package org.jfrog.security.file;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.security.KeyPair;
import java.text.SimpleDateFormat;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.List;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.jfrog.security.crypto.CipherAlg;
import org.jfrog.security.crypto.EncodedKeyPair;
import org.jfrog.security.crypto.JFrogCryptoHelper;
import org.jfrog.security.crypto.JFrogEnvelop;
import org.jfrog.security.crypto.SecureKeyObjectWrite;
import org.jfrog.security.crypto.result.DecryptionStatusHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/security/file/SecurityFolderHelper.class */
public class SecurityFolderHelper {
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_700 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_600 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_400 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_640 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.GROUP_READ));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_644 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.GROUP_READ, PosixFilePermission.OTHERS_READ));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_755 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_EXECUTE));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_777 = Collections.unmodifiableSet(EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE));
    public static final Set<PosixFilePermission> PERMISSIONS_MODE_POSIX_UNSUPPORTED = PERMISSIONS_MODE_777;
    private static final Logger log = LoggerFactory.getLogger(SecurityFolderHelper.class);
    private static final int FILE_BASE_MODE = 8;

    public static File removeKeyFile(File file) {
        if (!file.exists()) {
            throw new RuntimeException("Cannot remove master key file if it does not exists at " + file.getAbsolutePath());
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMddHHmmsssSSS");
        Date date = new Date();
        File file2 = new File(file + "." + new Random().nextInt(10000) + "." + simpleDateFormat.format(date));
        if (!file.renameTo(file2)) {
            throw new RuntimeException("Could not rename master key file at " + file.getAbsolutePath() + " to " + file2.getAbsolutePath());
        }
        file2.setLastModified(date.getTime());
        return file2;
    }

    @Nullable
    public static CipherAlg specificArtifactoryAlg() {
        String artfactoryKeyUseAesFromSystemProperty = getArtfactoryKeyUseAesFromSystemProperty();
        if (artfactoryKeyUseAesFromSystemProperty == null) {
            return null;
        }
        return Boolean.valueOf(artfactoryKeyUseAesFromSystemProperty.trim().toLowerCase()).booleanValue() ? CipherAlg.AES128 : getCipherAlgFromSystemProperty();
    }

    @Nullable
    private static String getArtfactoryKeyUseAesFromSystemProperty() {
        String property = System.getProperty("jfrog.artifactory.useAES", "");
        if (StringUtils.isBlank(property)) {
            return null;
        }
        return property;
    }

    @Nullable
    private static CipherAlg getCipherAlgFromSystemProperty() {
        String property = System.getProperty("jfrog.artifactory.cipher", "");
        try {
            CipherAlg valueOf = CipherAlg.valueOf(property);
            log.info("specified  ", valueOf);
            return valueOf;
        } catch (IllegalArgumentException e) {
            log.error("{} value '{}' not found. Choose one from : {} ", new Object[]{"jfrog.artifactory.cipher", property, CipherAlg.values()});
            return null;
        }
    }

    public static void createKeyFile(File file) {
        createKeyFile(file, specificArtifactoryAlg());
    }

    public static void createKeyFile(File file, CipherAlg cipherAlg) {
        if (file.exists()) {
            throw new IllegalStateException("Cannot create new master key file if it already exists at " + file.getAbsolutePath());
        }
        log.info("Creating artifactory encryption key at {}", file.getAbsolutePath());
        if (CipherAlg.AES128.equals(cipherAlg)) {
            insecureSaveKey(file, JFrogCryptoHelper.generateAES128SymKey());
            return;
        }
        try {
            saveKeyPair(file, JFrogCryptoHelper.generateKeyPair());
        } catch (IOException e) {
            throw new RuntimeException("Failed to set permissions on key file '" + file.getAbsolutePath() + "'. Please manually set the file's permissions to 600", e);
        }
    }

    public static void saveKeyPair(File file, KeyPair keyPair) throws IOException {
        insecureSaveKeyPair(file, keyPair);
        setPermissionsOnSecurityFile(file.toPath(), PERMISSIONS_MODE_600);
    }

