package org.apache.qpid.server.security.encryption;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.class */
class AESKeyFileEncrypter implements ConfigurationSecretEncrypter {
    private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
    private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
    private static final String AES_ALGORITHM = "AES";
    private final SecretKey _secretKey;
    private final SecureRandom _random = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AESKeyFileEncrypter(SecretKey secretKey) {
        if (secretKey == null) {
            throw new NullPointerException("A non null secret key must be supplied");
        }
        if (!AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm() + "when" + AES_ALGORITHM + "was needed.");
        }
        this._secretKey = secretKey;
    }

    @Override // org.apache.qpid.server.security.encryption.ConfigurationSecretEncrypter
    public String encrypt(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            byte[] bArr = new byte[AES_INITIALIZATION_VECTOR_LENGTH];
            this._random.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(CIPHER_NAME);
            cipher.init(1, this._secretKey, new IvParameterSpec(bArr));
            byte[] readFromCipherStream = readFromCipherStream(bytes, cipher);
            byte[] bArr2 = new byte[AES_INITIALIZATION_VECTOR_LENGTH + readFromCipherStream.length];
            System.arraycopy(bArr, 0, bArr2, 0, AES_INITIALIZATION_VECTOR_LENGTH);
            System.arraycopy(readFromCipherStream, 0, bArr2, AES_INITIALIZATION_VECTOR_LENGTH, readFromCipherStream.length);
            return DatatypeConverter.printBase64Binary(bArr2);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("Unable to encrypt secret", e);
        }
    }

    @Override // org.apache.qpid.server.security.encryption.ConfigurationSecretEncrypter
    public String decrypt(String str) {
        if (!isValidBase64(str)) {
            throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + str + "'");
        }
        byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(str);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_NAME);
            cipher.init(2, this._secretKey, new IvParameterSpec(parseBase64Binary, 0, AES_INITIALIZATION_VECTOR_LENGTH));
            return new String(readFromCipherStream(parseBase64Binary, AES_INITIALIZATION_VECTOR_LENGTH, parseBase64Binary.length - AES_INITIALIZATION_VECTOR_LENGTH, cipher), StandardCharsets.UTF_8);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("Unable to encrypt secret", e);
        }
    }

    private boolean isValidBase64(String str) {
        return str.matches("^([\\w\\d+/]{4})*([\\w\\d+/]{2}==|[\\w\\d+/]{3}=)?$");
    }

    private byte[] readFromCipherStream(byte[] bArr, Cipher cipher) throws IOException {
        return readFromCipherStream(bArr, 0, bArr.length, cipher);
    }

    private byte[] readFromCipherStream(byte[] bArr, int i, int i2, Cipher cipher) throws IOException {
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr, i, i2), cipher);
        Throwable th = null;
        try {
            try {
                byte[] bArr2 = new byte[512];
                int i3 = 0;
                while (true) {
                    int read = cipherInputStream.read(bArr2, i3, bArr2.length - i3);
                    if (read == -1) {
                        break;
                    }
                    i3 += read;
                    if (i3 == bArr2.length) {
                        byte[] bArr3 = bArr2;
                        bArr2 = new byte[bArr2.length + 512];
                        System.arraycopy(bArr3, 0, bArr2, 0, bArr3.length);
                    }
                }
                byte[] bArr4 = new byte[i3];
                System.arraycopy(bArr2, 0, bArr4, 0, i3);
                if (cipherInputStream != null) {
                    if (0 != 0) {
                        try {
                            cipherInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        cipherInputStream.close();
                    }
                }
                return bArr4;
            } finally {
            }
        } catch (Throwable th3) {
            if (cipherInputStream != null) {
                if (th != null) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    cipherInputStream.close();
                }
            }
            throw th3;
        }
    }
}
