package org.rundeck.plugin.encryption;

import com.dtolabs.rundeck.core.plugins.Plugin;
import com.dtolabs.rundeck.core.storage.ResourceMetaBuilder;
import com.dtolabs.rundeck.plugins.descriptions.Password;
import com.dtolabs.rundeck.plugins.descriptions.PluginDescription;
import com.dtolabs.rundeck.plugins.descriptions.PluginProperty;
import com.dtolabs.rundeck.plugins.descriptions.SelectValues;
import com.dtolabs.rundeck.plugins.storage.StorageConverterPlugin;
import com.dtolabs.utils.Streams;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.log4j.Logger;
import org.eclipse.jgit.lib.ConfigConstants;
import org.jasypt.encryption.pbe.PBEByteEncryptor;
import org.jasypt.encryption.pbe.StandardPBEByteEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentPBEConfig;
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
import org.rundeck.storage.api.HasInputStream;
import org.rundeck.storage.api.Path;
import org.rundeck.storage.data.DataUtil;

@PluginDescription(title = "Jasypt Encryption", description = "Encrypts data in the Rundeck Storage layer\n\nThis plugin uses Jasypt to perform encryption. The built in java JCE is used unless another provider is specified, Bouncycastle can be used by specifying the 'BC' provider name.\n\nPassword, algorithm, provider, etc can be specified directly, or via environment variables (the `*EnvVarName` properties), or Java System properties (the `*SysPropName` properties).")
@Plugin(name = JasyptEncryptionConverterPlugin.PROVIDER_NAME, service = "StorageConverter")
/* loaded from: input_file:WEB-INF/rundeck/plugins/rundeck-jasypt-encryption-plugin-2.6.5.jar:org/rundeck/plugin/encryption/JasyptEncryptionConverterPlugin.class */
public class JasyptEncryptionConverterPlugin implements StorageConverterPlugin {
    public static final String PROVIDER_NAME = "jasypt-encryption";
    public static final Logger logger = Logger.getLogger(JasyptEncryptionConverterPlugin.class);

    @SelectValues(values = {"strong", AuthState.PREEMPTIVE_AUTH_SCHEME, TimeoutBehaviorConfiguration.CUSTOM_TYPE_NAME})
    @PluginProperty(title = "Encryptor Type", description = "Jasypt Encryptor to use.\n\nEither 'basic', 'strong', or 'custom'. \n\n* 'basic' uses algorithm PBEWithMD5AndDES\n* 'strong' requires use of the JCE Unlimited Strength policy files. (Algorithm: PBEWithMD5AndTripleDES)\n* 'custom' is required to specify algorithm, provider, etc.\n\nDefault: 'basic'.", defaultValue = AuthState.PREEMPTIVE_AUTH_SCHEME, required = true)
    String encryptorType;

    @PluginProperty(title = "Password", description = "Encryption password", required = false)
    @Password
    String password;

    @PluginProperty(title = "Password Environment Variable", description = "Name of Environment variable storing Encryption password", required = false)
    String passwordEnvVarName;

    @PluginProperty(title = "Password System Property", description = "Name of JVM System Property storing Encryption password", required = false)
    String passwordSysPropName;

    @PluginProperty(title = "Algorithm", description = "(optional)")
    String algorithm;

    @PluginProperty(title = "Algorithm Environment Variable", description = "(optional)")
    String algorithmEnvVarName;

    @PluginProperty(title = "Algorithm System Property", description = "(optional)")
    String algorithmSysPropName;

    @PluginProperty(title = "Provider Name", description = "Example: 'BC' (specifies bouncycastle)")
    String provider;

    @PluginProperty(title = "Provider Name Environment Variable", description = "(optional)")
    String providerEnvVarName;

    @PluginProperty(title = "Provider Name System Property", description = "(optional)")
    String providerSysPropName;

    @PluginProperty(title = "Provider Class Name", description = "Overrides Provider Name.")
    String providerClassName;

    @PluginProperty(title = "Provider Class Name Environment Variable", description = "Overrides Provider Name.")
    String providerClassNameEnvVarName;