    private static void insecureSaveKeyPair(File file, KeyPair keyPair) {
        saveKeyFile(file, bufferedWriter -> {
            writeKeyToWriter(JFrogCryptoHelper.encodeKeyPair(keyPair), bufferedWriter);
        });
    }

    private static void insecureSaveKey(File file, String str) {
        saveKeyFile(file, bufferedWriter -> {
            bufferedWriter.write(str);
            bufferedWriter.newLine();
        });
    }

    public static void writeKeyToWriter(EncodedKeyPair encodedKeyPair, BufferedWriter bufferedWriter) throws IOException {
        bufferedWriter.write(encodedKeyPair.encodedPrivateKey);
        bufferedWriter.newLine();
        bufferedWriter.write(encodedKeyPair.encodedPublicKey);
        bufferedWriter.newLine();
    }

    public static void checkPermissionsOnSecurityFolder(File file) throws IOException {
        checkPermissionsOnSecurityFolder(file.toPath());
    }

    public static void checkPermissionsOnSecurityFolder(Path path) throws IOException {
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(path, new LinkOption[0]);
            if (posixFilePermissions.contains(PosixFilePermission.GROUP_READ) || posixFilePermissions.contains(PosixFilePermission.OTHERS_READ)) {
                throw new RuntimeException("The folder containing the key file " + path.toAbsolutePath().toString() + " has too broad permissions!\nPlease limit access to the Artifactory user only!");
            }
        }
    }

    public static void checkPermissionsOnSecurityFile(File file, Set<PosixFilePermission> set) throws IOException {
        checkPermissionsOnSecurityFile(file.toPath(), set);
    }

    public static void checkPermissionsOnSecurityFile(Path path, Set<PosixFilePermission> set) throws IOException {
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(path, new LinkOption[0]);
            if (!posixFilePermissions.equals(set)) {
                throw new RuntimeException("The '" + path.toAbsolutePath().toString() + "' are not as expected. Expected permissions are: " + StringUtils.join(set, " ") + " while the current permissions are: " + StringUtils.join(posixFilePermissions, " ") + ".");
            }
        }
    }

    public static Set<PosixFilePermission> getFilePermissionsOrDefault(Path path) throws IOException {
        Set<PosixFilePermission> filePermissions = getFilePermissions(path);
        return filePermissions == null ? PERMISSIONS_MODE_POSIX_UNSUPPORTED : filePermissions;
    }

    public static Set<PosixFilePermission> getFilePermissions(Path path) throws IOException {
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            return Files.getPosixFilePermissions(path, new LinkOption[0]);
        }
        return null;
    }

    public static void setPermissionsOnSecurityFolder(File file) throws IOException {
        setPermissionsOnSecurityFolder(file.toPath());
    }

    public static void setPermissionsOnSecurityFolder(Path path) throws IOException {
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            if (!Files.exists(path, new LinkOption[0])) {
                Files.createDirectories(path, new FileAttribute[0]);
            }
            Files.setPosixFilePermissions(path, PERMISSIONS_MODE_700);
        }
    }

    public static void setPermissionsOnSecurityFolder(Path path, Set<PosixFilePermission> set) throws IOException {
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            if (!Files.exists(path, new LinkOption[0])) {
                Files.createDirectories(path, new FileAttribute[0]);
            }
            Files.setPosixFilePermissions(path, set);
        }
    }

    public static void setPermissionsOnSecurityFile(Path path) throws IOException {
        setPermissionsOnSecurityFile(path, PERMISSIONS_MODE_700);
    }

    public static void setPermissionsOnSecurityFile(Path path, Set<PosixFilePermission> set) throws IOException {
        if (path.getFileSystem().supportedFileAttributeViews().contains("posix")) {
            setPermissionsOnSecurityFolder(path.getParent());
            Files.setPosixFilePermissions(path, set);
        }
    }

    public static KeyPair getKeyPairFromFile(File file) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
            Throwable th = null;
            try {
                KeyPair createKeyPair = new EncodedKeyPair(bufferedReader.readLine(), bufferedReader.readLine()).decode(null, new DecryptionStatusHolder()).createKeyPair();
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return createKeyPair;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Could not read master key " + file.getAbsolutePath() + " to decrypt password!", e);
        }
    }

