package com.dbeaver.ee.runtime.core;

import com.dbeaver.ee.runtime.DBeaverEnterpriseConstants;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.app.DBPProject;
import org.jkiss.dbeaver.registry.ProjectSecureStorage;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.jkiss.dbeaver.runtime.encode.ContentEncrypter;
import org.jkiss.dbeaver.runtime.ui.UIServiceSecurity;
import org.jkiss.utils.CommonUtils;
import org.jkiss.utils.IOUtils;

/* loaded from: input_file:com/dbeaver/ee/runtime/core/EnterpriseProjectSecureStorage.class */
public class EnterpriseProjectSecureStorage extends ProjectSecureStorage {
    private static final Log log = Log.getLog(EnterpriseProjectSecureStorage.class);
    private SecretKey projectPassword;

    public EnterpriseProjectSecureStorage(DBPProject dBPProject) {
        super(dBPProject);
    }

    private boolean isProjectPasswordUsed() {
        return CommonUtils.getBoolean(this.project.getProjectProperty(DBeaverEnterpriseConstants.PROP_USE_PROJECT_PASSWORD), false);
    }

    public boolean useSecurePreferences() {
        return !isProjectPasswordUsed() && super.useSecurePreferences();
    }

    public SecretKey getLocalSecretKey() {
        UIServiceSecurity uIServiceSecurity;
        if (isProjectPasswordUsed()) {
            if (this.projectPassword == null && (uIServiceSecurity = (UIServiceSecurity) DBWorkbench.getService(UIServiceSecurity.class)) != null) {
                this.projectPassword = acquireSecretKey(uIServiceSecurity);
            }
            if (this.projectPassword != null) {
                return this.projectPassword;
            }
        }
        return super.getLocalSecretKey();
    }

    private SecretKey acquireSecretKey(UIServiceSecurity uIServiceSecurity) {
        String str = "Enter project master password";
        while (true) {
            String askForPassword = uIServiceSecurity.askForPassword("Project '" + this.project.getName() + "' master password", str, (String) null, false);
            if (askForPassword == null) {
                return null;
            }
            SecretKey makeSecretKeyFromPassword = makeSecretKeyFromPassword(askForPassword);
            if (isValidSecretKey(makeSecretKeyFromPassword)) {
                return makeSecretKeyFromPassword;
            }
            str = "Incorrect password. Try again";
        }
    }

    public boolean isValidSecretKey(SecretKey secretKey) {
        File metadataFolder = this.project.getMetadataFolder(false);
        if (!metadataFolder.exists()) {
            return true;
        }
        File file = new File(metadataFolder, "credentials-config.json");
        if (!file.exists()) {
            return true;
        }
        try {
            try {
                new ContentEncrypter(secretKey).decrypt(IOUtils.readFileToBuffer(file));
                return true;
            } catch (Exception e) {
                log.debug("Error decrypting secure credentials", e);
                return false;
            }
        } catch (IOException unused) {
            log.error("Error reading credentials file");
            return true;
        }
    }

    public void setProjectPassword(String str) {
        this.projectPassword = CommonUtils.isEmpty(str) ? null : makeSecretKeyFromPassword(str);
    }

    public SecretKey makeSecretKeyFromPassword(String str) {
        return new SecretKeySpec(Arrays.copyOf(str.getBytes(StandardCharsets.UTF_8), 16), "AES");
    }
}
