package ee.datel.dogis.utils;

import ee.datel.dogis.exception.ManagedServerException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;

@Service
@Lazy
/* loaded from: input_file:ee/datel/dogis/utils/DeployCrypterService.class */
public class DeployCrypterService {
    protected static final String CRYPTO_TRANSFORMATION = "AES/GCM/NoPadding";
    protected static final int IV_LENGTH = 12;
    protected static final int TAG_LENGTH_BIT = 128;
    private final Logger logger = LoggerFactory.getLogger(DeployCrypterService.class);
    private final SecureRandom secureRandom = new SecureRandom();
    private final Lock lock = new ReentrantLock();
    protected final SecretKeySpec secret;
    protected Cipher cipher;

    protected DeployCrypterService(@Value("${application.group.key:}") String str) {
        if (StringUtils.isBlank(str)) {
            this.logger.warn("Parameter {application.group.key} not provided");
            this.secret = null;
            return;
        }
        this.secret = new SecretKeySpec(StringUtils.rightPad(str, 32, '%').getBytes(StandardCharsets.US_ASCII), "AES");
        try {
            this.cipher = Cipher.getInstance(CRYPTO_TRANSFORMATION);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            this.logger.error(e.getMessage(), e);
        }
    }

    public String encrypt(String str) throws ManagedServerException {
        if (this.cipher == null) {
            throw new IllegalStateException(CRYPTO_TRANSFORMATION);
        }
        byte[] initializationVector = getInitializationVector();
        return responseBase64(initializationVector, encryptText(str, this.secret, new GCMParameterSpec(TAG_LENGTH_BIT, initializationVector)));
    }

    public String decrypt(String str) throws ManagedServerException {
        if (this.cipher == null) {
            throw new IllegalStateException(CRYPTO_TRANSFORMATION);
        }
        ByteBuffer wrap = ByteBuffer.wrap(Base64.getDecoder().decode(str));
        byte[] bArr = new byte[wrap.get()];
        wrap.get(bArr);
        byte[] bArr2 = new byte[wrap.remaining()];
        wrap.get(bArr2);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(TAG_LENGTH_BIT, bArr);
        this.lock.lock();
        try {
            try {
                this.cipher.init(2, this.secret, gCMParameterSpec);
                String str2 = new String(this.cipher.doFinal(bArr2), StandardCharsets.UTF_8);
                this.lock.unlock();
                return str2;
            } catch (Exception e) {
                this.logger.error(e.getMessage(), e);
                throw new ManagedServerException(e.getMessage());
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    protected String responseBase64(byte[] bArr, byte[] bArr2) {
        return Base64.getEncoder().encodeToString(ByteBuffer.allocate(13 + bArr2.length).put((byte) 12).put(bArr).put(bArr2).array());
    }

    protected byte[] encryptText(String str, SecretKey secretKey, GCMParameterSpec gCMParameterSpec) throws ManagedServerException {
        this.lock.lock();
        try {
            try {
                this.cipher.init(1, secretKey, gCMParameterSpec);
                byte[] doFinal = this.cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
                this.lock.unlock();
                return doFinal;
            } catch (Exception e) {
                this.logger.error(e.getMessage(), e);
                throw new ManagedServerException(e.getMessage());
            }
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    protected byte[] getInitializationVector() {
        byte[] bArr = new byte[IV_LENGTH];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }
}
