package org.apereo.cas.configuration.support;

import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.Environment;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-configuration-5.2.9.jar:org/apereo/cas/configuration/support/CasConfigurationJasyptDecryptor.class */
public class CasConfigurationJasyptDecryptor {
    public static final String ENCRYPTED_VALUE_PREFIX = "{cipher}";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) CasConfigurationJasyptDecryptor.class);
    private final StandardPBEStringEncryptor jasyptInstance = new StandardPBEStringEncryptor();

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-configuration-5.2.9.jar:org/apereo/cas/configuration/support/CasConfigurationJasyptDecryptor$JasyptEncryptionParameters.class */
    public enum JasyptEncryptionParameters {
        ALGORITHM("cas.standalone.config.security.alg", "PBEWithMD5AndTripleDES"),
        PROVIDER("cas.standalone.config.security.provider", null),
        ITERATIONS("cas.standalone.config.security.iteration", null),
        PASSWORD("cas.standalone.config.security.psw", null);

        private final String name;
        private final String defaultValue;

        JasyptEncryptionParameters(String str, String str2) {
            this.name = str;
            this.defaultValue = str2;
        }

        public String getName() {
            return this.name;
        }

        public String getDefaultValue() {
            return this.defaultValue;
        }
    }

    public CasConfigurationJasyptDecryptor(Environment environment) {
        String jasyptParamFromEnv = getJasyptParamFromEnv(environment, JasyptEncryptionParameters.ALGORITHM);
        if (StringUtils.isNotBlank(jasyptParamFromEnv)) {
            LOGGER.debug("Configured jasyptInstance algorithm [{}]", jasyptParamFromEnv);
            this.jasyptInstance.setAlgorithm(jasyptParamFromEnv);
        }
        String jasyptParamFromEnv2 = getJasyptParamFromEnv(environment, JasyptEncryptionParameters.PASSWORD);
        if (StringUtils.isNotBlank(jasyptParamFromEnv2)) {
            LOGGER.debug("Configured jasyptInstance password");
            this.jasyptInstance.setPassword(jasyptParamFromEnv2);
        }
        String jasyptParamFromEnv3 = getJasyptParamFromEnv(environment, JasyptEncryptionParameters.PROVIDER);
        if (StringUtils.isNotBlank(jasyptParamFromEnv3)) {
            LOGGER.debug("Configured jasyptInstance provider");
            if (StringUtils.equals(jasyptParamFromEnv3, BouncyCastleProvider.PROVIDER_NAME)) {
                Security.addProvider(new BouncyCastleProvider());
            }
            this.jasyptInstance.setProviderName(jasyptParamFromEnv3);
        }
        String jasyptParamFromEnv4 = getJasyptParamFromEnv(environment, JasyptEncryptionParameters.ITERATIONS);
        if (StringUtils.isNotBlank(jasyptParamFromEnv4) && NumberUtils.isCreatable(jasyptParamFromEnv4)) {
            LOGGER.debug("Configured jasyptInstance iterations");
            this.jasyptInstance.setKeyObtentionIterations(Integer.parseInt(jasyptParamFromEnv4));
        }
    }

    private static String getJasyptParamFromEnv(Environment environment, JasyptEncryptionParameters jasyptEncryptionParameters) {
        return environment.getProperty(jasyptEncryptionParameters.getName(), jasyptEncryptionParameters.getDefaultValue());
    }

    public String encryptValue(String str) {
        try {
            initializeJasyptInstanceIfNecessary();
            return this.jasyptInstance.encrypt(str);
        } catch (Exception e) {
            LOGGER.error("Could not encrypt value [{}]", (Throwable) e);
            return null;
        }
    }

    public String decryptValue(String str) {
        try {
            initializeJasyptInstanceIfNecessary();
            return this.jasyptInstance.decrypt(str);
        } catch (Exception e) {
            LOGGER.error("Could not decrypt value [{}]", (Throwable) e);
            return null;
        }
    }

    public Pair<String, Object> decryptPair(Pair<String, Object> pair) {
        try {
            String stringPropertyValue = getStringPropertyValue(pair.getValue());
            if (StringUtils.isNotBlank(stringPropertyValue) && stringPropertyValue.startsWith(ENCRYPTED_VALUE_PREFIX)) {
                initializeJasyptInstanceIfNecessary();
                try {
                    String substring = stringPropertyValue.substring(ENCRYPTED_VALUE_PREFIX.length());
                    LOGGER.debug("Decrypting property [{}]...", pair.getKey());
                    String decryptValue = decryptValue(substring);
                    if (StringUtils.isNotBlank(decryptValue)) {
                        LOGGER.debug("Decrypted property [{}] successfully.", pair.getKey());
                        return Pair.of(pair.getKey(), decryptValue);
                    }
                    LOGGER.warn("Decrypted property [{}] has no values.", pair.getKey());
                    return null;
                } catch (Exception e) {
                    LOGGER.error("Could not decrypt property [{}].", pair.getKey(), e);
                }
            }
            return pair;
        } catch (Exception e2) {
            LOGGER.error("Could not decrypt value [{}]", (Throwable) e2);
            return null;
        }
    }

    private void initializeJasyptInstanceIfNecessary() {
        if (this.jasyptInstance.isInitialized()) {
            return;
        }
        LOGGER.debug("Initializing Jasypt...");
        this.jasyptInstance.initialize();
    }

    public Map<String, Object> decrypt(Map<String, Object> map) {
        HashMap hashMap = new HashMap();
        map.forEach((str, obj) -> {
            Pair<String, Object> decryptPair = decryptPair(Pair.of(str, obj));
            if (decryptPair != null) {
                hashMap.put(decryptPair.getKey(), decryptPair.getValue());
            } else {
                LOGGER.error("CAS will ignore [{}] as it could not process it", str);
            }
        });
        return hashMap;
    }

    private static String getStringPropertyValue(Object obj) {
        if (obj instanceof String) {
            return obj.toString();
        }
        return null;
    }
}
