package io.mosip.kernel.cryptomanager.service.impl;

import io.mosip.kernel.core.crypto.spi.CryptoCoreSpec;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.CryptoUtil;
import io.mosip.kernel.cryptomanager.constant.CryptomanagerConstant;
import io.mosip.kernel.cryptomanager.dto.CryptoWithPinRequestDto;
import io.mosip.kernel.cryptomanager.dto.CryptoWithPinResponseDto;
import io.mosip.kernel.cryptomanager.dto.CryptomanagerRequestDto;
import io.mosip.kernel.cryptomanager.dto.CryptomanagerResponseDto;
import io.mosip.kernel.cryptomanager.service.CryptomanagerService;
import io.mosip.kernel.cryptomanager.util.CryptomanagerUtils;
import io.mosip.kernel.keygenerator.bouncycastle.KeyGenerator;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:io/mosip/kernel/cryptomanager/service/impl/CryptomanagerServiceImpl.class */
public class CryptomanagerServiceImpl implements CryptomanagerService {
    private static final int GCM_NONCE_LENGTH = 12;
    private static final int PBE_SALT_LENGTH = 32;
    private static final String AES_KEY_TYPE = "AES";
    private static final Logger LOGGER = KeymanagerLogger.getLogger(CryptomanagerServiceImpl.class);

    @Value("${mosip.kernel.data-key-splitter}")
    private String keySplitter;

    @Value("${mosip.kernel.keymanager.113nothumbprint.support:false}")
    private boolean noThumbprint;

    @Autowired
    KeyGenerator keyGenerator;

    @Autowired
    CryptomanagerUtils cryptomanagerUtil;

    @Autowired
    private CryptoCoreSpec<byte[], byte[], SecretKey, PublicKey, PrivateKey, String> cryptoCore;

    @Override // io.mosip.kernel.cryptomanager.service.CryptomanagerService
    public CryptomanagerResponseDto encrypt(CryptomanagerRequestDto cryptomanagerRequestDto) {
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.ENCRYPT, CryptomanagerConstant.ENCRYPT, "Request for data encryption.");
        SecretKey symmetricKey = this.keyGenerator.getSymmetricKey();
        byte[] bArr = this.cryptomanagerUtil.isValidSalt(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getSalt())) ? (byte[]) this.cryptoCore.symmetricEncrypt(symmetricKey, CryptoUtil.decodeBase64(cryptomanagerRequestDto.getData()), CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getSalt())), CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getAad()))) : (byte[]) this.cryptoCore.symmetricEncrypt(symmetricKey, CryptoUtil.decodeBase64(cryptomanagerRequestDto.getData()), CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getAad())));
        Certificate certificate = this.cryptomanagerUtil.getCertificate(cryptomanagerRequestDto);
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.ENCRYPT, CryptomanagerConstant.ENCRYPT, "Found the cerificate, proceeding with session key.");
        byte[] bArr2 = (byte[]) this.cryptoCore.asymmetricEncrypt(certificate.getPublicKey(), symmetricKey.getEncoded());
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.ENCRYPT, CryptomanagerConstant.ENCRYPT, "Session key encryption completed.");
        boolean booleanValue = cryptomanagerRequestDto.getPrependThumbprint() == null ? false : cryptomanagerRequestDto.getPrependThumbprint().booleanValue();
        CryptomanagerResponseDto cryptomanagerResponseDto = new CryptomanagerResponseDto();
        if (this.noThumbprint && !booleanValue) {
            cryptomanagerResponseDto.setData(CryptoUtil.encodeBase64(CryptoUtil.combineByteArray(bArr, bArr2, this.keySplitter)));
            return cryptomanagerResponseDto;
        }
        cryptomanagerResponseDto.setData(CryptoUtil.encodeBase64(CryptoUtil.combineByteArray(bArr, this.cryptomanagerUtil.concatCertThumbprint(this.cryptomanagerUtil.getCertificateThumbprint(certificate), bArr2), this.keySplitter)));
        return cryptomanagerResponseDto;
    }

