package org.gatein.portal.encoder;

import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.container.xml.ValueParam;
import org.exoplatform.management.annotations.Impact;
import org.exoplatform.management.annotations.ImpactType;
import org.exoplatform.management.annotations.Managed;
import org.exoplatform.management.annotations.ManagedDescription;
import org.exoplatform.management.annotations.ManagedName;
import org.exoplatform.management.jmx.annotations.NameTemplate;
import org.exoplatform.management.jmx.annotations.Property;
import org.exoplatform.management.rest.annotations.RESTEndpoint;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.portal.installer.PBEUtils;
import org.picocontainer.Startable;

@Managed
@RESTEndpoint(path = "encoderService")
@NameTemplate({@Property(key = "name", value = "encoderService"), @Property(key = "service", value = "EncoderService")})
@ManagedDescription("Encoder Service")
/* loaded from: input_file:org/gatein/portal/encoder/EncoderService.class */
public class EncoderService implements Startable {
    private static final String ENCODING_KEY_STORE_PASSWORD_DEFAULT = "somearbitrarycrazystringthatdoesnotmatter";
    private static final Logger log = LoggerFactory.getLogger(EncoderService.class);
    private final char[] keyStorePassword;
    private final byte[] salt;
    private final int iterationCount;
    private SecretKey cipherKey;
    private final String cipherAlgorithm;
    private PBEParameterSpec cipherSpec;

    public EncoderService(InitParams initParams) throws UnsupportedEncodingException {
        ValueParam valueParam = initParams.getValueParam("keyStorePassword");
        this.keyStorePassword = (valueParam != null ? valueParam.getValue() : ENCODING_KEY_STORE_PASSWORD_DEFAULT).toCharArray();
        this.cipherAlgorithm = getParam(initParams, "cipherAlgorithm");
        String param = getParam(initParams, "salt");
        String param2 = getParam(initParams, "iterationCount");
        if (param.length() < 8) {
            throw new IllegalArgumentException("Salt param needs to have length at least 8. Current value is " + param);
        }
        this.salt = param.substring(0, 8).getBytes("UTF-8");
        this.iterationCount = Integer.parseInt(param2);
    }

    public void start() {
        try {
            this.cipherSpec = new PBEParameterSpec(this.salt, this.iterationCount);
            this.cipherKey = SecretKeyFactory.getInstance(this.cipherAlgorithm).generateSecret(new PBEKeySpec(this.keyStorePassword));
        } catch (Exception e) {
            log.error("Error starting EncoderService", e);
        }
    }

    public void stop() {
        if (this.keyStorePassword != null) {
            Arrays.fill(this.keyStorePassword, (char) 0);
        }
        this.cipherKey = null;
    }

    @Impact(ImpactType.READ)
    @Managed
    @ManagedDescription("Encode a secret as a base64 string using the cipher algorithm and the KeyStore password")
    public String encode64(@ManagedName("The secret in plain-text to be encoded") @ManagedDescription("secret") String str) throws Exception {
        return PBEUtils.encode64(str.getBytes("UTF-8"), this.cipherAlgorithm, this.cipherKey, this.cipherSpec);
    }

    @Impact(ImpactType.READ)
    @Managed
    @ManagedDescription("Decode a base64 secret using the cipher algorithm and the KeyStore password")
    public String decode64(@ManagedName("The masked secret to be decoded") @ManagedDescription("secret") String str) throws Exception {
        return PBEUtils.decode64(str, this.cipherAlgorithm, this.cipherKey, this.cipherSpec);
    }

    private String getParam(InitParams initParams, String str) {
        ValueParam valueParam = initParams.getValueParam(str);
        if (valueParam == null) {
            throw new IllegalArgumentException("Parameter '" + str + "' needs to be provided");
        }
        return valueParam.getValue();
    }
}