    @PluginProperty(title = "Provider Class Name System Property", description = "Overrides Provider Name.")
    String providerClassNameSysPropName;

    @PluginProperty(title = "Key Obtention Iterations", description = "(optional) Number of hash operations on password when generating key, default: 1000.")
    String keyObtentionIterations;

    @PluginProperty(title = "Key Obtention Iterations Environment Variable", description = "(optional)")
    String keyObtentionIterationsEnvVarName;

    @PluginProperty(title = "Key Obtention Iterations System Property", description = "(optional)")
    String keyObtentionIterationsSysPropName;
    private volatile StandardPBEByteEncryptor standardPBEByteEncryptor = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/rundeck/plugins/rundeck-jasypt-encryption-plugin-2.6.5.jar:org/rundeck/plugin/encryption/JasyptEncryptionConverterPlugin$DecryptStream.class */
    public static class DecryptStream implements HasInputStream {
        private final HasInputStream hasInputStream;
        private PBEByteEncryptor encryptor;

        private DecryptStream(HasInputStream hasInputStream, PBEByteEncryptor pBEByteEncryptor) {
            this.hasInputStream = hasInputStream;
            this.encryptor = pBEByteEncryptor;
        }

        @Override // org.rundeck.storage.api.HasInputStream
        public InputStream getInputStream() throws IOException {
            try {
                return new ByteArrayInputStream(this.encryptor.decrypt(JasyptEncryptionConverterPlugin.getBytes(this.hasInputStream.getInputStream())));
            } catch (EncryptionOperationNotPossibleException e) {
                throw new IOException("Decryption failed.", e);
            }
        }

        @Override // org.rundeck.storage.api.HasInputStream
        public long writeContent(OutputStream outputStream) throws IOException {
            return DataUtil.copyStream(getInputStream(), outputStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/rundeck/plugins/rundeck-jasypt-encryption-plugin-2.6.5.jar:org/rundeck/plugin/encryption/JasyptEncryptionConverterPlugin$EncryptStream.class */
    public static class EncryptStream implements HasInputStream {
        private final HasInputStream hasInputStream;
        private PBEByteEncryptor encryptor;

        private EncryptStream(HasInputStream hasInputStream, PBEByteEncryptor pBEByteEncryptor) {
            this.hasInputStream = hasInputStream;
            this.encryptor = pBEByteEncryptor;
        }

        @Override // org.rundeck.storage.api.HasInputStream
        public InputStream getInputStream() throws IOException {
            return new ByteArrayInputStream(this.encryptor.encrypt(JasyptEncryptionConverterPlugin.getBytes(this.hasInputStream.getInputStream())));
        }

        @Override // org.rundeck.storage.api.HasInputStream
        public long writeContent(OutputStream outputStream) throws IOException {
            return DataUtil.copyStream(getInputStream(), outputStream);
        }
    }