    @Override // io.mosip.kernel.cryptomanager.service.CryptomanagerService
    public CryptomanagerResponseDto decrypt(CryptomanagerRequestDto cryptomanagerRequestDto) {
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.DECRYPT, CryptomanagerConstant.DECRYPT, "Request for data decryption.");
        byte[] decodeBase64 = CryptoUtil.decodeBase64(cryptomanagerRequestDto.getData());
        int splitterIndex = CryptoUtil.getSplitterIndex(decodeBase64, 0, this.keySplitter);
        byte[] copyOfRange = Arrays.copyOfRange(decodeBase64, 0, splitterIndex);
        byte[] copyOfRange2 = Arrays.copyOfRange(decodeBase64, splitterIndex + this.keySplitter.length(), decodeBase64.length);
        cryptomanagerRequestDto.setData(CryptoUtil.encodeBase64(copyOfRange));
        SecretKey decryptedSymmetricKey = this.cryptomanagerUtil.getDecryptedSymmetricKey(cryptomanagerRequestDto);
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.DECRYPT, CryptomanagerConstant.DECRYPT, "Session Decryption completed.");
        byte[] bArr = this.cryptomanagerUtil.isValidSalt(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getSalt())) ? (byte[]) this.cryptoCore.symmetricDecrypt(decryptedSymmetricKey, copyOfRange2, CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getSalt())), CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getAad()))) : (byte[]) this.cryptoCore.symmetricDecrypt(decryptedSymmetricKey, copyOfRange2, CryptoUtil.decodeBase64(CryptomanagerUtils.nullOrTrim(cryptomanagerRequestDto.getAad())));
        LOGGER.info(CryptomanagerConstant.SESSIONID, CryptomanagerConstant.DECRYPT, CryptomanagerConstant.DECRYPT, "Data decryption completed.");
        CryptomanagerResponseDto cryptomanagerResponseDto = new CryptomanagerResponseDto();
        cryptomanagerResponseDto.setData(CryptoUtil.encodeBase64(bArr));
        return cryptomanagerResponseDto;
    }

    @Override // io.mosip.kernel.cryptomanager.service.CryptomanagerService
    public CryptoWithPinResponseDto encryptWithPin(CryptoWithPinRequestDto cryptoWithPinRequestDto) {
        String data = cryptoWithPinRequestDto.getData();
        String userPin = cryptoWithPinRequestDto.getUserPin();
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        SecretKey derivedKey = getDerivedKey(userPin, bArr);
        byte[] bArr2 = new byte[12];
        secureRandom.nextBytes(bArr2);
        byte[] bArr3 = (byte[]) this.cryptoCore.symmetricEncrypt(derivedKey, data.getBytes(), bArr2, bArr);
        byte[] bArr4 = new byte[bArr3.length + 32 + 12];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr4, bArr.length, bArr2.length);
        System.arraycopy(bArr3, 0, bArr4, bArr.length + bArr2.length, bArr3.length);
        CryptoWithPinResponseDto cryptoWithPinResponseDto = new CryptoWithPinResponseDto();
        cryptoWithPinResponseDto.setData(CryptoUtil.encodeBase64(bArr4));
        return cryptoWithPinResponseDto;
    }

    @Override // io.mosip.kernel.cryptomanager.service.CryptomanagerService
    public CryptoWithPinResponseDto decryptWithPin(CryptoWithPinRequestDto cryptoWithPinRequestDto) {
        String data = cryptoWithPinRequestDto.getData();
        String userPin = cryptoWithPinRequestDto.getUserPin();
        byte[] decodeBase64 = CryptoUtil.decodeBase64(data);
        byte[] copyOfRange = Arrays.copyOfRange(decodeBase64, 0, 32);
        byte[] copyOfRange2 = Arrays.copyOfRange(decodeBase64, 32, 44);
        byte[] copyOfRange3 = Arrays.copyOfRange(decodeBase64, 44, decodeBase64.length);
        byte[] bArr = (byte[]) this.cryptoCore.symmetricDecrypt(getDerivedKey(userPin, copyOfRange), copyOfRange3, copyOfRange2, copyOfRange);
        CryptoWithPinResponseDto cryptoWithPinResponseDto = new CryptoWithPinResponseDto();
        cryptoWithPinResponseDto.setData(new String(bArr));
        return cryptoWithPinResponseDto;
    }

    private SecretKey getDerivedKey(String str, byte[] bArr) {
        return new SecretKeySpec(this.cryptomanagerUtil.hexDecode((String) this.cryptoCore.hash(str.getBytes(), bArr)), AES_KEY_TYPE);
    }
}
