package io.fabric8.service;

import io.fabric8.api.FabricException;
import io.fabric8.api.FabricService;
import io.fabric8.api.PlaceholderResolver;
import io.fabric8.api.jcip.ThreadSafe;
import io.fabric8.api.scr.AbstractComponent;
import io.fabric8.utils.PasswordEncoder;
import io.fabric8.zookeeper.ZkPath;
import io.fabric8.zookeeper.utils.ZooKeeperUtils;
import java.io.IOException;
import java.lang.reflect.Field;
import java.security.InvalidParameterException;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Map;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.recipes.cache.ChildData;
import org.apache.curator.framework.recipes.cache.NodeCacheExtended;
import org.apache.curator.framework.recipes.cache.NodeCacheExtendedListener;
import org.apache.felix.cm.PersistenceManager;
import org.apache.felix.cm.file.EncryptingPersistenceManager;
import org.apache.felix.cm.impl.ConfigurationManager;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.jasypt.encryption.pbe.PBEStringEncryptor;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
import org.osgi.framework.BundleContext;
import org.osgi.framework.FrameworkUtil;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:fabric-core-1.2.0.redhat-630496.jar:io/fabric8/service/EncryptedPropertyResolver.class
 */
@Component(name = "io.fabric8.placholder.resolver.crypt", label = "Fabric8 Encrypted Property Placeholder Resolver", metatype = false)
@Service({PlaceholderResolver.class, EncryptedPropertyResolver.class})
@ThreadSafe
@Properties({@Property(name = "scheme", value = {EncryptedPropertyResolver.RESOLVER_SCHEME})})
/* loaded from: input_file:io/fabric8/service/EncryptedPropertyResolver.class */
public final class EncryptedPropertyResolver extends AbstractComponent implements PlaceholderResolver, NodeCacheExtendedListener {
    public static Logger LOG = LoggerFactory.getLogger((Class<?>) EncryptedPropertyResolver.class);
    public static final String RESOLVER_SCHEME = "crypt";
    private BundleContext bundleContext;
    private PBEStringEncryptor encryptor;
    private ServiceRegistration<PBEStringEncryptor> seRegistration;
    private PersistenceManager encryptingPersistenceManager;
    private PersistenceManager originalPersistenceManager;
    private FabricService fabricService;
    NodeCacheExtended passwordNodeCache;
    NodeCacheExtended alogrithmNodeCache;

    @Reference
    private ConfigurationAdmin configAdmin;

    @Activate
    void activate(BundleContext bundleContext) {
        this.bundleContext = bundleContext;
        activateComponent();
    }

    @Deactivate
    void deactivate() {
        deactivateComponent();
        if (this.originalPersistenceManager != null) {
            inject(this.configAdmin, this.originalPersistenceManager);
        }
        if (this.seRegistration != null) {
            this.seRegistration.unregister();
        }
        this.encryptor = null;
        try {
            this.alogrithmNodeCache.close();
            this.passwordNodeCache.close();
        } catch (IOException e) {
            LOG.warn("Exception while closing node caches.");
            if (LOG.isTraceEnabled()) {
                LOG.trace("", (Throwable) e);
            }
        }
    }

    public void initialize(FabricService fabricService) {
        this.fabricService = fabricService;
        this.encryptor = getEncryptor(fabricService);
        if (this.bundleContext != null) {
            this.seRegistration = this.bundleContext.registerService((Class<Class>) PBEStringEncryptor.class, (Class) this.encryptor, (Dictionary<String, ?>) null);
            BundleContext bundleContext = FrameworkUtil.getBundle(PersistenceManager.class).getBundleContext();
            this.encryptingPersistenceManager = new EncryptingPersistenceManager(bundleContext, bundleContext.getProperty(ConfigurationManager.CM_CONFIG_DIR), this.encryptor);
            this.originalPersistenceManager = inject(this.configAdmin, this.encryptingPersistenceManager);
            this.passwordNodeCache = new NodeCacheExtended((CuratorFramework) fabricService.adapt(CuratorFramework.class), ZkPath.AUTHENTICATION_CRYPT_PASSWORD.getPath(new String[0]));
            this.passwordNodeCache.getListenable().addListener(this);
            this.alogrithmNodeCache = new NodeCacheExtended((CuratorFramework) fabricService.adapt(CuratorFramework.class), ZkPath.AUTHENTICATION_CRYPT_ALGORITHM.getPath(new String[0]));
            this.alogrithmNodeCache.getListenable().addListener(this);
            try {
                this.passwordNodeCache.start();
                this.alogrithmNodeCache.start();
            } catch (Exception e) {
                throw new FabricException(e);
            }
        }
    }

