package coldfusion.cloud;

import coldfusion.cloud.aws.AWSConstants;
import coldfusion.cloud.aws.AWSCredential;
import coldfusion.cloud.azure.AzureCredential;
import coldfusion.cloud.azure.ServiceBusKeyBasedCredential;
import coldfusion.cloud.azure.ServiceBusTokenBasedCredential;
import coldfusion.cloud.consumer.AWSCredentialConsumer;
import coldfusion.cloud.consumer.AzureCredentialConsumer;
import coldfusion.cloud.consumer.ServiceBusKeyBasedCredentialConsumer;
import coldfusion.cloud.consumer.ServiceBusTokenBasedCredentialConsumer;
import coldfusion.cloud.consumer.VendorCredentialConsumer;
import coldfusion.cloud.exception.ValidationException;
import coldfusion.cloud.util.FieldTypecastUtil;
import coldfusion.cloud.util.ValidatorFiller;
import coldfusion.filter.FusionContext;
import coldfusion.log.CFLogs;
import coldfusion.log.Logger;
import coldfusion.runtime.ApplicationException;
import coldfusion.runtime.ApplicationScope;
import coldfusion.runtime.Struct;
import coldfusion.server.ConfigMap;
import coldfusion.server.ServiceBase;
import coldfusion.server.ServiceException;
import coldfusion.util.PasswordUtils;
import coldfusion.util.RB;
import coldfusion.util.StructUtil;
import coldfusion.util.Utils;
import java.io.File;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Observable;
import java.util.Observer;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections4.SetUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:config/cfsetup/cfsetup.jar:coldfusion/cloud/VendorCredentialService.class
 */
/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/cloud/VendorCredentialService.class */
public class VendorCredentialService extends ServiceBase implements Observer, StructUtil {
    private Logger logger = CFLogs.SERVER_LOG;
    ValidatorFiller filler = ValidatorFiller.INSTANCE;
    private File vendorCredentialFile;
    private ConfigMap credentialSetting;
    private String seed;
    private static final String CLOUD_CREDENTIALS_LIST_KEY = "CLOUDCREDENTIALS";
    private static final String ALIAS_KEY = "ALIAS";
    private static final String staticpassword = "***************";
    private static final Set<String> fieldsToBeEncrypted = SetUtils.unmodifiableSet(new HashSet(Arrays.asList("secretAccessKey", "accessKeyId", AzureCredentialConsumer.CONNECTION_STRING)));

    /* JADX WARN: Classes with same name are omitted:
      input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:config/cfsetup/cfsetup.jar:coldfusion/cloud/VendorCredentialService$CredentialDoesNotExistException.class
     */
    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/cloud/VendorCredentialService$CredentialDoesNotExistException.class */
    public class CredentialDoesNotExistException extends ApplicationException {
        public String credentialAlias;

        public CredentialDoesNotExistException(String str) {
            this.credentialAlias = str;
        }
    }

    public VendorCredentialService(File file) {
        this.vendorCredentialFile = file;
    }

    public void addCredentialsData(Struct struct) {
        if (Objects.isNull(struct)) {
            throw new ValidationException("null input");
        }
        try {
            Struct struct2 = (Struct) struct.duplicate();
            VendorCredential transform = transform(struct2, true);
            encryptField(struct2);
            if (this.credentialSetting.containsKey(transform.getAlias())) {
                throw new ValidationException(transform.getAlias() + " alias already exists.");
            }
            this.credentialSetting.put(transform.getAlias(), struct2);
            store();
        } catch (IllegalAccessException e) {
            throw new RuntimeException("Unable to make a copy of Struct!");
        }
    }

    private void encryptField(Struct struct) {
        fieldsToBeEncrypted.forEach(str -> {
            if (struct.containsKey(str)) {
                struct.put(str, PasswordUtils.encryptPassword((String) struct.get(str), PasswordUtils.getInstance().getSeedValue()));
            }
        });
    }

    private void decryptField(Struct struct, String str) {
        fieldsToBeEncrypted.forEach(str2 -> {
            if (struct.containsKey(str2)) {
                struct.put(str2, PasswordUtils.decryptPassword((String) struct.get(str2), str));
            }
        });
    }

    public List<Struct> getAllCredentialsData() {
        return (List) this.credentialSetting.values().stream().map(map -> {
            Struct struct = new Struct();
            struct.putAll(map);
            decryptField(struct, PasswordUtils.getInstance().getSeedValue());
            return struct;
        }).collect(Collectors.toList());
    }

