package tech.rsqn.useful.things.encryption;

import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.InputStreamReader;
import java.io.Reader;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:tech/rsqn/useful/things/encryption/RSAEncryptionTool.class */
public class RSAEncryptionTool implements EncryptionTool, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(RSAEncryptionTool.class);
    private String privateKeyFile;
    private String privateKeyPassword;
    private String publicKeyFile;
    private AmazonS3 s3Client;
    private KeyFactory factory;
    private String keyDir;
    private File _keyDir;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private String alias;
    private static final String CLASS_PATH_PREFIX = "classpath://";
    private static final String S3_PATH_PREFIX = "s3://";
    private String charSet = "utf-8";
    private String algorithm = "RSA/NONE/OAEPPadding";
    private String provider = "BC";
    private Map<String, String> quickState = new HashMap();

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public String getAlias() {
        return this.alias;
    }

    @Required
    public void setAlias(String str) {
        this.alias = str;
    }

    @Required
    public void setKeyDir(String str) {
        this.keyDir = str;
    }

    public void setS3Client(AmazonS3 amazonS3) {
        this.s3Client = amazonS3;
    }

    @Required
    public void setPublicKeyFile(String str) {
        this.publicKeyFile = str;
    }

    public String getPrivateKeyFile() {
        return this.privateKeyFile;
    }

    public void setPrivateKeyPassword(String str) {
        this.privateKeyPassword = str;
    }

    @Required
    public void setPrivateKeyFile(String str) {
        this.privateKeyFile = str;
    }

    public RSAEncryptionTool() {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void afterPropertiesSet() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        this.factory = KeyFactory.getInstance("RSA", "BC");
        this._keyDir = new File(this.keyDir);
        log.info("RSAEncryptionTool - Private Key Path " + this.privateKeyFile);
        log.info("RSAEncryptionTool - Private Key Password Present ? " + StringUtils.isNotEmpty(this.privateKeyPassword));
        log.info("RSAEncryptionTool - Public Key Path " + this.publicKeyFile);
        log.info("RSAEncryptionTool - keyDir " + this._keyDir.getAbsolutePath());
        if (!this._keyDir.exists()) {
            this._keyDir.mkdirs();
        }
        if (!StringUtils.isEmpty(this.privateKeyFile)) {
            this.privateKey = loadPrivateKey(this.privateKeyFile, this.privateKeyPassword);
        }
        this.publicKey = loadPublicKey(this.publicKeyFile);
    }

    public KeyPair fetchKeyPair() {
        return new KeyPair(this.publicKey, this.privateKey);
    }

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public byte[] encrypt(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(this.algorithm, this.provider);
            cipher.init(1, this.publicKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException("Decryption exception " + e, e);
        }
    }

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public byte[] decrypt(byte[] bArr) {
        if (StringUtils.isEmpty(this.privateKeyFile)) {
            throw new RuntimeException("Private key not available for decryption");
        }
        try {
            Cipher cipher = Cipher.getInstance(this.algorithm, this.provider);
            cipher.init(2, this.privateKey);
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException("Encryption exception " + e, e);
        }
    }

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public String encode(String str) {
        try {
            return new String(Base64.encodeBase64(encrypt(str.getBytes(this.charSet))), this.charSet);
        } catch (Exception e) {
            throw new RuntimeException("Encryption exception " + e, e);
        }
    }

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public String decode(String str) {
        try {
            return new String(decrypt(Base64.decodeBase64(str)), this.charSet);
        } catch (Exception e) {
            throw new DecryptException("Decryption exception " + e, e);
        }
    }

    @Override // tech.rsqn.useful.things.encryption.EncryptionTool
    public void setCharSet(String str) {
        this.charSet = str;
    }

    private String fetchRemoteIfNeccessary(String str) {
        if (!str.startsWith("s3")) {
            return str;
        }
        String[] parseBucketKeyAndFileName = parseBucketKeyAndFileName(str);
        String str2 = parseBucketKeyAndFileName[0];
        String str3 = parseBucketKeyAndFileName[1];
        String str4 = parseBucketKeyAndFileName[2];
        log.info("KeyTool - fetching " + str);
        S3Object object = this.s3Client.getObject(str2, str3);
        log.info("KeyTool - fetched " + str);
        this.quickState.put(str, "fetched");
        File file = new File(this._keyDir, str4);
        FileOutputStream fileOutputStream = null;
        log.info("KeyTool - output file " + file.getAbsolutePath());
        try {
            try {
                S3ObjectInputStream objectContent = object.getObjectContent();
                log.info("KeyTool - fetching " + str);
                fileOutputStream = new FileOutputStream(file);
                IOUtils.copy(objectContent, fileOutputStream);
                log.info("local path now " + file.getAbsolutePath());
                String absolutePath = file.getAbsolutePath();
                if (fileOutputStream != null) {
                    IOUtils.closeQuietly(fileOutputStream);
                }
                return absolutePath;
            } catch (Exception e) {
                log.info("KeyTool - failed to write to " + file.getAbsolutePath());
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                IOUtils.closeQuietly(fileOutputStream);
            }
            throw th;
        }
    }

    public PrivateKey loadPrivateKey(String str, String str2) throws Exception {
        PrivateKey privateKey;
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider(this.provider);
        Reader reader = null;
        try {
            Reader inputStreamReader = str.startsWith(CLASS_PATH_PREFIX) ? new InputStreamReader(getClass().getClassLoader().getResourceAsStream(str.substring(CLASS_PATH_PREFIX.length()))) : str.startsWith(S3_PATH_PREFIX) ? new FileReader(fetchRemoteIfNeccessary(str)) : new FileReader(str);
            Object readObject = new PEMParser(inputStreamReader).readObject();
            if (!(readObject instanceof PEMEncryptedKeyPair)) {
                privateKey = provider.getKeyPair((PEMKeyPair) readObject).getPrivate();
            } else {
                if (str2 == null) {
                    throw new RuntimeException("Encrypted private key found but no pass provided");
                }
                privateKey = provider.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(str2.toCharArray()))).getPrivate();
            }
            if (inputStreamReader != null) {
                inputStreamReader.close();
            }
            return privateKey;
        } catch (Throwable th) {
            if (0 != 0) {
                reader.close();
            }
            throw th;
        }
    }

    public PublicKey loadPublicKey(String str) {
        try {
            return this.factory.generatePublic(new X509EncodedKeySpec(new PemFile().with(fetchRemoteIfNeccessary(str)).getPemObject().getContent()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public Map<String, String> getQuickState() {
        return this.quickState;
    }

    private String[] parseBucketKeyAndFileName(String str) {
        String substring = str.substring(S3_PATH_PREFIX.length());
        int indexOf = substring.indexOf("/");
        return new String[]{substring.substring(0, indexOf), substring.substring(indexOf + 1), substring.substring(substring.lastIndexOf("/") + 1)};
    }
}
