package de.adorsys.sts.secretserver.encryption;

import de.adorsys.sts.secret.Secret;
import de.adorsys.sts.secret.SecretEncryptionException;
import de.adorsys.sts.secret.SecretReadException;
import de.adorsys.sts.secret.SecretRepository;
import de.adorsys.sts.simpleencryption.ObjectEncryption;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:de/adorsys/sts/secretserver/encryption/EncryptedSecretRepository.class */
public class EncryptedSecretRepository implements SecretRepository {
    private final SecretRepository decoratedSecretRepository;
    private final ObjectEncryption objectEncryption;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/adorsys/sts/secretserver/encryption/EncryptedSecretRepository$SecretValue.class */
    public static class SecretValue {
        private String subject;
        private String value;

        private SecretValue() {
        }

        private SecretValue(String str, String str2) {
            this.subject = str;
            this.value = str2;
        }

        public String getSubject() {
            return this.subject;
        }

        public String getValue() {
            return this.value;
        }

        public void setSubject(String str) {
            this.subject = str;
        }

        public void setValue(String str) {
            this.value = str;
        }
    }

    public EncryptedSecretRepository(SecretRepository secretRepository, ObjectEncryption objectEncryption) {
        this.decoratedSecretRepository = secretRepository;
        this.objectEncryption = objectEncryption;
    }

    public Secret get(String str) throws SecretEncryptionException {
        SecretValue secretValue = (SecretValue) this.objectEncryption.decrypt(this.decoratedSecretRepository.get(str).getValue(), SecretValue.class);
        if (Objects.equals(secretValue.getSubject(), str)) {
            return new Secret(secretValue.getValue());
        }
        throw new SecretEncryptionException("Encrypted subject '" + secretValue.getSubject() + "' does not equals the requested: '" + str + "'");
    }

    public Optional<Secret> tryToGet(String str) {
        Optional<Secret> empty = Optional.empty();
        Optional tryToGet = this.decoratedSecretRepository.tryToGet(str);
        if (tryToGet.isPresent()) {
            empty = tryToDecrypt(str, (Secret) tryToGet.get());
        }
        return empty;
    }

    private Optional<Secret> tryToDecrypt(String str, Secret secret) {
        Optional<Secret> empty = Optional.empty();
        Optional tryToDecrypt = this.objectEncryption.tryToDecrypt(secret.getValue(), SecretValue.class);
        if (tryToDecrypt.isPresent()) {
            SecretValue secretValue = (SecretValue) tryToDecrypt.get();
            if (!Objects.equals(secretValue.getSubject(), str)) {
                throw new SecretReadException("Data manipulation detected: got secret for subject '" + secretValue.getSubject() + "' instead of '" + str + "'");
            }
            empty = Optional.of(new Secret(secretValue.getValue()));
        }
        return empty;
    }

    public void save(String str, Secret secret) {
        this.decoratedSecretRepository.save(str, new Secret(this.objectEncryption.encrypt(new SecretValue(str, secret.getValue()))));
    }
}
