package org.adorsys.encobject.service;

import com.nimbusds.jose.CompressionAlgorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEEncrypter;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.factories.DefaultJWEDecrypterFactory;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.adorsys.encobject.domain.ContentMetaInfo;
import org.adorsys.encobject.domain.ObjectHandle;
import org.adorsys.encobject.params.EncParamSelector;
import org.adorsys.encobject.params.EncryptionParams;
import org.adorsys.jjwk.selector.JWEEncryptedSelector;
import org.adorsys.jjwk.selector.UnsupportedEncAlgorithmException;
import org.adorsys.jjwk.selector.UnsupportedKeyLengthException;
import org.adorsys.jkeygen.keystore.PasswordCallbackUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.CharEncoding;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.i18n.TextBundle;
import org.postgresql.jdbc.EscapedFunctions;

/* loaded from: input_file:BOOT-INF/lib/encobject-0.10.0.jar:org/adorsys/encobject/service/ObjectPersistence.class */
public class ObjectPersistence {
    private DefaultJWEDecrypterFactory decrypterFactory = new DefaultJWEDecrypterFactory();
    private final StoreConnection blobStoreConnection;

    public ObjectPersistence(StoreConnection storeConnection) {
        this.blobStoreConnection = storeConnection;
    }

    public void storeObject(byte[] bArr, ContentMetaInfo contentMetaInfo, ObjectHandle objectHandle, KeyStore keyStore, String str, CallbackHandler callbackHandler, EncryptionParams encryptionParams) throws UnsupportedEncAlgorithmException, WrongKeyCredentialException, UnsupportedKeyLengthException, UnknownContainerException {
        if (contentMetaInfo == null) {
            contentMetaInfo = new ContentMetaInfo();
        }
        Key readKey = readKey(keyStore, str, callbackHandler);
        if (encryptionParams == null) {
            encryptionParams = EncParamSelector.selectEncryptionParams(readKey);
        }
        JWEHeader.Builder keyID = new JWEHeader.Builder(encryptionParams.getEncAlgo(), encryptionParams.getEncMethod()).keyID(str);
        String contentTrype = contentMetaInfo.getContentTrype();
        if (StringUtils.isNotBlank(contentTrype)) {
            keyID = keyID.contentType(contentTrype);
        }
        if (StringUtils.isNotBlank(contentMetaInfo.getZip())) {
            keyID = keyID.compressionAlgorithm(CompressionAlgorithm.DEF);
        } else if (StringUtils.isNotBlank(contentTrype) && StringUtils.containsIgnoreCase(contentTrype, TextBundle.TEXT_ENTRY)) {
            keyID = keyID.compressionAlgorithm(CompressionAlgorithm.DEF);
        }
        Map<String, Object> addInfos = contentMetaInfo.getAddInfos();
        if (contentMetaInfo.getExp() != null) {
            if (addInfos == null) {
                addInfos = new HashMap();
            }
            addInfos.put(EscapedFunctions.EXP, Long.valueOf(contentMetaInfo.getExp().getTime()));
        }
        if (addInfos != null) {
            keyID = keyID.customParams(addInfos);
        }
        JWEHeader build = keyID.build();
        JWEEncrypter geEncrypter = JWEEncryptedSelector.geEncrypter(readKey, encryptionParams.getEncAlgo(), encryptionParams.getEncMethod());
        JWEObject jWEObject = new JWEObject(build, new Payload(bArr));
        try {
            jWEObject.encrypt(geEncrypter);
            try {
                this.blobStoreConnection.putBlob(objectHandle, jWEObject.serialize().getBytes(CharEncoding.UTF_8));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("Unsupported content type", e);
            }
        } catch (JOSEException e2) {
            throw new IllegalStateException("Encryption error", e2);
        }
    }

    public byte[] loadObject(ObjectHandle objectHandle, KeyStore keyStore, CallbackHandler callbackHandler) throws ObjectNotFoundException, WrongKeyCredentialException, UnknownContainerException {
        try {
            try {
                JWEObject parse = JWEObject.parse(IOUtils.toString(this.blobStoreConnection.getBlob(objectHandle), CharEncoding.UTF_8));
                try {
                    try {
                        parse.decrypt(this.decrypterFactory.createJWEDecrypter(parse.getHeader(), readKey(keyStore, parse.getHeader().getKeyID(), callbackHandler)));
                        return parse.getPayload().toBytes();
                    } catch (JOSEException e) {
                        throw new WrongKeyCredentialException(e);
                    }
                } catch (JOSEException e2) {
                    throw new IllegalStateException("No suitable key found", e2);
                }
            } catch (ParseException e3) {
                throw new IllegalStateException("Can not parse jwe object", e3);
            }
        } catch (IOException e4) {
            throw new IllegalStateException("Unsupported content type", e4);
        }
    }

    private Key readKey(KeyStore keyStore, String str, CallbackHandler callbackHandler) throws WrongKeyCredentialException {
        try {
            return keyStore.getKey(str, PasswordCallbackUtils.getPassword(callbackHandler, str));
        } catch (KeyStoreException e) {
            throw new WrongKeyCredentialException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new WrongKeyCredentialException(e3);
        }
    }
}
