package com.mastercard.developer.encryption;

import com.jayway.jsonpath.DocumentContext;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Predicate;
import com.jayway.jsonpath.spi.json.JsonProvider;
import com.mastercard.developer.encryption.aes.AESCBC;
import com.mastercard.developer.utils.EncodingUtils;
import com.mastercard.developer.utils.EncryptionUtils;
import com.mastercard.developer.utils.StringUtils;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Map;

/* loaded from: input_file:com/mastercard/developer/encryption/FieldLevelEncryption.class */
public class FieldLevelEncryption {
    private FieldLevelEncryption() {
    }

    public static String encryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig) throws EncryptionException {
        return encryptPayload(str, fieldLevelEncryptionConfig, null);
    }

    public static String encryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, Object obj) throws EncryptionException {
        try {
            DocumentContext parse = JsonPath.parse(str, JsonParser.jsonPathConfig);
            for (Map.Entry<String, String> entry : fieldLevelEncryptionConfig.encryptionPaths.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (key.contains("[*]")) {
                    Integer num = (Integer) JsonPath.read(str, key.split("\\[.*?\\]")[0].concat(".length()"), new Predicate[0]);
                    for (Integer num2 = 0; num2.intValue() < num.intValue(); num2 = Integer.valueOf(num2.intValue() + 1)) {
                        parse = encryptPayloadPath(parse, key.replace("*", num2.toString()), value.replace("*", num2.toString()), fieldLevelEncryptionConfig, (FieldLevelEncryptionParams) obj);
                    }
                } else {
                    parse = encryptPayloadPath(parse, key, value, fieldLevelEncryptionConfig, (FieldLevelEncryptionParams) obj);
                }
            }
            return parse.jsonString();
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Payload encryption failed!", e);
        }
    }

    public static String decryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig) throws EncryptionException {
        return decryptPayload(str, fieldLevelEncryptionConfig, null);
    }

    public static String decryptPayload(String str, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, Object obj) throws EncryptionException {
        try {
            DocumentContext parse = JsonPath.parse(str, JsonParser.jsonPathConfig);
            for (Map.Entry<String, String> entry : fieldLevelEncryptionConfig.decryptionPaths.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (key.contains("[*]")) {
                    Integer num = (Integer) JsonPath.read(str, key.split("\\[.*?\\]")[0].concat(".length()"), new Predicate[0]);
                    for (Integer num2 = 0; num2.intValue() < num.intValue(); num2 = Integer.valueOf(num2.intValue() + 1)) {
                        parse = decryptPayloadPath(parse, key.replace("*", num2.toString()), value.replace("*", num2.toString()), fieldLevelEncryptionConfig, (FieldLevelEncryptionParams) obj);
                    }
                } else {
                    parse = decryptPayloadPath(parse, key, value, fieldLevelEncryptionConfig, (FieldLevelEncryptionParams) obj);
                }
            }
            return parse.jsonString();
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Payload decryption failed!", e);
        }
    }

    private static DocumentContext encryptPayloadPath(DocumentContext documentContext, String str, String str2, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws GeneralSecurityException, EncryptionException {
        Object readJsonElement = JsonParser.readJsonElement(documentContext, str);
        if (readJsonElement == null) {
            return documentContext;
        }
        if (fieldLevelEncryptionParams == null) {
            fieldLevelEncryptionParams = FieldLevelEncryptionParams.generate(fieldLevelEncryptionConfig);
        }
        byte[] bArr = null;
        try {
            bArr = EncryptionUtils.sanitizeJson(JsonParser.jsonEngine.toJsonString(readJsonElement)).getBytes(StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
        }
        String encodeBytes = EncodingUtils.encodeBytes(AESCBC.cipher(fieldLevelEncryptionParams.getSecretKey(), fieldLevelEncryptionParams.getIvSpec(), bArr, 1), fieldLevelEncryptionConfig.fieldValueEncoding);
        if ("$".equals(str)) {
            documentContext = JsonPath.parse("{}", JsonParser.jsonPathConfig);
        } else {
            documentContext.delete(str, new Predicate[0]);
        }
        JsonParser.checkOrCreateOutObject(documentContext, str2);
        documentContext.put(str2, fieldLevelEncryptionConfig.encryptedValueFieldName, encodeBytes, new Predicate[0]);
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.ivFieldName)) {
            documentContext.put(str2, fieldLevelEncryptionConfig.ivFieldName, fieldLevelEncryptionParams.getIvValue(), new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.encryptedKeyFieldName)) {
            documentContext.put(str2, fieldLevelEncryptionConfig.encryptedKeyFieldName, fieldLevelEncryptionParams.getEncryptedKeyValue(), new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.encryptionCertificateFingerprintFieldName)) {
            documentContext.put(str2, fieldLevelEncryptionConfig.encryptionCertificateFingerprintFieldName, fieldLevelEncryptionConfig.encryptionCertificateFingerprint, new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.encryptionKeyFingerprintFieldName)) {
            documentContext.put(str2, fieldLevelEncryptionConfig.encryptionKeyFingerprintFieldName, fieldLevelEncryptionConfig.encryptionKeyFingerprint, new Predicate[0]);
        }
        if (!StringUtils.isNullOrEmpty(fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithmFieldName)) {
            documentContext.put(str2, fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithmFieldName, fieldLevelEncryptionParams.getOaepPaddingDigestAlgorithmValue(), new Predicate[0]);
        }
        return documentContext;
    }

