package org.wso2.carbon.crypto.provider;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.crypto.api.CipherMetaDataHolder;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.api.InternalCryptoProvider;
import org.wso2.carbon.uuid.generator.UUIDGeneratorManager;

/* loaded from: input_file:plugins/org.wso2.carbon.crypto.provider-1.1.14.jar:org/wso2/carbon/crypto/provider/SymmetricKeyInternalCryptoProvider.class */
public class SymmetricKeyInternalCryptoProvider implements InternalCryptoProvider {
    private static Log log = LogFactory.getLog(SymmetricKeyInternalCryptoProvider.class);
    private String secretKey;
    private static final String DEFAULT_SYMMETRIC_CRYPTO_ALGORITHM = "AES";
    private static final String AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM = "AES/GCM/NoPadding";
    public static final int GCM_IV_LENGTH = 128;
    public static final int GCM_TAG_LENGTH = 128;

    public SymmetricKeyInternalCryptoProvider(String str) {
        this.secretKey = str;
    }

    @Override // org.wso2.carbon.crypto.api.InternalCryptoProvider
    public byte[] encrypt(byte[] bArr, String str, String str2) throws CryptoException {
        try {
            if (StringUtils.isBlank(str)) {
                str = AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM;
            }
            Cipher cipher = StringUtils.isBlank(str2) ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            cipher.init(1, getSecretKey());
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            String format = String.format("An error occurred while encrypting using the algorithm : '%s'", str);
            if (log.isDebugEnabled()) {
                log.debug(format, e);
            }
            throw new CryptoException(format, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.InternalCryptoProvider
    public byte[] decrypt(byte[] bArr, String str, String str2) throws CryptoException {
        try {
            if (StringUtils.isBlank(str)) {
                str = AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM;
            }
            Cipher cipher = StringUtils.isBlank(str2) ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            if (!AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM.equals(str)) {
                cipher.init(2, getSecretKey());
                return cipher.doFinal(bArr);
            }
            if (log.isDebugEnabled()) {
                log.debug(String.format("Decrypting internal data with '%s' algorithm.", str));
            }
            CipherMetaDataHolder cipherMetaDataHolderFromCipherText = getCipherMetaDataHolderFromCipherText(bArr);
            cipher.init(2, getSecretKey(), getGCMParameterSpec(cipherMetaDataHolderFromCipherText.getIvBase64Decoded()));
            return cipherMetaDataHolderFromCipherText.getCipherBase64Decoded().length == 0 ? "".getBytes() : cipher.doFinal(cipherMetaDataHolderFromCipherText.getCipherBase64Decoded());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            String format = String.format("An error occurred while decrypting using the algorithm : '%s'", str);
            if (log.isDebugEnabled()) {
                log.debug(format, e);
            }
            throw new CryptoException(format, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.InternalCryptoProvider
    public byte[] decrypt(byte[] bArr, String str, String str2, Object... objArr) throws CryptoException {
        try {
            SecretKeySpec secretKey = getSecretKey();
            if (objArr != null && objArr.length > 0 && objArr[0] != null) {
                secretKey = getSecretKey((String) objArr[0]);
            }
            if (StringUtils.isBlank(str)) {
                str = AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM;
            }
            Cipher cipher = StringUtils.isBlank(str2) ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            if (!AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM.equals(str)) {
                cipher.init(2, secretKey);
                return cipher.doFinal(bArr);
            }
            if (log.isDebugEnabled()) {
                log.debug(String.format("Decrypting internal data with '%s' algorithm.", str));
            }
            CipherMetaDataHolder cipherMetaDataHolderFromCipherText = getCipherMetaDataHolderFromCipherText(bArr);
            cipher.init(2, secretKey, getGCMParameterSpec(cipherMetaDataHolderFromCipherText.getIvBase64Decoded()));
            return cipherMetaDataHolderFromCipherText.getCipherBase64Decoded().length == 0 ? "".getBytes() : cipher.doFinal(cipherMetaDataHolderFromCipherText.getCipherBase64Decoded());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            String format = String.format("An error occurred while decrypting using the algorithm : '%s'", str);
            if (log.isDebugEnabled()) {
                log.debug(format, e);
            }
            if (!(e instanceof BadPaddingException) || 0 == 0) {
                throw new CryptoException(format, e);
            }
            return decrypt(bArr, str, str2);
        }
    }

    @Override // org.wso2.carbon.crypto.api.InternalCryptoProvider
    public byte[] encrypt(byte[] bArr, String str, String str2, boolean z) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Encrypting data with symmetric key encryption with algorithm: '%s'.", str));
        }
        if (bArr == null) {
            throw new CryptoException("Plaintext can't be null.");
        }
        if (AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM.equals(str)) {
            return encryptWithGCMMode(bArr, str2, z, new Object[0]);
        }
        if (!StringUtils.isNotBlank(str) || bArr.length != 0) {
            return z ? createSelfContainedCiphertextWithPlainAES(encrypt(bArr, str, str2), str) : encrypt(bArr, str, str2);
        }
        if (log.isDebugEnabled()) {
            log.debug("Plaintext is empty. An empty array will be used as the ciphertext bytes.");
        }
        byte[] bytes = "".getBytes();
        return z ? createSelfContainedCiphertextWithPlainAES(bytes, str) : bytes;
    }

