package org.wso2.carbon.identity.keyrotation.service;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonSyntaxException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.axiom.om.util.Base64;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.wso2.carbon.identity.keyrotation.config.model.KeyRotationConfig;
import org.wso2.carbon.identity.keyrotation.model.CipherMetaData;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationConstants;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationException;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationServiceUtils;
import org.wso2.carbon.uuid.generator.UUIDGeneratorManager;

/* loaded from: input_file:org/wso2/carbon/identity/keyrotation/service/CryptoProvider.class */
public class CryptoProvider {
    private static final Logger log = Logger.getLogger(CryptoProvider.class);
    private static final Gson gson = new GsonBuilder().disableHtmlEscaping().create();

    public byte[] encrypt(byte[] bArr, KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        if (bArr == null) {
            throw new KeyRotationException("Cleartext bytes cannot be null.");
        }
        byte[] initializationVector = getInitializationVector();
        try {
            Security.addProvider(new BouncyCastleProvider());
            Cipher cipher = Cipher.getInstance(KeyRotationConstants.TRANSFORMATION, KeyRotationConstants.JAVA_SECURITY_API_PROVIDER);
            cipher.init(1, getSecretKey(keyRotationConfig.getNewSecretKey()), new IvParameterSpec(initializationVector));
            return createSelfContainedCiphertext(cipher.doFinal(bArr), initializationVector);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new KeyRotationException(String.format("Error occurred while initializing cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e2) {
            throw new KeyRotationException(String.format("Error occurred while instantiating cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e2);
        } catch (BadPaddingException | IllegalBlockSizeException e3) {
            throw new KeyRotationException(String.format("Error occurred while encrypting using cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e3);
        }
    }

    public byte[] decrypt(byte[] bArr, KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        if (bArr == null) {
            throw new KeyRotationException("Ciphertext bytes cannot be null.");
        }
        try {
            try {
                Security.addProvider(new BouncyCastleProvider());
                CipherMetaData createCipherMetaData = createCipherMetaData(bArr);
                if (createCipherMetaData.getCipherBase64Decoded().length == 0) {
                    log.debug("Bytes of length 0 found for cipher within the cipherMetaData.");
                    return "".getBytes();
                }
                Cipher cipher = Cipher.getInstance(KeyRotationConstants.TRANSFORMATION, KeyRotationConstants.JAVA_SECURITY_API_PROVIDER);
                cipher.init(2, getSecretKey(keyRotationConfig.getOldSecretKey()), new IvParameterSpec(createCipherMetaData.getIvBase64Decoded()));
                return cipher.doFinal(createCipherMetaData.getCipherBase64Decoded());
            } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
                throw new KeyRotationException(String.format("Error occurred while instantiating cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new KeyRotationException(String.format("Error occurred while initializing cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e2);
        } catch (BadPaddingException | IllegalBlockSizeException e3) {
            throw new KeyRotationException(String.format("Error occurred while encrypting using cipher object with algorithm: '%s'.", KeyRotationConstants.TRANSFORMATION), e3);
        }
    }

    private SecretKeySpec getSecretKey(String str) {
        return new SecretKeySpec(str.getBytes(), 0, str.getBytes().length, KeyRotationConstants.ALGORITHM);
    }

    private byte[] getInitializationVector() {
        UUID generate = UUIDGeneratorManager.getTimeBasedUUIDGenerator().generate();
        ByteBuffer wrap = ByteBuffer.wrap(new byte[16]);
        wrap.putLong(generate.getMostSignificantBits());
        wrap.putLong(generate.getLeastSignificantBits());
        return wrap.array();
    }

    private byte[] createSelfContainedCiphertext(byte[] bArr, byte[] bArr2) {
        CipherMetaData cipherMetaData = new CipherMetaData();
        cipherMetaData.setCipherText(KeyRotationServiceUtils.getSelfContainedCiphertextWithIv(bArr, bArr2));
        cipherMetaData.setTransformation(KeyRotationConstants.TRANSFORMATION);
        cipherMetaData.setIv(Base64.encode(bArr2));
        return gson.toJson(cipherMetaData).getBytes(Charset.defaultCharset());
    }

    private CipherMetaData createCipherMetaData(byte[] bArr) {
        return KeyRotationServiceUtils.setIvAndOriginalCipherText(bArr);
    }

    public byte[] reFactorCipherText(byte[] bArr) throws KeyRotationException {
        try {
            return ((CipherMetaData) gson.fromJson(new String(bArr, Charset.defaultCharset()), CipherMetaData.class)).getCipherBase64Decoded();
        } catch (JsonSyntaxException e) {
            throw new KeyRotationException("Error occurred while converting JSON to a Java object, ", e);
        }
    }
}