    private static DocumentContext decryptPayloadPath(DocumentContext documentContext, String str, String str2, FieldLevelEncryptionConfig fieldLevelEncryptionConfig, FieldLevelEncryptionParams fieldLevelEncryptionParams) throws GeneralSecurityException, EncryptionException {
        JsonProvider jsonProvider = JsonParser.jsonPathConfig.jsonProvider();
        Object readJsonObject = JsonParser.readJsonObject(documentContext, str);
        if (readJsonObject == null) {
            return documentContext;
        }
        Object readAndDeleteJsonKey = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.encryptedValueFieldName);
        if (JsonParser.jsonEngine.isNullOrEmptyJson(readAndDeleteJsonKey)) {
            return documentContext;
        }
        if (!fieldLevelEncryptionConfig.useHttpPayloads() && fieldLevelEncryptionParams == null) {
            throw new IllegalStateException("Encryption params have to be set when not stored in HTTP payloads!");
        }
        if (fieldLevelEncryptionParams == null) {
            Object readAndDeleteJsonKey2 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithmFieldName);
            String jsonString = JsonParser.jsonEngine.isNullOrEmptyJson(readAndDeleteJsonKey2) ? fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithm : JsonParser.jsonEngine.toJsonString(readAndDeleteJsonKey2);
            Object readAndDeleteJsonKey3 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.encryptedKeyFieldName);
            Object readAndDeleteJsonKey4 = readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.ivFieldName);
            readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.encryptionCertificateFingerprintFieldName);
            readAndDeleteJsonKey(documentContext, str, readJsonObject, fieldLevelEncryptionConfig.encryptionKeyFingerprintFieldName);
            fieldLevelEncryptionParams = new FieldLevelEncryptionParams(JsonParser.jsonEngine.toJsonString(readAndDeleteJsonKey4), JsonParser.jsonEngine.toJsonString(readAndDeleteJsonKey3), jsonString, fieldLevelEncryptionConfig);
        }
        String sanitizeJson = EncryptionUtils.sanitizeJson(new String(AESCBC.cipher(fieldLevelEncryptionParams.getSecretKey(), fieldLevelEncryptionParams.getIvSpec(), EncodingUtils.decodeValue(JsonParser.jsonEngine.toJsonString(readAndDeleteJsonKey), fieldLevelEncryptionConfig.fieldValueEncoding), 2), StandardCharsets.UTF_8));
        if ("$".equals(str2)) {
            documentContext = JsonPath.parse(sanitizeJson, JsonParser.jsonPathConfig);
        } else {
            JsonParser.checkOrCreateOutObject(documentContext, str2);
            JsonParser.addDecryptedDataToPayload(documentContext, sanitizeJson, str2);
            if (0 == jsonProvider.length(JsonParser.readJsonElement(documentContext, str))) {
                documentContext.delete(str, new Predicate[0]);
            }
        }
        return documentContext;
    }

    private static Object readAndDeleteJsonKey(DocumentContext documentContext, String str, Object obj, String str2) {
        if (null == str2) {
            return null;
        }
        Object mapValue = JsonParser.jsonPathConfig.jsonProvider().getMapValue(obj, str2);
        documentContext.delete(str + "." + str2, new Predicate[0]);
        return mapValue;
    }
}
