package com.ulisesbocchio.jasyptspringboot.encryptor;

import com.ulisesbocchio.jasyptspringboot.util.Singleton;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.jasypt.encryption.ByteEncryptor;
import org.jasypt.iv.IvGenerator;
import org.jasypt.salt.SaltGenerator;
import org.springframework.core.io.Resource;
import org.springframework.util.Assert;
import org.springframework.util.FileCopyUtils;

/* loaded from: input_file:com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMByteEncryptor.class */
public class SimpleGCMByteEncryptor implements ByteEncryptor {
    public static final int AES_KEY_SIZE = 256;
    public static final int AES_KEY_PASSWORD_SALT_LENGTH = 16;
    public static final int GCM_IV_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 128;
    private final Singleton<SecretKey> key;
    private final String algorithm;
    private final Singleton<IvGenerator> ivGenerator;

    public byte[] encrypt(byte[] bArr) {
        byte[] generateIv = this.ivGenerator.get().generateIv(12);
        Cipher cipher = Cipher.getInstance(this.algorithm);
        cipher.init(1, this.key.get(), new GCMParameterSpec(GCM_TAG_LENGTH, generateIv));
        byte[] doFinal = cipher.doFinal(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(12 + doFinal.length);
        allocate.put(generateIv);
        allocate.put(doFinal);
        return allocate.array();
    }

    public byte[] decrypt(byte[] bArr) {
        Cipher cipher = Cipher.getInstance(this.algorithm);
        cipher.init(2, this.key.get(), new GCMParameterSpec(GCM_TAG_LENGTH, bArr, 0, 12));
        return cipher.doFinal(bArr, 12, bArr.length - 12);
    }

    private SecretKey loadSecretKey(SimpleGCMConfig simpleGCMConfig) {
        if (simpleGCMConfig.getActualKey() != null) {
            return simpleGCMConfig.getActualKey();
        }
        if (simpleGCMConfig.getSecretKeyPassword() == null) {
            Assert.state((simpleGCMConfig.getSecretKey() == null && simpleGCMConfig.getSecretKeyResource() == null && simpleGCMConfig.getSecretKeyLocation() == null) ? false : true, "No key provided");
            return loadSecretKeyFromResource(simpleGCMConfig.loadSecretKeyResource());
        }
        Assert.notNull(simpleGCMConfig.getSecretKeySaltGenerator(), "Secret key Salt must be provided with password");
        Assert.notNull(simpleGCMConfig.getSecretKeyAlgorithm(), "Secret key algorithm must be provided with password");
        return getAESKeyFromPassword(simpleGCMConfig.getSecretKeyPasswordChars(), simpleGCMConfig.getSecretKeySaltGenerator(), simpleGCMConfig.getSecretKeyIterations(), simpleGCMConfig.getSecretKeyAlgorithm());
    }

    private byte[] getResourceBytes(Resource resource) {
        return FileCopyUtils.copyToByteArray(resource.getInputStream());
    }

    private SecretKey loadSecretKeyFromResource(Resource resource) {
        return new SecretKeySpec(Base64.getDecoder().decode(getResourceBytes(resource)), "AES");
    }

    public static SecretKey generateSecretKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(AES_KEY_SIZE, SecureRandom.getInstanceStrong());
        return keyGenerator.generateKey();
    }

    public static String generateBase64EncodedSecretKey() {
        return Base64.getEncoder().encodeToString(generateSecretKey().getEncoded());
    }

    public static SecretKey getAESKeyFromPassword(char[] cArr, SaltGenerator saltGenerator, int i, String str) {
        return new SecretKeySpec(SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, saltGenerator.generateSalt(16), i, AES_KEY_SIZE)).getEncoded(), "AES");
    }

    public SimpleGCMByteEncryptor(SimpleGCMConfig simpleGCMConfig) {
        this.key = Singleton.from(this::loadSecretKey, simpleGCMConfig);
        Objects.requireNonNull(simpleGCMConfig);
        this.ivGenerator = Singleton.from(simpleGCMConfig::getActualIvGenerator);
        this.algorithm = simpleGCMConfig.getAlgorithm();
    }
}
