package org.wildfly.security.encryption;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.wildfly.common.Assert;
import org.wildfly.common.codec.DecodeException;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.x500.cert.acme.Acme;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-encryption-1.19.0.Final.jar:org/wildfly/security/encryption/CipherUtil.class */
public class CipherUtil {
    private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";

    public static String encrypt(String str, SecretKey secretKey) throws GeneralSecurityException {
        Assert.checkNotNullParam("clearText", str);
        Assert.checkNotNullParam("secretKey", secretKey);
        return ByteIterator.ofBytes(encrypt(str.getBytes(StandardCharsets.UTF_8), secretKey)).base64Encode().drainToString();
    }

    public static byte[] encrypt(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
        Assert.checkNotNullParam("clearBytes", bArr);
        Assert.checkNotNullParam("secretKey", secretKey);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(1, secretKey);
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] iv = cipher.getIV();
        byte[] bArr2 = new byte[iv.length + doFinal.length + 6];
        bArr2[0] = 69;
        bArr2[1] = 76;
        bArr2[2] = 89;
        bArr2[3] = 1;
        bArr2[4] = 67;
        bArr2[5] = (byte) iv.length;
        System.arraycopy(iv, 0, bArr2, 6, iv.length);
        System.arraycopy(doFinal, 0, bArr2, 6 + iv.length, doFinal.length);
        return bArr2;
    }

    public static String decrypt(String str, SecretKey secretKey) throws GeneralSecurityException {
        Assert.checkNotNullParam("secretKey", secretKey);
        try {
            return new String(decrypt(CodePointIterator.ofString((String) Assert.checkNotNullParam(Acme.TOKEN, str)).base64Decode(), secretKey), StandardCharsets.UTF_8);
        } catch (DecodeException e) {
            throw ElytronMessages.log.unableToDecodeBase64Token(e);
        }
    }

    public static byte[] decrypt(byte[] bArr, SecretKey secretKey) throws GeneralSecurityException {
        Assert.checkNotNullParam("secretKey", secretKey);
        try {
            return decrypt(ByteIterator.ofBytes(bArr), secretKey);
        } catch (DecodeException e) {
            throw ElytronMessages.log.unableToDecodeBase64Token(e);
        }
    }

    private static byte[] decrypt(ByteIterator byteIterator, SecretKey secretKey) throws GeneralSecurityException {
        byte[] drain = byteIterator.drain(5);
        if (drain.length < 4 || drain[0] != 69 || drain[1] != 76 || drain[2] != 89) {
            throw ElytronMessages.log.badKeyPrefix();
        }
        if (drain[3] != 1) {
            throw ElytronMessages.log.unsupportedVersion(drain[3], 1);
        }
        if (drain[4] != 67) {
            throw ElytronMessages.log.unexpectedTokenType(Common.toName((char) drain[4]), "CipherText");
        }
        byte[] drain2 = byteIterator.drain(byteIterator.next());
        byte[] drain3 = byteIterator.drain();
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(2, secretKey, new IvParameterSpec(drain2));
        return cipher.doFinal(drain3);
    }
}
