package it.geosolutions.geostore.core.security.password;

import it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder;
import java.io.IOException;
import java.util.Arrays;
import java.util.Base64;
import org.acegisecurity.providers.encoding.PasswordEncoder;
import org.jasypt.acegisecurity.PBEPasswordEncoder;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;

/* loaded from: input_file:WEB-INF/lib/geostore-security-2.2.0.jar:it/geosolutions/geostore/core/security/password/GeoStorePBEPasswordEncoder.class */
public class GeoStorePBEPasswordEncoder extends AbstractGeoStorePasswordEncoder {
    StandardPBEStringEncryptor stringEncrypter;
    StandardPBEByteEncryptor byteEncrypter;
    private String providerName;
    private String algorithm;
    private String keyAliasInKeyStore = KeyStoreProviderImpl.CONFIGPASSWORDKEY;
    private KeyStoreProvider keystoreProvider;

    public KeyStoreProvider getKeystoreProvider() {
        return this.keystoreProvider;
    }

    public void setKeystoreProvider(KeyStoreProvider keyStoreProvider) {
        this.keystoreProvider = keyStoreProvider;
    }

    public void setKeyAliasInKeyStore(String str) {
        this.keyAliasInKeyStore = str;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public void setProviderName(String str) {
        this.providerName = str;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public String getKeyAliasInKeyStore() {
        return this.keyAliasInKeyStore;
    }

    @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder
    protected PasswordEncoder createStringEncoder() {
        byte[] lookupPasswordFromKeyStore = lookupPasswordFromKeyStore();
        char[] chars = SecurityUtils.toChars(lookupPasswordFromKeyStore);
        try {
            this.stringEncrypter = new StandardPBEStringEncryptor();
            this.stringEncrypter.setPasswordCharArray(chars);
            if (getProviderName() != null && !getProviderName().isEmpty()) {
                this.stringEncrypter.setProviderName(getProviderName());
            }
            this.stringEncrypter.setAlgorithm(getAlgorithm());
            PBEPasswordEncoder pBEPasswordEncoder = new PBEPasswordEncoder();
            pBEPasswordEncoder.setPbeStringEncryptor(this.stringEncrypter);
            SecurityUtils.scramble(lookupPasswordFromKeyStore);
            SecurityUtils.scramble(chars);
            return pBEPasswordEncoder;
        } catch (Throwable th) {
            SecurityUtils.scramble(lookupPasswordFromKeyStore);
            SecurityUtils.scramble(chars);
            throw th;
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder
    protected AbstractGeoStorePasswordEncoder.CharArrayPasswordEncoder createCharEncoder() {
        char[] chars = SecurityUtils.toChars(lookupPasswordFromKeyStore());
        this.byteEncrypter = new StandardPBEByteEncryptor();
        this.byteEncrypter.setPasswordCharArray(chars);
        if (getProviderName() != null && !getProviderName().isEmpty()) {
            this.byteEncrypter.setProviderName(getProviderName());
        }
        this.byteEncrypter.setAlgorithm(getAlgorithm());
        return new AbstractGeoStorePasswordEncoder.CharArrayPasswordEncoder() { // from class: it.geosolutions.geostore.core.security.password.GeoStorePBEPasswordEncoder.1
            @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder.CharArrayPasswordEncoder
            public boolean isPasswordValid(String str, char[] cArr, Object obj) {
                byte[] decrypt = GeoStorePBEPasswordEncoder.this.byteEncrypter.decrypt(Base64.getDecoder().decode(str.getBytes()));
                char[] chars2 = SecurityUtils.toChars(decrypt);
                try {
                    boolean equals = Arrays.equals(chars2, cArr);
                    SecurityUtils.scramble(decrypt);
                    SecurityUtils.scramble(chars2);
                    return equals;
                } catch (Throwable th) {
                    SecurityUtils.scramble(decrypt);
                    SecurityUtils.scramble(chars2);
                    throw th;
                }
            }

            @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder.CharArrayPasswordEncoder
            public String encodePassword(char[] cArr, Object obj) {
                byte[] bytes = SecurityUtils.toBytes(cArr);
                try {
                    String str = new String(Base64.getEncoder().encode(GeoStorePBEPasswordEncoder.this.byteEncrypter.encrypt(bytes)));
                    SecurityUtils.scramble(bytes);
                    return str;
                } catch (Throwable th) {
                    SecurityUtils.scramble(bytes);
                    throw th;
                }
            }
        };
    }

    byte[] lookupPasswordFromKeyStore() {
        try {
            if (this.keystoreProvider.containsAlias(getKeyAliasInKeyStore())) {
                return this.keystoreProvider.getSecretKey(getKeyAliasInKeyStore()).getEncoded();
            }
            throw new RuntimeException("Keystore: " + this.keystoreProvider.getFile() + " does not contain alias: " + getKeyAliasInKeyStore());
        } catch (IOException e) {
            throw new RuntimeException("Cannot find alias: " + getKeyAliasInKeyStore() + " in " + this.keystoreProvider.getFile().getAbsolutePath());
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder, it.geosolutions.geostore.core.security.password.GeoStorePasswordEncoder
    public PasswordEncodingType getEncodingType() {
        return PasswordEncodingType.ENCRYPT;
    }

    @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder, it.geosolutions.geostore.core.security.password.GeoStorePasswordEncoder
    public String decode(String str) throws UnsupportedOperationException {
        if (this.stringEncrypter == null) {
            getStringEncoder();
        }
        return this.stringEncrypter.decrypt(removePrefix(str));
    }

    @Override // it.geosolutions.geostore.core.security.password.AbstractGeoStorePasswordEncoder, it.geosolutions.geostore.core.security.password.GeoStorePasswordEncoder
    public char[] decodeToCharArray(String str) throws UnsupportedOperationException {
        if (this.byteEncrypter == null) {
            getCharEncoder();
        }
        byte[] decrypt = this.byteEncrypter.decrypt(Base64.getDecoder().decode(removePrefix(str).getBytes()));
        try {
            char[] chars = SecurityUtils.toChars(decrypt);
            SecurityUtils.scramble(decrypt);
            return chars;
        } catch (Throwable th) {
            SecurityUtils.scramble(decrypt);
            throw th;
        }
    }
}