    private StandardPBEByteEncryptor getEncryptor() {
        if (null == this.standardPBEByteEncryptor) {
            synchronized (this) {
                if (null == this.standardPBEByteEncryptor) {
                    logger.debug("JasyptEncryptionConverterPlugin begin setup...");
                    EnvironmentPBEConfig environmentPBEConfig = new EnvironmentPBEConfig();
                    addPasswordValue(environmentPBEConfig, this.password, this.passwordEnvVarName, this.passwordSysPropName, true, "password");
                    this.password = null;
                    this.passwordEnvVarName = null;
                    this.passwordSysPropName = null;
                    StandardPBEByteEncryptor standardPBEByteEncryptor = new StandardPBEByteEncryptor();
                    if ("strong".equals(this.encryptorType)) {
                        logger.debug("JasyptEncryptionConverterPlugin use STRONG type");
                        environmentPBEConfig.setAlgorithm("PBEWithMD5AndTripleDES");
                    } else if (AuthState.PREEMPTIVE_AUTH_SCHEME.equals(this.encryptorType)) {
                        logger.debug("JasyptEncryptionConverterPlugin use BASIC type");
                        environmentPBEConfig.setAlgorithm(StandardPBEByteEncryptor.DEFAULT_ALGORITHM);
                    } else {
                        if (!TimeoutBehaviorConfiguration.CUSTOM_TYPE_NAME.equals(this.encryptorType)) {
                            throw new IllegalStateException("encryptorType is required");
                        }
                        logger.debug("JasyptEncryptionConverterPlugin use CUSTOM type");
                        addAlgorithmValue(environmentPBEConfig, this.algorithm, this.algorithmEnvVarName, this.algorithmSysPropName, false, ConfigConstants.CONFIG_KEY_ALGORITHM);
                    }
                    if (!addProviderClassNameValue(environmentPBEConfig, this.providerClassName, this.providerClassNameEnvVarName, this.providerClassNameSysPropName, false, "providerClassName")) {
                        addProviderNameValue(environmentPBEConfig, this.provider, this.providerEnvVarName, this.providerSysPropName, false, "provider");
                    }
                    addKeyObtentionIterationsValue(environmentPBEConfig, this.keyObtentionIterations, this.keyObtentionIterationsEnvVarName, this.keyObtentionIterationsSysPropName, false, "keyObtentionIterations");
                    standardPBEByteEncryptor.setConfig(environmentPBEConfig);
                    logger.debug("JasyptEncryptionConverterPlugin configured");
                    this.standardPBEByteEncryptor = standardPBEByteEncryptor;
                }
            }
        }
        return this.standardPBEByteEncryptor;
    }

    private boolean addPasswordValue(EnvironmentPBEConfig environmentPBEConfig, String str, String str2, String str3, boolean z, String str4) {
        if (notBlank(str)) {
            logger.debug("JasyptEncryptionConverterPlugin use value for " + str4);
            environmentPBEConfig.setPassword(str);
            return true;
        }
        if (notBlank(str2)) {
            logger.debug("JasyptEncryptionConverterPlugin use env var for " + str4);
            environmentPBEConfig.setPasswordEnvName(str2);
            return true;
        }
        if (!notBlank(str3)) {
            if (z) {
                throw new IllegalStateException(str4 + ", " + str4 + "EnvVarName, or " + str4 + "SysPropName is required");
            }
            return false;
        }
        environmentPBEConfig.setPasswordSysPropertyName(str3);
        logger.debug("JasyptEncryptionConverterPlugin use sys prop for " + str4);
        System.clearProperty(str3);
        return true;
    }

    private boolean addAlgorithmValue(EnvironmentPBEConfig environmentPBEConfig, String str, String str2, String str3, boolean z, String str4) {
        if (notBlank(str)) {
            logger.debug("JasyptEncryptionConverterPlugin use value for " + str4);
            environmentPBEConfig.setAlgorithm(str);
            return true;
        }
        if (notBlank(str2)) {
            logger.debug("JasyptEncryptionConverterPlugin use env var for " + str4);
            environmentPBEConfig.setAlgorithmEnvName(str2);
            return true;
        }
        if (!notBlank(str3)) {
            if (z) {
                throw new IllegalStateException(str4 + ", " + str4 + "EnvVarName, or " + str4 + "SysPropName is required");
            }
            return false;
        }
        environmentPBEConfig.setAlgorithmSysPropertyName(str3);
        logger.debug("JasyptEncryptionConverterPlugin use sys prop for " + str4);
        System.clearProperty(str3);
        return true;
    }

    private boolean addProviderNameValue(EnvironmentPBEConfig environmentPBEConfig, String str, String str2, String str3, boolean z, String str4) {
        if (notBlank(str)) {
            logger.debug("JasyptEncryptionConverterPlugin use value for " + str4);
            environmentPBEConfig.setProviderName(str);
            return true;
        }
        if (notBlank(str2)) {
            logger.debug("JasyptEncryptionConverterPlugin use env var for " + str4);
            environmentPBEConfig.setProviderNameEnvName(str2);
            return true;
        }
        if (!notBlank(str3)) {
            if (z) {
                throw new IllegalStateException(str4 + ", " + str4 + "EnvVarName, or " + str4 + "SysPropName is required");
            }
            return false;
        }
        environmentPBEConfig.setProviderNameSysPropertyName(str3);
        logger.debug("JasyptEncryptionConverterPlugin use sys prop for " + str4);
        System.clearProperty(str3);
        return true;
    }

