package org.ballerinalang.stdlib.crypto;

import io.ballerina.runtime.api.ErrorCreator;
import io.ballerina.runtime.api.StringUtils;
import io.ballerina.runtime.api.ValueCreator;
import io.ballerina.runtime.api.values.BError;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:org/ballerinalang/stdlib/crypto/CryptoUtils.class */
public class CryptoUtils {
    private static final Pattern varPattern = Pattern.compile("\\$\\{([^}]*)}");
    private static final int[] VALID_GCM_TAG_SIZES = {32, 63, 96, 104, 112, 120, 128};
    private static final int[] VALID_AES_KEY_SIZES = {16, 24, 32};

    /* loaded from: input_file:org/ballerinalang/stdlib/crypto/CryptoUtils$CipherMode.class */
    public enum CipherMode {
        ENCRYPT,
        DECRYPT
    }

    private CryptoUtils() {
    }

    public static byte[] hmac(String str, byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
            Mac mac = Mac.getInstance(str);
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw createError("Error occurred while calculating HMAC: " + e.getMessage());
        }
    }

    public static byte[] hash(String str, byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw createError("Error occurred while calculating hash: " + e.getMessage());
        }
    }

    public static Object sign(String str, PrivateKey privateKey, byte[] bArr) {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(privateKey);
            signature.update(bArr);
            return ValueCreator.createArrayValue(signature.sign());
        } catch (InvalidKeyException e) {
            return createError("Uninitialized private key: " + e.getMessage());
        } catch (NoSuchAlgorithmException | SignatureException e2) {
            throw createError("Error occurred while calculating signature: " + e2.getMessage());
        }
    }

    public static Object verify(String str, PublicKey publicKey, byte[] bArr, byte[] bArr2) {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            signature.update(bArr);
            return Boolean.valueOf(signature.verify(bArr2));
        } catch (InvalidKeyException e) {
            return createError("Uninitialized public key: " + e.getMessage());
        } catch (NoSuchAlgorithmException | SignatureException e2) {
            throw createError("Error occurred while calculating signature: " + e2.getMessage());
        }
    }

    public static BError createError(String str) {
        return ErrorCreator.createDistinctError("CryptoError", Constants.CRYPTO_PACKAGE_ID, StringUtils.fromString(str));
    }

    public static Object rsaEncryptDecrypt(CipherMode cipherMode, String str, String str2, Key key, byte[] bArr, byte[] bArr2, long j) {
        try {
            try {
                String transformAlgorithmMode = transformAlgorithmMode(str);
                String transformAlgorithmPadding = transformAlgorithmPadding(str2);
                if (j != -1 && Arrays.stream(VALID_GCM_TAG_SIZES).noneMatch(i -> {
                    return j == ((long) i);
                })) {
                    return createError("Valid tag sizes are: " + Arrays.toString(VALID_GCM_TAG_SIZES));
                }
                AlgorithmParameterSpec buildParameterSpec = buildParameterSpec(transformAlgorithmMode, bArr2, (int) j);
                Cipher cipher = Cipher.getInstance("RSA/" + transformAlgorithmMode + "/" + transformAlgorithmPadding);
                initCipher(cipher, cipherMode, key, buildParameterSpec);
                return ValueCreator.createArrayValue(cipher.doFinal(bArr));
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | BError e) {
                return createError("Error occurred while RSA encrypt/decrypt: " + e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            return createError("Unsupported algorithm: RSA " + str + " " + str2 + ": " + e2.getMessage());
        } catch (NoSuchPaddingException e3) {
            return createError("Unsupported padding scheme defined in the algorithm: RSA " + str + " " + str2 + ": " + e3.getMessage());
        }
    }

    public static Object aesEncryptDecrypt(CipherMode cipherMode, String str, String str2, byte[] bArr, byte[] bArr2, byte[] bArr3, long j) {
        try {
            try {
                if (Arrays.stream(VALID_AES_KEY_SIZES).noneMatch(i -> {
                    return i == bArr.length;
                })) {
                    return createError("Invalid key size. valid key sizes in bytes: " + Arrays.toString(VALID_AES_KEY_SIZES));
                }
                String transformAlgorithmMode = transformAlgorithmMode(str);
                String transformAlgorithmPadding = transformAlgorithmPadding(str2);
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, Constants.AES);
                if (j != -1 && Arrays.stream(VALID_GCM_TAG_SIZES).noneMatch(i2 -> {
                    return ((long) i2) == j;
                })) {
                    return createError("Invalid tag size. valid tag sizes in bytes: " + Arrays.toString(VALID_GCM_TAG_SIZES));
                }
                AlgorithmParameterSpec buildParameterSpec = buildParameterSpec(transformAlgorithmMode, bArr3, (int) j);
                Cipher cipher = Cipher.getInstance("AES/" + transformAlgorithmMode + "/" + transformAlgorithmPadding);
                initCipher(cipher, cipherMode, secretKeySpec, buildParameterSpec);
                return ValueCreator.createArrayValue(cipher.doFinal(bArr2));
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | BError e) {
                return createError("Error occurred while AES encrypt/decrypt: " + e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            return createError("Unsupported algorithm: AES " + str + " " + str2 + ": " + e2.getMessage());
        } catch (NoSuchPaddingException e3) {
            return createError("Unsupported padding scheme defined in  the algorithm: AES " + str + " " + str2 + ": " + e3.getMessage());
        }
    }

