package org.interledger.crypto.impl;

import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.interledger.crypto.EncryptedSecret;
import org.interledger.crypto.EncryptionAlgorithm;
import org.interledger.crypto.EncryptionException;
import org.interledger.crypto.EncryptionService;
import org.interledger.crypto.KeyMetadata;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/interledger/crypto/impl/JksEncryptionService.class */
public class JksEncryptionService implements EncryptionService {
    private static final String CIPHER_ALGO = "AES/GCM/NoPadding";
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final SecureRandom secureRandom = SecureRandom.getInstance("NativePRNG");
    private final SecretKey secretKey;

    public JksEncryptionService(SecretKey secretKey) throws NoSuchAlgorithmException {
        this.secretKey = (SecretKey) Objects.requireNonNull(secretKey);
    }

    @Override // org.interledger.crypto.Encryptor
    public EncryptedSecret encrypt(KeyMetadata keyMetadata, EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        Objects.requireNonNull(keyMetadata);
        Objects.requireNonNull(encryptionAlgorithm);
        Objects.requireNonNull(bArr);
        if (!this.secretKey.getAlgorithm().equalsIgnoreCase("AES")) {
            this.logger.error("Invalid key algorithm {}", this.secretKey.getAlgorithm());
            throw new EncryptionException("Invalid Key. Only AES keys are supported");
        }
        byte[] bArr2 = new byte[12];
        this.secureRandom.nextBytes(bArr2);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGO);
            cipher.init(1, this.secretKey, new GCMParameterSpec(128, bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            ByteBuffer allocate = ByteBuffer.allocate(4 + bArr2.length + doFinal.length);
            allocate.putInt(bArr2.length);
            allocate.put(bArr2);
            allocate.put(doFinal);
            byte[] array = allocate.array();
            Arrays.fill(bArr2, (byte) 0);
            return EncryptedSecret.builder().keyMetadata(keyMetadata).encryptionAlgorithm(EncryptionAlgorithm.AES_GCM).cipherMessage(array).build();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionException("Unable to Encrypt: ", e);
        }
    }

    @Override // org.interledger.crypto.Decryptor
    public byte[] decrypt(KeyMetadata keyMetadata, EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        Objects.requireNonNull(keyMetadata);
        Objects.requireNonNull(encryptionAlgorithm);
        Objects.requireNonNull(bArr);
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            int i = wrap.getInt();
            if (i < 12 || i >= 16) {
                throw new IllegalArgumentException("invalid iv length");
            }
            byte[] bArr2 = new byte[i];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[wrap.remaining()];
            wrap.get(bArr3);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGO);
            cipher.init(2, this.secretKey, new GCMParameterSpec(128, bArr2));
            return cipher.doFinal(bArr3);
        } catch (Exception e) {
            throw new EncryptionException(e.getMessage(), e);
        }
    }
}
