package com.gitlab.credit_reference_platform.crp.gateway.encryption.utils;

import com.gitlab.credit_reference_platform.crp.gateway.encryption.exception.EncryptionException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/crp-gateway-encryption-2.0.0.jar:com/gitlab/credit_reference_platform/crp/gateway/encryption/utils/CRPEncryptionUtils.class */
public class CRPEncryptionUtils {
    public static final String SYM_KEY_ENC_CIPHER_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
    public static final String MAC_ALGORITHM = "HmacSHA256";
    public static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    public static final String KEY_ALGORITHM = "AES";
    public static final int KEY_LENGTH = 32;
    public static final int IV_LENGTH = 16;
    public static final String SALTED_PREFIX = "Salted__";
    private static final SecureRandom random = new SecureRandom();

    private CRPEncryptionUtils() {
    }

    public static byte[] generatePassphraseForSymmetricKey() {
        return Base64.getEncoder().encode(random.generateSeed(16));
    }

    public static String encryptSymKeyAndBase64Encode(Key key, byte[] bArr) {
        if (key == null) {
            throw new EncryptionException("The secret key for encryption cannot be null");
        }
        if (bArr == null || bArr.length <= 0) {
            throw new EncryptionException("The symmetric key for encryption cannot be empty");
        }
        try {
            Cipher cipher = Cipher.getInstance(SYM_KEY_ENC_CIPHER_ALGORITHM);
            cipher.init(1, key);
            return Base64.getEncoder().encodeToString(cipher.doFinal(bArr));
        } catch (Throwable th) {
            throw new EncryptionException("Unable to encrypt the symmetric key", th);
        }
    }

    public static byte[] base64DecodeAndDecryptSymKey(Key key, String str) {
        if (key == null) {
            throw new EncryptionException("The secret key for decryption cannot be null");
        }
        if (!StringUtils.hasText(str)) {
            throw new EncryptionException("The encodedEncryptedSymKey for decryption cannot be empty");
        }
        byte[] decode = Base64.getDecoder().decode(str);
        try {
            Cipher cipher = Cipher.getInstance(SYM_KEY_ENC_CIPHER_ALGORITHM);
            cipher.init(2, key);
            return cipher.doFinal(decode);
        } catch (Throwable th) {
            throw new EncryptionException("Unable to decrypt the symmetric key", th);
        }
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return new byte[0];
        }
        if (bArr == null || bArr.length <= 0) {
            throw new EncryptionException("The encryption passphrase cannot be empty");
        }
        byte[] generateSeed = random.generateSeed(8);
        byte[] makePBKDF2Key = makePBKDF2Key(bArr, generateSeed);
        SecretKeySpec secretKeySpec = new SecretKeySpec(makePBKDF2Key, 0, 32, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(makePBKDF2Key, 32, 16);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(1, secretKeySpec, ivParameterSpec);
            byte[] doFinal = cipher.doFinal(bArr2);
            if (generateSeed.length <= 0) {
                return doFinal;
            }
            byte[] bArr3 = new byte[16 + doFinal.length];
            System.arraycopy(SALTED_PREFIX.getBytes(), 0, bArr3, 0, 8);
            System.arraycopy(generateSeed, 0, bArr3, 8, 8);
            System.arraycopy(doFinal, 0, bArr3, 16, doFinal.length);
            return bArr3;
        } catch (Throwable th) {
            throw new EncryptionException("Unable to encrypt the raw content", th);
        }
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null) {
            return new byte[0];
        }
        if (bArr == null || bArr.length <= 0) {
            throw new EncryptionException("The decryption passphrase cannot be empty");
        }
        byte[] extractSalt = extractSalt(bArr2);
        boolean z = extractSalt.length > 0;
        byte[] makePBKDF2Key = makePBKDF2Key(bArr, extractSalt);
        SecretKeySpec secretKeySpec = new SecretKeySpec(makePBKDF2Key, 0, 32, "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(makePBKDF2Key, 32, 16);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return z ? cipher.doFinal(bArr2, 16, bArr2.length - 16) : cipher.doFinal(bArr2);
        } catch (Throwable th) {
            throw new EncryptionException("Unable to decrypt the encrypted content", th);
        }
    }

    private static byte[] extractSalt(byte[] bArr) {
        return (bArr.length < 16 || !SALTED_PREFIX.equals(new String(Arrays.copyOfRange(bArr, 0, 8)))) ? new byte[0] : Arrays.copyOfRange(bArr, 8, 16);
    }

    private static byte[] makePBKDF2Key(byte[] bArr, byte[] bArr2) {
        return makeKey("HmacSHA256", bArr, bArr2, 10000, 48);
    }

    private static byte[] makeKey(String str, byte[] bArr, byte[] bArr2, int i, int i2) {
        byte b;
        if (bArr == null || bArr.length <= 0) {
            throw new EncryptionException("passphrase cannot be empty for calculating the encryption key");
        }
        try {
            byte[] bArr3 = new byte[i2];
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "HmacSHA256"));
            byte[] copyOf = Arrays.copyOf(bArr2, bArr2.length + 4);
            while (i2 > 0) {
                int length = copyOf.length;
                do {
                    length--;
                    if (length < copyOf.length - 4) {
                        break;
                    }
                    b = (byte) (copyOf[length] + 1);
                    copyOf[length] = b;
                } while (b == 0);
                byte[] bArr4 = copyOf;
                byte[] bArr5 = new byte[mac.getMacLength()];
                for (int i3 = 1; i3 <= i; i3++) {
                    bArr4 = mac.doFinal(bArr4);
                    for (int i4 = 0; i4 < bArr5.length; i4++) {
                        int i5 = i4;
                        bArr5[i5] = (byte) (bArr5[i5] ^ bArr4[i4]);
                    }
                }
                int min = Math.min(i2, bArr5.length);
                System.arraycopy(bArr5, 0, bArr3, bArr3.length - i2, min);
                i2 -= min;
            }
            return bArr3;
        } catch (Throwable th) {
            throw new EncryptionException("Unable to calculate the encryption key from passphrase", th);
        }
    }
}
