package io.axoniq.axonhub.client.event.util;

import com.google.protobuf.ByteString;
import io.axoniq.axondb.Event;
import io.axoniq.axondb.grpc.EventWithToken;
import io.axoniq.platform.SerializedObject;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/axoniq/axonhub/client/event/util/EventCipher.class */
public class EventCipher {
    private static final String ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String MAGIC_NUMBER_STRING = "AxIQ";
    private static final int NONCE_LENGTH = 6;
    private Function<Event, Integer> keySelector;
    private SecretKeySpec[] secretKeys;
    private IvParameterSpec ivParameterSpec;
    private byte[] magicNumber;
    private ThreadLocal<Cipher>[] encryptingCiphers;
    private ThreadLocal<Cipher>[] decryptingCiphers;
    private ThreadLocal<SecureRandom> nonceGenerator;

    public EventCipher() {
        this(event -> {
            return -1;
        }, Collections.emptyList());
    }

    public EventCipher(byte[] bArr) {
        this(event -> {
            return 0;
        }, Collections.singletonList(bArr));
    }

    public EventCipher(Function<Event, Integer> function, List<byte[]> list) {
        this.keySelector = function;
        this.secretKeys = new SecretKeySpec[list.size()];
        for (int i = 0; i < this.secretKeys.length; i++) {
            byte[] bArr = list.get(i);
            if (bArr.length != 16 && bArr.length != 24) {
                throw new EventStoreClientException("AXONIQ-8001", String.format("secret key length should be 128, 196 or 258 bits but is %d bytes for key %d", Integer.valueOf(bArr.length), Integer.valueOf(i)));
            }
            this.secretKeys[i] = new SecretKeySpec(bArr, "AES");
        }
        this.ivParameterSpec = new IvParameterSpec(new byte[16]);
        this.magicNumber = MAGIC_NUMBER_STRING.getBytes(StandardCharsets.US_ASCII);
        this.encryptingCiphers = new ThreadLocal[this.secretKeys.length];
        for (int i2 = 0; i2 < this.secretKeys.length; i2++) {
            int i3 = i2;
            this.encryptingCiphers[i2] = ThreadLocal.withInitial(() -> {
                return initCipher(1, i3);
            });
            this.encryptingCiphers[i2].get();
        }
        this.decryptingCiphers = new ThreadLocal[this.secretKeys.length];
        for (int i4 = 0; i4 < this.secretKeys.length; i4++) {
            int i5 = i4;
            this.decryptingCiphers[i4] = ThreadLocal.withInitial(() -> {
                return initCipher(2, i5);
            });
            this.decryptingCiphers[i4].get();
        }
        this.nonceGenerator = ThreadLocal.withInitial(SecureRandom::new);
    }

    private Cipher initCipher(int i, int i2) {
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM);
            cipher.init(i, this.secretKeys[i2], this.ivParameterSpec);
            return cipher;
        } catch (Exception e) {
            throw new EventStoreClientException("AXONIQ-8000", "Unexpected exception initializing crypto algorithm", e);
        }
    }

    public EventWithToken decrypt(EventWithToken eventWithToken) {
        return EventWithToken.newBuilder(eventWithToken).setEvent(decrypt(eventWithToken.getEvent())).m237build();
    }

    public Event encrypt(Event event) {
        int intValue = this.keySelector.apply(event).intValue();
        return intValue < 0 ? event : Event.newBuilder(event).setPayload(SerializedObject.newBuilder(event.getPayload()).setData(ByteString.copyFrom(encryptBytes(intValue, event.getPayload().getData().toByteArray()))).m1470build()).m40build();
    }

    public Event decrypt(Event event) {
        int intValue = this.keySelector.apply(event).intValue();
        return intValue < 0 ? event : Event.newBuilder(event).setPayload(SerializedObject.newBuilder(event.getPayload()).setData(ByteString.copyFrom(decryptBytes(intValue, event.getPayload().getData().toByteArray()))).m1470build()).m40build();
    }

    protected byte[] encryptBytes(int i, byte[] bArr) {
        Cipher cipher = this.encryptingCiphers[i].get();
        byte[] bArr2 = new byte[6 + this.magicNumber.length + bArr.length];
        byte[] bArr3 = new byte[6];
        this.nonceGenerator.get().nextBytes(bArr3);
        System.arraycopy(bArr3, 0, bArr2, 0, 6);
        System.arraycopy(this.magicNumber, 0, bArr2, 6, this.magicNumber.length);
        System.arraycopy(bArr, 0, bArr2, 6 + this.magicNumber.length, bArr.length);
        try {
            return cipher.doFinal(bArr2);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new EventStoreClientException("AXONIQ-8000", "Unexpected error encrypting cleartext", e);
        }
    }

    protected byte[] decryptBytes(int i, byte[] bArr) {
        try {
            byte[] doFinal = this.decryptingCiphers[i].get().doFinal(bArr);
            byte[] copyOfRange = Arrays.copyOfRange(doFinal, 6, 6 + this.magicNumber.length);
            if (Arrays.equals(this.magicNumber, copyOfRange)) {
                return Arrays.copyOfRange(doFinal, 6 + copyOfRange.length, doFinal.length);
            }
            throw new EventStoreClientException("AXONIQ-8002", "Missing magic number after decryption");
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new EventStoreClientException("AXONIQ-8002", "Crypto error decrypting payload", e);
        }
    }
}
