson = new Gson();
    private static Log log = LogFactory.getLog(CryptoUtil.class);
    private static CryptoUtil instance = null;
    private static final char[] HEX_CHARACTERS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    public static CryptoUtil getDefaultCryptoUtil() {
        return getDefaultCryptoUtil(CarbonCoreDataHolder.getInstance().getServerConfigurationService(), lookupRegistryService());
    }

    public static RegistryService lookupRegistryService() {
        try {
            return CarbonCoreDataHolder.getInstance().getRegistryService();
        } catch (Exception e) {
            log.error("Error in getting RegistryService from CarbonCoreDataHolder: " + e.getMessage(), e);
            return null;
        }
    }

    public static synchronized CryptoUtil getDefaultCryptoUtil(ServerConfigurationService serverConfigurationService, RegistryService registryService) {
        if (instance == null) {
            instance = new CryptoUtil(serverConfigurationService, registryService);
        }
        return instance;
    }

    private CryptoUtil(ServerConfigurationService serverConfigurationService, RegistryService registryService) {
        this.serverConfigService = serverConfigurationService;
        this.registryService = registryService;
        this.primaryKeyStoreAlias = this.serverConfigService.getFirstProperty("Security.KeyStore.KeyAlias");
        this.internalKeyStoreAlias = this.serverConfigService.getFirstProperty(RegistryResources.SecurityManagement.SERVER_INTERNAL_KEYSTORE_KEY_ALIAS);
        this.primaryKeyStoreKeyPass = this.serverConfigService.getFirstProperty("Security.KeyStore.KeyPassword");
        this.internalKeyStoreKeyPass = this.serverConfigService.getFirstProperty(RegistryResources.SecurityManagement.SERVER_INTERNAL_PRIVATE_KEY_PASSWORD);
    }

    public ServerConfigurationService getServerConfigService() {
        return this.serverConfigService;
    }

    public RegistryService getRegistryService() {
        return this.registryService;
    }

    public byte[] encrypt(byte[] bArr, String str, boolean z) throws CryptoException {
        Cipher cipher;
        byte[] doFinal;
        SymmetricEncryption symmetricEncryption = SymmetricEncryption.getInstance();
        try {
            if (Boolean.valueOf(symmetricEncryption.getSymmetricKeyEncryptEnabled()).booleanValue()) {
                doFinal = symmetricEncryption.encryptWithSymmetricKey(bArr);
            } else {
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234, getServerConfigService(), getRegistryService());
                Certificate[] certificateChain = keyStoreManager.getInternalKeyStore() != null ? keyStoreManager.getInternalKeyStore().getCertificateChain(this.internalKeyStoreAlias) : keyStoreManager.getPrimaryKeyStore().getCertificateChain(this.primaryKeyStoreAlias);
                boolean z2 = false;
                if (str != null) {
                    if (log.isDebugEnabled()) {
                        log.debug("Cipher transformation for encryption : " + str);
                    }
                    cipher = Cipher.getInstance(str, "BC");
                    z2 = true;
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Default Cipher transformation for encryption : RSA");
                    }
                    cipher = Cipher.getInstance(CipherInformation.DEFAULT_ALGORITHM, "BC");
                }
                cipher.init(1, certificateChain[0].getPublicKey());
                if (z2 && bArr.length == 0) {
                    doFinal = "".getBytes();
                    if (log.isDebugEnabled()) {
                        log.debug("Empty value for plainTextBytes null will persist to DB");
                    }
                } else {
                    doFinal = cipher.doFinal(bArr);
                }
                if (z2 && z) {
                    doFinal = createSelfContainedCiphertext(doFinal, str, certificateChain[0]);
                }
            }
            return doFinal;
        } catch (Exception e) {
            throw new CryptoException("Error during encryption", e);
        }
    }

    public byte[] encrypt(byte[] bArr) throws CryptoException {
        return encrypt(bArr, System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY), true);
    }

    public String encryptAndBase64Encode(byte[] bArr, String str, boolean z) throws CryptoException {
        return Base64.encode(encrypt(bArr, str, z));
    }

    public String encryptAndBase64Encode(byte[] bArr) throws CryptoException {
        return Base64.encode(encrypt(bArr));
    }