    private PersistenceManager inject(ConfigurationAdmin configurationAdmin, PersistenceManager persistenceManager) {
        try {
            Field declaredField = configurationAdmin.getClass().getDeclaredField("configurationManager");
            declaredField.setAccessible(true);
            Object obj = declaredField.get(configurationAdmin);
            Field declaredField2 = obj.getClass().getDeclaredField("persistenceManagers");
            declaredField2.setAccessible(true);
            Object[] objArr = (Object[]) declaredField2.get(obj);
            if (objArr == null || objArr.length != 1) {
                return null;
            }
            Field declaredField3 = objArr[0].getClass().getDeclaredField("pm");
            declaredField3.setAccessible(true);
            PersistenceManager persistenceManager2 = (PersistenceManager) declaredField3.get(objArr[0]);
            declaredField3.set(objArr[0], persistenceManager);
            Field declaredField4 = objArr[0].getClass().getDeclaredField("cache");
            declaredField4.setAccessible(true);
            for (Dictionary dictionary : ((Hashtable) declaredField4.get(objArr[0])).values()) {
                String str = (String) dictionary.get("fabric.zookeeper.encrypted.values");
                if (str != null) {
                    for (String str2 : str.split("\\s*,\\s")) {
                        String str3 = (String) dictionary.get(str2);
                        if (str3 != null && str3.startsWith("crypt:")) {
                            dictionary.put(str2 + ".encrypted", str3);
                            try {
                                dictionary.put(str2, this.encryptor.decrypt(str3.substring("crypt:".length())));
                            } catch (EncryptionOperationNotPossibleException e) {
                                LOG.error(e.getMessage(), (Throwable) e);
                            }
                        }
                    }
                }
            }
            return persistenceManager2;
        } catch (Exception e2) {
            LOG.warn(e2.getMessage());
            return null;
        }
    }

    @Override // io.fabric8.api.PlaceholderResolver
    public String getScheme() {
        return RESOLVER_SCHEME;
    }

    @Override // io.fabric8.api.PlaceholderResolver
    public String resolve(FabricService fabricService, Map<String, Map<String, String>> map, String str, String str2, String str3) {
        if (str2 != null && str2.contains(",")) {
            LOG.error("Encrypted property key {} may not contain commas ',' ", str2);
            throw new InvalidParameterException("Encrypted property keys may not contain commas ',' ");
        }
        if (this.encryptor == null) {
            this.encryptor = getEncryptor(fabricService);
        }
        String decrypt = this.encryptor.decrypt(str3.substring(RESOLVER_SCHEME.length() + 1));
        if (map != null) {
            Map<String, String> map2 = map.get(str);
            if (!map2.containsKey("fabric.zookeeper.encrypted.values")) {
                map2.put("fabric.zookeeper.encrypted.values", "");
            }
            String str4 = map2.get("fabric.zookeeper.encrypted.values");
            if (!str4.isEmpty()) {
                str4 = str4 + ", ";
            }
            map2.put("fabric.zookeeper.encrypted.values", str4 + str2);
            map2.put(str2 + ".encrypted", str3);
        }
        return decrypt;
    }

    private PBEStringEncryptor getEncryptor(FabricService fabricService) {
        StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
        standardPBEStringEncryptor.setAlgorithm(getAlgorithm(fabricService));
        standardPBEStringEncryptor.setPassword(getPassword(fabricService));
        return standardPBEStringEncryptor;
    }

    private String getAlgorithm(FabricService fabricService) {
        try {
            return ZooKeeperUtils.getStringData((CuratorFramework) fabricService.adapt(CuratorFramework.class), ZkPath.AUTHENTICATION_CRYPT_ALGORITHM.getPath(new String[0]));
        } catch (Exception e) {
            throw FabricException.launderThrowable(e);
        }
    }

    private String getPassword(FabricService fabricService) {
        try {
            return PasswordEncoder.decode(ZooKeeperUtils.getStringData((CuratorFramework) fabricService.adapt(CuratorFramework.class), ZkPath.AUTHENTICATION_CRYPT_PASSWORD.getPath(new String[0])));
        } catch (Exception e) {
            throw FabricException.launderThrowable(e);
        }
    }

    @Override // org.apache.curator.framework.recipes.cache.NodeCacheExtendedListener
    public void nodeChanged(ChildData childData, ChildData childData2) throws Exception {
        this.encryptor = getEncryptor(this.fabricService);
    }

    protected void bindConfigAdmin(ConfigurationAdmin configurationAdmin) {
        this.configAdmin = configurationAdmin;
    }

    protected void unbindConfigAdmin(ConfigurationAdmin configurationAdmin) {
        if (this.configAdmin == configurationAdmin) {
            this.configAdmin = null;
        }
    }
}
