package org.wso2.ciphertool.cipher;

import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.JsonSyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import org.apache.commons.lang.StringUtils;
import org.wso2.ciphertool.exception.CipherToolException;
import org.wso2.ciphertool.utils.Constants;
import org.wso2.ciphertool.utils.KeyStoreUtil;
import org.wso2.ciphertool.utils.Utils;

/* loaded from: input_file:org/wso2/ciphertool/cipher/SymmetricCipher.class */
public class SymmetricCipher implements CipherMode {
    private static final int GCM_IV_LENGTH = 128;
    private static final int GCM_TAG_LENGTH = 128;
    private final Key secretKey;
    private final Cipher cipher;
    private final String algorithm;

    public SymmetricCipher(KeyStore keyStore, String str) {
        String property = System.getProperty(Constants.CIPHER_TRANSFORMATION_SYSTEM_PROPERTY);
        this.algorithm = StringUtils.isNotBlank(property) ? property : Constants.AES_GCM_NO_PADDING;
        try {
            this.secretKey = keyStore.getKey(str, KeyStoreUtil.getKeystorePassword().toCharArray());
            if (this.secretKey == null) {
                throw new KeyStoreException(Constants.Error.GET_KEY_ERROR_MESSAGE.getMessage(str));
            }
            this.cipher = Cipher.getInstance(this.algorithm);
        } catch (KeyStoreException | UnrecoverableKeyException e) {
            throw new CipherToolException(Constants.Error.GET_KEY_ERROR_MESSAGE.getMessage(str), e);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new CipherToolException(Constants.Error.CIPHER_INIT_ERROR_MESSAGE.getMessage(new Object[0]), e2);
        }
    }

    public SymmetricCipher(KeyStore keyStore) {
        this(keyStore, System.getProperty(Constants.KEY_ALIAS_PROPERTY));
    }

    @Override // org.wso2.ciphertool.cipher.CipherMode
    public String doEncryption(String str) {
        try {
            if (!Constants.AES_GCM_NO_PADDING.equals(this.algorithm)) {
                this.cipher.init(1, this.secretKey);
                return Utils.doEncryption(this.cipher, str);
            }
            byte[] initializationVector = getInitializationVector();
            this.cipher.init(1, this.secretKey, new GCMParameterSpec(128, initializationVector));
            return createSelfContainedCiphertextWithGCMMode(Utils.doEncryption(this.cipher, str), initializationVector);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CipherToolException(Constants.Error.CIPHER_INIT_ERROR_MESSAGE.getMessage(new Object[0]), e);
        } catch (InvalidKeyException e2) {
            throw new CipherToolException(Constants.Error.INVALID_SECRET_ERROR_MESSAGE.getMessage(new Object[0]), e2);
        }
    }

    @Override // org.wso2.ciphertool.cipher.CipherMode
    public String doDecryption(String str) {
        byte[] decode;
        try {
            if (Constants.AES_GCM_NO_PADDING.equals(this.algorithm)) {
                JsonObject jsonObject = getJsonObject(str);
                decode = getValueFromJson(jsonObject, Constants.CIPHERTEXT);
                this.cipher.init(2, this.secretKey, new GCMParameterSpec(128, getValueFromJson(jsonObject, Constants.IV)));
            } else {
                this.cipher.init(2, this.secretKey);
                decode = Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
            }
            return Utils.doDecryption(this.cipher, decode);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CipherToolException(Constants.Error.CIPHER_INIT_ERROR_MESSAGE.getMessage(new Object[0]), e);
        } catch (InvalidKeyException e2) {
            throw new CipherToolException(Constants.Error.INVALID_SECRET_ERROR_MESSAGE.getMessage(new Object[0]), e2);
        }
    }

    private JsonObject getJsonObject(String str) {
        try {
            return JsonParser.parseString(new String(Base64.getDecoder().decode(str))).getAsJsonObject();
        } catch (JsonSyntaxException e) {
            throw new CipherToolException(Constants.Error.INVALID_JSON.getMessage(new Object[0]));
        }
    }

    private byte[] getValueFromJson(JsonObject jsonObject, String str) {
        JsonElement jsonElement = jsonObject.get(str);
        if (jsonElement == null) {
            throw new CipherToolException(Constants.Error.JSON_VALUE_NOT_FOUND.getMessage(str));
        }
        return Base64.getDecoder().decode(jsonElement.getAsString().getBytes(StandardCharsets.UTF_8));
    }

    private byte[] getInitializationVector() {
        byte[] bArr = new byte[128];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private String createSelfContainedCiphertextWithGCMMode(String str, byte[] bArr) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty(Constants.CIPHERTEXT, str);
        jsonObject.addProperty(Constants.IV, Base64.getEncoder().encodeToString(bArr));
        return Base64.getEncoder().encodeToString(new Gson().toJson(jsonObject).getBytes());
    }
}
