package de.acosix.alfresco.simplecontentstores.repo.store.facade;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.content.ContentContext;
import org.alfresco.repo.domain.contentdata.ContentDataDAO;
import org.alfresco.repo.domain.contentdata.ContentUrlEntity;
import org.alfresco.repo.domain.contentdata.ContentUrlKeyEntity;
import org.alfresco.repo.domain.contentdata.EncryptedKey;
import org.alfresco.service.cmr.repository.ContentData;
import org.alfresco.service.cmr.repository.ContentIOException;
import org.alfresco.service.cmr.repository.ContentReader;
import org.alfresco.service.cmr.repository.ContentWriter;
import org.alfresco.util.EqualsHelper;
import org.alfresco.util.Pair;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.codec.DecoderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.core.io.Resource;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:de/acosix/alfresco/simplecontentstores/repo/store/facade/EncryptingContentStore.class */
public class EncryptingContentStore extends CommonFacadingContentStore implements ApplicationContextAware {
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptingContentStore.class);
    private static final String DEFAULT_KEY_ALGORITHM = "AES";
    private static final int DEFAULT_KEY_SIZE = 128;
    private static final int DEFAULT_MASTER_KEY_SIZE = 4096;
    protected ApplicationContext applicationContext;
    protected ContentDataDAO contentDataDAO;
    protected String keyStorePath;
    protected String keyStoreProvider;
    protected String keyStorePassword;
    protected String masterKeyAlias;
    protected String masterKeyPassword;
    protected String keyAlgorithmProvider;
    protected String masterKeyStoreId;
    protected transient Key masterPublicKey;
    protected transient Key masterPrivateKey;
    protected String keyStoreType = KeyStore.getDefaultType();
    protected String keyAlgorithm = DEFAULT_KEY_ALGORITHM;
    protected int keySize = DEFAULT_KEY_SIZE;
    protected int masterKeySize = DEFAULT_MASTER_KEY_SIZE;

    @Override // de.acosix.alfresco.simplecontentstores.repo.store.facade.CommonFacadingContentStore
    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        PropertyCheck.mandatory(this, "contentDataDAO", this.contentDataDAO);
        PropertyCheck.mandatory(this, "keyStorePath", this.keyStorePath);
        PropertyCheck.mandatory(this, "keyStoreType", this.keyStoreType);
        PropertyCheck.mandatory(this, "masterKeyAlias", this.masterKeyAlias);
        PropertyCheck.mandatory(this, "masterKeyStoreId", this.masterKeyStoreId);
        PropertyCheck.mandatory(this, "keyAlgorithm", this.keyAlgorithm);
        loadMasterKey();
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public void setContentDataDAO(ContentDataDAO contentDataDAO) {
        this.contentDataDAO = contentDataDAO;
    }

    public void setKeyStorePath(String str) {
        this.keyStorePath = str;
    }

    public void setKeyStoreType(String str) {
        this.keyStoreType = str;
    }

    public void setKeyStoreProvider(String str) {
        this.keyStoreProvider = str;
    }

    public void setKeyStorePassword(String str) {
        this.keyStorePassword = str;
    }

    public void setMasterKeyAlias(String str) {
        this.masterKeyAlias = str;
    }

    public void setMasterKeyPassword(String str) {
        this.masterKeyPassword = str;
    }

    public void setMasterKey(Key key) {
        this.masterPrivateKey = key;
    }

    public void setKeyAlgorithm(String str) {
        this.keyAlgorithm = str;
    }

    public void setKeyAlgorithmProvider(String str) {
        this.keyAlgorithmProvider = str;
    }

    public void setMasterKeyStoreId(String str) {
        this.masterKeyStoreId = str;
    }

    public void setKeySize(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException("keySize must be a positive integer");
        }
        this.keySize = i;
    }

