package com.rapidminer.extension.pythonscripting.serialization;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.rapidminer.connection.ConnectionInformation;
import com.rapidminer.connection.ConnectionInformationContainerIOObject;
import com.rapidminer.connection.configuration.ConnectionConfiguration;
import com.rapidminer.connection.valueprovider.handler.ValueProviderHandlerRegistry;
import com.rapidminer.extension.pythonscripting.definition.DynamicPort;
import com.rapidminer.operator.IOObject;
import com.rapidminer.operator.Operator;
import com.rapidminer.operator.ProcessStoppedException;
import com.rapidminer.operator.UserError;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/rapidminer/extension/pythonscripting/serialization/ConnectionSerializer.class */
public class ConnectionSerializer implements Serializer {
    private static final int GCM_IV_LENGTH = 12;
    private static final int GCM_TAG_LENGTH = 128;
    private static final JsonFactory JSON = new JsonFactory();

    @Override // com.rapidminer.extension.pythonscripting.serialization.Serializer
    public void serialize(IOObject iOObject, OutputStream[] outputStreamArr, @Nullable Operator operator) throws IOException, ProcessStoppedException, UserError {
        checkIfCanHandle(iOObject);
        checkNumberOfStreams(outputStreamArr);
        ConnectionInformationContainerIOObject connectionInformationContainerIOObject = (ConnectionInformationContainerIOObject) iOObject;
        ConnectionInformation connectionInformation = connectionInformationContainerIOObject.getConnectionInformation();
        ConnectionConfiguration configuration = connectionInformation.getConfiguration();
        Map injectValues = ValueProviderHandlerRegistry.getInstance().injectValues(connectionInformation, operator, false);
        JsonGenerator createGenerator = JSON.createGenerator(outputStreamArr[0]);
        try {
            createGenerator.writeStartObject();
            for (Map.Entry entry : injectValues.entrySet()) {
                String str = (String) entry.getKey();
                if (configuration.getParameter(str) != null) {
                    String str2 = (String) entry.getValue();
                    if (!configuration.getParameter(str).isEncrypted() || str2 == null) {
                        createGenerator.writeStringField(str, str2);
                    } else {
                        String annotation = connectionInformationContainerIOObject.getAnnotations().getAnnotation("serde-key");
                        if (annotation == null) {
                            throw new IOException("Connection object lacks encryption key annotation");
                        }
                        createGenerator.writeObjectFieldStart(str);
                        createGenerator.writeStringField("type", "aes-gcm-encrypted-utf8");
                        createGenerator.writeStringField("message", encryptSecret(str2, annotation));
                        createGenerator.writeEndObject();
                    }
                }
            }
            createGenerator.writeEndObject();
            if (createGenerator != null) {
                createGenerator.close();
            }
        } catch (Throwable th) {
            if (createGenerator != null) {
                try {
                    createGenerator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private String encryptSecret(String str, String str2) {
        SecretKeySpec secretKeySpec = new SecretKeySpec(Base64.getDecoder().decode(str2), "AES");
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr));
            byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
            byte[] copyOf = Arrays.copyOf(bArr, bArr.length + doFinal.length);
            System.arraycopy(doFinal, 0, copyOf, bArr.length, doFinal.length);
            return Base64.getEncoder().encodeToString(copyOf);
        } catch (Exception e) {
            throw new AssertionError("Builtin AES-GCM encryption failed.", e);
        }
    }

    @Override // com.rapidminer.extension.pythonscripting.serialization.Serializer
    public String[] getExtension() {
        return new String[]{DynamicPort.TYPE_CONNECTION};
    }

    @Override // com.rapidminer.extension.pythonscripting.serialization.Serializer
    public boolean canHandle(IOObject iOObject) {
        return iOObject instanceof ConnectionInformationContainerIOObject;
    }
}
