package io.helidon.common.crypto;

import io.helidon.common.Base64Value;
import io.helidon.common.LazyValue;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.ChaCha20ParameterSpec;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/helidon/common/crypto/SymmetricCipher.class */
public class SymmetricCipher implements CommonCipher {
    public static final String ALGORITHM_AES_CBC = "AES/CBC/PKCS5Padding";
    public static final String ALGORITHM_AES_CTR = "AES/CTR/NoPadding";
    public static final String ALGORITHM_AES_GCM = "AES/GCM/NoPadding";
    public static final String ALGORITHM_CHA_CHA = "ChaCha20";
    public static final String ALGORITHM_CHA_CHA_POLY1305 = "ChaCha20-Poly1305";
    private static final LazyValue<SecureRandom> SECURE_RANDOM = LazyValue.create(SecureRandom::new);
    private static final Pattern PATTERN_ALGORITHM = Pattern.compile("^(\\S+)/\\S+/\\S+$");
    private static final int SALT_LENGTH = 16;
    private final String algorithm;
    private final String provider;
    private final char[] password;
    private final int keySize;
    private final int numberOfIterations;

    /* loaded from: input_file:io/helidon/common/crypto/SymmetricCipher$Builder.class */
    public static class Builder implements io.helidon.common.Builder<SymmetricCipher> {
        private String algorithm = SymmetricCipher.ALGORITHM_AES_GCM;
        private String provider = null;
        private Integer numberOfIterations = 10000;
        private Integer keySize = 256;
        private char[] password;

        private Builder() {
        }

        public Builder algorithm(String str) {
            this.algorithm = (String) Objects.requireNonNull(str, "Algorithm cannot be null");
            return this;
        }

        public Builder provider(String str) {
            this.provider = str;
            return this;
        }

        public Builder password(char[] cArr) {
            Objects.requireNonNull(cArr, "Password cannot be null");
            this.password = (char[]) cArr.clone();
            return this;
        }

        public Builder keySize(int i) {
            this.keySize = Integer.valueOf(i);
            return this;
        }

        public Builder numberOfIterations(int i) {
            this.numberOfIterations = Integer.valueOf(i);
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public SymmetricCipher m6build() {
            if (this.password == null) {
                throw new CryptoException("Password has to be specified.");
            }
            return new SymmetricCipher(this);
        }
    }

    private SymmetricCipher(Builder builder) {
        this.algorithm = builder.algorithm;
        this.provider = builder.provider;
        this.password = builder.password;
        this.keySize = builder.keySize.intValue();
        this.numberOfIterations = builder.numberOfIterations.intValue();
    }

    public static Builder builder() {
        return new Builder();
    }

    public static SymmetricCipher create(char[] cArr) {
        return new Builder().password(cArr).m6build();
    }

    public static Base64Value encrypt(String str, byte[] bArr, byte[] bArr2, Base64Value base64Value) {
        return encrypt(str, (String) null, bArr, bArr2, base64Value);
    }

    public static Base64Value encrypt(String str, String str2, byte[] bArr, byte[] bArr2, Base64Value base64Value) {
        Objects.requireNonNull(str, "Algorithm cannot be null");
        Objects.requireNonNull(bArr2, "Initialization vector cannot be null");
        return encrypt(str, str2, bArr, createAlgorithmParameter(str, bArr2), base64Value);
    }

    public static Base64Value encrypt(String str, String str2, byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec, Base64Value base64Value) {
        Objects.requireNonNull(str, "Algorithm cannot be null");
        Objects.requireNonNull(bArr, "Key cannot be null");
        Objects.requireNonNull(algorithmParameterSpec, "Algorithm parameters cannot be null");
        Objects.requireNonNull(base64Value, "Plain content cannot be null");
        try {
            return Base64Value.create(cipher(str, str2, bArr, algorithmParameterSpec, 1).doFinal(base64Value.toBytes()));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoException("Failed to encrypt the message", e);
        }
    }

    public static Base64Value decrypt(String str, byte[] bArr, byte[] bArr2, Base64Value base64Value) {
        return decrypt(str, (String) null, bArr, bArr2, base64Value);
    }

