package com.techempower.gemini.pyxis.crypto;

import com.techempower.gemini.GeminiApplication;
import com.techempower.gemini.configuration.ConfigurationError;
import com.techempower.gemini.event.CacheResetEvent;
import com.techempower.helper.StringHelper;
import com.techempower.util.EnhancedProperties;
import com.techempower.util.IntRange;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/techempower/gemini/pyxis/crypto/AesGcmNoPaddingCryptograph.class */
public final class AesGcmNoPaddingCryptograph implements Cryptograph {
    private static final String PROPS_PREFIX = "AesGcmNoPadding.";
    private static final String CIPHER_SUITE_NAME = "AES";
    private static final String CIPHER_NAME = "AES/GCM/NoPadding";
    private final SecureRandom random = new SecureRandom();
    private final Logger log = LoggerFactory.getLogger(getClass());
    private int keyBitSize = KEY_BIT_SIZES.get(0).intValue();
    private int ivBitSize = DEFAULT_IV_BIT_SIZS;
    private int tagBitSize = TAG_BIT_SIZES.get(0).intValue();
    private int keyByteSize = this.keyBitSize / 8;
    private int ivByteSize = this.ivBitSize / 8;
    private int tagByteSize = this.tagBitSize / 8;
    private boolean enabled = false;
    private Key key;
    private static final IntRange IV_BITS_RANGE = new IntRange(1, Integer.MAX_VALUE);
    private static final List<Integer> KEY_BIT_SIZES = new ArrayList(Arrays.asList(256, 196, 128));
    private static final int DEFAULT_IV_BIT_SIZS = 96;
    private static final List<Integer> TAG_BIT_SIZES = new ArrayList(Arrays.asList(128, 120, 112, 104, Integer.valueOf(DEFAULT_IV_BIT_SIZS)));

    public AesGcmNoPaddingCryptograph(GeminiApplication geminiApplication) {
        geminiApplication.getConfigurator().addConfigurable(this);
    }

    protected AesGcmNoPaddingCryptograph() {
    }

    @Override // com.techempower.util.Configurable
    public void configure(EnhancedProperties enhancedProperties) {
        EnhancedProperties.Focus focus = enhancedProperties.focus(Cryptograph.PROPS_PREFIX).focus(PROPS_PREFIX);
        this.enabled = focus.getBoolean(CacheResetEvent.PROPS_ENABLED, this.enabled);
        if (this.enabled) {
            this.keyBitSize = focus.getInt("KeyBits", this.keyBitSize);
            this.ivBitSize = focus.getInt("IvBits", this.ivBitSize);
            this.tagBitSize = focus.getInt("TagBits", this.tagBitSize);
            this.keyByteSize = this.keyBitSize / 8;
            this.ivByteSize = this.ivBitSize / 8;
            this.tagByteSize = this.tagBitSize / 8;
            String str = focus.get("Base64Key");
            if (str != null) {
                setKey(new SecretKeySpec(Base64.getDecoder().decode(str), CIPHER_SUITE_NAME));
            } else {
                setKey(generateKey());
            }
            if (this.log != null) {
                this.log.info("Configured {}", toString());
            }
        }
    }

    public String toString() {
        return "AesGcmNoPaddingCryptograph [enabled:" + this.enabled + ";keyBitSize:" + this.keyBitSize + ";ivBitSize:" + this.ivBitSize + ";tagBitSize:" + this.tagBitSize + "]";
    }

    @Override // com.techempower.gemini.pyxis.crypto.Cryptograph
    public byte[] encrypt(byte[] bArr) {
        if (!this.enabled) {
            throw new IllegalStateException("AesGcmNoPaddingCryptograph is not enabled.");
        }
        Cipher constructCipherInstance = constructCipherInstance();
        byte[] bArr2 = new byte[this.ivByteSize];
        this.random.nextBytes(bArr2);
        try {
            constructCipherInstance.init(1, this.key, new GCMParameterSpec(this.tagBitSize, bArr2), this.random);
            byte[] bArr3 = new byte[this.ivByteSize + bArr.length + this.tagByteSize];
            System.arraycopy(bArr2, 0, bArr3, 0, this.ivByteSize);
            try {
                constructCipherInstance.doFinal(bArr, 0, bArr.length, bArr3, this.ivByteSize);
                return bArr3;
            } catch (BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
                throw new EncryptionError("Cannot encrypt; unexpected problem with cipher.", e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new EncryptionError("Cannot encrypt; the secret key and/or GCM parameters are not valid.", e2);
        }
    }

    @Override // com.techempower.gemini.pyxis.crypto.Cryptograph
    public byte[] decrypt(byte[] bArr) {
        if (!this.enabled) {
            throw new IllegalStateException("AesGcmNoPaddingCryptograph is not enabled");
        }
        Cipher constructCipherInstance = constructCipherInstance();
        try {
            constructCipherInstance.init(2, this.key, new GCMParameterSpec(this.tagBitSize, bArr, 0, this.ivByteSize), this.random);
            try {
                return constructCipherInstance.doFinal(bArr, this.ivByteSize, bArr.length - this.ivByteSize);
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                String str = new String(Base64.getEncoder().encode(bArr));
                if (str.length() > 500) {
                    str = StringHelper.truncate(str, 500) + " (truncated to 500 characters)";
                }
                throw new EncryptionError("Cannot decrypt; probably invalid ciphertext: " + str, e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new EncryptionError("Cannot decrypt; the secret key and/or GCM parameters are not valid.", e2);
        }
    }

    @Override // com.techempower.gemini.pyxis.crypto.Cryptograph
    public SecretKeySpec generateKey() {
        byte[] bArr = new byte[this.keyByteSize];
        this.random.nextBytes(bArr);
        return new SecretKeySpec(bArr, CIPHER_SUITE_NAME);
    }

    @Override // com.techempower.gemini.pyxis.crypto.Cryptograph
    public void setKey(Key key) {
        this.key = key;
        verifyConfiguration();
    }

    private final Cipher constructCipherInstance() {
        try {
            return Cipher.getInstance(CIPHER_NAME);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new EncryptionError("Unexpected problem instantiating cipher for AES/GCM/NoPadding.", e);
        }
    }

    private final void verifyConfiguration() {
        if (!KEY_BIT_SIZES.contains(Integer.valueOf(this.keyBitSize))) {
            throw new ConfigurationError("Key bit size " + this.keyBitSize + " is not valid; must be one of " + KEY_BIT_SIZES + ".");
        }
        if (!IV_BITS_RANGE.contains(this.ivBitSize)) {
            throw new ConfigurationError("Initialization vector size " + this.ivBitSize + " is not valid; must be between " + IV_BITS_RANGE.min + " and " + IV_BITS_RANGE.max + ".");
        }
        if (!TAG_BIT_SIZES.contains(Integer.valueOf(this.tagBitSize))) {
            throw new ConfigurationError("Tag bit size " + this.tagBitSize + " is not valid; must be one of " + TAG_BIT_SIZES + ".");
        }
        try {
            constructCipherInstance().init(1, this.key);
            if (this.key.getEncoded().length != this.keyByteSize) {
                throw new ConfigurationError("A " + this.keyBitSize + " bit (" + this.keyByteSize + " byte) key is required, but the provided argument was " + (8 * this.key.getEncoded().length) + " bits (" + this.key.getEncoded().length + " bytes).");
            }
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            throw new ConfigurationError("JCE Unlimited Strength Jurisdiction Policy Files are not installed. Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html and copy the files `local_policy.jar` and `US_export_policy.jar` into $JDK_HOME/jre/lib/security, then restart the application.", e);
        }
    }
}
