package org.apache.sling.commons.crypto.jasypt.internal;

import java.security.Provider;
import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
import org.apache.sling.commons.crypto.CryptoService;
import org.apache.sling.commons.crypto.PasswordProvider;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.iv.IvGenerator;
import org.jasypt.registry.AlgorithmRegistry;
import org.jasypt.salt.SaltGenerator;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.metatype.annotations.Designate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Designate(ocd = JasyptStandardPbeStringCryptoServiceConfiguration.class, factory = true)
@Component(property = {"service.description=Apache Sling Commons Crypto – Jasypt Standard PBE String Crypto Service", "service.vendor=The Apache Software Foundation"})
/* loaded from: input_file:org/apache/sling/commons/crypto/jasypt/internal/JasyptStandardPbeStringCryptoService.class */
public final class JasyptStandardPbeStringCryptoService implements CryptoService {

    @Reference
    private volatile PasswordProvider passwordProvider;

    @Reference
    private volatile IvGenerator ivGenerator;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL)
    private volatile Provider securityProvider;

    @Reference(cardinality = ReferenceCardinality.OPTIONAL)
    private volatile SaltGenerator saltGenerator;
    private StandardPBEStringEncryptor encryptor;
    private final Logger logger = LoggerFactory.getLogger(JasyptStandardPbeStringCryptoService.class);

    @Activate
    private void activate(JasyptStandardPbeStringCryptoServiceConfiguration jasyptStandardPbeStringCryptoServiceConfiguration) {
        this.logger.debug("activating");
        setupEncryptor(jasyptStandardPbeStringCryptoServiceConfiguration);
    }

    @Modified
    private void modified(JasyptStandardPbeStringCryptoServiceConfiguration jasyptStandardPbeStringCryptoServiceConfiguration) {
        this.logger.debug("modifying");
        setupEncryptor(jasyptStandardPbeStringCryptoServiceConfiguration);
    }

    @Deactivate
    private void deactivate() {
        this.logger.debug("deactivating");
    }

    private void setupEncryptor(JasyptStandardPbeStringCryptoServiceConfiguration jasyptStandardPbeStringCryptoServiceConfiguration) {
        String algorithm = jasyptStandardPbeStringCryptoServiceConfiguration.algorithm();
        Set allPBEAlgorithms = AlgorithmRegistry.getAllPBEAlgorithms();
        if (!allPBEAlgorithms.contains(algorithm)) {
            this.logger.warn("Configured algorithm {} for password based encryption is not available. {}", algorithm, allPBEAlgorithms);
        }
        StandardPBEStringEncryptor standardPBEStringEncryptor = new StandardPBEStringEncryptor();
        standardPBEStringEncryptor.setAlgorithm(algorithm);
        standardPBEStringEncryptor.setIvGenerator(this.ivGenerator);
        standardPBEStringEncryptor.setKeyObtentionIterations(jasyptStandardPbeStringCryptoServiceConfiguration.keyObtentionIterations());
        standardPBEStringEncryptor.setStringOutputType(jasyptStandardPbeStringCryptoServiceConfiguration.stringOutputType());
        String securityProviderName = jasyptStandardPbeStringCryptoServiceConfiguration.securityProviderName();
        if (Objects.nonNull(securityProviderName) && !securityProviderName.isBlank()) {
            standardPBEStringEncryptor.setProviderName(securityProviderName);
        }
        Provider provider = this.securityProvider;
        if (Objects.nonNull(provider)) {
            standardPBEStringEncryptor.setProvider(provider);
        }
        SaltGenerator saltGenerator = this.saltGenerator;
        if (Objects.nonNull(saltGenerator)) {
            standardPBEStringEncryptor.setSaltGenerator(saltGenerator);
        }
        char[] password = this.passwordProvider.getPassword();
        standardPBEStringEncryptor.setPasswordCharArray(password);
        standardPBEStringEncryptor.initialize();
        Arrays.fill(password, '0');
        this.encryptor = standardPBEStringEncryptor;
    }

    @Override // org.apache.sling.commons.crypto.CryptoService
    @NotNull
    public String encrypt(@NotNull String str) {
        return this.encryptor.encrypt(str);
    }

    @Override // org.apache.sling.commons.crypto.CryptoService
    @NotNull
    public String decrypt(@NotNull String str) {
        return this.encryptor.decrypt(str);
    }
}
