package org.apache.ofbiz.entity.util;

import java.io.IOException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.ofbiz.base.crypto.DesCrypt;
import org.apache.ofbiz.base.crypto.HashCrypt;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.GeneralException;
import org.apache.ofbiz.base.util.StringUtil;
import org.apache.ofbiz.base.util.UtilIO;
import org.apache.ofbiz.base.util.UtilObject;
import org.apache.ofbiz.base.util.UtilValidate;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.EntityCryptoException;
import org.apache.ofbiz.entity.GenericEntityException;
import org.apache.ofbiz.entity.GenericValue;
import org.apache.ofbiz.entity.model.ModelField;
import org.apache.ofbiz.entity.transaction.TransactionUtil;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.OperationMode;
import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.HashRequest;
import org.apache.shiro.crypto.hash.HashService;

/* loaded from: input_file:org/apache/ofbiz/entity/util/EntityCrypto.class */
public final class EntityCrypto {
    private final Delegator delegator;
    private final ConcurrentMap<String, byte[]> keyMap = new ConcurrentHashMap();
    private final StorageHandler[] handlers;
    public static final String module = EntityCrypto.class.getName();
    protected static final StorageHandler OldFunnyHashStorageHandler = new LegacyStorageHandler() { // from class: org.apache.ofbiz.entity.util.EntityCrypto.2
        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getHashedKeyName(String str) {
            return HashCrypt.digestHashOldFunnyHex(null, str);
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getKeyMapPrefix(String str) {
            return "{funny-hash}";
        }
    };
    protected static final StorageHandler NormalHashStorageHandler = new LegacyStorageHandler() { // from class: org.apache.ofbiz.entity.util.EntityCrypto.3
        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getHashedKeyName(String str) {
            return HashCrypt.digestHash("SHA", str.getBytes());
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getKeyMapPrefix(String str) {
            return "{normal-hash}";
        }
    };

    /* loaded from: input_file:org/apache/ofbiz/entity/util/EntityCrypto$LegacyStorageHandler.class */
    protected static abstract class LegacyStorageHandler extends StorageHandler {
        protected LegacyStorageHandler() {
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected Key generateNewKey() throws EntityCryptoException {
            try {
                return DesCrypt.generateKey();
            } catch (NoSuchAlgorithmException e) {
                throw new EntityCryptoException(e);
            }
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decodeKeyBytes(String str) throws GeneralException {
            return StringUtil.fromHexString(str);
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encodeKey(byte[] bArr) {
            return StringUtil.toHexString(bArr);
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decryptValue(byte[] bArr, ModelField.EncryptMethod encryptMethod, String str) throws GeneralException {
            return DesCrypt.decrypt(DesCrypt.getDesKey(bArr), StringUtil.fromHexString(str));
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encryptValue(ModelField.EncryptMethod encryptMethod, byte[] bArr, byte[] bArr2) throws GeneralException {
            return StringUtil.toHexString(DesCrypt.encrypt(DesCrypt.getDesKey(bArr), bArr2));
        }
    }

    /* loaded from: input_file:org/apache/ofbiz/entity/util/EntityCrypto$SaltedBase64StorageHandler.class */
    protected static final class SaltedBase64StorageHandler extends StorageHandler {
        private final Key kek;

        protected SaltedBase64StorageHandler(byte[] bArr) throws EntityCryptoException {
            Key key = null;
            if (bArr != null) {
                try {
                    key = DesCrypt.getDesKey(bArr);
                } catch (GeneralException e) {
                    Debug.logInfo("Invalid key-encryption-key specified for SaltedBase64StorageHandler; the key is probably valid for the newer ShiroStorageHandler", EntityCrypto.module);
                }
            }
            this.kek = key;
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected Key generateNewKey() throws EntityCryptoException {
            try {
                return DesCrypt.generateKey();
            } catch (NoSuchAlgorithmException e) {
                throw new EntityCryptoException(e);
            }
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getHashedKeyName(String str) {
            return HashCrypt.digestHash64("SHA", str.getBytes(UtilIO.getUtf8()));
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getKeyMapPrefix(String str) {
            return "{salted-base64}";
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decodeKeyBytes(String str) throws GeneralException {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            if (this.kek != null) {
                decodeBase64 = DesCrypt.decrypt(this.kek, decodeBase64);
            }
            return decodeBase64;
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encodeKey(byte[] bArr) throws GeneralException {
            if (this.kek != null) {
                bArr = DesCrypt.encrypt(this.kek, bArr);
            }
            return Base64.encodeBase64String(bArr);
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decryptValue(byte[] bArr, ModelField.EncryptMethod encryptMethod, String str) throws GeneralException {
            byte[] decrypt = DesCrypt.decrypt(DesCrypt.getDesKey(bArr), Base64.decodeBase64(str));
            byte b = decrypt[0];
            byte[] bArr2 = new byte[(decrypt.length - 1) - b];
            System.arraycopy(decrypt, 1 + b, bArr2, 0, bArr2.length);
            return bArr2;
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encryptValue(ModelField.EncryptMethod encryptMethod, byte[] bArr, byte[] bArr2) throws GeneralException {
            byte[] bArr3;
            switch (encryptMethod) {
                case SALT:
                    SecureRandom secureRandom = new SecureRandom();
                    bArr3 = new byte[5 + secureRandom.nextInt(11)];
                    secureRandom.nextBytes(bArr3);
                    break;
                default:
                    bArr3 = new byte[0];
                    break;
            }
            byte[] bArr4 = new byte[1 + bArr3.length + bArr2.length];
            bArr4[0] = (byte) bArr3.length;
            System.arraycopy(bArr3, 0, bArr4, 1, bArr3.length);
            System.arraycopy(bArr2, 0, bArr4, 1 + bArr3.length, bArr2.length);
            return Base64.encodeBase64String(DesCrypt.encrypt(DesCrypt.getDesKey(bArr), bArr4));
        }
    }

