package org.kuali.common.util.enc;

import com.google.common.base.Optional;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.jasypt.util.text.BasicTextEncryptor;
import org.jasypt.util.text.StrongTextEncryptor;
import org.jasypt.util.text.TextEncryptor;
import org.kuali.common.util.Assert;
import org.kuali.common.util.PropertyUtils;
import org.kuali.common.util.enc.EncryptionContext;
import org.kuali.common.util.enc.KeyPair;
import org.kuali.common.util.nullify.NullUtils;
import org.kuali.common.util.spring.SpringUtils;
import org.kuali.common.util.spring.env.DefaultEnvironmentService;
import org.kuali.common.util.spring.env.EnvironmentService;
import org.kuali.common.util.spring.env.PropertiesEnvironment;

/* loaded from: input_file:WEB-INF/lib/kuali-util-4.4.7.jar:org/kuali/common/util/enc/EncUtils.class */
public class EncUtils {
    private static final String UTF8 = "UTF8";
    private static final String ENCRYPTED_PREFIX = "ENC(";
    private static final String ENCRYPTED_SUFFIX = ")";
    private static final String PASSWORD_KEY = "enc.password";
    private static final String STRENGTH_KEY = "enc.strength";
    private static final String PASSWORD_REQUIRED_KEY = "enc.password.required";
    private static final String PASSWORD_REMOVE_KEY = "enc.password.removeSystemProperty";
    private static final String LEGACY_PASSWORD_KEY = "properties.enc.password";
    private static final String LEGACY_STRENGTH_KEY = "properties.enc.strength";
    private static final String LEGACY_PASSWORD_REQUIRED_KEY = "properties.decrypt";

    public static KeyPair getKeyPair(String str, int i, Algorithm algorithm) {
        com.jcraft.jsch.KeyPair keyPair = getKeyPair(new JSch(), Algorithm.RSA == algorithm ? 2 : 1, i);
        String trim = getPublicKey(keyPair, str).trim();
        return new KeyPair.Builder(str).publicKey(trim).privateKey(getPrivateKey(keyPair)).fingerprint(keyPair.getFingerPrint()).build();
    }

    protected static com.jcraft.jsch.KeyPair getKeyPair(JSch jSch, int i, int i2) {
        try {
            return com.jcraft.jsch.KeyPair.genKeyPair(jSch, i, i2);
        } catch (JSchException e) {
            throw new IllegalStateException(e);
        }
    }

    protected static String getPrivateKey(com.jcraft.jsch.KeyPair keyPair) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyPair.writePrivateKey(byteArrayOutputStream);
        return toStringUTF8(byteArrayOutputStream);
    }

    protected static String getPublicKey(com.jcraft.jsch.KeyPair keyPair, String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyPair.writePublicKey(byteArrayOutputStream, str);
        return toStringUTF8(byteArrayOutputStream);
    }

    protected static String toStringUTF8(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            return byteArrayOutputStream.toString("UTF8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    public static EncryptionContext getEncryptionContext(Properties properties) {
        return getEncryptionContext(new DefaultEnvironmentService(new PropertiesEnvironment(properties)));
    }

    public static EncryptionContext getEncryptionContext(EnvironmentService environmentService) {
        Optional<String> string = SpringUtils.getString(environmentService, PASSWORD_KEY, EncryptionContext.DEFAULT.getPassword());
        Optional<String> string2 = SpringUtils.getString(environmentService, "properties.enc.password", EncryptionContext.DEFAULT.getPassword());
        String str = PASSWORD_KEY;
        if (!environmentService.containsProperty(PASSWORD_KEY) && environmentService.containsProperty("properties.enc.password")) {
            string = string2;
            str = "properties.enc.password";
        }
        boolean isPasswordRequired = isPasswordRequired(environmentService, EncryptionContext.DEFAULT);
        return new EncryptionContext.Builder().passwordRequired(isPasswordRequired).password(NullUtils.trimToNull(string.orNull())).strength(getStrength(environmentService, EncryptionContext.DEFAULT)).passwordKey(str).removePasswordSystemProperty(environmentService.getBoolean(PASSWORD_REMOVE_KEY, Boolean.valueOf(EncryptionContext.DEFAULT.isRemovePasswordSystemProperty())).booleanValue()).build();
    }

    protected static boolean isPasswordRequired(Properties properties, EncryptionContext encryptionContext) {
        return PropertyUtils.getBoolean(PASSWORD_REQUIRED_KEY, properties, encryptionContext.isPasswordRequired()) || PropertyUtils.getBoolean("properties.decrypt", properties, encryptionContext.isPasswordRequired());
    }

    protected static boolean isPasswordRequired(EnvironmentService environmentService, EncryptionContext encryptionContext) {
        return environmentService.getBoolean(PASSWORD_REQUIRED_KEY, Boolean.valueOf(encryptionContext.isPasswordRequired())).booleanValue() || environmentService.getBoolean("properties.decrypt", Boolean.valueOf(encryptionContext.isPasswordRequired())).booleanValue();
    }

    protected static EncStrength getStrength(Properties properties, EncryptionContext encryptionContext) {
        String property = properties.getProperty(STRENGTH_KEY, encryptionContext.getStrength().name());
        String property2 = properties.getProperty("properties.enc.strength", encryptionContext.getStrength().name());
        if (properties.getProperty(STRENGTH_KEY) == null && properties.getProperty("properties.enc.strength") != null) {
            property = property2;
        }
        return EncStrength.valueOf(property.toUpperCase());
    }

    protected static EncStrength getStrength(EnvironmentService environmentService, EncryptionContext encryptionContext) {
        String string = environmentService.getString(STRENGTH_KEY, encryptionContext.getStrength().name());
        String string2 = environmentService.getString("properties.enc.strength", encryptionContext.getStrength().name());
        if (!environmentService.containsProperty(STRENGTH_KEY) && environmentService.containsProperty("properties.enc.strength")) {
            string = string2;
        }
        return EncStrength.valueOf(string.toUpperCase());
    }

    public static boolean isEncrypted(String str) {
        return StringUtils.startsWith(str, "ENC(") && StringUtils.endsWith(str, ")");
    }

    public static String unwrap(String str) {
        Assert.noBlanks(str);
        Assert.isTrue(isEncrypted(str), "Text is not wrapped");
        return str.substring("ENC(".length(), str.length() - ")".length());
    }

    public static String wrap(String str) {
        Assert.noBlanks(str);
        Assert.isFalse(isEncrypted(str), "Text is already wrapped");
        return "ENC(" + str + ")";
    }

    public static TextEncryptor getTextEncryptor(String str) {
        return getTextEncryptor(str, EncStrength.DEFAULT_VALUE);
    }

    public static TextEncryptor getTextEncryptor(String str, EncStrength encStrength) {
        Assert.noBlanks(str);
        switch (encStrength) {
            case BASIC:
                BasicTextEncryptor basicTextEncryptor = new BasicTextEncryptor();
                basicTextEncryptor.setPassword(str);
                return basicTextEncryptor;
            case STRONG:
                StrongTextEncryptor strongTextEncryptor = new StrongTextEncryptor();
                strongTextEncryptor.setPassword(str);
                return strongTextEncryptor;
            default:
                throw new IllegalArgumentException("Encryption strength [" + encStrength + "] is unknown");
        }
    }
}
