package com.wallee.sdk.mdes.encryption;

import com.jayway.jsonpath.Configuration;
import com.jayway.jsonpath.DocumentContext;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Option;
import com.jayway.jsonpath.Predicate;
import com.jayway.jsonpath.spi.json.JsonProvider;
import com.mastercard.developer.encryption.EncryptionException;
import com.mastercard.developer.json.JsonEngine;
import com.mastercard.developer.utils.EncodingUtils;
import com.mastercard.developer.utils.StringUtils;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Cipher;

/* loaded from: input_file:com/wallee/sdk/mdes/encryption/FieldLevelEncryption.class */
public class FieldLevelEncryption {
    private static final String SUN_JCE = "SunJCE";
    private static final String SYMMETRIC_CYPHER = "AES/CBC/PKCS5Padding";
    private static JsonEngine jsonEngine;
    private static Configuration jsonPathConfig = withJsonEngine(JsonEngine.getDefault());

    private FieldLevelEncryption() {
    }

    public static synchronized Configuration withJsonEngine(JsonEngine jsonEngine2) {
        jsonEngine = jsonEngine2;
        jsonPathConfig = new Configuration.ConfigurationBuilder().jsonProvider(jsonEngine2.getJsonProvider()).options(new Option[]{Option.SUPPRESS_EXCEPTIONS}).build();
        return jsonPathConfig;
    }

    public static String encryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig) throws EncryptionException {
        return encryptPayload(str, fieldLevelEncryptionConfig, null);
    }

    public static String encryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws EncryptionException {
        try {
            DocumentContext parse = JsonPath.parse(str, jsonPathConfig);
            for (Map.Entry<String, String> entry : fieldLevelEncryptionConfig.getEncryptionPaths().entrySet()) {
                encryptPayloadPath(parse, entry.getKey(), entry.getValue(), fieldLevelEncryptionConfig, fieldLevelEncryptionParams);
            }
            return parse.jsonString();
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Payload encryption failed!", e);
        }
    }

    public static String decryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig) throws EncryptionException {
        return decryptPayload(str, fieldLevelEncryptionConfig, null);
    }

    public static String decryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws EncryptionException {
        try {
            DocumentContext parse = JsonPath.parse(str, jsonPathConfig);
            for (Map.Entry<String, String> entry : fieldLevelEncryptionConfig.getDecryptionPaths().entrySet()) {
                decryptPayloadPath(parse, entry.getKey(), entry.getValue(), fieldLevelEncryptionConfig, fieldLevelEncryptionParams);
            }
            return parse.jsonString();
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Payload decryption failed!", e);
        }
    }

    private static void encryptPayloadPath(DocumentContext documentContext, String str, String str2, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws GeneralSecurityException, EncryptionException {
        Object readJsonElement = readJsonElement(documentContext, str);
        if (readJsonElement == null) {
            return;
        }
        if (fieldLevelEncryptionParams == null) {
            fieldLevelEncryptionParams = FieldLevelEncryptionParams.generate(fieldLevelEncryptionConfig);
        }
        byte[] bArr = null;
        try {
            bArr = sanitizeJson(jsonEngine.toJsonString(readJsonElement)).getBytes(StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
        }
        String encodeBytes = EncodingUtils.encodeBytes(encryptBytes(fieldLevelEncryptionParams.getSecretKey(), fieldLevelEncryptionParams.getIvSpec(), bArr), fieldLevelEncryptionConfig.getFieldValueEncoding());
        if ("$".equals(str)) {
            Iterator it = new ArrayList(jsonEngine.getPropertyKeys(readJsonElement)).iterator();
            while (it.hasNext()) {
                documentContext.delete(str + "." + ((String) it.next()), new Predicate[0]);
            }
        } else {
            documentContext.delete(str, new Predicate[0]);
        }
        checkOrCreateOutObject(documentContext, str2);
        documentContext.put(str2, fieldLevelEncryptionConfig.getEncryptedValueFieldName(), encodeBytes, new Predicate[0]);
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.getIvFieldName())) {
            documentContext.put(str2, fieldLevelEncryptionConfig.getIvFieldName(), fieldLevelEncryptionParams.getIvValue(), new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.getEncryptedKeyFieldName())) {
            documentContext.put(str2, fieldLevelEncryptionConfig.getEncryptedKeyFieldName(), fieldLevelEncryptionParams.getEncryptedKeyValue(), new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.getEncryptionCertificateFingerprintFieldName())) {
            documentContext.put(str2, fieldLevelEncryptionConfig.getEncryptionCertificateFingerprintFieldName(), fieldLevelEncryptionConfig.getEncryptionCertificateFingerprint(), new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.getEncryptionKeyFingerprintFieldName())) {
            documentContext.put(str2, fieldLevelEncryptionConfig.getEncryptionKeyFingerprintFieldName(), fieldLevelEncryptionConfig.getEncryptionKeyFingerprint(), new Predicate[0]);
        }
        if (StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithmFieldName())) {
            return;
        }
        documentContext.put(str2, fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithmFieldName(), fieldLevelEncryptionParams.getOaepPaddingDigestAlgorithmValue(), new Predicate[0]);
    }

