package be.atbash.ee.security.octopus.util;

import be.atbash.ee.security.octopus.config.JCASupportConfiguration;
import be.atbash.ee.security.octopus.exception.DecryptionFailedException;
import be.atbash.ee.security.octopus.exception.MissingPasswordException;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.PBKDF;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.impl.PRFParams;
import be.atbash.ee.security.octopus.nimbus.jwt.jwe.JWEAlgorithm;
import be.atbash.util.PublicAPI;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

@PublicAPI
/* loaded from: input_file:be/atbash/ee/security/octopus/util/EncryptionHelper.class */
public final class EncryptionHelper {
    private static final String AES_ALGO = "AES/CBC/PKCS5Padding";
    private static final int ITERATION_COUNT = 65556;

    private EncryptionHelper() {
    }

    public static String encode(String str, char[] cArr) {
        return encode(str.getBytes(StandardCharsets.UTF_8), cArr);
    }

    public static String encode(byte[] bArr, char[] cArr) {
        if (StringUtils.isEmpty(cArr)) {
            throw new MissingPasswordException(MissingPasswordException.ObjectType.ENCRYPTION);
        }
        byte[] bArr2 = new byte[20];
        JCASupportConfiguration.getInstance().getSecureRandom().nextBytes(bArr2);
        try {
            SecretKey deriveKey = PBKDF.deriveKey(cArr, bArr2, ITERATION_COUNT, PRFParams.resolve(JWEAlgorithm.PBES2_HS512_A256KW));
            Cipher cipher = Cipher.getInstance(AES_ALGO);
            cipher.init(1, deriveKey);
            byte[] iv = ((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV();
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] bArr3 = new byte[bArr2.length + iv.length + doFinal.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(iv, 0, bArr3, bArr2.length, iv.length);
            System.arraycopy(doFinal, 0, bArr3, bArr2.length + iv.length, doFinal.length);
            return Base64.getEncoder().encodeToString(bArr3);
        } catch (JOSEException | InvalidKeyException | NoSuchAlgorithmException | InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    public static String decode(String str, char[] cArr) {
        if (StringUtils.isEmpty(cArr)) {
            throw new MissingPasswordException(MissingPasswordException.ObjectType.ENCRYPTION);
        }
        try {
            Cipher cipher = Cipher.getInstance(AES_ALGO);
            ByteBuffer wrap = ByteBuffer.wrap(Base64.getDecoder().decode(str));
            byte[] bArr = new byte[20];
            wrap.get(bArr, 0, bArr.length);
            byte[] bArr2 = new byte[cipher.getBlockSize()];
            wrap.get(bArr2, 0, bArr2.length);
            byte[] bArr3 = new byte[(wrap.capacity() - bArr.length) - bArr2.length];
            wrap.get(bArr3);
            cipher.init(2, PBKDF.deriveKey(cArr, bArr, ITERATION_COUNT, PRFParams.resolve(JWEAlgorithm.PBES2_HS512_A256KW)), new IvParameterSpec(bArr2));
            return new String(cipher.doFinal(bArr3));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AtbashUnexpectedException(e);
        } catch (BadPaddingException e2) {
            throw new DecryptionFailedException();
        }
    }

    public static String encode(String str, SecretKey secretKey) {
        return encode(str.getBytes(StandardCharsets.UTF_8), secretKey);
    }

    public static String encode(byte[] bArr, SecretKey secretKey) {
        byte[] bArr2 = new byte[20];
        JCASupportConfiguration.getInstance().getSecureRandom().nextBytes(bArr2);
        try {
            Cipher cipher = Cipher.getInstance(AES_ALGO);
            cipher.init(1, secretKey);
            byte[] iv = ((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV();
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] bArr3 = new byte[bArr2.length + iv.length + doFinal.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(iv, 0, bArr3, bArr2.length, iv.length);
            System.arraycopy(doFinal, 0, bArr3, bArr2.length + iv.length, doFinal.length);
            return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr3);
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    public static String decode(String str, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance(AES_ALGO);
            ByteBuffer wrap = ByteBuffer.wrap(Base64.getUrlDecoder().decode(str));
            byte[] bArr = new byte[20];
            wrap.get(bArr, 0, bArr.length);
            byte[] bArr2 = new byte[cipher.getBlockSize()];
            wrap.get(bArr2, 0, bArr2.length);
            byte[] bArr3 = new byte[(wrap.capacity() - bArr.length) - bArr2.length];
            wrap.get(bArr3);
            cipher.init(2, new SecretKeySpec(secretKey.getEncoded(), "AES"), new IvParameterSpec(bArr2));
            return new String(cipher.doFinal(bArr3));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new AtbashUnexpectedException(e);
        } catch (BadPaddingException e2) {
            throw new DecryptionFailedException();
        }
    }
}
