package com.hypersocket.secret;

import com.hypersocket.encrypt.EncryptionProvider;
import com.hypersocket.encrypt.RsaEncryptionProvider;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.permissions.PermissionType;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmAdapter;
import com.hypersocket.realm.RealmService;
import com.hypersocket.resource.AbstractResourceRepository;
import com.hypersocket.resource.AbstractResourceServiceImpl;
import com.hypersocket.resource.ResourceCreationException;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.resource.ResourceNotFoundException;
import com.hypersocket.resource.TransactionOperation;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.UUID;
import javax.annotation.PostConstruct;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/hypersocket/secret/SecretKeyServiceImpl.class */
public class SecretKeyServiceImpl extends AbstractResourceServiceImpl<SecretKeyResource> implements SecretKeyService {
    public static final String RESOURCE_BUNDLE = "SecretKeyService";
    static Logger log = LoggerFactory.getLogger(SecretKeyServiceImpl.class);

    @Autowired
    private SecretKeyRepository repository;

    @Autowired
    private RealmService realmService;
    private EncryptionProvider encryptionProvider;

    public SecretKeyServiceImpl() {
        super("secretKeyResource");
    }

    @PostConstruct
    private void postConstruct() throws Exception {
        if (this.encryptionProvider == null) {
            this.encryptionProvider = RsaEncryptionProvider.getInstance();
        }
        this.realmService.registerRealmListener(new RealmAdapter() { // from class: com.hypersocket.secret.SecretKeyServiceImpl.1
            @Override // com.hypersocket.realm.RealmAdapter, com.hypersocket.realm.RealmListener
            public void onDeleteRealm(Realm realm) throws ResourceException, AccessDeniedException {
                SecretKeyServiceImpl.this.repository.deleteRealm(realm);
            }
        });
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected AbstractResourceRepository<SecretKeyResource> getRepository() {
        return this.repository;
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected String getResourceBundle() {
        return RESOURCE_BUNDLE;
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected Class<SecretKeyResource> getResourceClass() {
        return SecretKeyResource.class;
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public SecretKeyResource createSecretKey(Realm realm) throws AccessDeniedException, ResourceException {
        return createSecretKey(UUID.randomUUID().toString(), realm);
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public void deleteSecretKey(String str, Realm realm) throws ResourceNotFoundException, ResourceException, AccessDeniedException {
        this.repository.deleteResource(getSecretKey(str, realm), new TransactionOperation[0]);
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public SecretKeyResource createSecretKey(String str, Realm realm) throws ResourceException, AccessDeniedException {
        try {
            SecretKeyResource secretKeyResource = new SecretKeyResource();
            secretKeyResource.setName(str);
            secretKeyResource.setRealm(realm);
            secretKeyResource.setResourceCategory("secretKey");
            secretKeyResource.setKeylength(Integer.valueOf(Math.min(Cipher.getMaxAllowedKeyLength("AES"), 256)));
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr = new byte[32];
            secureRandom.nextBytes(bArr);
            try {
                secretKeyResource.setKeydata(this.encryptionProvider.encrypt(Hex.encodeHexString(bArr)));
                byte[] bArr2 = new byte[16];
                secureRandom.nextBytes(bArr2);
                try {
                    secretKeyResource.setIv(this.encryptionProvider.encrypt(Hex.encodeHexString(bArr2)));
                    this.repository.saveResource(secretKeyResource, new HashMap(), new TransactionOperation[0]);
                    return secretKeyResource;
                } catch (Exception e) {
                    log.error("Could not encrypt iv", e);
                    throw new ResourceCreationException(e, RESOURCE_BUNDLE, "error.encryptError", e.getMessage());
                }
            } catch (Exception e2) {
                log.error("Could not encrypt secret key", e2);
                throw new ResourceCreationException(e2, RESOURCE_BUNDLE, "error.encryptError", e2.getMessage());
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new ResourceCreationException(e3, RESOURCE_BUNDLE, "error.aesNotSupported", new Object[0]);
        }
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public byte[] generateSecreyKeyData(SecretKeyResource secretKeyResource) throws IOException {
        try {
            return Arrays.copyOf(Hex.decodeHex(this.encryptionProvider.decrypt(secretKeyResource.getKeydata()).toCharArray()), secretKeyResource.getKeylength().intValue() / 8);
        } catch (Exception e) {
            log.error("Could not generate secret key", e);
            throw new IOException("Unable to process key data for " + secretKeyResource.getName(), e);
        }
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public byte[] generateIvData(SecretKeyResource secretKeyResource) throws IOException {
        try {
            return Arrays.copyOf(Hex.decodeHex(this.encryptionProvider.decrypt(secretKeyResource.getIv()).toCharArray()), 16);
        } catch (Exception e) {
            log.error("Could not generate iv", e);
            throw new IOException("Unable to process iv data for " + secretKeyResource.getName(), e);
        }
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public Class<? extends PermissionType> getPermissionType() {
        return SecretKeyPermission.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceCreationEvent(SecretKeyResource secretKeyResource) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceCreationEvent(SecretKeyResource secretKeyResource, Throwable th) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceUpdateEvent(SecretKeyResource secretKeyResource) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceUpdateEvent(SecretKeyResource secretKeyResource, Throwable th) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceDeletionEvent(SecretKeyResource secretKeyResource) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceDeletionEvent(SecretKeyResource secretKeyResource, Throwable th) {
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.hypersocket.secret.SecretKeyService
    public SecretKeyResource getSecretKey(String str, Realm realm) throws ResourceNotFoundException, ResourceException, AccessDeniedException {
        return (SecretKeyResource) this.repository.getResourceByName(str, realm);
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public void setEncryptorProvider(EncryptionProvider encryptionProvider) {
        if (log.isInfoEnabled()) {
            log.info("Installed " + encryptionProvider.getName() + " encryption provider");
        }
        this.encryptionProvider = encryptionProvider;
    }

    @Override // com.hypersocket.secret.SecretKeyService
    public EncryptionProvider getEncryptorProvider() {
        return this.encryptionProvider;
    }
}
