package com.hack23.cia.service.impl.action.application.encryption;

import com.hack23.cia.model.internal.application.secure.impl.EncryptedValue;
import com.hack23.cia.model.internal.application.secure.impl.EncryptedValue_;
import com.hack23.cia.model.internal.application.user.impl.UserAccount;
import com.hack23.cia.service.data.api.EncryptedValueDAO;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jcajce.provider.digest.SHA3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Transactional(propagation = Propagation.REQUIRED)
@Service
/* loaded from: input_file:com/hack23/cia/service/impl/action/application/encryption/VaultManagerImpl.class */
public final class VaultManagerImpl implements VaultManager {
    private static final int IV_BYTE_SIZE = 12;
    private static final int TAG_BIT_LENGTH = 128;
    private static final int KEY_SIZE_IN_BYTES = 32;
    private static final String ENCRYPT_VALUE = "encryptValue";
    private static final String DECRYPT_VALUE = "decryptValue";
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final Logger LOGGER = LoggerFactory.getLogger(VaultManagerImpl.class);
    private static final String AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
    private static final String ALGORITHM = "AES";
    private final EncryptedValueDAO encryptedValueDAO;

    @Autowired
    public VaultManagerImpl(EncryptedValueDAO encryptedValueDAO) {
        this.encryptedValueDAO = encryptedValueDAO;
    }

    @Override // com.hack23.cia.service.impl.action.application.encryption.VaultManager
    public String getEncryptedValue(String str, UserAccount userAccount) {
        EncryptedValue findFirstByProperty;
        if (userAccount == null || (findFirstByProperty = this.encryptedValueDAO.findFirstByProperty(EncryptedValue_.userId, userAccount.getUserId())) == null) {
            return null;
        }
        return decryptValue(str, userAccount.getUserId(), findFirstByProperty.getStorage());
    }

    @Override // com.hack23.cia.service.impl.action.application.encryption.VaultManager
    public String encryptValue(String str, String str2, String str3) {
        if (str == null || str2 == null || str3 == null) {
            return null;
        }
        try {
            Key buildKey = buildKey(str2, str);
            byte[] bArr = new byte[IV_BYTE_SIZE];
            SECURE_RANDOM.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            cipher.init(1, buildKey, new GCMParameterSpec(TAG_BIT_LENGTH, bArr));
            byte[] doFinal = cipher.doFinal(str3.getBytes(StandardCharsets.UTF_8));
            ByteBuffer allocate = ByteBuffer.allocate(4 + bArr.length + doFinal.length);
            allocate.putInt(bArr.length);
            allocate.put(bArr);
            allocate.put(doFinal);
            return Hex.toHexString(allocate.array());
        } catch (GeneralSecurityException e) {
            LOGGER.error(ENCRYPT_VALUE, e);
            return null;
        }
    }

    @Override // com.hack23.cia.service.impl.action.application.encryption.VaultManager
    public String decryptValue(String str, String str2, String str3) {
        if (str == null || str2 == null || str3 == null) {
            return null;
        }
        try {
            Key buildKey = buildKey(str2, str);
            ByteBuffer wrap = ByteBuffer.wrap(Hex.decode(str3.getBytes(StandardCharsets.UTF_8)));
            byte[] bArr = new byte[wrap.getInt()];
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
            cipher.init(2, buildKey, new GCMParameterSpec(TAG_BIT_LENGTH, bArr));
            return new String(cipher.doFinal(bArr2), StandardCharsets.UTF_8);
        } catch (GeneralSecurityException e) {
            LOGGER.error(DECRYPT_VALUE, e);
            return null;
        }
    }

    private static Key buildKey(String str, String str2) {
        return new SecretKeySpec(Arrays.copyOf(new SHA3.Digest512().digest((str + ".uuid" + str2).getBytes(StandardCharsets.UTF_8)), KEY_SIZE_IN_BYTES), ALGORITHM);
    }

    static {
        Security.setProperty("crypto.policy", "unlimited");
        Security.addProvider(new BouncyCastleProvider());
    }
}
