package net.nemerosa.ontrack.service.security;

import java.io.IOException;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import net.nemerosa.ontrack.model.security.ApplicationManagement;
import net.nemerosa.ontrack.model.security.ConfidentialStore;
import net.nemerosa.ontrack.model.security.EncryptionException;
import net.nemerosa.ontrack.model.security.EncryptionService;
import net.nemerosa.ontrack.model.security.GlobalSettings;
import net.nemerosa.ontrack.model.security.OntrackAuthenticatedUser;
import net.nemerosa.ontrack.service.labels.LabelProviderJobSettingsProviderKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

/* compiled from: EncryptionServiceImpl.kt */
@Metadata(mv = {1, 1, 16}, bv = {1, LabelProviderJobSettingsProviderKt.DEFAULT_LABEL_PROVIDER_JOB_PER_PROJECT, 3}, k = 1, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0006\b\u0017\u0018��2\u00020\u0001B\u000f\b\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004B\r\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0002\u0010\u0007J\b\u0010\b\u001a\u00020\tH\u0012J\u0014\u0010\n\u001a\u0004\u0018\u00010\u000b2\b\u0010\f\u001a\u0004\u0018\u00010\u000bH\u0016J\u0014\u0010\r\u001a\u0004\u0018\u00010\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u000bH\u0016J\n\u0010\u000f\u001a\u0004\u0018\u00010\u000bH\u0016J\u0010\u0010\u0010\u001a\u00020\t2\u0006\u0010\u0005\u001a\u00020\u000bH\u0016R\u000e\u0010\u0005\u001a\u00020\u0006X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u0011"}, d2 = {"Lnet/nemerosa/ontrack/service/security/EncryptionServiceImpl;", "Lnet/nemerosa/ontrack/model/security/EncryptionService;", "confidentialStore", "Lnet/nemerosa/ontrack/model/security/ConfidentialStore;", "(Lnet/nemerosa/ontrack/model/security/ConfidentialStore;)V", "key", "Lnet/nemerosa/ontrack/service/security/ConfidentialKey;", "(Lnet/nemerosa/ontrack/service/security/ConfidentialKey;)V", "checkAdmin", "", "decrypt", "", "crypted", "encrypt", "plain", "exportKey", "importKey", "ontrack-service"})
@Component
/* loaded from: input_file:net/nemerosa/ontrack/service/security/EncryptionServiceImpl.class */
public class EncryptionServiceImpl implements EncryptionService {
    private final ConfidentialKey key;

    @Nullable
    public String encrypt(@Nullable String str) {
        if (str != null) {
            return this.key.encrypt(str);
        }
        return null;
    }

    @Nullable
    public String decrypt(@Nullable String str) {
        if (str != null) {
            return this.key.decrypt(str);
        }
        return null;
    }

    @Nullable
    public String exportKey() {
        checkAdmin();
        try {
            return this.key.exportKey();
        } catch (IOException e) {
            throw new EncryptionException(e);
        }
    }

    public void importKey(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "key");
        checkAdmin();
        try {
            this.key.importKey(str);
        } catch (IOException e) {
            throw new EncryptionException(e);
        }
    }

    private void checkAdmin() {
        boolean z;
        SecurityContext context = SecurityContextHolder.getContext();
        Intrinsics.checkExpressionValueIsNotNull(context, "context");
        Authentication authentication = context.getAuthentication();
        if (authentication != null && authentication.isAuthenticated() && (authentication.getPrincipal() instanceof OntrackAuthenticatedUser)) {
            Object principal = authentication.getPrincipal();
            if (principal == null) {
                throw new TypeCastException("null cannot be cast to non-null type net.nemerosa.ontrack.model.security.OntrackAuthenticatedUser");
            }
            OntrackAuthenticatedUser ontrackAuthenticatedUser = (OntrackAuthenticatedUser) principal;
            z = ontrackAuthenticatedUser.isGranted(ApplicationManagement.class) && ontrackAuthenticatedUser.isGranted(GlobalSettings.class);
        } else {
            z = false;
        }
        if (z) {
        } else {
            throw new AccessDeniedException("The current used has attempted to import/export keys without being authorised: " + (authentication != null ? authentication.getName() : "anonymous"));
        }
    }

    public EncryptionServiceImpl(@NotNull ConfidentialKey confidentialKey) {
        Intrinsics.checkParameterIsNotNull(confidentialKey, "key");
        this.key = confidentialKey;
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @Autowired
    public EncryptionServiceImpl(@NotNull ConfidentialStore confidentialStore) {
        this(new CryptoConfidentialKey(confidentialStore, "net.nemerosa.ontrack.security.EncryptionServiceImpl.encryption"));
        Intrinsics.checkParameterIsNotNull(confidentialStore, "confidentialStore");
    }
}
