package io.confluent.oidc.encryption;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/confluent/oidc/encryption/AESGCMEncryption.class */
public class AESGCMEncryption {
    private static final String ENCRYPT_ALGO = "AES/GCM/NoPadding";
    private static final int TAG_LENGTH_BIT = 128;
    private static final int KEY_LENGTH = 256;
    private static final int SALT_LENGTH_BYTE = 16;
    private static final int KDF_ITERATIONS = 10000;
    private static final int IV_LENGTH_BYTE = 12;
    private static final Charset UTF_8 = StandardCharsets.UTF_8;
    private final SecureRandom secureRandom = new SecureRandom();

    private synchronized byte[] getRandomNonce(int i) {
        byte[] bArr = new byte[i];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    private SecretKey getAESKey(PrivateKey privateKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512").generateSecret(new PBEKeySpec(Arrays.toString(privateKey.getEncoded()).toCharArray(), bArr, 10000, 256)).getEncoded(), "AES");
    }

    public String encrypt(String str, PrivateKey privateKey) throws NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, InvalidKeySpecException, ShortBufferException {
        byte[] randomNonce = getRandomNonce(12);
        byte[] randomNonce2 = getRandomNonce(16);
        SecretKey aESKey = getAESKey(privateKey, randomNonce2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, aESKey, new GCMParameterSpec(128, randomNonce));
        cipher.updateAAD(randomNonce);
        byte[] doFinal = cipher.doFinal(str.getBytes(UTF_8));
        return Base64.getEncoder().encodeToString(ByteBuffer.allocate(randomNonce.length + randomNonce2.length + doFinal.length).put(randomNonce).put(randomNonce2).put(doFinal).array());
    }

    public String decrypt(String str, PrivateKey privateKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException {
        ByteBuffer wrap = ByteBuffer.wrap(Base64.getDecoder().decode(str));
        byte[] bArr = new byte[12];
        byte[] bArr2 = new byte[16];
        wrap.get(bArr);
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        SecretKey aESKey = getAESKey(privateKey, bArr2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, aESKey, new GCMParameterSpec(128, bArr));
        cipher.updateAAD(bArr);
        return new String(cipher.doFinal(bArr3), StandardCharsets.UTF_8);
    }
}
