package org.correomqtt.business.provider;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.AccessDeniedException;
import java.nio.file.DirectoryNotEmptyException;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.InvalidPathException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.correomqtt.business.dispatcher.ConfigDispatcher;
import org.correomqtt.business.dispatcher.SecretStoreDispatcher;
import org.correomqtt.business.keyring.KeyringException;
import org.correomqtt.business.model.ConnectionConfigDTO;
import org.correomqtt.business.model.ConnectionPasswordType;
import org.correomqtt.business.model.PasswordsDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/correomqtt/business/provider/SecretStoreProvider.class */
public class SecretStoreProvider extends BaseUserFileProvider {
    private static final String PASSWORD_FILE_NAME = "passwords.json";
    private static final String EX_MSG_PREPARE_CONFIG = "Exception preparing password file.";
    private static final int ITERATION_COUNT = 40000;
    private static final int KEY_LENGTH = 128;
    private PasswordsDTO passwordsDTO;
    private Map<String, String> decryptedPasswords;
    private static final Logger LOGGER = LoggerFactory.getLogger(SecretStoreProvider.class);
    private static SecretStoreProvider instance = null;

    public SecretStoreProvider() {
        try {
            prepareFile(PASSWORD_FILE_NAME);
        } catch (SecurityException | AccessDeniedException e) {
            LOGGER.error(EX_MSG_PREPARE_CONFIG, e);
            ConfigDispatcher.getInstance().onConfigDirectoryNotAccessible();
        } catch (DirectoryNotEmptyException e2) {
            LOGGER.error(EX_MSG_PREPARE_CONFIG, e2);
            ConfigDispatcher.getInstance().onConfigDirectoryEmpty();
        } catch (FileAlreadyExistsException e3) {
            LOGGER.error(EX_MSG_PREPARE_CONFIG, e3);
            ConfigDispatcher.getInstance().onFileAlreadyExists();
        } catch (IOException | UnsupportedOperationException e4) {
            LOGGER.error(EX_MSG_PREPARE_CONFIG, e4);
            ConfigDispatcher.getInstance().onConfigPrepareFailure();
        } catch (InvalidPathException e5) {
            LOGGER.error(EX_MSG_PREPARE_CONFIG, e5);
            ConfigDispatcher.getInstance().onInvalidPath();
        }
        try {
            this.passwordsDTO = (PasswordsDTO) new ObjectMapper().readValue(getFile(), PasswordsDTO.class);
        } catch (IOException e6) {
            LOGGER.error("Password file can not be read. ", e6);
            SecretStoreDispatcher.getInstance().onPasswordFileUnreadable();
            this.passwordsDTO = new PasswordsDTO();
        }
        if (this.passwordsDTO.getSalt() == null) {
            this.passwordsDTO.setSalt(UUID.randomUUID().toString());
        }
    }

    public static synchronized SecretStoreProvider getInstance() {
        if (instance != null) {
            return instance;
        }
        instance = new SecretStoreProvider();
        return instance;
    }

    public void setPassword(String str, ConnectionConfigDTO connectionConfigDTO, ConnectionPasswordType connectionPasswordType, String str2) throws PasswordRecoverableException {
        getDecryptedPasswords(str).put(getPasswordKey(connectionConfigDTO, connectionPasswordType), str2);
    }

    public String getPassword(String str, ConnectionConfigDTO connectionConfigDTO, ConnectionPasswordType connectionPasswordType) throws PasswordRecoverableException {
        return getDecryptedPasswords(str).get(getPasswordKey(connectionConfigDTO, connectionPasswordType));
    }

    private String getPasswordKey(ConnectionConfigDTO connectionConfigDTO, ConnectionPasswordType connectionPasswordType) {
        return connectionConfigDTO.getId() + "_" + connectionPasswordType.getLabel();
    }

    public void encryptAndSavePasswords(String str) throws PasswordRecoverableException {
        if (str == null || str.isEmpty()) {
            LOGGER.error("Password must not be empty.");
            throw new PasswordRecoverableException();
        }
        Map<String, String> decryptedPasswords = getDecryptedPasswords(str);
        try {
            this.passwordsDTO.setPasswords(decryptedPasswords.size() != 0 ? encrypt(new ObjectMapper().writeValueAsString(decryptedPasswords), createSecretKey(str)) : "");
            new ObjectMapper().writeValue(getFile(), this.passwordsDTO);
        } catch (IOException e) {
            LOGGER.error("Could not save encrypted passwords. ", e);
            throw new PasswordRecoverableException();
        } catch (GeneralSecurityException e2) {
            LOGGER.error("Could not encrypt passwords. ", e2);
            throw new PasswordRecoverableException();
        }
    }

    private Map<String, String> getDecryptedPasswords(String str) throws PasswordRecoverableException {
        if (this.decryptedPasswords == null) {
            if (this.passwordsDTO.getPasswords() == null) {
                this.decryptedPasswords = new HashMap();
            } else {
                this.decryptedPasswords = decryptPasswords(str);
            }
        }
        return this.decryptedPasswords;
    }

    private Map<String, String> decryptPasswords(String str) throws PasswordRecoverableException {
        String passwords = this.passwordsDTO.getPasswords();
        if (str == null || str.isEmpty()) {
            LOGGER.error("Password must not be empty.");
            throw new PasswordRecoverableException();
        }
        if (passwords != null) {
            try {
                if (!passwords.isEmpty()) {
                    return (Map) new ObjectMapper().readValue(decrypt(passwords, createSecretKey(str)), new TypeReference<HashMap<String, String>>() { // from class: org.correomqtt.business.provider.SecretStoreProvider.1
                    });
                }
            } catch (JsonProcessingException e) {
                LOGGER.error("Could not read password file. ", e);
                throw new PasswordRecoverableException();
            } catch (GeneralSecurityException e2) {
                LOGGER.error("Could not decrypt passwords. ", e2);
                throw new PasswordRecoverableException();
            }
        }
        return new HashMap();
    }

    public void wipe() {
        this.decryptedPasswords = null;
        this.passwordsDTO.setSalt(UUID.randomUUID().toString());
        this.passwordsDTO.setPasswords("");
        if (getFile().exists() && !getFile().delete()) {
            throw new KeyringException("Could not delete passwords.json file.");
        }
    }

    private SecretKeySpec createSecretKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512").generateSecret(new PBEKeySpec(str.toCharArray(), this.passwordsDTO.getSalt().getBytes(StandardCharsets.UTF_8), ITERATION_COUNT, KEY_LENGTH)).getEncoded(), "AES");
    }

    private String encrypt(String str, SecretKeySpec secretKeySpec) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, secretKeySpec);
        IvParameterSpec ivParameterSpec = (IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class);
        byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
        return Base64.getEncoder().encodeToString(ivParameterSpec.getIV()) + ":" + Base64.getEncoder().encodeToString(doFinal);
    }

    private String decrypt(String str, SecretKeySpec secretKeySpec) throws GeneralSecurityException {
        String str2 = str.split(":")[0];
        String str3 = str.split(":")[1];
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, new IvParameterSpec(Base64.getDecoder().decode(str2)));
        return new String(cipher.doFinal(Base64.getDecoder().decode(str3)), StandardCharsets.UTF_8);
    }

    public void ensurePasswordsAreDecrypted(String str) throws PasswordRecoverableException {
        getDecryptedPasswords(str);
    }
}
