package com.groupbyinc.common.security;

import com.groupbyinc.common.apache.commons.codec.binary.Base64;
import com.groupbyinc.common.apache.commons.lang3.StringUtils;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:com/groupbyinc/common/security/AesDecryption.class */
public class AesDecryption {
    private SecretKey encryptionKey;
    private Cipher cipher;
    private SecretKey macKey;
    private Mac hmac;

    public AesDecryption(String str, String str2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        this(str, str2, new BouncyCastleProvider());
    }

    public AesDecryption(String str, String str2, Provider provider) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        Security.addProvider(provider);
        this.cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray(), AesUtil.geEncryptSalt(str2).getBytes(StandardCharsets.UTF_8), AesEncryption.CLIENT_KEY_HASHING_ITERATIONS, 128);
        PBEKeySpec pBEKeySpec2 = new PBEKeySpec(str.toCharArray(), AesUtil.getMessageAuthenticationCodeSalt(str2).getBytes(StandardCharsets.UTF_8), AesEncryption.CLIENT_KEY_HASHING_ITERATIONS, 160);
        this.encryptionKey = new SecretKeySpec(secretKeyFactory.generateSecret(pBEKeySpec).getEncoded(), "AES");
        this.macKey = new SecretKeySpec(secretKeyFactory.generateSecret(pBEKeySpec2).getEncoded(), "HmacSHA256");
        this.hmac = Mac.getInstance("HmacSHA256");
        this.hmac.init(this.macKey);
    }

    public String decrypt(AesContent aesContent) throws InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        if (aesContent == null) {
            throw new IllegalStateException("cannot decrypt null AesContent");
        }
        if (StringUtils.isBlank(aesContent.getCipherText()) || StringUtils.isBlank(aesContent.getInitialValue()) || StringUtils.isBlank(aesContent.getMessageAuthenticationCode())) {
            throw new IllegalStateException("cipher text, IV and messageAuthenticationCode must be provided");
        }
        byte[] decodeBase64 = Base64.decodeBase64(aesContent.getInitialValue().getBytes(StandardCharsets.UTF_8));
        byte[] decodeBase642 = Base64.decodeBase64(aesContent.getCipherText().getBytes(StandardCharsets.UTF_8));
        if (!validateMac(decodeBase64, decodeBase642, Base64.decodeBase64(aesContent.getMessageAuthenticationCode().getBytes(StandardCharsets.UTF_8)))) {
            throw new IllegalStateException("MAC does not match");
        }
        this.cipher.init(2, this.encryptionKey, new IvParameterSpec(decodeBase64));
        return new String(this.cipher.doFinal(decodeBase642), StandardCharsets.UTF_8);
    }

    public boolean validateMac(AesContent aesContent) {
        if (aesContent == null) {
            throw new IllegalStateException("cannot decrypt null AesContent");
        }
        if (StringUtils.isBlank(aesContent.getCipherText()) || StringUtils.isBlank(aesContent.getInitialValue()) || StringUtils.isBlank(aesContent.getMessageAuthenticationCode())) {
            throw new IllegalStateException("cipher text, IV and messageAuthenticationCode must be provided");
        }
        return validateMac(Base64.decodeBase64(aesContent.getInitialValue().getBytes(StandardCharsets.UTF_8)), Base64.decodeBase64(aesContent.getCipherText().getBytes(StandardCharsets.UTF_8)), Base64.decodeBase64(aesContent.getMessageAuthenticationCode().getBytes(StandardCharsets.UTF_8)));
    }

    private boolean validateMac(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        System.arraycopy(bArr, 0, bArr4, bArr2.length, bArr.length);
        return MessageDigest.isEqual(this.hmac.doFinal(bArr4), bArr3);
    }
}
