package vinyldns.core.crypto;

import com.typesafe.config.Config;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import scala.Predef$;
import scala.collection.mutable.ArrayOps;
import scala.reflect.ScalaSignature;
import scodec.bits.ByteVector;
import scodec.bits.ByteVector$;

/* compiled from: JavaCrypto.scala */
@ScalaSignature(bytes = "\u0006\u0001\u0005Eb\u0001\u0002\n\u0014\u0001iA\u0001\"\n\u0001\u0003\u0002\u0003\u0006IA\n\u0005\u0006a\u0001!\t!\r\u0005\bi\u0001\u0011\r\u0011\"\u00036\u0011\u0019I\u0004\u0001)A\u0005m!9!\b\u0001b\u0001\n\u0013Y\u0004BB \u0001A\u0003%A\bC\u0004A\u0001\t\u0007I\u0011B!\t\r\u0015\u0003\u0001\u0015!\u0003C\u0011\u001d1\u0005A1A\u0005\n\u001dCaa\u0013\u0001!\u0002\u0013A\u0005b\u0002'\u0001\u0005\u0004%I!\u0014\u0005\u0007-\u0002\u0001\u000b\u0011\u0002(\t\u000b]\u0003A\u0011\u0001-\t\u000bA\u0004A\u0011A9\t\u000bU\u0004A\u0011\u0002<\t\u000f\u0005m\u0001\u0001\"\u0003\u0002\u001e!9\u00111\u0006\u0001\u0005\n\u00055\"A\u0003&bm\u0006\u001c%/\u001f9u_*\u0011A#F\u0001\u0007GJL\b\u000f^8\u000b\u0005Y9\u0012\u0001B2pe\u0016T\u0011\u0001G\u0001\tm&t\u0017\u0010\u001c3og\u000e\u00011c\u0001\u0001\u001cCA\u0011AdH\u0007\u0002;)\ta$A\u0003tG\u0006d\u0017-\u0003\u0002!;\t1\u0011I\\=SK\u001a\u0004\"AI\u0012\u000e\u0003MI!\u0001J\n\u0003\u001b\r\u0013\u0018\u0010\u001d;p\u00032<WM\u0019:b\u00031\u0019'/\u001f9u_\u000e{gNZ5h!\t9c&D\u0001)\u0015\tI#&\u0001\u0004d_:4\u0017n\u001a\u0006\u0003W1\n\u0001\u0002^=qKN\fg-\u001a\u0006\u0002[\u0005\u00191m\\7\n\u0005=B#AB\"p]\u001aLw-\u0001\u0004=S:LGO\u0010\u000b\u0003eM\u0002\"A\t\u0001\t\u000b\u0015\u0012\u0001\u0019\u0001\u0014\u0002\u0011i,'o\u001c\"zi\u0016,\u0012A\u000e\t\u00039]J!\u0001O\u000f\u0003\t\tKH/Z\u0001\nu\u0016\u0014xNQ=uK\u0002\n\u0001B_3s_\u000eC\u0017M]\u000b\u0002yA\u0011A$P\u0005\u0003}u\u0011Aa\u00115be\u0006I!0\u001a:p\u0007\"\f'\u000fI\u0001\u0007g\u0016\u001c'/\u001a;\u0016\u0003\t\u00032\u0001H\"7\u0013\t!UDA\u0003BeJ\f\u00170A\u0004tK\u000e\u0014X\r\u001e\u0011\u0002\u0011%4H*\u001a8hi\",\u0012\u0001\u0013\t\u00039%K!AS\u000f\u0003\u0007%sG/A\u0005jm2+gn\u001a;iA\u0005yQM\\2ssB$X\r\u001a)sK\u001aL\u00070F\u0001O!\tyE+D\u0001Q\u0015\t\t&+\u0001\u0003mC:<'\"A*\u0002\t)\fg/Y\u0005\u0003+B\u0013aa\u0015;sS:<\u0017\u0001E3oGJL\b\u000f^3e!J,g-\u001b=!\u0003\u001d)gn\u0019:zaR$\"!W2\u0011\u0005i\u000bgBA.`!\taV$D\u0001^\u0015\tq\u0016$\u0001\u0004=e>|GOP\u0005\u0003Av\ta\u0001\u0015:fI\u00164\u0017BA+c\u0015\t\u0001W\u0004C\u0003e\u001b\u0001\u0007\u0011,A\u0003wC2,X\rK\u0002\u000eM>\u00042\u0001H4j\u0013\tAWD\u0001\u0004uQJ|wo\u001d\t\u0003U6l\u0011a\u001b\u0006\u0003YJ\u000b\u0001b]3dkJLG/_\u0005\u0003].\u0014\u0001dR3oKJ\fGnU3dkJLG/_#yG\u0016\u0004H/[8oG\u0005I\u0017a\u00023fGJL\b\u000f\u001e\u000b\u00033JDQa\u001d\bA\u0002e\u000b1CY1tKZ\"TI\\2ssB$X\r\u001a#bi\u0006D3A\u00044p\u0003\u0019\u0019\u0017\u000e\u001d5feR1qO`A\u0007\u0003#\u0001\"\u0001\u001f?\u000e\u0003eT!\u0001\u0006>\u000b\u0003m\fQA[1wCbL!!`=\u0003\r\rK\u0007\u000f[3s\u0011\u0019yx\u00021\u0001\u0002\u0002\u000591.Z=Ta\u0016\u001c\u0007\u0003BA\u0002\u0003\u0013i!!!\u0002\u000b\u0007\u0005\u001d\u00110\u0001\u0003ta\u0016\u001c\u0017\u0002BA\u0006\u0003\u000b\u0011QbU3de\u0016$8*Z=Ta\u0016\u001c\u0007BBA\b\u001f\u0001\u0007!)\u0001\u0002jm\"9\u00111C\bA\u0002\u0005U\u0011aC3oGJL\b\u000f^'pI\u0016\u00042\u0001HA\f\u0013\r\tI\"\b\u0002\b\u0005>|G.Z1o\u00035qW\u000f\u001c7DQ\u0006\u0014\u0018I\u001d:bsR!\u0011qDA\u0013!\ra\u0012\u0011E\u0005\u0004\u0003Gi\"\u0001B+oSRDq!a\n\u0011\u0001\u0004\tI#A\u0002beJ\u00042\u0001H\"=\u00035qW\u000f\u001c7CsR,\u0017I\u001d:bsR!\u0011qDA\u0018\u0011\u0019\t9#\u0005a\u0001\u0005\u0002")
/* loaded from: input_file:vinyldns/core/crypto/JavaCrypto.class */
public class JavaCrypto implements CryptoAlgebra {
    private final byte[] secret;
    private final byte zeroByte = (byte) 0;
    private final char zeroChar = (char) 0;
    private final int ivLength = 16;
    private final String encryptedPrefix = "ENC:";

