package org.springframework.cloud.config.server.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
import org.springframework.cloud.bootstrap.encrypt.RsaProperties;
import org.springframework.cloud.config.server.encryption.CipherEnvironmentEncryptor;
import org.springframework.cloud.config.server.encryption.EnvironmentEncryptor;
import org.springframework.cloud.config.server.encryption.KeyStoreTextEncryptorLocator;
import org.springframework.cloud.config.server.encryption.LocatorTextEncryptor;
import org.springframework.cloud.config.server.encryption.SingleTextEncryptorLocator;
import org.springframework.cloud.config.server.encryption.TextEncryptorLocator;
import org.springframework.cloud.context.encrypt.EncryptorFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.crypto.encrypt.Encryptors;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties
@Configuration(proxyBeanMethods = false)
@Import({SingleTextEncryptorConfiguration.class})
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-server-3.1.7.jar:org/springframework/cloud/config/server/config/EncryptionAutoConfiguration.class */
public class EncryptionAutoConfiguration {

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnClass({RsaSecretEncryptor.class})
    @ConditionalOnProperty(prefix = "encrypt.key-store", value = {"location"}, matchIfMissing = false)
    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-config-server-3.1.7.jar:org/springframework/cloud/config/server/config/EncryptionAutoConfiguration$KeyStoreConfiguration.class */
    protected static class KeyStoreConfiguration {

        @Autowired
        private KeyProperties key;

        @Autowired
        private RsaProperties rsaProperties;

        protected KeyStoreConfiguration() {
        }

        @ConditionalOnMissingBean
        @Bean
        public TextEncryptorLocator textEncryptorLocator() {
            KeyProperties.KeyStore keyStore = this.key.getKeyStore();
            KeyStoreTextEncryptorLocator keyStoreTextEncryptorLocator = new KeyStoreTextEncryptorLocator(new KeyStoreKeyFactory(keyStore.getLocation(), keyStore.getPassword().toCharArray(), this.key.getKeyStore().getType()), keyStore.getSecret(), keyStore.getAlias());
            keyStoreTextEncryptorLocator.setRsaAlgorithm(this.rsaProperties.getAlgorithm());
            keyStoreTextEncryptorLocator.setSalt(this.rsaProperties.getSalt());
            keyStoreTextEncryptorLocator.setStrong(this.rsaProperties.isStrong());
            return keyStoreTextEncryptorLocator;
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public KeyProperties keyProperties() {
        return new KeyProperties();
    }

    @ConditionalOnMissingBean
    @ConditionalOnProperty(value = {"spring.cloud.config.server.encrypt.enabled"}, matchIfMissing = true)
    @ConditionalOnBean({TextEncryptorLocator.class})
    @Bean
    public EnvironmentEncryptor environmentEncryptor(@Autowired(required = false) TextEncryptorLocator textEncryptorLocator, TextEncryptor textEncryptor) {
        if (textEncryptorLocator == null) {
            textEncryptorLocator = new SingleTextEncryptorLocator(textEncryptor);
        }
        return new CipherEnvironmentEncryptor(textEncryptorLocator);
    }

    @ConditionalOnMissingBean({TextEncryptor.class})
    @Bean
    public TextEncryptor defaultTextEncryptor(@Autowired(required = false) TextEncryptorLocator textEncryptorLocator, KeyProperties keyProperties) {
        return textEncryptorLocator != null ? new LocatorTextEncryptor(textEncryptorLocator) : StringUtils.hasText(keyProperties.getKey()) ? new EncryptorFactory(keyProperties.getSalt()).create(keyProperties.getKey()) : Encryptors.noOpText();
    }
}