    private static void initCipher(Cipher cipher, CipherMode cipherMode, Key key, AlgorithmParameterSpec algorithmParameterSpec) throws InvalidKeyException, InvalidAlgorithmParameterException {
        switch (cipherMode) {
            case ENCRYPT:
                if (algorithmParameterSpec == null) {
                    cipher.init(1, key);
                    return;
                } else {
                    cipher.init(1, key, algorithmParameterSpec);
                    return;
                }
            case DECRYPT:
                if (algorithmParameterSpec == null) {
                    cipher.init(2, key);
                    return;
                } else {
                    cipher.init(2, key, algorithmParameterSpec);
                    return;
                }
            default:
                return;
        }
    }

    private static AlgorithmParameterSpec buildParameterSpec(String str, byte[] bArr, int i) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 66500:
                if (str.equals(Constants.CBC)) {
                    z = true;
                    break;
                }
                break;
            case 68452:
                if (str.equals(Constants.ECB)) {
                    z = 2;
                    break;
                }
                break;
            case 70385:
                if (str.equals(Constants.GCM)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (bArr == null) {
                    throw createError("GCM mode requires 16 byte IV");
                }
                return new GCMParameterSpec(i, bArr);
            case true:
                if (bArr == null) {
                    throw createError("CBC mode requires 16 byte IV");
                }
                return new IvParameterSpec(bArr);
            case true:
                if (bArr != null) {
                    throw createError("ECB mode cannot use IV");
                }
                return null;
            default:
                return null;
        }
    }

    private static String transformAlgorithmMode(String str) throws BError {
        if (str.equals(Constants.CBC) || str.equals(Constants.ECB) || str.equals(Constants.GCM)) {
            return str;
        }
        throw createError("Unsupported mode: " + str);
    }

    private static String transformAlgorithmPadding(String str) throws BError {
        String str2;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1356423948:
                if (str.equals("OAEPWithSHA1AndMGF1")) {
                    z = 3;
                    break;
                }
                break;
            case -969432494:
                if (str.equals("OAEPWithSHA256AndMGF1")) {
                    z = 4;
                    break;
                }
                break;
            case -88101023:
                if (str.equals("OAEPwithMD5andMGF1")) {
                    z = 2;
                    break;
                }
                break;
            case 2402104:
                if (str.equals("NONE")) {
                    z = 7;
                    break;
                }
                break;
            case 76183014:
                if (str.equals("PKCS1")) {
                    z = false;
                    break;
                }
                break;
            case 76183018:
                if (str.equals("PKCS5")) {
                    z = true;
                    break;
                }
                break;
            case 1502555894:
                if (str.equals("OAEPwithSHA384andMGF1")) {
                    z = 5;
                    break;
                }
                break;
            case 1686154863:
                if (str.equals("OAEPwithSHA512andMGF1")) {
                    z = 6;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                str2 = "PKCS1Padding";
                break;
            case true:
                str2 = "PKCS5Padding";
                break;
            case true:
                str2 = "OAEPWithMD5AndMGF1Padding";
                break;
            case true:
                str2 = "OAEPWithSHA-1AndMGF1Padding";
                break;
            case true:
                str2 = "OAEPWithSHA-256AndMGF1Padding";
                break;
            case true:
                str2 = "OAEPWithSHA-384AndMGF1Padding";
                break;
            case true:
                str2 = "OAEPWithSHA-512AndMGF1Padding";
                break;
            case true:
                str2 = "NoPadding";
                break;
            default:
                throw createError("Unsupported padding: " + str);
        }
        return str2;
    }

    public static String substituteVariables(String str) {
        Matcher matcher = varPattern.matcher(str);
        if (!matcher.find()) {
            return str;
        }
        StringBuffer stringBuffer = new StringBuffer();
        do {
            String group = matcher.group(1);
            String systemVariableValue = getSystemVariableValue(group, null);
            if (systemVariableValue == null || systemVariableValue.length() == 0) {
                throw new RuntimeException("System property " + group + " is not specified");
            }
            matcher.appendReplacement(stringBuffer, systemVariableValue.replace("\\", "\\\\"));
        } while (matcher.find());
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    private static String getSystemVariableValue(String str, String str2) {
        return System.getProperty(str) != null ? System.getProperty(str) : System.getenv(str) != null ? System.getenv(str) : str2;
    }
}
