package org.jemberai.cryptography.provider;

import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Objects;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import lombok.Generated;
import lombok.NonNull;
import org.apache.commons.lang3.ArrayUtils;
import org.jemberai.cryptography.MarshallingUtil;
import org.jemberai.cryptography.keymanagement.AesKeyDTO;
import org.jemberai.cryptography.keymanagement.KeyService;
import org.jemberai.cryptography.model.EncryptedValueDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jemberai/cryptography/provider/EncryptionProviderImpl.class */
public class EncryptionProviderImpl implements EncryptionProvider {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(EncryptionProviderImpl.class);
    public static final String ENC_ALGORITHM = "AES/GCM/NoPadding";
    private static final String ID = "DefaultJemberEncryptionProviderV1";
    private static final String NULL_VALUE = "Property Provided is Null";
    private final KeyService keyService;

    public EncryptionProviderImpl(@NonNull KeyService keyService) {
        if (keyService == null) {
            throw new NullPointerException("keyService is marked non-null but is null");
        }
        this.keyService = keyService;
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public String getKeyProviderId() {
        return ID;
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public String encrypt(String str, String str2) throws EncryptionException {
        if (str2 == null) {
            str2 = NULL_VALUE;
            log.warn("Attempting to encrypt a null value.  Encrypting a string value of 'null' instead");
        }
        return MarshallingUtil.marshal(encrypt(str, str2.getBytes(StandardCharsets.UTF_8)));
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public EncryptedValueDTO encrypt(String str, byte[] bArr) throws EncryptionException {
        try {
            AesKeyDTO defaultKey = this.keyService.getDefaultKey(str);
            Cipher cipher = Cipher.getInstance(ENC_ALGORITHM);
            IvParameterSpec randomIV = randomIV();
            cipher.init(1, defaultKey.getAesKeySpec(), new GCMParameterSpec(128, randomIV.getIV()));
            byte[] doFinal = cipher.doFinal(bArr);
            return new EncryptedValueDTO(ID, defaultKey.getKeyId(), hmacHash(defaultKey.getClientId(), defaultKey.getKeyId(), doFinal, randomIV.getIV()), doFinal, randomIV.getIV());
        } catch (RuntimeException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionException("Error performing encryption", e);
        }
    }

    private static IvParameterSpec randomIV() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    private byte[] hmacHash(String str, UUID uuid, byte[] bArr, byte[] bArr2) throws EncryptionException {
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(this.keyService.getKey(str, uuid).getHmacKeySpec());
            return mac.doFinal(ArrayUtils.addAll(bArr, bArr2));
        } catch (RuntimeException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw new EncryptionException("Error performing HMAC", e);
        }
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public byte[] decrypt(@NonNull String str, @NonNull String str2) throws EncryptionException {
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("encryptedValue is marked non-null but is null");
        }
        return decrypt(str, MarshallingUtil.unmarshal(str2));
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public byte[] decrypt(@NonNull String str, EncryptedValueDTO encryptedValueDTO) throws EncryptionException {
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        try {
            AesKeyDTO key = this.keyService.getKey(str, encryptedValueDTO.keyId());
            byte[] encryptedValue = ((EncryptedValueDTO) Objects.requireNonNull(encryptedValueDTO)).encryptedValue();
            byte[] bArr = (byte[]) Objects.requireNonNull(encryptedValueDTO.initializationVector());
            if (!Arrays.equals(hmacHash(str, key.getKeyId(), encryptedValue, bArr), encryptedValueDTO.hmac())) {
                throw new EncryptionException("HMAC of encrypted value/IV does not match computed HMAC.  This may be due to the wrong encryption.VeloEncryptionProviderV1.key.<key-uuid>.hmac");
            }
            Cipher cipher = Cipher.getInstance(ENC_ALGORITHM);
            cipher.init(2, key.getAesKeySpec(), new GCMParameterSpec(128, new IvParameterSpec(bArr).getIV()));
            return cipher.doFinal(encryptedValue);
        } catch (RuntimeException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionException("Error performing decryption", e);
        }
    }

    @Override // org.jemberai.cryptography.provider.EncryptionProvider
    public String decryptToString(@NonNull String str, @NonNull String str2) throws EncryptionException {
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("encryptedValue is marked non-null but is null");
        }
        String str3 = new String(decrypt(str, str2), StandardCharsets.UTF_8);
        if (NULL_VALUE.equals(str3)) {
            str3 = null;
        }
        return str3;
    }
}
