package org.apereo.cas.configuration.support;

import java.security.Security;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.springframework.core.env.Environment;

/* loaded from: input_file:WEB-INF/lib/cas-server-core-api-configuration-model-6.2.8.jar:org/apereo/cas/configuration/support/CasConfigurationJasyptCipherExecutor.class */
public class CasConfigurationJasyptCipherExecutor implements CipherExecutor<String, String> {
    public static final String ENCRYPTED_VALUE_PREFIX = "{cas-cipher}";
    private static final String[] ALGORITHM_BLACKLIST = {"PBEWITHHMACSHA1ANDAES_128", "PBEWITHHMACSHA1ANDAES_256", "PBEWITHHMACSHA224ANDAES_128", "PBEWITHHMACSHA224ANDAES_256", "PBEWITHHMACSHA256ANDAES_128", "PBEWITHHMACSHA256ANDAES_256", "PBEWITHHMACSHA384ANDAES_128", "PBEWITHHMACSHA384ANDAES_256", "PBEWITHHMACSHA512ANDAES_128", "PBEWITHHMACSHA512ANDAES_256"};
    public static final Set<String> ALGORITHM_BLACKLIST_SET = Set.of((Object[]) ALGORITHM_BLACKLIST);
    private final StandardPBEStringEncryptor jasyptInstance;

    /* loaded from: input_file:WEB-INF/lib/cas-server-core-api-configuration-model-6.2.8.jar:org/apereo/cas/configuration/support/CasConfigurationJasyptCipherExecutor$JasyptEncryptionParameters.class */
    public enum JasyptEncryptionParameters {
        ALGORITHM("cas.standalone.configurationSecurity.alg", "PBEWithMD5AndTripleDES"),
        PROVIDER("cas.standalone.configurationSecurity.provider", null),
        ITERATIONS("cas.standalone.configurationSecurity.iterations", null),
        PASSWORD("cas.standalone.configurationSecurity.psw", null);

        private final String propertyName;
        private final String defaultValue;

        JasyptEncryptionParameters(String str, String str2) {
            this.propertyName = str;
            this.defaultValue = str2;
        }

        @Generated
        public String getPropertyName() {
            return this.propertyName;
        }

        @Generated
        public String getDefaultValue() {
            return this.defaultValue;
        }
    }

    public CasConfigurationJasyptCipherExecutor(Environment environment) {
        Security.addProvider(new BouncyCastleProvider());
        this.jasyptInstance = new StandardPBEStringEncryptor();
        setAlgorithm(getJasyptParamFromEnv(environment, JasyptEncryptionParameters.ALGORITHM));
        setPassword(getJasyptParamFromEnv(environment, JasyptEncryptionParameters.PASSWORD));
        setProviderName(getJasyptParamFromEnv(environment, JasyptEncryptionParameters.PROVIDER));
        setKeyObtentionIterations(getJasyptParamFromEnv(environment, JasyptEncryptionParameters.ITERATIONS));
    }

    private static String getJasyptParamFromEnv(Environment environment, JasyptEncryptionParameters jasyptEncryptionParameters) {
        return environment.getProperty(jasyptEncryptionParameters.getPropertyName(), jasyptEncryptionParameters.getDefaultValue());
    }

    public void setAlgorithm(String str) {
        if (StringUtils.isNotBlank(str)) {
            if (ALGORITHM_BLACKLIST_SET.contains(str)) {
                throw new IllegalArgumentException(String.format("Configured Jasypt algorithm [%s] doesn't work for decryption due to Jasypt bug", str));
            }
            LOGGER.debug("Configured Jasypt algorithm [{}]", str);
            this.jasyptInstance.setAlgorithm(str);
        }
    }

    protected void setAlgorithmForce(String str) {
        if (StringUtils.isNotBlank(str)) {
            LOGGER.debug("Configured Jasypt algorithm [{}]", str);
            this.jasyptInstance.setAlgorithm(str);
        }
    }

    public void setPassword(String str) {
        if (StringUtils.isNotBlank(str)) {
            LOGGER.debug("Configured Jasypt password");
            this.jasyptInstance.setPassword(str);
        }
    }

    public void setKeyObtentionIterations(String str) {
        if (StringUtils.isNotBlank(str) && NumberUtils.isCreatable(str)) {
            LOGGER.debug("Configured Jasypt iterations");
            this.jasyptInstance.setKeyObtentionIterations(Integer.parseInt(str));
        }
    }

    public void setProviderName(String str) {
        if (StringUtils.isNotBlank(str)) {
            LOGGER.debug("Configured Jasypt provider");
            this.jasyptInstance.setProviderName(str);
        }
    }

    @Override // org.apereo.cas.util.crypto.CipherExecutor
    public String encode(String str, Object[] objArr) {
        return encryptValue(str);
    }

    @Override // org.apereo.cas.util.crypto.CipherExecutor
    public String decode(String str, Object[] objArr) {
        return decryptValue(str);
    }

    @Override // org.apereo.cas.util.crypto.CipherExecutor
    public String getName() {
        return "CAS Configuration Jasypt Encryption";
    }

    public String encryptValue(String str) {
        try {
            return encryptValuePropagateExceptions(str);
        } catch (Exception e) {
            LOGGER.error("Could not encrypt value [{}]", str, e);
            return null;
        }
    }

    public String encryptValuePropagateExceptions(String str) {
        initializeJasyptInstanceIfNecessary();
        return "{cas-cipher}" + this.jasyptInstance.encrypt(str);
    }

    public String decryptValue(String str) {
        try {
            return decryptValuePropagateExceptions(str);
        } catch (Exception e) {
            LOGGER.error("Could not decrypt value [{}]", str, e);
            return null;
        }
    }

    public String decryptValuePropagateExceptions(String str) {
        if (StringUtils.isNotBlank(str) && str.startsWith(ENCRYPTED_VALUE_PREFIX)) {
            initializeJasyptInstanceIfNecessary();
            String substring = str.substring(ENCRYPTED_VALUE_PREFIX.length());
            LOGGER.trace("Decrypting value [{}]...", substring);
            String decrypt = this.jasyptInstance.decrypt(substring);
            if (StringUtils.isNotBlank(decrypt)) {
                LOGGER.debug("Decrypted value [{}] successfully.", substring);
                return decrypt;
            }
            LOGGER.warn("Encrypted value [{}] has no values.", substring);
        }
        return str;
    }

    private void initializeJasyptInstanceIfNecessary() {
        if (this.jasyptInstance.isInitialized()) {
            return;
        }
        LOGGER.debug("Initializing Jasypt...");
        this.jasyptInstance.initialize();
    }
}