    public void deleteCredentialsData(String str) {
        if (str == null || str.equals("")) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "deleteCredEmptyAlias"));
        }
        if (!this.credentialSetting.containsKey(str)) {
            throw new CredentialDoesNotExistException(str);
        }
        this.credentialSetting.remove(str);
        store();
    }

    public Struct getCredentialDataForCFAdmin(String str) {
        Struct credentialData = getCredentialData(str);
        removeSecretKey(credentialData);
        return credentialData;
    }

    public Struct getCredentialData(String str) {
        if (str == null || str.equals("")) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "getCredEmptyAlias"));
        }
        Map map = (Map) this.credentialSetting.get(str);
        if (map == null) {
            throw new CredentialDoesNotExistException(str);
        }
        Struct struct = new Struct();
        struct.putAll(map);
        decryptField(struct, PasswordUtils.getInstance().getSeedValue());
        return struct;
    }

    private void removeSecretKey(Struct struct) {
        if (((String) struct.get(VendorCredentialConsumer.VENDOR_NAME)).toUpperCase().equals(CloudVendorName.AWS.toString())) {
            struct.put("secretAccessKey", staticpassword);
        }
    }

    public VendorCredential getCredential(String str) {
        if (this.credentialSetting.containsKey(str)) {
            return transform(getCredentialData(str));
        }
        return null;
    }

    public void modifyCredentialsData(String str, Struct struct) {
        if (Objects.isNull(str)) {
            throw new ValidationException("oldAlias is null.");
        }
        if (str.equals("")) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "aliasKeyEmpty"));
        }
        if (Objects.isNull(struct)) {
            throw new ValidationException("config struct is null");
        }
        if (!this.credentialSetting.containsKey(str)) {
            throw new ValidationException("oldAlias : " + str + " is not present.");
        }
        Struct credentialData = getCredentialData(str);
        String str2 = null;
        String str3 = null;
        if (!struct.containsKey("vendorname")) {
            struct.put("vendorname", credentialData.get("vendorname"));
        }
        if (credentialData.get("vendorname").equals(AWSConstants.AWS) && struct.get("vendorname").equals(AWSConstants.AWS)) {
            str2 = (String) credentialData.get("secretaccesskey");
            str3 = (String) struct.get("secretaccesskey");
        }
        if (credentialData.get("vendorname").equals(struct.get("vendorname"))) {
            credentialData.putAll(struct);
        }
        if (str2 != null && str3 != null && str3.equals(staticpassword)) {
            credentialData.put("secretaccesskey", str2);
        }
        if (struct.containsKey("alias")) {
            throw new ValidationException("Alias cannot be modified once created. Please create credentials with a new alias");
        }
        if (!credentialData.get("vendorname").equals(struct.get("vendorname"))) {
            credentialData = struct;
            credentialData.put("alias", str);
        }
        transform(credentialData).setAlias(str);
        encryptField(credentialData);
        this.credentialSetting.put(str, credentialData);
        store();
    }

    @Override // coldfusion.server.ServiceBase
    public void start() throws ServiceException {
        super.start();
        PasswordUtils.getInstance().addObserver(this);
    }

    @Override // coldfusion.server.ServiceBase
    public void load() throws ServiceException {
        try {
            this.vendorCredentialFile = Utils.getCanonicalFile(this.vendorCredentialFile);
            this.credentialSetting = (ConfigMap) deserialize(this.vendorCredentialFile);
            if (this.credentialSetting == null) {
                this.credentialSetting = new ConfigMap(this, "cloudConfig");
            }
        } catch (Exception e) {
            this.logger.error("Error while starting vendor credential service " + e.getMessage(), e);
            throw new ServiceException(e);
        }
    }

    @Override // coldfusion.server.ServiceBase
    public void store() {
        serialize(this.credentialSetting, this.vendorCredentialFile);
    }

    @Override // coldfusion.server.ServiceBase
    public Map getResourceBundle() {
        if (this.rb == null) {
            this.rb = new HashMap();
            this.rb.put("cloudConfig.formats", "coldfusion.server.MapFormatter");
            this.rb.put("cloudConfig.value", "");
        }
        return this.rb;
    }

