package org.alfresco.repo.node.encryption;

import java.io.Serializable;
import java.security.KeyException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.crypto.SealedObject;
import org.alfresco.encryption.FallbackEncryptor;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.namespace.QName;

/* loaded from: input_file:WEB-INF/lib/alfresco-repository-5.0.a.jar:org/alfresco/repo/node/encryption/MetadataEncryptor.class */
public class MetadataEncryptor {
    private DictionaryService dictionaryService;
    private FallbackEncryptor encryptor;

    public void setDictionaryService(DictionaryService dictionaryService) {
        this.dictionaryService = dictionaryService;
    }

    public void setEncryptor(FallbackEncryptor fallbackEncryptor) {
        this.encryptor = fallbackEncryptor;
    }

    public Serializable encrypt(QName qName, Serializable serializable) {
        PropertyDefinition property = this.dictionaryService.getProperty(qName);
        return (serializable == null || property == null || !property.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)) ? serializable : serializable instanceof SealedObject ? serializable : this.encryptor.sealObject("metadata", null, serializable);
    }

    public Serializable decrypt(QName qName, Serializable serializable) {
        PropertyDefinition property = this.dictionaryService.getProperty(qName);
        if (serializable == null || property == null || !property.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED)) {
            return serializable;
        }
        if (!(serializable instanceof SealedObject)) {
            return serializable;
        }
        try {
            return this.encryptor.unsealObject("metadata", serializable);
        } catch (KeyException e) {
            throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
        }
    }

    public Map<QName, Serializable> encrypt(Map<QName, Serializable> map) {
        HashSet<QName> hashSet = new HashSet(5);
        for (Map.Entry<QName, Serializable> entry : map.entrySet()) {
            QName key = entry.getKey();
            Serializable value = entry.getValue();
            PropertyDefinition property = this.dictionaryService.getProperty(key);
            if (property != null && property.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED) && value != null && !(value instanceof SealedObject)) {
                hashSet.add(key);
            }
        }
        if (hashSet.isEmpty()) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        for (QName qName : hashSet) {
            hashMap.put(qName, this.encryptor.sealObject("metadata", null, map.get(qName)));
        }
        return hashMap;
    }

    public Map<QName, Serializable> decrypt(Map<QName, Serializable> map) {
        HashSet<QName> hashSet = new HashSet(5);
        for (Map.Entry<QName, Serializable> entry : map.entrySet()) {
            QName key = entry.getKey();
            Serializable value = entry.getValue();
            PropertyDefinition property = this.dictionaryService.getProperty(key);
            if (property != null && property.getDataType().getName().equals(DataTypeDefinition.ENCRYPTED) && value != null && (value instanceof SealedObject)) {
                hashSet.add(key);
            }
        }
        if (hashSet.isEmpty()) {
            return map;
        }
        HashMap hashMap = new HashMap(map);
        for (QName qName : hashSet) {
            try {
                hashMap.put(qName, this.encryptor.unsealObject("metadata", map.get(qName)));
            } catch (KeyException e) {
                throw new AlfrescoRuntimeException("Invalid metadata decryption key", e);
            }
        }
        return hashMap;
    }

    public boolean keyAvailable(String str) {
        return this.encryptor.keyAvailable(str);
    }

    public boolean backupKeyAvailable(String str) {
        return this.encryptor.backupKeyAvailable(str);
    }
}
