package de.mhus.crypt.bc;

import de.mhus.crypt.api.cipher.CipherProvider;
import de.mhus.crypt.api.util.CryptUtil;
import de.mhus.lib.core.IProperties;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MLog;
import de.mhus.lib.core.MProperties;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.crypt.Blowfish;
import de.mhus.lib.core.crypt.MRandom;
import de.mhus.lib.core.crypt.pem.PemBlock;
import de.mhus.lib.core.crypt.pem.PemBlockModel;
import de.mhus.lib.core.crypt.pem.PemKey;
import de.mhus.lib.core.crypt.pem.PemKeyPair;
import de.mhus.lib.core.crypt.pem.PemPair;
import de.mhus.lib.core.crypt.pem.PemPriv;
import de.mhus.lib.core.crypt.pem.PemPub;
import de.mhus.lib.core.util.Base64;
import de.mhus.lib.errors.MException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.UUID;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.osgi.service.component.annotations.Component;

@Component(property = {"cipher=AESWITHRSA-JCE-01"})
/* loaded from: input_file:de/mhus/crypt/bc/JavaAesWithRsaCipher.class */
public class JavaAesWithRsaCipher extends MLog implements CipherProvider {
    private final String NAME = "AESwithRSA-JCE-01";
    private static final String TRANSFORMATION_RSA = "RSA/ECB/PKCS1Padding";
    private static final String ALGORITHM_RSA = "RSA";
    private static final String TRANSFORMATION_AES = "AES";
    private static final String ALGORITHM_AES = "AES";

    public PemBlock encrypt(PemPub pemPub, String str) throws MException {
        try {
            int i = pemPub.getInt("AesLength", 128);
            if (i != 128 && i != 256) {
                throw new MException(422, "AES length {1} not valid, use 128 or 256", new Object[]{Integer.valueOf(i)});
            }
            byte[] bArr = new byte[i == 128 ? 16 : 32];
            MRandom mRandom = (MRandom) M.l(MRandom.class);
            for (int i2 = 0; i2 < bArr.length; i2++) {
                bArr[i2] = mRandom.getByte();
            }
            PublicKey generatePublic = KeyFactory.getInstance(ALGORITHM_RSA).generatePublic(new X509EncodedKeySpec(pemPub.getBytesBlock()));
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_RSA);
            cipher.init(1, generatePublic);
            byte[] doFinal = cipher.doFinal(bArr, 0, bArr.length);
            byte[] bytes = str.getBytes("utf-8");
            Cipher cipher2 = Cipher.getInstance("AES");
            cipher2.init(1, new SecretKeySpec(bArr, "AES"));
            PemBlockModel pemBlockModel = new PemBlockModel("CIPHER", cipher2.doFinal(bytes));
            CryptUtil.prepareCipherOut(pemPub, pemBlockModel, getName(), "utf-8");
            pemBlockModel.setInt("AesLength", i);
            pemBlockModel.setString("AesKey", Base64.encode(doFinal));
            return pemBlockModel;
        } catch (Throwable th) {
            if (th instanceof MException) {
                throw th;
            }
            throw new MException(400, th);
        }
    }

    public String decrypt(PemPriv pemPriv, PemBlock pemBlock, String str) throws MException {
        try {
            byte[] bytesBlock = pemPriv.getBytesBlock();
            if (MString.isSet(str)) {
                bytesBlock = Blowfish.decrypt(bytesBlock, str);
            }
            PrivateKey generatePrivate = KeyFactory.getInstance(ALGORITHM_RSA).generatePrivate(new PKCS8EncodedKeySpec(bytesBlock));
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_RSA);
            cipher.init(2, generatePrivate);
            byte[] decode = Base64.decode(pemBlock.getString("AesKey"));
            byte[] doFinal = cipher.doFinal(decode, 0, decode.length);
            byte[] bytesBlock2 = pemBlock.getBytesBlock();
            Cipher cipher2 = Cipher.getInstance("AES");
            cipher2.init(2, new SecretKeySpec(doFinal, "AES"));
            return new String(cipher2.doFinal(bytesBlock2), pemBlock.getString("Encoding", "utf-8"));
        } catch (Exception e) {
            if (e instanceof MException) {
                throw e;
            }
            throw new MException(400, e);
        }
    }

    public String getName() {
        return "AESwithRSA-JCE-01";
    }

    public PemPair createKeys(IProperties iProperties) throws MException {
        if (iProperties == null) {
            try {
                iProperties = new MProperties();
            } catch (Exception e) {
                throw new MException(400, e);
            }
        }
        int i = iProperties.getInt("length", 1024);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA);
        keyPairGenerator.initialize(i, ((MRandom) M.l(MRandom.class)).getSecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        PublicKey publicKey = generateKeyPair.getPublic();
        UUID randomUUID = UUID.randomUUID();
        UUID randomUUID2 = UUID.randomUUID();
        byte[] encoded = privateKey.getEncoded();
        String string = iProperties.getString("passphrase", (String) null);
        if (MString.isSet(string)) {
            encoded = Blowfish.encrypt(encoded, string);
        }
        PemKey pemKey = new PemKey("PUBLIC KEY", publicKey.getEncoded(), false).set("Method", getName()).set("Length", Integer.valueOf(i)).set("Format", publicKey.getFormat()).set("Ident", randomUUID2).set("PrivateKey", randomUUID);
        PemKey pemKey2 = new PemKey("PRIVATE KEY", encoded, true).set("Method", getName()).set("Length", Integer.valueOf(i)).set("Format", privateKey.getFormat()).set("Ident", randomUUID).set("PublicKey", randomUUID2);
        if (MString.isSet(string)) {
            pemKey2.set("Encrypted", "blowfish");
        }
        return new PemKeyPair(pemKey2, pemKey);
    }
}