    private boolean addProviderClassNameValue(EnvironmentPBEConfig environmentPBEConfig, String str, String str2, String str3, boolean z, String str4) {
        if (notBlank(str)) {
            logger.debug("JasyptEncryptionConverterPlugin use value for " + str4);
            environmentPBEConfig.setProviderClassName(str);
            return true;
        }
        if (notBlank(str2)) {
            logger.debug("JasyptEncryptionConverterPlugin use env var for " + str4);
            environmentPBEConfig.setProviderClassNameEnvName(str2);
            return true;
        }
        if (!notBlank(str3)) {
            if (z) {
                throw new IllegalStateException(str4 + ", " + str4 + "EnvVarName, or " + str4 + "SysPropName is required");
            }
            return false;
        }
        environmentPBEConfig.setProviderClassNameSysPropertyName(str3);
        logger.debug("JasyptEncryptionConverterPlugin use sys prop for " + str4);
        System.clearProperty(str3);
        return true;
    }

    private boolean addKeyObtentionIterationsValue(EnvironmentPBEConfig environmentPBEConfig, String str, String str2, String str3, boolean z, String str4) {
        if (notBlank(str)) {
            logger.debug("JasyptEncryptionConverterPlugin use value for " + str4);
            environmentPBEConfig.setKeyObtentionIterations(str);
            return true;
        }
        if (notBlank(str2)) {
            logger.debug("JasyptEncryptionConverterPlugin use env var for " + str4);
            environmentPBEConfig.setKeyObtentionIterationsEnvName(str2);
            return true;
        }
        if (!notBlank(str3)) {
            if (z) {
                throw new IllegalStateException(str4 + ", " + str4 + "EnvVarName, or " + str4 + "SysPropName is required");
            }
            return false;
        }
        environmentPBEConfig.setKeyObtentionIterationsSysPropertyName(str3);
        logger.debug("JasyptEncryptionConverterPlugin use sys prop for " + str4);
        System.clearProperty(str3);
        return true;
    }

    private boolean notBlank(String str) {
        return (null == str || "".equals(str)) ? false : true;
    }

    @Override // com.dtolabs.rundeck.plugins.storage.StorageConverterPlugin
    public HasInputStream readResource(Path path, ResourceMetaBuilder resourceMetaBuilder, HasInputStream hasInputStream) {
        if ("true".equals(resourceMetaBuilder.getResourceMeta().get("jasypt-encryption:encrypted"))) {
            logger.debug("readResource (encrypted) " + path);
            return decrypt(hasInputStream);
        }
        logger.debug("readResource (unencrypted) " + path);
        return null;
    }

    @Override // com.dtolabs.rundeck.plugins.storage.StorageConverterPlugin
    public HasInputStream createResource(Path path, ResourceMetaBuilder resourceMetaBuilder, HasInputStream hasInputStream) {
        resourceMetaBuilder.getResourceMeta().put("jasypt-encryption:encrypted", "true");
        logger.debug("createResource " + path);
        return encrypt(hasInputStream);
    }

    @Override // com.dtolabs.rundeck.plugins.storage.StorageConverterPlugin
    public HasInputStream updateResource(Path path, ResourceMetaBuilder resourceMetaBuilder, HasInputStream hasInputStream) {
        resourceMetaBuilder.getResourceMeta().put("jasypt-encryption:encrypted", "true");
        logger.debug("updateResource " + path);
        return encrypt(hasInputStream);
    }

    private HasInputStream encrypt(HasInputStream hasInputStream) {
        return new EncryptStream(hasInputStream, getEncryptor());
    }

    private HasInputStream decrypt(HasInputStream hasInputStream) {
        return new DecryptStream(hasInputStream, getEncryptor());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] getBytes(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Streams.copyStream(inputStream, byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }
}