    /* JADX WARN: Failed to calculate best type for var: r17v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r17v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r18v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r18v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 17, insn: 0x016c: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r17 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:68:0x016c */
    /* JADX WARN: Not initialized variable reg: 18, insn: 0x0171: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r18 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:70:0x0171 */
    /* JADX WARN: Type inference failed for: r17v0, types: [de.acosix.alfresco.simplecontentstores.repo.store.facade.ByteBufferByteChannel] */
    /* JADX WARN: Type inference failed for: r18v0, types: [java.lang.Throwable] */
    @Override // de.acosix.alfresco.simplecontentstores.repo.store.facade.CommonFacadingContentStore
    public ContentReader getReader(String str) {
        ContentReader contentReader;
        ContentReader reader = super.getReader(str);
        if (reader == null || !reader.exists()) {
            contentReader = reader;
        } else {
            String contentUrl = reader.getContentUrl();
            ContentUrlEntity contentUrl2 = this.contentDataDAO.getContentUrl(contentUrl);
            if (contentUrl2 == null) {
                throw new ContentIOException("Missing content URL entity for " + contentUrl);
            }
            ContentUrlKeyEntity contentUrlKey = contentUrl2.getContentUrlKey();
            if (contentUrlKey != null) {
                try {
                    EncryptedKey encryptedKey = contentUrlKey.getEncryptedKey();
                    if (!EqualsHelper.nullSafeEquals(this.masterKeyStoreId, encryptedKey.getMasterKeystoreId()) || !EqualsHelper.nullSafeEquals(this.masterKeyAlias, encryptedKey.getMasterKeyAlias())) {
                        throw new ContentIOException("Content encryption key was encrypted with a master key from a different master key store / with a different key alias");
                    }
                    try {
                        ByteBuffer byteBuffer = encryptedKey.getByteBuffer();
                        ByteBufferByteChannel byteBufferByteChannel = new ByteBufferByteChannel(byteBuffer);
                        Throwable th = null;
                        DecryptingReadableByteChannel decryptingReadableByteChannel = new DecryptingReadableByteChannel(byteBufferByteChannel, this.masterPrivateKey);
                        Throwable th2 = null;
                        try {
                            try {
                                ByteBuffer allocate = ByteBuffer.allocate(byteBuffer.capacity());
                                decryptingReadableByteChannel.read(allocate);
                                allocate.flip();
                                byte[] bArr = new byte[allocate.remaining()];
                                allocate.get(bArr);
                                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, encryptedKey.getAlgorithm());
                                if (decryptingReadableByteChannel != null) {
                                    if (0 != 0) {
                                        try {
                                            decryptingReadableByteChannel.close();
                                        } catch (Throwable th3) {
                                            th2.addSuppressed(th3);
                                        }
                                    } else {
                                        decryptingReadableByteChannel.close();
                                    }
                                }
                                if (byteBufferByteChannel != null) {
                                    if (0 != 0) {
                                        try {
                                            byteBufferByteChannel.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        byteBufferByteChannel.close();
                                    }
                                }
                                contentReader = new DecryptingContentReaderFacade(reader, secretKeySpec, contentUrlKey.getUnencryptedFileSize().longValue());
                            } finally {
                            }
                        } catch (Throwable th5) {
                            if (decryptingReadableByteChannel != null) {
                                if (th2 != null) {
                                    try {
                                        decryptingReadableByteChannel.close();
                                    } catch (Throwable th6) {
                                        th2.addSuppressed(th6);
                                    }
                                } else {
                                    decryptingReadableByteChannel.close();
                                }
                            }
                            throw th5;
                        }
                    } finally {
                    }
                } catch (IOException | DecoderException e) {
                    LOGGER.error("Error loading symmetric content encryption key", e);
                    throw new ContentIOException("Error loading symmetric content encryption key", e);
                }
            } else {
                contentReader = reader;
            }
        }
        return contentReader;
    }

