package dev.galasa.framework.spi.creds;

import dev.galasa.framework.FileSystem;
import dev.galasa.framework.IFileSystem;
import dev.galasa.framework.spi.Environment;
import dev.galasa.framework.spi.SystemEnvironment;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:dev/galasa/framework/spi/creds/FrameworkEncryptionService.class */
public class FrameworkEncryptionService implements IEncryptionService {
    public static final String ENCRYPTION_KEYS_PATH_ENV = "GALASA_ENCRYPTION_KEYS_PATH";
    private static final String KEY_ALGORITHM = "AES";
    private static final String ENCRYPTION_ALGORITHM = "AES/GCM/NoPadding";
    private static final int GCM_AUTH_TAG_LENGTH_BITS = 128;
    private static final int GCM_IV_BYTES_LENGTH = 12;
    private SecretKeySpec encryptionKey;
    private List<SecretKeySpec> decryptionKeys;
    private SecureRandom secureRandom;

    public FrameworkEncryptionService(SecretKeySpec secretKeySpec) throws CredentialsException {
        this(secretKeySpec, new FileSystem(), new SystemEnvironment(), new SecureRandom());
    }

    public FrameworkEncryptionService(SecretKeySpec secretKeySpec, IFileSystem iFileSystem, Environment environment) throws CredentialsException {
        this(secretKeySpec, iFileSystem, environment, new SecureRandom());
    }

    public FrameworkEncryptionService(SecretKeySpec secretKeySpec, IFileSystem iFileSystem, Environment environment, SecureRandom secureRandom) throws CredentialsException {
        this.decryptionKeys = new ArrayList();
        this.encryptionKey = secretKeySpec;
        this.secureRandom = secureRandom;
        if (secretKeySpec != null) {
            this.decryptionKeys = new ArrayList();
            this.decryptionKeys.add(secretKeySpec);
            return;
        }
        EncryptionKeys encryptionKeys = new EncryptionKeys(iFileSystem, environment);
        String encryptionKey = encryptionKeys.getEncryptionKey();
        List<String> fallbackDecryptionKeys = encryptionKeys.getFallbackDecryptionKeys();
        if (encryptionKey == null || fallbackDecryptionKeys == null) {
            return;
        }
        this.encryptionKey = loadPrimaryEncryptionKey(encryptionKey);
        this.decryptionKeys = loadDecryptionKeys(this.encryptionKey, fallbackDecryptionKeys);
    }

    private SecretKeySpec loadPrimaryEncryptionKey(String str) throws CredentialsException {
        return new SecretKeySpec(Base64.getDecoder().decode(str), KEY_ALGORITHM);
    }

    private List<SecretKeySpec> loadDecryptionKeys(SecretKeySpec secretKeySpec, List<String> list) throws CredentialsException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(secretKeySpec);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new SecretKeySpec(Base64.getDecoder().decode(it.next()), KEY_ALGORITHM));
        }
        return arrayList;
    }

    @Override // dev.galasa.framework.spi.creds.IEncryptionService
    public String encrypt(String str) throws CredentialsException {
        if (this.encryptionKey == null) {
            throw new CredentialsException("Unable to encrypt the provided data. No encryption key has been set");
        }
        byte[] bArr = new byte[GCM_IV_BYTES_LENGTH];
        this.secureRandom.nextBytes(bArr);
        try {
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            cipher.init(1, this.encryptionKey, new GCMParameterSpec(GCM_AUTH_TAG_LENGTH_BITS, bArr));
            byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
            byte[] bArr2 = new byte[bArr.length + doFinal.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            System.arraycopy(doFinal, 0, bArr2, bArr.length, doFinal.length);
            return Base64.getEncoder().encodeToString(bArr2);
        } catch (Exception e) {
            throw new CredentialsException("Failed to encrypt the provided data", e);
        }
    }

    @Override // dev.galasa.framework.spi.creds.IEncryptionService
    public String decrypt(String str) throws CredentialsException {
        String str2 = null;
        Iterator<SecretKeySpec> it = this.decryptionKeys.iterator();
        while (it.hasNext()) {
            try {
                str2 = decrypt(str, it.next());
            } catch (CredentialsException e) {
            }
        }
        return str2;
    }

    private String decrypt(String str, SecretKeySpec secretKeySpec) throws CredentialsException {
        try {
            byte[] decode = Base64.getDecoder().decode(str);
            byte[] bArr = new byte[GCM_IV_BYTES_LENGTH];
            System.arraycopy(decode, 0, bArr, 0, bArr.length);
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            cipher.init(2, secretKeySpec, new GCMParameterSpec(GCM_AUTH_TAG_LENGTH_BITS, bArr));
            return new String(cipher.doFinal(decode, bArr.length, decode.length - bArr.length), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new CredentialsException("Failed to decrypt the provided data", e);
        }
    }
}
