package com.google.enterprise.connector.instantiator;

import com.google.enterprise.connector.common.Base64;
import com.google.enterprise.connector.common.Base64DecoderException;
import com.google.enterprise.connector.common.PropertiesUtils;
import com.google.enterprise.connector.common.SecurityUtils;
import com.google.enterprise.connector.servlet.ServletUtil;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;

/* loaded from: input_file:com/google/enterprise/connector/instantiator/EncryptedPropertyPlaceholderConfigurer.class */
public class EncryptedPropertyPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
    private static final String KEY_NAME = "EXTERNAL_CM_KEY";
    private static final Logger LOGGER = Logger.getLogger(EncryptedPropertyPlaceholderConfigurer.class.getName());
    private static String keyStorePath = "external_cm.keystore";
    private static String keyStorePasswdPath = null;
    private static String keyStoreType = "JCEKS";
    private static String keyStoreCryptoAlgo = "AES";

    public void convertProperties(Properties properties) {
        decryptSensitiveProperties(properties);
        super.convertProperties(properties);
    }

    public static void encryptSensitiveProperties(Properties properties) {
        PropertiesUtils.stampPropertiesVersion(properties);
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            if (SecurityUtils.isKeySensitive(str)) {
                properties.setProperty(str, encryptString(properties.getProperty(str)));
            }
        }
    }

    public static void decryptSensitiveProperties(Properties properties) {
        int propertiesVersion = PropertiesUtils.getPropertiesVersion(properties);
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            if (propertiesVersion < 1 ? str.equals(ServletUtil.XMLTAG_AUTHN_PASSWORD) : SecurityUtils.isKeySensitive(str)) {
                properties.setProperty(str, decryptString(properties.getProperty(str)));
            }
        }
    }

    public static void setKeyStorePath(String str) {
        keyStorePath = str;
        LOGGER.config("Using keystore " + str);
    }

    public static String getKeyStorePath() {
        return keyStorePath;
    }

    public static void setKeyStorePasswdPath(String str) {
        keyStorePasswdPath = str;
    }

    public static void setKeyStoreType(String str) {
        keyStoreType = str;
    }

    public static void setKeyStoreCryptoAlgo(String str) {
        keyStoreCryptoAlgo = str;
    }

    public static String getKeyStoreType() {
        return keyStoreType;
    }

    public static String getKeyStoreCryptoAlgo() {
        return keyStoreCryptoAlgo;
    }

    public static KeyStore getKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        FileInputStream fileInputStream = null;
        File file = new File(keyStorePath);
        if (file.exists()) {
            fileInputStream = new FileInputStream(file);
            LOGGER.config("Using existing keystore at " + file.getAbsolutePath());
        }
        String keyStorePasswd = getKeyStorePasswd();
        char[] charArray = keyStorePasswd.toCharArray();
        if (keyStorePasswd.length() == 0) {
            charArray = null;
        }
        keyStore.load(fileInputStream, charArray);
        if (fileInputStream != null) {
            fileInputStream.close();
        }
        return keyStore;
    }

    private static String getKeyStorePasswd() {
        if (keyStorePasswdPath == null) {
            return "";
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(new File(keyStorePasswdPath)));
            try {
                String readLine = bufferedReader.readLine();
                bufferedReader.close();
                return readLine;
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        } catch (FileNotFoundException e) {
            LOGGER.fine("Keystore passwd file does not exist");
            return "";
        } catch (IOException e2) {
            LOGGER.warning("Could not open keystore passwd file");
            return "";
        }
    }

    private static SecretKey getSecretKey() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        SecretKey secretKey = null;
        KeyStore keyStore = getKeyStore();
        char[] charArray = getKeyStorePasswd().toCharArray();
        try {
            secretKey = (SecretKey) keyStore.getKey(KEY_NAME, charArray);
            if (secretKey == null) {
                LOGGER.config("Creating new key for password encryption");
                secretKey = KeyGenerator.getInstance(keyStoreCryptoAlgo).generateKey();
                keyStore.setKeyEntry(KEY_NAME, secretKey, charArray, null);
                FileOutputStream fileOutputStream = new FileOutputStream(new File(keyStorePath));
                keyStore.store(fileOutputStream, charArray);
                fileOutputStream.close();
            }
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
            LOGGER.severe("Key cannot be recovered from keystore");
        }
        return secretKey;
    }

    public static String encryptString(String str) {
        try {
            return encryptBytes(str.getBytes("UTF8"));
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    public static String encryptChars(char[] cArr) {
        return encryptBytes(Charset.forName("UTF8").encode(CharBuffer.wrap(cArr)).array());
    }

    public static String encryptBytes(byte[] bArr) {
        try {
            SecretKey secretKey = getSecretKey();
            Cipher cipher = Cipher.getInstance(keyStoreCryptoAlgo);
            cipher.init(1, secretKey);
            return Base64.encode(cipher.doFinal(bArr));
        } catch (IOException e) {
            LOGGER.severe("Could not encrypt password: I/O error");
            throw new RuntimeException("Could not encrypt password: I/O error");
        } catch (IllegalStateException e2) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (InvalidKeyException e3) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (KeyStoreException e4) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (NoSuchAlgorithmException e5) {
            LOGGER.severe("Could not encrypt password: provider does not have algorithm");
            throw new RuntimeException("Could not encrypt password: provider does not have algorithm");
        } catch (CertificateException e6) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (BadPaddingException e7) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (IllegalBlockSizeException e8) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        } catch (NoSuchPaddingException e9) {
            LOGGER.severe("Could not encrypt password");
            throw new RuntimeException("Could not encrypt password");
        }
    }

    public static String decryptString(String str) {
        try {
            SecretKey secretKey = getSecretKey();
            Cipher cipher = Cipher.getInstance(keyStoreCryptoAlgo);
            cipher.init(2, secretKey);
            return new String(cipher.doFinal(Base64.decode(str)), "UTF8");
        } catch (Base64DecoderException e) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (IOException e2) {
            LOGGER.severe("Could not decrypt password: I/O error");
            throw new RuntimeException("Could not decrypt password: I/O error");
        } catch (IllegalStateException e3) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (InvalidKeyException e4) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (KeyStoreException e5) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (NoSuchAlgorithmException e6) {
            LOGGER.severe("Could not decrypt password: provider does not have algorithm");
            throw new RuntimeException("Could not decrypt password: provider does not have algorithm");
        } catch (CertificateException e7) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (BadPaddingException e8) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (IllegalBlockSizeException e9) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        } catch (NoSuchPaddingException e10) {
            LOGGER.severe("Could not decrypt password");
            throw new RuntimeException("Could not decrypt password");
        }
    }
}