    @Override // org.wso2.carbon.crypto.api.InternalCryptoProvider
    public byte[] encrypt(byte[] bArr, String str, String str2, boolean z, Object... objArr) throws CryptoException {
        if (log.isDebugEnabled()) {
            log.debug(String.format("Encrypting data with symmetric key encryption with algorithm: '%s'.", str));
        }
        if (objArr.length == 0) {
            return encrypt(bArr, str, str2, z);
        }
        if (bArr == null) {
            throw new CryptoException("Plaintext can't be null.");
        }
        return AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM.equals(str) ? encryptWithGCMMode(bArr, str2, z, objArr) : encrypt(bArr, str, str2, z);
    }

    private SecretKeySpec getSecretKey() {
        return new SecretKeySpec(this.secretKey.getBytes(), 0, this.secretKey.getBytes().length, DEFAULT_SYMMETRIC_CRYPTO_ALGORITHM);
    }

    private SecretKeySpec getSecretKey(String str) {
        return new SecretKeySpec(str.getBytes(), 0, str.getBytes().length, DEFAULT_SYMMETRIC_CRYPTO_ALGORITHM);
    }

    private byte[] getInitializationVector() {
        UUID generate = UUIDGeneratorManager.getTimeBasedUUIDGenerator().generate();
        ByteBuffer wrap = ByteBuffer.wrap(new byte[128]);
        wrap.putLong(generate.getMostSignificantBits());
        wrap.putLong(generate.getLeastSignificantBits());
        return wrap.array();
    }

    private byte[] encryptWithGCMMode(byte[] bArr, String str, boolean z, Object... objArr) throws CryptoException {
        byte[] doFinal;
        if (!z) {
            throw new CryptoException("Symmetric encryption with GCM mode only supports self contained cipher text generation.");
        }
        SecretKeySpec secretKey = getSecretKey();
        if (objArr != null && objArr.length > 0 && objArr[0] != null) {
            secretKey = getSecretKey((String) objArr[0]);
        }
        byte[] initializationVector = getInitializationVector();
        try {
            Cipher cipher = StringUtils.isBlank(str) ? Cipher.getInstance(AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM) : Cipher.getInstance(AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM, str);
            cipher.init(1, secretKey, getGCMParameterSpec(initializationVector));
            if (bArr.length == 0) {
                if (log.isDebugEnabled()) {
                    log.debug("Plaintext is empty. An empty array will be used as the ciphertext bytes.");
                }
                doFinal = "".getBytes();
            } else {
                doFinal = cipher.doFinal(bArr);
            }
            return createSelfContainedCiphertextWithGCMMode(doFinal, AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM, initializationVector);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoException(String.format("Error occurred while initializing and encrypting using Cipher object with algorithm: '%s'.", AES_GCM_SYMMETRIC_CRYPTO_ALGORITHM), e);
        }
    }

    private GCMParameterSpec getGCMParameterSpec(byte[] bArr) {
        return new GCMParameterSpec(128, bArr);
    }

    private byte[] createSelfContainedCiphertextWithGCMMode(byte[] bArr, String str, byte[] bArr2) {
        Gson create = new GsonBuilder().disableHtmlEscaping().create();
        CipherMetaDataHolder cipherMetaDataHolder = new CipherMetaDataHolder();
        cipherMetaDataHolder.setCipherText(Base64.encode(cipherMetaDataHolder.getSelfContainedCiphertextWithIv(bArr, bArr2)));
        cipherMetaDataHolder.setTransformation(str);
        cipherMetaDataHolder.setIv(Base64.encode(bArr2));
        String json = create.toJson(cipherMetaDataHolder);
        if (log.isDebugEnabled()) {
            log.debug("Cipher with meta data : " + json);
        }
        return json.getBytes(Charset.defaultCharset());
    }

    private byte[] createSelfContainedCiphertextWithPlainAES(byte[] bArr, String str) {
        Gson create = new GsonBuilder().disableHtmlEscaping().create();
        CipherMetaDataHolder cipherMetaDataHolder = new CipherMetaDataHolder();
        cipherMetaDataHolder.setCipherText(Base64.encode(bArr));
        cipherMetaDataHolder.setTransformation(str);
        String json = create.toJson(cipherMetaDataHolder);
        if (log.isDebugEnabled()) {
            log.debug("Cipher with meta data: " + json);
        }
        return json.getBytes(Charset.defaultCharset());
    }

    private CipherMetaDataHolder getCipherMetaDataHolderFromCipherText(byte[] bArr) {
        CipherMetaDataHolder cipherMetaDataHolder = new CipherMetaDataHolder();
        cipherMetaDataHolder.setIvAndOriginalCipherText(bArr);
        return cipherMetaDataHolder;
    }
}
