package org.ballerinalang.config.cipher;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ballerinalang/config/cipher/AESCipherTool.class */
public class AESCipherTool {
    private static final Logger log = LoggerFactory.getLogger(AESCipherTool.class);
    private static final String ALGORITHM_AES_CBC_PKCS5 = "AES/CBC/PKCS5Padding";
    private static final String ALGORITHM_AES = "AES";
    private static final String ALGORITHM_SHA_256 = "SHA-256";
    private static final int IV_SIZE = 16;
    private static final int SECRET_KEY_LENGTH = 16;
    private final SecretKey secretKey;
    private final SecureRandom secureRandom;

    public AESCipherTool(String str) throws AESCipherToolException {
        this.secretKey = new SecretKeySpec(getSHA256Key(str, 16), ALGORITHM_AES);
        this.secureRandom = new SecureRandom();
    }

    public AESCipherTool(Path path) throws IOException, AESCipherToolException {
        List<String> readAllLines = Files.readAllLines(path, StandardCharsets.UTF_8);
        Files.deleteIfExists(path);
        if (readAllLines.size() > 1) {
            throw new AESCipherToolException("Multi-line user secrets not allowed");
        }
        this.secretKey = new SecretKeySpec(getSHA256Key(readAllLines.get(0), 16), ALGORITHM_AES);
        this.secureRandom = new SecureRandom();
    }

    public String encrypt(String str) throws AESCipherToolException {
        try {
            byte[] secureRandomBytes = getSecureRandomBytes();
            IvParameterSpec ivParameterSpec = new IvParameterSpec(secureRandomBytes);
            Cipher cipher = Cipher.getInstance(ALGORITHM_AES_CBC_PKCS5);
            cipher.init(1, this.secretKey, ivParameterSpec);
            return encodeBase64(appendByteArrays(secureRandomBytes, cipher.doFinal(getBytes(str))));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            log.error("Failed to encrypt value: " + str, e);
            throw new AESCipherToolException(e.getMessage(), e);
        }
    }

    public String decrypt(String str) throws AESCipherToolException {
        try {
            byte[] decodeBase64 = decodeBase64(str);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(Arrays.copyOfRange(decodeBase64, 0, 16));
            Cipher cipher = Cipher.getInstance(ALGORITHM_AES_CBC_PKCS5);
            cipher.init(2, this.secretKey, ivParameterSpec);
            return new String(cipher.doFinal(Arrays.copyOfRange(decodeBase64, 16, decodeBase64.length)), StandardCharsets.UTF_8);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            log.error("Failed to decrypt value: " + str, e);
            throw new AESCipherToolException(e.getMessage(), e);
        }
    }

    private byte[] appendByteArrays(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private byte[] getSecureRandomBytes() {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    private byte[] getSHA256Key(String str, int i) throws AESCipherToolException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(ALGORITHM_SHA_256);
            messageDigest.update(getBytes(str));
            byte[] bArr = new byte[i];
            System.arraycopy(messageDigest.digest(), 0, bArr, 0, bArr.length);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            log.error("Failed to generate SHA256 digest for: " + str, e);
            throw new AESCipherToolException(e.getMessage(), e);
        }
    }

    private String encodeBase64(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    private byte[] decodeBase64(String str) {
        return Base64.getDecoder().decode(getBytes(str));
    }

    private byte[] getBytes(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }
}
