package org.opencms.crypto;

import com.google.common.io.BaseEncoding;
import java.nio.charset.StandardCharsets;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.logging.Log;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.opencms.configuration.CmsParameterConfiguration;
import org.opencms.file.CmsObject;
import org.opencms.main.CmsLog;

/* loaded from: input_file:org/opencms/crypto/CmsAESTextEncryption.class */
public class CmsAESTextEncryption implements I_CmsTextEncryption {
    public static final String AES = "AES";
    public static final String PARAM_SECRET = "secret";
    private CmsParameterConfiguration m_config = new CmsParameterConfiguration();
    private SecretKey m_key;
    private String m_name;
    public static final BaseEncoding BASE64 = BaseEncoding.base64Url().withPadChar('.');
    private static final Log LOG = CmsLog.getLog(CmsAESTextEncryption.class);

    public static SecretKey generateAESKey(String str) {
        HKDFParameters defaultParameters = HKDFParameters.defaultParameters(str.getBytes(StandardCharsets.UTF_8));
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(defaultParameters);
        byte[] bArr = new byte[16];
        hKDFBytesGenerator.generateBytes(bArr, 0, 16);
        return new SecretKeySpec(bArr, AES);
    }

    @Override // org.opencms.configuration.I_CmsConfigurationParameterHandler
    public void addConfigurationParameter(String str, String str2) {
        this.m_config.add(str, str2);
    }

    @Override // org.opencms.crypto.I_CmsTextEncryption
    public String decrypt(String str) throws CmsEncryptionException {
        byte[] decode = BASE64.decode(str);
        try {
            Cipher cipher = Cipher.getInstance(AES);
            cipher.init(2, this.m_key);
            return new String(cipher.doFinal(decode), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new CmsEncryptionException(e.getLocalizedMessage(), e);
        }
    }

    @Override // org.opencms.crypto.I_CmsTextEncryption
    public String encrypt(String str) throws CmsEncryptionException {
        try {
            Cipher cipher = Cipher.getInstance(AES);
            cipher.init(1, this.m_key);
            return BASE64.encode(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            throw new CmsEncryptionException(e.getLocalizedMessage(), e);
        }
    }

    @Override // org.opencms.configuration.I_CmsConfigurationParameterHandler
    public CmsParameterConfiguration getConfiguration() {
        return this.m_config;
    }

    @Override // org.opencms.crypto.I_CmsTextEncryption
    public String getName() {
        return this.m_name;
    }

    @Override // org.opencms.configuration.I_CmsConfigurationParameterHandler
    public void initConfiguration() {
    }

    @Override // org.opencms.crypto.I_CmsTextEncryption
    public void initialize(CmsObject cmsObject) {
        String str = this.m_config.get((Object) PARAM_SECRET);
        if (str == null) {
            throw new IllegalArgumentException("Parameter 'secret' must be set for CmsAESTextEncryption!");
        }
        this.m_key = generateAESKey(str);
    }

    @Override // org.opencms.crypto.I_CmsTextEncryption
    public void setName(String str) {
        if (this.m_name != null) {
            throw new IllegalStateException("Can't call setName twice!");
        }
        this.m_name = str;
    }
}