    private static void decryptPayloadPath(DocumentContext documentContext, String str, String str2, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws GeneralSecurityException, EncryptionException {
        JsonProvider jsonProvider = jsonPathConfig.jsonProvider();
        Object readJsonObject = readJsonObject(documentContext, str);
        if (readJsonObject == null) {
            return;
        }
        Object readAndDeleteJsonKey = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getEncryptedValueFieldName());
        if (jsonEngine.isNullOrEmptyJson(readAndDeleteJsonKey)) {
            return;
        }
        if (!fieldLevelEncryptionConfig.useHttpPayloads() && fieldLevelEncryptionParams == null) {
            throw new IllegalStateException("Encryption params have to be set when not stored in HTTP payloads!");
        }
        if (fieldLevelEncryptionParams == null) {
            Object readAndDeleteJsonKey2 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithmFieldName());
            String oaepPaddingDigestAlgorithm = jsonEngine.isNullOrEmptyJson(readAndDeleteJsonKey2) ? fieldLevelEncryptionConfig.getOaepPaddingDigestAlgorithm() : jsonEngine.toJsonString(readAndDeleteJsonKey2);
            Object readAndDeleteJsonKey3 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getEncryptedKeyFieldName());
            Object readAndDeleteJsonKey4 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getIvFieldName());
            String str3 = (String) readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getEncryptionCertificateFingerprintFieldName());
            readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.getEncryptionKeyFingerprintFieldName());
            fieldLevelEncryptionParams = new FieldLevelEncryptionParams(jsonEngine.toJsonString(readAndDeleteJsonKey4), jsonEngine.toJsonString(readAndDeleteJsonKey3), oaepPaddingDigestAlgorithm, fieldLevelEncryptionConfig, str3);
        }
        String sanitizeJson = sanitizeJson(new String(decryptBytes(fieldLevelEncryptionParams.getSecretKey(), fieldLevelEncryptionParams.getIvSpec(), EncodingUtils.decodeValue(jsonEngine.toJsonString(readAndDeleteJsonKey), fieldLevelEncryptionConfig.getFieldValueEncoding())), StandardCharsets.UTF_8));
        checkOrCreateOutObject(documentContext, str2);
        addDecryptedDataToPayload(documentContext, sanitizeJson, str2);
        if (0 != jsonProvider.length(readJsonElement(documentContext, str)) || "$".equals(str)) {
            return;
        }
        documentContext.delete(str, new Predicate[0]);
    }

    private static void addDecryptedDataToPayload(DocumentContext documentContext, String str, String str2) {
        JsonProvider jsonProvider = jsonPathConfig.jsonProvider();
        Object parse = jsonEngine.parse(str);
        if (!jsonEngine.isJsonObject(parse)) {
            documentContext.set(str2, parse, new Predicate[0]);
            return;
        }
        for (String str3 : 0 == jsonProvider.length(parse) ? Collections.emptyList() : jsonProvider.getPropertyKeys(parse)) {
            documentContext.delete(str2 + "." + str3, new Predicate[0]);
            documentContext.put(str2, str3, jsonProvider.getMapValue(parse, str3), new Predicate[0]);
        }
    }

    private static void checkOrCreateOutObject(DocumentContext documentContext, String str) {
        if (null != readJsonObject(documentContext, str)) {
            return;
        }
        String parentJsonPath = JsonEngine.getParentJsonPath(str);
        if (readJsonObject(documentContext, parentJsonPath) == null) {
            throw new IllegalArgumentException(String.format("Parent path not found in payload: '%s'!", parentJsonPath));
        }
        documentContext.put(parentJsonPath, JsonEngine.getJsonElementKey(str), jsonPathConfig.jsonProvider().createMap(), new Predicate[0]);
    }

    private static Object readJsonElement(DocumentContext documentContext, String str) {
        return JsonPath.compile(str, new Predicate[0]).read(documentContext.json(), jsonPathConfig);
    }

    private static Object readJsonObject(DocumentContext documentContext, String str) {
        Object readJsonElement = readJsonElement(documentContext, str);
        if (readJsonElement == null) {
            return null;
        }
        if (jsonEngine.isJsonObject(readJsonElement)) {
            return readJsonElement;
        }
        throw new IllegalArgumentException(String.format("JSON object expected at path: '%s'!", str));
    }

    private static Object readAndDeleteJsonKey(DocumentContext documentContext, String str, Object obj, String str2) {
        if (null == str2) {
            return null;
        }
        Object mapValue = jsonPathConfig.jsonProvider().getMapValue(obj, str2);
        documentContext.delete(str + "." + str2, new Predicate[0]);
        return mapValue;
    }

    private static String sanitizeJson(String str) {
        return str.replaceAll("\n", "").replaceAll("\r", "").replaceAll("\t", "");
    }

    protected static byte[] encryptBytes(Key key, AlgorithmParameterSpec algorithmParameterSpec, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(SYMMETRIC_CYPHER, SUN_JCE);
        cipher.init(1, key, algorithmParameterSpec);
        return cipher.doFinal(bArr);
    }

    protected static byte[] decryptBytes(Key key, AlgorithmParameterSpec algorithmParameterSpec, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(SYMMETRIC_CYPHER, SUN_JCE);
        cipher.init(2, key, algorithmParameterSpec);
        return cipher.doFinal(bArr);
    }
}
