package net.e6tech.elements.web.security.vault;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import java.security.spec.RSAPublicKeySpec;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.login.LoginException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import net.e6tech.elements.common.inject.Inject;
import net.e6tech.elements.common.logging.Logger;
import net.e6tech.elements.common.resources.Provision;
import net.e6tech.elements.common.util.SystemException;
import net.e6tech.elements.security.vault.Constants;
import net.e6tech.elements.security.vault.Credential;
import net.e6tech.elements.security.vault.VaultManager;
import net.e6tech.elements.web.security.vault.client.Action;
import net.e6tech.elements.web.security.vault.client.Authenticate;
import net.e6tech.elements.web.security.vault.client.Decrypt;
import net.e6tech.elements.web.security.vault.client.Encrypt;
import net.e6tech.elements.web.security.vault.client.GetSecret;
import net.e6tech.elements.web.security.vault.client.PasswordUnlock;
import net.e6tech.elements.web.security.vault.client.Renew;
import net.e6tech.elements.web.security.vault.client.Request;
import net.e6tech.elements.web.security.vault.client.SharedKey;

@Path("/keyserver/v1")
/* loaded from: input_file:net/e6tech/elements/web/security/vault/KeyServer.class */
public class KeyServer {
    private static Logger logger = Logger.getLogger();
    private VaultManager vaultManager;
    private Provision provision;
    private LoadingCache<String, SecretKey> clientKeys = CacheBuilder.newBuilder().maximumSize(1000).initialCapacity(20).expireAfterWrite(3600000, TimeUnit.MILLISECONDS).concurrencyLevel(Provision.cacheBuilderConcurrencyLevel.intValue()).build(new CacheLoader<String, SecretKey>() { // from class: net.e6tech.elements.web.security.vault.KeyServer.1
        public SecretKey load(String str) throws Exception {
            return new SecretKeySpec(KeyServer.this.vaultManager.decryptPrivate(str), KeyServer.this.vaultManager.getSymmetricCipher().getAlgorithm());
        }
    });

    public VaultManager getVaultManager() {
        return this.vaultManager;
    }

    @Inject
    public void setVaultManager(VaultManager vaultManager) {
        this.vaultManager = vaultManager;
    }

    public Provision getProvision() {
        return this.provision;
    }

    @Inject
    public void setProvision(Provision provision) {
        this.provision = provision;
    }

    public LoadingCache<String, SecretKey> getClientKeys() {
        return this.clientKeys;
    }

    public void setClientKeys(LoadingCache<String, SecretKey> loadingCache) {
        this.clientKeys = loadingCache;
    }

    @GET
    @Produces({"application/json"})
    @Path("publicKey")
    public String getPublicKey() {
        try {
            RSAPublicKeySpec publicKey = this.vaultManager.getPublicKey();
            if (publicKey == null) {
                return null;
            }
            SharedKey sharedKey = new SharedKey();
            sharedKey.setModulus(publicKey.getModulus());
            sharedKey.setPublicExponent(publicKey.getPublicExponent());
            return Constants.mapper.writeValueAsString(sharedKey);
        } catch (BadPaddingException e) {
            logger.error("bad vault");
            throw new SystemException(e);
        } catch (Exception e2) {
            throw new SystemException(e2);
        }
    }

    @Path("request")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public String request(Request request) {
        String encrypt;
        String str = Action.class.getPackage().getName() + "." + request.getAction();
        Action action = null;
        SecretKey secretKey = null;
        try {
            secretKey = (SecretKey) this.clientKeys.get(request.getClientKey());
            action = (Action) Constants.mapper.readValue(new String(this.vaultManager.getSymmetricCipher().decrypt(secretKey, request.getEncryptedData(), (String) null), "UTF-8"), getClass().getClassLoader().loadClass(str));
        } catch (Exception e) {
            logger.debug(e.getMessage(), e);
        }
        try {
            if (action instanceof Authenticate) {
                Authenticate authenticate = (Authenticate) action;
                encrypt = this.vaultManager.authorize(new Credential(authenticate.getUserName(), authenticate.getPassword()));
            } else if (action instanceof Renew) {
                encrypt = this.vaultManager.renew(((Renew) action).getToken());
            } else if (action instanceof GetSecret) {
                GetSecret getSecret = (GetSecret) action;
                encrypt = Constants.mapper.writeValueAsString(this.vaultManager.getSecretData(getSecret.getToken(), getSecret.getAlias()));
            } else if (action instanceof PasswordUnlock) {
                PasswordUnlock passwordUnlock = (PasswordUnlock) action;
                encrypt = Constants.mapper.writeValueAsString(this.vaultManager.passphraseUnlock(passwordUnlock.getToken(), passwordUnlock.getAlias()));
            } else {
                if (!(action instanceof Encrypt)) {
                    if (!(action instanceof Decrypt)) {
                        throw new SystemException("Unsupported action " + action);
                    }
                    Decrypt decrypt = (Decrypt) action;
                    return this.vaultManager.getSymmetricCipher().encrypt(secretKey, decrypt.getKeyBlock() == null ? this.vaultManager.decrypt(decrypt.getToken(), decrypt.getSecret()) : this.vaultManager.decrypt(decrypt.getToken(), decrypt.getKeyBlock(), decrypt.getSecret(), decrypt.getIv()), (String) null);
                }
                Encrypt encrypt2 = (Encrypt) action;
                encrypt = this.vaultManager.encrypt(encrypt2.getToken(), encrypt2.getKeyBlock(), encrypt2.getData(), encrypt2.getIv());
            }
            return this.vaultManager.getSymmetricCipher().encrypt(secretKey, encrypt.getBytes("UTF-8"), (String) null);
        } catch (RuntimeException e2) {
            throw e2;
        } catch (LoginException e3) {
            logger.warn("" + action, e3);
            throw new NotAuthorizedException(Response.status(Response.Status.UNAUTHORIZED).build());
        } catch (Exception e4) {
            logger.warn("" + action, e4);
            throw new SystemException(e4);
        }
    }
}
