package net.nemerosa.ontrack.service.security;

import java.io.IOException;
import net.nemerosa.ontrack.model.security.Account;
import net.nemerosa.ontrack.model.security.AccountHolder;
import net.nemerosa.ontrack.model.security.ApplicationManagement;
import net.nemerosa.ontrack.model.security.ConfidentialStore;
import net.nemerosa.ontrack.model.security.EncryptionException;
import net.nemerosa.ontrack.model.security.EncryptionService;
import net.nemerosa.ontrack.model.security.GlobalSettings;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:net/nemerosa/ontrack/service/security/EncryptionServiceImpl.class */
public class EncryptionServiceImpl implements EncryptionService {
    private final ConfidentialKey key;

    public EncryptionServiceImpl(ConfidentialKey confidentialKey) {
        this.key = confidentialKey;
    }

    @Autowired
    public EncryptionServiceImpl(ConfidentialStore confidentialStore) {
        this(new CryptoConfidentialKey(confidentialStore, "net.nemerosa.ontrack.security.EncryptionServiceImpl.encryption"));
    }

    public String encrypt(String str) {
        if (str != null) {
            return this.key.encrypt(str);
        }
        return null;
    }

    public String decrypt(String str) {
        if (str != null) {
            return this.key.decrypt(str);
        }
        return null;
    }

    public String exportKey() {
        checkAdmin();
        try {
            return this.key.exportKey();
        } catch (IOException e) {
            throw new EncryptionException(e);
        }
    }

    public void importKey(String str) {
        checkAdmin();
        try {
            this.key.importKey(str);
        } catch (IOException e) {
            throw new EncryptionException(e);
        }
    }

    private void checkAdmin() {
        boolean z;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated() && (authentication.getPrincipal() instanceof AccountHolder)) {
            Account account = ((AccountHolder) authentication.getPrincipal()).getAccount();
            z = account.isGranted(ApplicationManagement.class) && account.isGranted(GlobalSettings.class);
        } else {
            z = false;
        }
        if (z) {
        } else {
            throw new AccessDeniedException("The current used has attempted to import/export keys without being authorised: " + (authentication != null ? authentication.getName() : "anonymous"));
        }
    }
}