    /* loaded from: input_file:org/apache/ofbiz/entity/util/EntityCrypto$ShiroStorageHandler.class */
    protected static final class ShiroStorageHandler extends StorageHandler {
        private final HashService hashService = new DefaultHashService();
        private final AesCipherService cipherService = new AesCipherService();
        private final AesCipherService saltedCipherService;
        private final byte[] kek;

        protected ShiroStorageHandler(byte[] bArr) {
            this.cipherService.setMode(OperationMode.ECB);
            this.saltedCipherService = new AesCipherService();
            this.kek = bArr;
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected Key generateNewKey() {
            return this.saltedCipherService.generateNewKey();
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getHashedKeyName(String str) {
            return this.hashService.computeHash(new HashRequest.Builder().setSource(str).build()).toBase64();
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String getKeyMapPrefix(String str) {
            return "{shiro}";
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decodeKeyBytes(String str) throws GeneralException {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            if (this.kek != null) {
                decodeBase64 = this.saltedCipherService.decrypt(decodeBase64, this.kek).getBytes();
            }
            return decodeBase64;
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encodeKey(byte[] bArr) throws GeneralException {
            return this.kek != null ? this.saltedCipherService.encrypt(bArr, this.kek).toBase64() : Base64.encodeBase64String(bArr);
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected byte[] decryptValue(byte[] bArr, ModelField.EncryptMethod encryptMethod, String str) throws GeneralException {
            switch (encryptMethod) {
                case SALT:
                    return this.saltedCipherService.decrypt(Base64.decodeBase64(str), bArr).getBytes();
                default:
                    return this.cipherService.decrypt(Base64.decodeBase64(str), bArr).getBytes();
            }
        }

        @Override // org.apache.ofbiz.entity.util.EntityCrypto.StorageHandler
        protected String encryptValue(ModelField.EncryptMethod encryptMethod, byte[] bArr, byte[] bArr2) throws GeneralException {
            switch (encryptMethod) {
                case SALT:
                    return this.saltedCipherService.encrypt(bArr2, bArr).toBase64();
                default:
                    return this.cipherService.encrypt(bArr2, bArr).toBase64();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/ofbiz/entity/util/EntityCrypto$StorageHandler.class */
    public static abstract class StorageHandler {
        protected StorageHandler() {
        }

        protected abstract Key generateNewKey() throws EntityCryptoException;

        protected abstract String getHashedKeyName(String str);

        protected abstract String getKeyMapPrefix(String str);

        protected abstract byte[] decodeKeyBytes(String str) throws GeneralException;

        protected abstract String encodeKey(byte[] bArr) throws GeneralException;

        protected abstract byte[] decryptValue(byte[] bArr, ModelField.EncryptMethod encryptMethod, String str) throws GeneralException;

        protected abstract String encryptValue(ModelField.EncryptMethod encryptMethod, byte[] bArr, byte[] bArr2) throws GeneralException;
    }

    public EntityCrypto(Delegator delegator, String str) throws EntityCryptoException {
        this.delegator = delegator;
        byte[] decodeBase64 = UtilValidate.isNotEmpty(str) ? Base64.decodeBase64(str) : null;
        this.handlers = new StorageHandler[]{new ShiroStorageHandler(decodeBase64), new SaltedBase64StorageHandler(decodeBase64), NormalHashStorageHandler, OldFunnyHashStorageHandler};
    }

    public void clearKeyCache() {
        this.keyMap.clear();
    }

    @Deprecated
    public String encrypt(String str, Object obj) throws EntityCryptoException {
        return encrypt(str, ModelField.EncryptMethod.TRUE, obj);
    }