    @Override // java.util.Observer
    public void update(Observable observable, Object obj) {
        String str;
        String str2 = this.seed;
        if (!(observable instanceof PasswordUtils) || obj == null || !(obj instanceof String) || (str = (String) obj) == null || str.length() <= 0) {
            return;
        }
        this.seed = str;
        if (str2 == null) {
            return;
        }
        synchronized (str) {
            reEncryptPasswords(str2);
        }
    }

    private void reEncryptPasswords(String str) {
        this.credentialSetting.forEach((obj, obj2) -> {
            decryptField((Struct) obj2, str);
            encryptField((Struct) obj2);
        });
        store();
    }

    public String getSeed() {
        return this.seed;
    }

    public VendorCredential fromApplicationScope(String str, CloudVendorName cloudVendorName) {
        Struct structFromList;
        String trim = str.trim();
        if (trim.isEmpty()) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "emptyCredentialAlias"));
        }
        ApplicationScope applicationScope = (ApplicationScope) FusionContext.getApplicationScope();
        if (applicationScope == null || (structFromList = getStructFromList((List) applicationScope.getApplicationSettingsMap().get(CLOUD_CREDENTIALS_LIST_KEY), ALIAS_KEY, trim)) == null) {
            return null;
        }
        structFromList.putIfAbsent(VendorCredentialConsumer.VENDOR_NAME, cloudVendorName);
        return transform(structFromList);
    }

    public VendorCredential getVendorCredential(Object obj, CloudVendorName cloudVendorName) {
        VendorCredential fromApplicationScope;
        if (obj == null) {
            if (cloudVendorName == CloudVendorName.AWS) {
                return new AWSCredential();
            }
            return null;
        }
        if (obj instanceof Struct) {
            if (((Struct) obj).get("alias") == null) {
                ((Struct) obj).put("alias", "alias".concat(String.valueOf(System.currentTimeMillis())));
            }
            ((Struct) obj).putIfAbsent(VendorCredentialConsumer.VENDOR_NAME, cloudVendorName);
            fromApplicationScope = transform((Struct) obj);
        } else {
            fromApplicationScope = fromApplicationScope(FieldTypecastUtil.INSTANCE.getStringProperty(obj), cloudVendorName);
            if (fromApplicationScope == null) {
                fromApplicationScope = getCredential(FieldTypecastUtil.INSTANCE.getStringProperty(obj));
            }
        }
        return fromApplicationScope;
    }

    public VendorCredential transform(Struct struct) {
        return transform(struct, false);
    }

    public VendorCredential transform(Struct struct, boolean z) {
        if (struct.isEmpty()) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "emptyCloudCredentialStruct"));
        }
        if ((z && struct.get("alias") == null) || struct.get("alias").equals("")) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "cloudAliasNotFound"));
        }
        if (struct.get(VendorCredentialConsumer.VENDOR_NAME) == null) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "cloudVendorNameNotFound"));
        }
        if (struct.get(VendorCredentialConsumer.VENDOR_NAME).equals("")) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "cloudVendorNameEmpty"));
        }
        try {
            CloudVendorName valueOf = CloudVendorName.valueOf(FieldTypecastUtil.INSTANCE.getStringProperty(struct.get(VendorCredentialConsumer.VENDOR_NAME)));
            switch (valueOf) {
                case AWS:
                    if (struct.get("accessKeyId") == null || struct.get("accessKeyId").equals("")) {
                        if (struct.get("secretAccessKey") != null && !struct.get("secretAccessKey").equals("")) {
                            throw new ValidationException(RB.getString(VendorCredentialService.class, "AWSAccessKeyIdNotFound"));
                        }
                    } else if (struct.get("secretAccessKey") == null || struct.get("secretAccessKey").equals("")) {
                        throw new ValidationException(RB.getString(VendorCredentialService.class, "AWSSecretAccessKeyNotFound"));
                    }
                    AWSCredential aWSCredential = new AWSCredential();
                    this.filler.fillObject(aWSCredential, struct, new AWSCredentialConsumer());
                    return aWSCredential;
                case AZURE:
                    switch (struct.keySet().size()) {
                        case 5:
                            ServiceBusTokenBasedCredential serviceBusTokenBasedCredential = new ServiceBusTokenBasedCredential();
                            this.filler.fillObject(serviceBusTokenBasedCredential, struct, new ServiceBusTokenBasedCredentialConsumer());
                            return serviceBusTokenBasedCredential;
                        case 6:
                            ServiceBusKeyBasedCredential serviceBusKeyBasedCredential = new ServiceBusKeyBasedCredential();
                            this.filler.fillObject(serviceBusKeyBasedCredential, struct, new ServiceBusKeyBasedCredentialConsumer());
                            return serviceBusKeyBasedCredential;
                        default:
                            AzureCredential azureCredential = new AzureCredential();
                            this.filler.fillObject(azureCredential, struct, new AzureCredentialConsumer());
                            return azureCredential;
                    }
                default:
                    throw new ValidationException(valueOf.name() + " : is not configured with VendorCredentialService");
            }
        } catch (IllegalArgumentException e) {
            throw new ValidationException(RB.getString(VendorCredentialService.class, "invalidCloudVendorName"));
        }
    }
}
