package org.springframework.cloud.bootstrap.encrypt;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
import org.springframework.cloud.context.encrypt.EncryptorFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.security.rsa.crypto.RsaSecretEncryptor;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({KeyProperties.class})
@Configuration
@ConditionalOnClass({TextEncryptor.class})
/* loaded from: input_file:BOOT-INF/lib/spring-cloud-context-2.0.2.RELEASE.jar:org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration.class */
public class EncryptionBootstrapConfiguration {

    @Autowired(required = false)
    private TextEncryptor encryptor;

    @Autowired
    private KeyProperties key;

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-context-2.0.2.RELEASE.jar:org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration$FailsafeTextEncryptor.class */
    protected static class FailsafeTextEncryptor implements TextEncryptor {
        protected FailsafeTextEncryptor() {
        }

        @Override // org.springframework.security.crypto.encrypt.TextEncryptor
        public String encrypt(String str) {
            throw new UnsupportedOperationException("No encryption for FailsafeTextEncryptor. Did you configure the keystore correctly?");
        }

        @Override // org.springframework.security.crypto.encrypt.TextEncryptor
        public String decrypt(String str) {
            throw new UnsupportedOperationException("No decryption for FailsafeTextEncryptor. Did you configure the keystore correctly?");
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-context-2.0.2.RELEASE.jar:org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration$KeyCondition.class */
    public static class KeyCondition extends SpringBootCondition {
        @Override // org.springframework.boot.autoconfigure.condition.SpringBootCondition
        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            Environment environment = conditionContext.getEnvironment();
            return hasProperty(environment, "encrypt.key-store.location") ? hasProperty(environment, "encrypt.key-store.password") ? ConditionOutcome.match("Keystore found in Environment") : ConditionOutcome.noMatch("Keystore found but no password in Environment") : hasProperty(environment, "encrypt.key") ? ConditionOutcome.match("Key found in Environment") : ConditionOutcome.noMatch("Keystore nor key found in Environment");
        }

        private boolean hasProperty(Environment environment, String str) {
            String property = environment.getProperty(str);
            if (property == null) {
                return false;
            }
            return StringUtils.hasText(environment.resolvePlaceholders(property));
        }
    }

    @EnableConfigurationProperties({RsaProperties.class})
    @Configuration
    @ConditionalOnClass({RsaSecretEncryptor.class})
    @Conditional({KeyCondition.class})
    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-context-2.0.2.RELEASE.jar:org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration$RsaEncryptionConfiguration.class */
    protected static class RsaEncryptionConfiguration {

        @Autowired
        private KeyProperties key;

        @Autowired
        private RsaProperties rsaProperties;

        protected RsaEncryptionConfiguration() {
        }

        @ConditionalOnMissingBean({TextEncryptor.class})
        @Bean
        public TextEncryptor textEncryptor() {
            KeyProperties.KeyStore keyStore = this.key.getKeyStore();
            if (keyStore.getLocation() == null) {
                return new EncryptorFactory(this.key.getSalt()).create(this.key.getKey());
            }
            if (keyStore.getLocation().exists()) {
                return new RsaSecretEncryptor(new KeyStoreKeyFactory(keyStore.getLocation(), keyStore.getPassword().toCharArray()).getKeyPair(keyStore.getAlias(), keyStore.getSecret().toCharArray()), this.rsaProperties.getAlgorithm(), this.rsaProperties.getSalt(), this.rsaProperties.isStrong());
            }
            throw new IllegalStateException("Invalid keystore location");
        }
    }

    @ConditionalOnMissingClass({"org.springframework.security.rsa.crypto.RsaSecretEncryptor"})
    @Configuration
    @Conditional({KeyCondition.class})
    /* loaded from: input_file:BOOT-INF/lib/spring-cloud-context-2.0.2.RELEASE.jar:org/springframework/cloud/bootstrap/encrypt/EncryptionBootstrapConfiguration$VanillaEncryptionConfiguration.class */
    protected static class VanillaEncryptionConfiguration {

        @Autowired
        private KeyProperties key;

        protected VanillaEncryptionConfiguration() {
        }

        @ConditionalOnMissingBean({TextEncryptor.class})
        @Bean
        public TextEncryptor textEncryptor() {
            return new EncryptorFactory(this.key.getSalt()).create(this.key.getKey());
        }
    }

    @Bean
    public EnvironmentDecryptApplicationInitializer environmentDecryptApplicationListener() {
        if (this.encryptor == null) {
            this.encryptor = new FailsafeTextEncryptor();
        }
        EnvironmentDecryptApplicationInitializer environmentDecryptApplicationInitializer = new EnvironmentDecryptApplicationInitializer(this.encryptor);
        environmentDecryptApplicationInitializer.setFailOnError(this.key.isFailOnError());
        return environmentDecryptApplicationInitializer;
    }
}