    public byte[] decrypt(byte[] bArr) throws CryptoException {
        Cipher cipher;
        byte[] doFinal;
        SymmetricEncryption symmetricEncryption = SymmetricEncryption.getInstance();
        try {
            if (Boolean.valueOf(symmetricEncryption.getSymmetricKeyEncryptEnabled()).booleanValue()) {
                doFinal = symmetricEncryption.decryptWithSymmetricKey(bArr);
            } else {
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234, getServerConfigService(), getRegistryService());
                PrivateKey privateKey = keyStoreManager.getInternalKeyStore() != null ? (PrivateKey) keyStoreManager.getInternalKeyStore().getKey(this.internalKeyStoreAlias, this.internalKeyStoreKeyPass.toCharArray()) : (PrivateKey) keyStoreManager.getPrimaryKeyStore().getKey(this.primaryKeyStoreAlias, this.primaryKeyStoreKeyPass.toCharArray());
                String property = System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY);
                boolean z = false;
                if (property != null) {
                    CipherHolder cipherTextToCipherHolder = cipherTextToCipherHolder(bArr);
                    if (cipherTextToCipherHolder != null) {
                        if (log.isDebugEnabled()) {
                            log.debug("Cipher transformation for decryption : " + cipherTextToCipherHolder.getTransformation());
                        }
                        cipher = Cipher.getInstance(cipherTextToCipherHolder.getTransformation(), "BC");
                        bArr = cipherTextToCipherHolder.getCipherBase64Decoded();
                        z = true;
                    } else {
                        cipher = Cipher.getInstance(property, "BC");
                        z = true;
                    }
                } else {
                    cipher = Cipher.getInstance(CipherInformation.DEFAULT_ALGORITHM, "BC");
                }
                cipher.init(2, privateKey);
                if (z && bArr.length == 0) {
                    doFinal = "".getBytes();
                    if (log.isDebugEnabled()) {
                        log.debug("Empty value for plainTextBytes null will persist to DB");
                    }
                } else {
                    doFinal = cipher.doFinal(bArr);
                }
            }
            return doFinal;
        } catch (Exception e) {
            throw new CryptoException("errorDuringDecryption", e);
        }
    }

    public byte[] decrypt(byte[] bArr, String str) throws CryptoException {
        byte[] doFinal;
        SymmetricEncryption symmetricEncryption = SymmetricEncryption.getInstance();
        try {
            if (Boolean.valueOf(symmetricEncryption.getSymmetricKeyEncryptEnabled()).booleanValue()) {
                doFinal = symmetricEncryption.decryptWithSymmetricKey(bArr);
            } else {
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234, getServerConfigService(), getRegistryService());
                PrivateKey privateKey = keyStoreManager.getInternalKeyStore() != null ? (PrivateKey) keyStoreManager.getInternalKeyStore().getKey(this.internalKeyStoreAlias, this.internalKeyStoreKeyPass.toCharArray()) : (PrivateKey) keyStoreManager.getPrimaryKeyStore().getKey(this.primaryKeyStoreAlias, this.primaryKeyStoreKeyPass.toCharArray());
                Cipher cipher = str != null ? Cipher.getInstance(str, "BC") : Cipher.getInstance(CipherInformation.DEFAULT_ALGORITHM, "BC");
                cipher.init(2, privateKey);
                if (bArr.length == 0) {
                    doFinal = "".getBytes();
                    if (log.isDebugEnabled()) {
                        log.debug("Empty value for plainTextBytes null will persist to DB");
                    }
                } else {
                    doFinal = cipher.doFinal(bArr);
                }
            }
            return doFinal;
        } catch (Exception e) {
            throw new CryptoException("errorDuringDecryption", e);
        }
    }

    public byte[] base64DecodeAndDecrypt(String str) throws CryptoException {
        return decrypt(Base64.decode(str));
    }

    public byte[] base64DecodeAndDecrypt(String str, String str2) throws CryptoException {
        return decrypt(Base64.decode(str), str2);
    }

    public boolean isSelfContainedCipherText(byte[] bArr) {
        return cipherTextToCipherHolder(bArr) != null;
    }

    public boolean base64DecodeAndIsSelfContainedCipherText(String str) throws CryptoException {
        return isSelfContainedCipherText(Base64.decode(str));
    }

    public byte[] extractOriginalCipher(byte[] bArr) {
        CipherHolder cipherTextToCipherHolder = cipherTextToCipherHolder(bArr);
        return cipherTextToCipherHolder != null ? cipherTextToCipherHolder.getCipherBase64Decoded() : bArr;
    }

    public byte[] createSelfContainedCiphertext(byte[] bArr, String str, Certificate certificate) throws CertificateEncodingException, NoSuchAlgorithmException {
        CipherHolder cipherHolder = new CipherHolder();
        cipherHolder.setCipherText(Base64.encode(bArr));
        cipherHolder.setTransformation(str);
        cipherHolder.setThumbPrint(calculateThumbprint(certificate, MessageDigestAlgorithms.SHA_1), MessageDigestAlgorithms.SHA_1);
        String json = this.gson.toJson(cipherHolder);
        if (log.isDebugEnabled()) {
            log.debug("Cipher with meta data : " + json);
        }
        return json.getBytes(Charset.defaultCharset());
    }

    public CipherHolder cipherTextToCipherHolder(byte[] bArr) {
        try {
            return (CipherHolder) this.gson.fromJson(new String(bArr, Charset.defaultCharset()), CipherHolder.class);
        } catch (JsonSyntaxException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Deserialization failed since cipher string is not representing cipher with metadata");
            return null;
        }
    }

    private String calculateThumbprint(Certificate certificate, String str) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(certificate.getEncoded());
        byte[] digest = messageDigest.digest();
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < digest.length; i++) {
            stringBuffer.append(HEX_CHARACTERS[(digest[i] & 240) >> 4]).append(HEX_CHARACTERS[digest[i] & 15]);
        }
        return stringBuffer.toString();
    }
}
