package net.e6tech.elements.web.security.vault.client;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.SecretKey;
import javax.ws.rs.NotAuthorizedException;
import net.e6tech.elements.common.cache.CacheFacade;
import net.e6tech.elements.common.logging.Logger;
import net.e6tech.elements.common.resources.Startable;
import net.e6tech.elements.common.util.SystemException;
import net.e6tech.elements.network.restful.Param;
import net.e6tech.elements.network.restful.Response;
import net.e6tech.elements.network.restful.RestfulClient;
import net.e6tech.elements.security.AsymmetricCipher;
import net.e6tech.elements.security.SymmetricCipher;
import net.e6tech.elements.security.vault.ClearText;
import net.e6tech.elements.security.vault.Constants;
import net.e6tech.elements.security.vault.Credential;

/* loaded from: input_file:net/e6tech/elements/web/security/vault/client/KeyClient.class */
public class KeyClient implements Startable {
    private String clientKey;
    private SecretKey secretKey;
    private RestfulClient client;
    private Credential credential;
    private String authorization;
    private boolean started;
    private CacheFacade<String, SecretKey> cachedSecretKeys;
    private CacheFacade<String, ClearText> cachedSecrets;
    private AsymmetricCipher asym = AsymmetricCipher.getInstance("RSA");
    private SymmetricCipher sym = SymmetricCipher.getInstance("AES");
    private String address = "http://localhost:10000/restful/keyserver/v1";
    private boolean remoteEncryption = true;

    public String getAddress() {
        return this.address;
    }

    public void setAddress(String str) {
        this.address = str;
    }

    public Credential getCredential() {
        return this.credential;
    }

    public void setCredential(Credential credential) {
        this.credential = credential;
    }

    public boolean isRemoteEncryption() {
        return this.remoteEncryption;
    }

    public void setRemoteEncryption(boolean z) {
        this.remoteEncryption = z;
    }

    public void start() {
        if (this.started) {
            return;
        }
        this.started = true;
        this.cachedSecretKeys = new CacheFacade<String, SecretKey>("secretKeys") { // from class: net.e6tech.elements.web.security.vault.client.KeyClient.1
        };
        this.cachedSecretKeys.initPool();
        this.cachedSecrets = new CacheFacade<String, ClearText>("secrets") { // from class: net.e6tech.elements.web.security.vault.client.KeyClient.2
        };
        this.cachedSecrets.initPool();
        initCredential();
    }

    private void initCredential() {
        this.client = new RestfulClient();
        this.client.setAddress(this.address);
        try {
            SharedKey sharedKey = (SharedKey) this.client.get("publicKey", new Param[0]).read(SharedKey.class);
            RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(sharedKey.getModulus(), sharedKey.getPublicExponent());
            this.secretKey = this.sym.generateKeySpec();
            PublicKey generatePublic = this.asym.getKeyFactory().generatePublic(rSAPublicKeySpec);
            this.clientKey = this.asym.encrypt(generatePublic, this.secretKey.getEncoded());
            try {
                if (this.credential == null) {
                    this.credential = new Credential();
                }
                this.credential.run("Authenticating key client");
                this.authorization = this.sym.encrypt(this.secretKey, this.sym.toBytes(this.asym.encrypt(generatePublic, Constants.mapper.writeValueAsString(this.credential).getBytes(StandardCharsets.UTF_8))), (String) null);
            } catch (Exception e) {
                throw new SystemException(e);
            }
        } catch (Throwable th) {
            Logger.suppress(th);
            throw new NotAuthorizedException("Unable to authenticate with key server at " + this.address, new Object[0]);
        }
    }

    public boolean isAuthorized() {
        return this.authorization != null;
    }

    public ClearText getSecret(String str) throws GeneralSecurityException {
        checkAuthorize();
        return (ClearText) this.cachedSecrets.get(str, () -> {
            GetSecret getSecret = new GetSecret();
            getSecret.setAlias(str);
            return (ClearText) decryptResult(submit(getSecret), ClearText.class);
        });
    }

    public ClearText passwordUnlock(String str) throws GeneralSecurityException {
        checkAuthorize();
        PasswordUnlock passwordUnlock = new PasswordUnlock();
        passwordUnlock.setAlias(str);
        return (ClearText) decryptResult(submit(passwordUnlock), ClearText.class);
    }

    public String encrypt(String str, byte[] bArr, String str2) throws GeneralSecurityException {
        if (!this.remoteEncryption) {
            return this.sym.encrypt(getSecretKey(str), bArr, str2);
        }
        checkAuthorize();
        Encrypt encrypt = new Encrypt();
        encrypt.setKeyBlock(str);
        encrypt.setData(bArr);
        encrypt.setIv(str2);
        return new String(decryptResult(submit(encrypt)), StandardCharsets.UTF_8);
    }

    public byte[] decrypt(String str, String str2, String str3) throws GeneralSecurityException {
        if (!this.remoteEncryption) {
            return this.sym.decrypt(getSecretKey(str), str2, str3);
        }
        checkAuthorize();
        Decrypt decrypt = new Decrypt();
        decrypt.setKeyBlock(str);
        decrypt.setSecret(str2);
        decrypt.setIv(str3);
        return decryptResult(submit(decrypt));
    }

    private SecretKey getSecretKey(String str) {
        return (SecretKey) this.cachedSecretKeys.get(str, () -> {
            return this.sym.getKeySpec(decrypt(str));
        });
    }

    public byte[] decrypt(String str) throws GeneralSecurityException {
        checkAuthorize();
        Decrypt decrypt = new Decrypt();
        decrypt.setSecret(str);
        return decryptResult(submit(decrypt));
    }

    private String submit(Action action) throws GeneralSecurityException {
        Request request = new Request();
        request.setAction(action.getType());
        request.setAuthorization(this.authorization);
        try {
            request.setEncryptedData(this.sym.encrypt(this.secretKey, Constants.mapper.writeValueAsString(action).getBytes(StandardCharsets.UTF_8), (String) null));
            request.setClientKey(this.clientKey);
            try {
                Response post = this.client.post("request", request, new Param[0]);
                int responseCode = post.getResponseCode();
                if (responseCode < 200 || responseCode > 202) {
                    throw new GeneralSecurityException();
                }
                return post.getResult();
            } finally {
                GeneralSecurityException generalSecurityException = new GeneralSecurityException(th);
            }
        } catch (Exception th) {
            throw new GeneralSecurityException(th);
        }
    }

    private byte[] decryptResult(String str) throws GeneralSecurityException {
        return this.sym.decrypt(this.secretKey, str, (String) null);
    }

    private <T> T decryptResult(String str, Class<T> cls) throws GeneralSecurityException {
        try {
            return (T) Constants.mapper.readValue(new String(this.sym.decrypt(this.secretKey, str, (String) null), StandardCharsets.UTF_8), cls);
        } catch (Exception e) {
            throw new GeneralSecurityException(e);
        }
    }

    private void checkAuthorize() throws GeneralSecurityException {
        if (this.authorization == null) {
            throw new GeneralSecurityException("Not authenticated");
        }
    }
}
