package com.appiancorp.security.external;

import com.appiancorp.ag.security.PasswordConfig;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.crypto.CryptographerFactory;
import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.common.crypto.KeyStoreConfig;
import com.appiancorp.core.crypto.Cryptographer;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.user.service.UserService;
import com.appiancorp.suiteapi.common.exceptions.AppianRuntimeException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Supplier;

/* loaded from: input_file:com/appiancorp/security/external/CryptographerProviderUserImpl.class */
public class CryptographerProviderUserImpl implements CryptographerProvider {
    private final SecurityContextProvider securityContextProvider;
    private final UserService userService;
    private final Supplier<KeyStoreConfig> keyStoreConfigSupplier;
    private final FeatureToggleClient featureToggleClient;

    public CryptographerProviderUserImpl(SecurityContextProvider securityContextProvider, UserService userService, Supplier<KeyStoreConfig> supplier, FeatureToggleClient featureToggleClient) {
        this.securityContextProvider = securityContextProvider;
        this.userService = userService;
        this.keyStoreConfigSupplier = supplier;
        this.featureToggleClient = featureToggleClient;
    }

    @Override // com.appiancorp.common.crypto.CryptographerProvider
    public Cryptographer get() {
        KeyStoreConfig keyStoreConfig = (KeyStoreConfig) this.keyStoreConfigSupplier.get();
        CryptographerFactory<byte[]> buildCryptographerFactory = keyStoreConfig.buildCryptographerFactory();
        byte[] userKey = getUserKey();
        return this.featureToggleClient.isFeatureEnabled("ae.data-integrations.aes-256") ? keyStoreConfig.buildAes256CryptographerFactory(buildCryptographerFactory).buildCryptographer(userKey) : buildCryptographerFactory.buildCryptographer(userKey);
    }

    protected char[] getUserScsSessionKey() {
        AppianUserDetails appianUserDetails = this.securityContextProvider.get();
        char[] scsKey = appianUserDetails.getScsKey();
        if (scsKey == null) {
            throw new AppianRuntimeException(ErrorCode.EXTERNAL_SYSTEM_USER_SEC_VAL_REQUIRES_APPIAN_AUTH, new Object[]{appianUserDetails.getUsername()});
        }
        return scsKey;
    }

    @VisibleForTesting
    byte[] getUserKey() {
        return getSaltedKey(getUserScsSessionKey(), this.userService.getScsKeySaltCreateIfNeeded());
    }

    private byte[] getSaltedKey(char[] cArr, String str) {
        return ((PasswordConfig) ApplicationContextHolder.getBean(PasswordConfig.class)).createCurrentPasswordHasher().hash(cArr, str);
    }
}
