package no.digipost.api.client.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import no.digipost.api.client.errorhandling.DigipostClientException;
import no.digipost.api.client.errorhandling.ErrorCode;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedDataGenerator;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;

/* loaded from: input_file:no/digipost/api/client/security/Encrypter.class */
public final class Encrypter {
    private final JceKeyTransRecipientInfoGenerator keyInfoGenerator;
    public static final Encrypter FAIL_IF_TRYING_TO_ENCRYPT = new Encrypter();
    private static final JceCMSContentEncryptorBuilder encryptorBuilder = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider("BC");

    public static Encrypter using(DigipostPublicKey digipostPublicKey) {
        return new Encrypter(new JceKeyTransRecipientInfoGenerator(digipostPublicKey.publicKeyHash.getBytes(), digipostPublicKey.publicKey));
    }

    public static Encrypter using(X509Certificate x509Certificate) {
        try {
            return new Encrypter(new JceKeyTransRecipientInfoGenerator(x509Certificate));
        } catch (CertificateEncodingException e) {
            throw new DigipostClientException(ErrorCode.FAILED_PREENCRYPTION, "Feil ved kryptering av innhold: " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'", e);
        }
    }

    private Encrypter(JceKeyTransRecipientInfoGenerator jceKeyTransRecipientInfoGenerator) {
        this.keyInfoGenerator = jceKeyTransRecipientInfoGenerator;
    }

    private Encrypter() {
        this.keyInfoGenerator = null;
    }

    public InputStream encrypt(InputStream inputStream) {
        try {
            return encrypt(IOUtils.toByteArray(inputStream));
        } catch (IOException e) {
            throw new RuntimeException(e.getClass().getSimpleName() + ": '" + e.getMessage() + "'", e);
        }
    }

    public InputStream encrypt(byte[] bArr) {
        if (this.keyInfoGenerator == null) {
            throw new DigipostClientException(ErrorCode.ENCRYPTION_KEY_NOT_FOUND, "Trying to preencrypt but have no encryption key.");
        }
        try {
            CMSEnvelopedDataGenerator cMSEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
            cMSEnvelopedDataGenerator.addRecipientInfoGenerator(this.keyInfoGenerator);
            return new ByteArrayInputStream(cMSEnvelopedDataGenerator.generate(new CMSProcessableByteArray(bArr), encryptorBuilder.build()).getEncoded());
        } catch (Exception e) {
            if ((e instanceof CMSException) && (ExceptionUtils.getRootCause(e) instanceof InvalidKeyException)) {
                throw new DigipostClientException(ErrorCode.FAILED_PREENCRYPTION, "Ugyldig krypteringsnøkkel. (" + InvalidKeyException.class.getName() + ") Er Java Cryptographic Extensions (JCE) Unlimited Strength Jurisdiction Policy Files installert? Dette kan lastes ned fra http://www.oracle.com/technetwork/java/javase/downloads/ under \"Additional Resources\". Plasser filene US_export_policy.jar og local_policy.jar i ${JAVA_HOME}/jre/lib/security (overskriv eksisterende).", e);
            }
            throw new DigipostClientException(ErrorCode.FAILED_PREENCRYPTION, "Feil ved kryptering av innhold: " + e.getClass().getSimpleName() + " '" + e.getMessage() + "'", e);
        }
    }
}