    public static List<JFrogEnvelop> getFileAsEncodedTypes(File file) {
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(file.toPath());
            Throwable th = null;
            try {
                List<JFrogEnvelop> list = (List) newBufferedReader.lines().map(str -> {
                    return JFrogEnvelop.parse(str, str -> {
                        log.warn("SecurityFolderHelper File {} encoding not recognized: line starts with {} ", file.toPath(), str);
                    });
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toList());
                if (newBufferedReader != null) {
                    if (0 != 0) {
                        try {
                            newBufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newBufferedReader.close();
                    }
                }
                return list;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(String.format("Fail to read file %s ", file.getAbsolutePath()), e);
        }
    }

    public static void saveKeyFile(File file, SecureKeyObjectWrite secureKeyObjectWrite) {
        try {
            File parentFile = file.getParentFile();
            if (!parentFile.exists()) {
                if (!parentFile.mkdirs()) {
                    throw new RuntimeException("Could not create the folder containing the key file " + parentFile.getAbsolutePath());
                }
                setPermissionsOnSecurityFolder(parentFile);
            }
            checkPermissionsOnSecurityFolder(parentFile);
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file));
            Throwable th = null;
            try {
                try {
                    secureKeyObjectWrite.writeSecureObject(bufferedWriter);
                    if (bufferedWriter != null) {
                        if (0 != 0) {
                            try {
                                bufferedWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedWriter.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Could not write the key into " + file.getAbsolutePath(), e);
        }
    }

    public static int getFilePermissionsMode(Path path) {
        assertFileExists(path);
        try {
            return filePermissionsToMode(getFilePermissionsOrDefault(path));
        } catch (IOException e) {
            throw new RuntimeException("Failed to read permissions of path: " + path, e);
        }
    }

    public static void setFilePermissionsMode(Path path, int i) {
        assertFileExists(path);
        try {
            setPermissionsOnSecurityFile(path, modeToPermissions(i));
        } catch (IOException e) {
            throw new RuntimeException("Failed to set permissions on path: " + path, e);
        }
    }

    private static void assertFileExists(Path path) {
        File file = path.toFile();
        if (!file.exists()) {
            throw new IllegalArgumentException("File does not exist: " + path);
        }
        if (!file.isFile()) {
            throw new IllegalArgumentException("Path is not a file: " + path);
        }
    }

    public static int filePermissionsToMode(Set<PosixFilePermission> set) {
        return permissionsToMode(FILE_BASE_MODE, set);
    }

    private static int permissionsToMode(int i, Set<PosixFilePermission> set) {
        return ((((((i << 3) << 3) | permissionsToMode(set, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE)) << 3) | permissionsToMode(set, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE)) << 3) | permissionsToMode(set, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE);
    }

    private static int permissionsToMode(Set<PosixFilePermission> set, PosixFilePermission posixFilePermission, PosixFilePermission posixFilePermission2, PosixFilePermission posixFilePermission3) {
        int i = 0;
        if (set.contains(posixFilePermission)) {
            i = 0 | 4;
        }
        if (set.contains(posixFilePermission2)) {
            i |= 2;
        }
        if (set.contains(posixFilePermission3)) {
            i |= 1;
        }
        return i;
    }

    public static Set<PosixFilePermission> modeToPermissions(int i) {
        EnumSet noneOf = EnumSet.noneOf(PosixFilePermission.class);
        addPermissions(noneOf, i, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE);
        addPermissions(noneOf, i >> 3, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE);
        addPermissions(noneOf, i >> 6, PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE);
        return noneOf;
    }

    private static void addPermissions(Set<PosixFilePermission> set, int i, PosixFilePermission posixFilePermission, PosixFilePermission posixFilePermission2, PosixFilePermission posixFilePermission3) {
        if ((i & 4) == 4) {
            set.add(posixFilePermission);
        }
        if ((i & 2) == 2) {
            set.add(posixFilePermission2);
        }
        if ((i & 1) == 1) {
            set.add(posixFilePermission3);
        }
    }
}