    @Override // de.acosix.alfresco.simplecontentstores.repo.store.facade.CommonFacadingContentStore
    public ContentWriter getWriter(ContentContext contentContext) {
        ContentReader contentReader;
        String contentUrl = contentContext.getContentUrl();
        if (contentUrl != null && isContentUrlSupported(contentUrl) && exists(contentUrl)) {
            ContentReader reader = getReader(contentUrl);
            contentReader = (reader == null || !reader.exists()) ? null : reader;
        } else {
            contentReader = null;
        }
        ContentWriter writer = super.getWriter(contentContext);
        Key createNewKey = createNewKey();
        EncryptingContentWriterFacade encryptingContentWriterFacade = new EncryptingContentWriterFacade(writer, contentContext, createNewKey, contentReader);
        encryptingContentWriterFacade.addListener(() -> {
            ByteBuffer wrap = ByteBuffer.wrap(createNewKey.getEncoded());
            try {
                int i = this.masterKeySize / 8;
                int capacity = wrap.capacity() + 42;
                if (Integer.highestOneBit(capacity) != Integer.lowestOneBit(capacity)) {
                    capacity = Integer.highestOneBit(capacity) << 1;
                }
                try {
                    ByteBuffer allocateDirect = ByteBuffer.allocateDirect(Math.max(i, capacity) * 2);
                    ByteBufferByteChannel byteBufferByteChannel = new ByteBufferByteChannel(allocateDirect);
                    Throwable th = null;
                    EncryptingWritableByteChannel encryptingWritableByteChannel = new EncryptingWritableByteChannel(byteBufferByteChannel, this.masterPublicKey);
                    Throwable th2 = null;
                    try {
                        try {
                            encryptingWritableByteChannel.write(wrap);
                            if (encryptingWritableByteChannel != null) {
                                if (0 != 0) {
                                    try {
                                        encryptingWritableByteChannel.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    encryptingWritableByteChannel.close();
                                }
                            }
                            if (byteBufferByteChannel != null) {
                                if (0 != 0) {
                                    try {
                                        byteBufferByteChannel.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    byteBufferByteChannel.close();
                                }
                            }
                            allocateDirect.flip();
                            EncryptedKey encryptedKey = new EncryptedKey(this.masterKeyStoreId, this.masterKeyAlias, createNewKey.getAlgorithm(), allocateDirect);
                            Pair createContentData = this.contentDataDAO.createContentData(encryptingContentWriterFacade.getContentData());
                            ContentUrlKeyEntity contentUrlKeyEntity = new ContentUrlKeyEntity();
                            contentUrlKeyEntity.setUnencryptedFileSize(Long.valueOf(encryptingContentWriterFacade.getSize()));
                            contentUrlKeyEntity.setEncryptedKey(encryptedKey);
                            this.contentDataDAO.updateContentUrlKey(((ContentData) createContentData.getSecond()).getContentUrl(), contentUrlKeyEntity);
                        } finally {
                        }
                    } catch (Throwable th5) {
                        if (encryptingWritableByteChannel != null) {
                            if (th2 != null) {
                                try {
                                    encryptingWritableByteChannel.close();
                                } catch (Throwable th6) {
                                    th2.addSuppressed(th6);
                                }
                            } else {
                                encryptingWritableByteChannel.close();
                            }
                        }
                        throw th5;
                    }
                } finally {
                }
            } catch (IOException e) {
                LOGGER.error("Error storing symmetric content encryption key", e);
                throw new ContentIOException("Error storing symmetric content encryption key", e);
            }
        });
        return encryptingContentWriterFacade;
    }

    protected void loadMasterKey() {
        BufferedInputStream bufferedInputStream;
        try {
            Resource resource = this.applicationContext.getResource(this.keyStorePath);
            if (resource.exists()) {
                bufferedInputStream = new BufferedInputStream(resource.getInputStream());
            } else {
                File file = ResourceUtils.getFile(this.keyStorePath);
                bufferedInputStream = file.exists() ? new BufferedInputStream(new FileInputStream(file)) : null;
            }
            if (bufferedInputStream == null) {
                throw new IllegalStateException("keystore file " + this.keyStorePath + " does not exist / cannot be found");
            }
            try {
                KeyStore keyStore = this.keyStoreProvider != null ? KeyStore.getInstance(this.keyStoreType, this.keyStoreProvider) : KeyStore.getInstance(this.keyStoreType);
                keyStore.load(bufferedInputStream, this.keyStorePassword != null ? this.keyStorePassword.toCharArray() : null);
                this.masterPublicKey = keyStore.getCertificate(this.masterKeyAlias).getPublicKey();
                this.masterPrivateKey = keyStore.getKey(this.masterKeyAlias, this.masterKeyPassword != null ? this.masterKeyPassword.toCharArray() : null);
            } finally {
                try {
                    bufferedInputStream.close();
                } catch (IOException e) {
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e2) {
            LOGGER.error("Error loading master key from {}", this.keyStorePath, e2);
            throw new AlfrescoRuntimeException("Error loading master key", e2);
        }
    }

    protected Key createNewKey() {
        try {
            KeyGenerator keyGenerator = this.keyAlgorithmProvider != null ? KeyGenerator.getInstance(this.keyAlgorithm, this.keyAlgorithmProvider) : KeyGenerator.getInstance(this.keyAlgorithm);
            keyGenerator.init(this.keySize);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            LOGGER.error("Error generating encryption key", e);
            throw new ContentIOException("Error generating encryption key", e);
        }
    }
}