    public static Base64Value decrypt(String str, String str2, byte[] bArr, byte[] bArr2, Base64Value base64Value) {
        Objects.requireNonNull(str, "Algorithm cannot be null");
        Objects.requireNonNull(bArr2, "Initialization vector cannot be null");
        return decrypt(str, str2, bArr, createAlgorithmParameter(str, bArr2), base64Value);
    }

    public static Base64Value decrypt(String str, String str2, byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec, Base64Value base64Value) {
        Objects.requireNonNull(str, "Algorithm cannot be null");
        Objects.requireNonNull(bArr, "Key cannot be null");
        Objects.requireNonNull(base64Value, "Encrypted content cannot be null");
        try {
            return Base64Value.create(cipher(str, str2, bArr, algorithmParameterSpec, 2).doFinal(base64Value.toBytes()));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoException("Failed to decrypt the message", e);
        }
    }

    private static Cipher cipher(String str, String str2, byte[] bArr, AlgorithmParameterSpec algorithmParameterSpec, int i) {
        try {
            Matcher matcher = PATTERN_ALGORITHM.matcher(str);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, matcher.matches() ? matcher.group(1) : str);
            Cipher cipher = str2 == null ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            if (algorithmParameterSpec == null) {
                cipher.init(i, secretKeySpec);
            } else {
                cipher.init(i, secretKeySpec, algorithmParameterSpec);
            }
            return cipher;
        } catch (Exception e) {
            throw new CryptoException("Failed to prepare a cipher instance", e);
        }
    }

    private static AlgorithmParameterSpec createAlgorithmParameter(String str, byte[] bArr) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 403528690:
                if (str.equals(ALGORITHM_AES_GCM)) {
                    z = false;
                    break;
                }
                break;
            case 1457374398:
                if (str.equals(ALGORITHM_CHA_CHA)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new GCMParameterSpec(128, bArr);
            case true:
                return new ChaCha20ParameterSpec(bArr, 1);
            default:
                return new IvParameterSpec(bArr);
        }
    }

    @Override // io.helidon.common.crypto.CommonCipher
    public Base64Value encrypt(Base64Value base64Value) {
        Objects.requireNonNull(base64Value, "Plain content cannot be null");
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                try {
                    byte[] bArr = new byte[SALT_LENGTH];
                    ((SecureRandom) SECURE_RANDOM.get()).nextBytes(bArr);
                    Cipher cipher = cipher(this.algorithm, this.provider, PasswordKeyDerivation.deriveKey(this.password, bArr, this.numberOfIterations, this.keySize), null, 1);
                    byte[] iv = cipher.getIV();
                    byteArrayOutputStream.writeBytes(bArr);
                    dataOutputStream.writeInt(iv.length);
                    byteArrayOutputStream.writeBytes(iv);
                    byteArrayOutputStream.writeBytes(cipher.doFinal(base64Value.toBytes()));
                    Base64Value create = Base64Value.create(byteArrayOutputStream.toByteArray());
                    dataOutputStream.close();
                    byteArrayOutputStream.close();
                    return create;
                } catch (Throwable th) {
                    try {
                        dataOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException | BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptoException("An error occurred while message encryption", e);
        }
    }

    @Override // io.helidon.common.crypto.CommonCipher
    public Base64Value decrypt(Base64Value base64Value) {
        Objects.requireNonNull(base64Value, "Encrypted content cannot be null");
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(base64Value.toBytes());
            try {
                DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
                try {
                    byte[] readNBytes = byteArrayInputStream.readNBytes(SALT_LENGTH);
                    byte[] readNBytes2 = byteArrayInputStream.readNBytes(dataInputStream.readInt());
                    Base64Value decrypt = decrypt(this.algorithm, this.provider, PasswordKeyDerivation.deriveKey(this.password, readNBytes, this.numberOfIterations, this.keySize), readNBytes2, Base64Value.create(byteArrayInputStream.readAllBytes()));
                    dataInputStream.close();
                    byteArrayInputStream.close();
                    return decrypt;
                } catch (Throwable th) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (EOFException e) {
            throw new CryptoException("Encrypted value is not valid", e);
        } catch (IOException e2) {
            throw new CryptoException("An error occurred while message decryption", e2);
        }
    }
}