    private byte zeroByte() {
        return this.zeroByte;
    }

    private char zeroChar() {
        return this.zeroChar;
    }

    private byte[] secret() {
        return this.secret;
    }

    private int ivLength() {
        return this.ivLength;
    }

    private String encryptedPrefix() {
        return this.encryptedPrefix;
    }

    @Override // vinyldns.core.crypto.CryptoAlgebra
    public String encrypt(String str) throws GeneralSecurityException {
        if (str.startsWith(encryptedPrefix())) {
            return str;
        }
        ByteBuffer encode = StandardCharsets.UTF_8.encode(str);
        byte[] bArr = new byte[ivLength()];
        new SecureRandom().nextBytes(bArr);
        byte[] doFinal = cipher(new SecretKeySpec(secret(), "AES"), bArr, true).doFinal(encode.array());
        try {
            return new StringBuilder(0).append(encryptedPrefix()).append(ByteVector$.MODULE$.apply(bArr).$plus$plus(ByteVector$.MODULE$.apply(doFinal)).toBase64()).toString();
        } finally {
            nullByteArray(encode.array());
            nullByteArray(bArr);
            nullByteArray(doFinal);
        }
    }

    @Override // vinyldns.core.crypto.CryptoAlgebra
    public String decrypt(String str) throws GeneralSecurityException {
        if (!str.startsWith(encryptedPrefix())) {
            return str;
        }
        String substring = str.substring(encryptedPrefix().length());
        ByteVector byteVector = (ByteVector) ByteVector$.MODULE$.fromBase64(substring, ByteVector$.MODULE$.fromBase64$default$2()).getOrElse(() -> {
            throw new GeneralSecurityException("Base-64 decoding failed!");
        });
        ByteVector take = byteVector.take(ivLength());
        ByteVector drop = byteVector.drop(ivLength());
        byte[] doFinal = cipher(new SecretKeySpec(secret(), "AES"), take.toArray(), false).doFinal(drop.toArray());
        try {
            return new String(doFinal, "UTF-8").trim();
        } finally {
            nullCharArray(substring.toCharArray());
            nullByteArray(byteVector.toArray());
            nullByteArray(take.toArray());
            nullByteArray(drop.toArray());
            nullByteArray(doFinal);
        }
    }

    private Cipher cipher(SecretKeySpec secretKeySpec, byte[] bArr, boolean z) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(z ? 1 : 2, secretKeySpec, new IvParameterSpec(bArr));
        return cipher;
    }

    private void nullCharArray(char[] cArr) {
        new ArrayOps.ofChar(Predef$.MODULE$.charArrayOps(cArr)).indices().foreach$mVc$sp(i -> {
            cArr[i] = this.zeroChar();
        });
    }

    private void nullByteArray(byte[] bArr) {
        new ArrayOps.ofByte(Predef$.MODULE$.byteArrayOps(bArr)).indices().foreach$mVc$sp(i -> {
            bArr[i] = this.zeroByte();
        });
    }

    public JavaCrypto(Config config) {
        this.secret = DatatypeConverter.parseHexBinary(config.getString("secret"));
        Security.setProperty("crypto.policy", "unlimited");
    }
}