    public String encrypt(String str, ModelField.EncryptMethod encryptMethod, Object obj) throws EntityCryptoException {
        try {
            byte[] findKey = findKey(str, this.handlers[0]);
            if (findKey == null) {
                try {
                    createKey(str, this.handlers[0], encryptMethod);
                    try {
                        findKey = findKey(str, this.handlers[0]);
                        if (findKey == null) {
                            if (0 != 0) {
                                throw null;
                            }
                            throw new EntityCryptoException("could not lookup key (" + str + ") after creation");
                        }
                    } catch (EntityCryptoException e) {
                        if (0 != 0) {
                            throw null;
                        }
                        throw e;
                    }
                } catch (EntityCryptoException e2) {
                    try {
                        findKey = findKey(str, this.handlers[0]);
                        if (findKey == null) {
                            if (e2 != null) {
                                throw e2;
                            }
                            throw new EntityCryptoException("could not lookup key (" + str + ") after creation");
                        }
                    } catch (EntityCryptoException e3) {
                        if (e2 != null) {
                            throw e2;
                        }
                        throw e3;
                    }
                } catch (Throwable th) {
                    try {
                        if (findKey(str, this.handlers[0]) != null) {
                            throw th;
                        }
                        if (0 != 0) {
                            throw null;
                        }
                        throw new EntityCryptoException("could not lookup key (" + str + ") after creation");
                    } catch (EntityCryptoException e4) {
                        if (0 != 0) {
                            throw null;
                        }
                        throw e4;
                    }
                }
            }
            return this.handlers[0].encryptValue(encryptMethod, findKey, UtilObject.getBytes(obj));
        } catch (GeneralException e5) {
            throw new EntityCryptoException(e5);
        }
    }

    public Object decrypt(String str, ModelField.EncryptMethod encryptMethod, String str2) throws EntityCryptoException {
        try {
            return doDecrypt(str, encryptMethod, str2, this.handlers[0]);
        } catch (Exception e) {
            Debug.logInfo("Decrypt with DES key from standard key name hash failed, trying old/funny variety of key name hash", module);
            for (int i = 1; i < this.handlers.length; i++) {
                try {
                    return doDecrypt(str, encryptMethod, str2, this.handlers[i]);
                } catch (GeneralException e2) {
                }
            }
            throw new EntityCryptoException(e);
        }
    }

    protected Object doDecrypt(String str, ModelField.EncryptMethod encryptMethod, String str2, StorageHandler storageHandler) throws GeneralException {
        byte[] findKey = findKey(str, storageHandler);
        if (findKey == null) {
            throw new EntityCryptoException("key(" + str + ") not found in database");
        }
        try {
            return UtilObject.getObjectException(storageHandler.decryptValue(findKey, encryptMethod, str2));
        } catch (IOException e) {
            throw new GeneralException(e);
        } catch (ClassNotFoundException e2) {
            throw new GeneralException(e2);
        }
    }

    protected byte[] findKey(String str, StorageHandler storageHandler) throws EntityCryptoException {
        String hashedKeyName = storageHandler.getHashedKeyName(str);
        String str2 = storageHandler.getKeyMapPrefix(hashedKeyName) + hashedKeyName;
        if (this.keyMap.containsKey(str2)) {
            return this.keyMap.get(str2);
        }
        try {
            GenericValue queryOne = EntityQuery.use(this.delegator).from("EntityKeyStore").where("keyName", hashedKeyName).queryOne();
            if (queryOne == null || queryOne.get("keyText") == null) {
                return null;
            }
            try {
                this.keyMap.putIfAbsent(str2, storageHandler.decodeKeyBytes(queryOne.getString("keyText")));
                return this.keyMap.get(str2);
            } catch (GeneralException e) {
                throw new EntityCryptoException(e);
            }
        } catch (GenericEntityException e2) {
            throw new EntityCryptoException(e2);
        }
    }

    protected void createKey(String str, StorageHandler storageHandler, ModelField.EncryptMethod encryptMethod) throws EntityCryptoException {
        String hashedKeyName = storageHandler.getHashedKeyName(str);
        Key generateNewKey = storageHandler.generateNewKey();
        final GenericValue makeValue = this.delegator.makeValue("EntityKeyStore");
        try {
            makeValue.set("keyText", storageHandler.encodeKey(generateNewKey.getEncoded()));
            makeValue.set("keyName", hashedKeyName);
            try {
                TransactionUtil.doNewTransaction(new Callable<Void>() { // from class: org.apache.ofbiz.entity.util.EntityCrypto.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Void call() throws Exception {
                        EntityCrypto.this.delegator.create(makeValue);
                        return null;
                    }
                }, "storing encrypted key", 0, true);
            } catch (GenericEntityException e) {
                throw new EntityCryptoException(e);
            }
        } catch (GeneralException e2) {
            throw new EntityCryptoException(e2);
        }
    }
}
