package io.gravitee.am.common.crypto;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/am/common/crypto/CryptoUtils.class */
public class CryptoUtils {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(CryptoUtils.class);
    private static final String CIPHER = "AES/GCM/NoPadding";
    public static final int GCM_TAG_BITS = 128;
    public static final int PBKDF2_ITERATION_COUNT = 600000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/gravitee/am/common/crypto/CryptoUtils$EncryptedData.class */
    public static final class EncryptedData {
        private final byte[] iv;
        private final byte[] ciphertext;

        @Generated
        public EncryptedData(byte[] bArr, byte[] bArr2) {
            this.iv = bArr;
            this.ciphertext = bArr2;
        }
    }

    public static String encrypt(String str, Key key) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        EncryptedData doEncrypt = doEncrypt(str, deriveKey(key, bArr));
        return encodeBase64(bArr) + "$" + encodeBase64(doEncrypt.iv) + "$" + encodeBase64(doEncrypt.ciphertext);
    }

    public static String decrypt(String str, Key key) {
        int indexOf = str.indexOf("$");
        int indexOf2 = str.indexOf("$", indexOf + 1);
        if (indexOf == -1 || indexOf2 == -1) {
            throw new IllegalArgumentException("Cannot decrypt: malformed input");
        }
        byte[] decodeBase64 = decodeBase64(str.substring(0, indexOf));
        byte[] decodeBase642 = decodeBase64(str.substring(indexOf + 1, indexOf2));
        byte[] decodeBase643 = decodeBase64(str.substring(indexOf2 + 1));
        try {
            Cipher cipher = Cipher.getInstance(CIPHER);
            cipher.init(2, deriveKey(key, decodeBase64), new GCMParameterSpec(GCM_TAG_BITS, decodeBase642));
            return new String(cipher.doFinal(decodeBase643));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException("Unable to decrypt data", e);
        } catch (Exception e2) {
            String uuid = UUID.randomUUID().toString();
            log.error("Error decrypting data (errorId={})", uuid, e2);
            throw new RuntimeException("[errorId=%s] Error decrypting data".formatted(uuid));
        }
    }

    private static EncryptedData doEncrypt(String str, SecretKey secretKey) {
        try {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(GCM_TAG_BITS, bArr);
            Cipher cipher = Cipher.getInstance(CIPHER);
            cipher.init(1, secretKey, gCMParameterSpec);
            return new EncryptedData(bArr, cipher.doFinal(str.getBytes()));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException("Unable to encrypt data", e);
        } catch (Exception e2) {
            String uuid = UUID.randomUUID().toString();
            log.error("Error decrypting data (errorId={})", uuid, e2);
            throw new RuntimeException("[errorId=%s] Error decrypting data".formatted(uuid));
        }
    }

    private static SecretKey deriveKey(Key key, byte[] bArr) {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(new String(key.getEncoded()).toCharArray(), bArr, PBKDF2_ITERATION_COUNT, 256)).getEncoded(), "AES");
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException("Unable to generate encryption key", e);
        }
    }

    private static String encodeBase64(byte[] bArr) {
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    private static byte[] decodeBase64(String str) {
        return Base64.getUrlDecoder().decode(str);
    }
}
