package org.cloudfoundry.identity.uaa.cypto;

import java.io.ByteArrayInputStream;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.19.2.jar:org/cloudfoundry/identity/uaa/cypto/EncryptionService.class */
public class EncryptionService {
    private String passphrase;
    private Logger logger = LoggerFactory.getLogger((Class<?>) EncryptionService.class);
    private final int GCM_AUTHENTICATION_TAG_SIZE_BITS = 128;
    private final int GCM_IV_NONCE_SIZE_BYTES = 12;
    private final int PBKDF2_ITERATIONS = 65536;
    private final int PBKDF2_SALT_SIZE_BYTES = 32;
    private final int AES_KEY_LENGTH_BITS = 256;
    private final String CIPHER = "AES";
    private final String CIPHERSCHEME = "AES/GCM/NoPadding";
    private SecureRandom random = new SecureRandom();

    public EncryptionService(String str) {
        this.passphrase = str;
    }

    public byte[] encrypt(String str) throws EncryptionServiceException {
        try {
            byte[] generateRandomArray = generateRandomArray(32);
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateKey(generateRandomArray), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] generateRandomArray2 = generateRandomArray(12);
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, generateRandomArray2));
            return Arrays.concatenate(generateRandomArray2, generateRandomArray, cipher.doFinal(str.getBytes()));
        } catch (Exception e) {
            this.logger.error("Encryption failed", (Throwable) e);
            throw new EncryptionServiceException(e);
        }
    }

    public byte[] decrypt(byte[] bArr) throws EncryptionServiceException {
        try {
            byte[] bArr2 = new byte[12];
            byte[] bArr3 = new byte[32];
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            byteArrayInputStream.read(bArr2);
            byteArrayInputStream.read(bArr3);
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateKey(bArr3), "AES");
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(2, secretKeySpec, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(Arrays.copyOfRange(bArr, 44, bArr.length));
        } catch (Exception e) {
            this.logger.error("Decryption failed", (Throwable) e);
            throw new EncryptionServiceException(e);
        }
    }

    private byte[] generateRandomArray(int i) throws NoSuchAlgorithmException {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private byte[] generateKey(byte[] bArr) throws UnsupportedEncodingException {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA256Digest());
        pKCS5S2ParametersGenerator.init(this.passphrase.getBytes("UTF-8"), bArr, 65536);
        return ((KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters(256)).getKey();
    }
}
