package net.e6tech.elements.security.vault;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Properties;
import net.e6tech.elements.common.util.SystemException;
import net.e6tech.elements.security.SymmetricCipher;

/* loaded from: input_file:net/e6tech/elements/security/vault/KeyProtected.class */
public class KeyProtected {
    public Secret seal(String str, ClearText clearText, ClearText clearText2) throws GeneralSecurityException {
        clearText.setProperty(Constants.ALIAS, str);
        clearText.setProtectedProperty(Constants.ALIAS, str);
        SymmetricCipher symmetricCipher = SymmetricCipher.getInstance(SymmetricCipher.ALGORITHM_AES);
        symmetricCipher.setBase64(false);
        String generateIV = symmetricCipher.generateIV();
        String encrypt = symmetricCipher.encrypt(clearText2.asSecretKey(), clearText.getBytes(), generateIV);
        Secret secret = new Secret();
        secret.setProperties((Properties) clearText.getProperties().clone());
        secret.setSecret(generateIV + "$" + encrypt + "$" + clearText2.alias() + "$" + clearText2.version());
        if (clearText.getProperties() != null) {
            try {
                secret.setProtectedProperties(generateIV + "$" + symmetricCipher.encrypt(clearText2.asSecretKey(), Constants.mapper.writeValueAsString(clearText.getProtectedProperties()).getBytes(StandardCharsets.UTF_8), generateIV) + "$" + clearText2.alias() + "$" + clearText2.version());
            } catch (Exception e) {
                throw new SystemException(e);
            }
        }
        return secret;
    }

    public ClearText unseal(Secret secret, ClearText clearText) throws GeneralSecurityException {
        try {
            SymmetricCipher symmetricCipher = SymmetricCipher.getInstance(SymmetricCipher.ALGORITHM_AES);
            symmetricCipher.setBase64(false);
            if (secret == null) {
                return null;
            }
            String[] split = secret.getSecret().split("\\$");
            if (split.length != 4) {
                throw new IllegalStateException("The stored secret should have been formatted as 'iv$encypted$alias$version'");
            }
            if (!split[2].equalsIgnoreCase(clearText.alias())) {
                throw new GeneralSecurityException("Key alias mismatch");
            }
            if (!split[3].equalsIgnoreCase(clearText.version())) {
                throw new GeneralSecurityException("Key version mismatch");
            }
            byte[] decrypt = symmetricCipher.decrypt(clearText.asSecretKey(), split[1], split[0]);
            ClearText clearText2 = new ClearText();
            clearText2.setBytes(decrypt);
            clearText2.setProperties((Properties) secret.getProperties().clone());
            if (secret.getProtectedProperties() != null) {
                String[] split2 = secret.getProtectedProperties().split("\\$");
                if (split2.length != 4) {
                    throw new IllegalStateException("The protected properties should have been formatted as 'iv$encypted$alias$version");
                }
                if (!split2[2].equalsIgnoreCase(clearText.alias())) {
                    throw new GeneralSecurityException("Key alias mismatch");
                }
                if (!split2[3].equalsIgnoreCase(clearText.version())) {
                    throw new GeneralSecurityException("Key version mismatch");
                }
                clearText2.setProtectedProperties((Properties) Constants.mapper.readValue(new String(symmetricCipher.decrypt(clearText.asSecretKey(), split2[1], split2[0]), StandardCharsets.UTF_8), Properties.class));
            }
            return clearText2;
        } catch (GeneralSecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new GeneralSecurityException(e2);
        }
    }
}
