package org.sakuli.services.cipher;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Optional;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang.StringUtils;
import org.sakuli.exceptions.SakuliCipherException;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:org/sakuli/services/cipher/AesCbcCipher.class */
public class AesCbcCipher {
    public static final String CBC_ALGORITHM = "AES/CBC/PKCS5Padding";

    public static IvParameterSpec createIV(int i, Optional<SecureRandom> optional) {
        byte[] bArr = new byte[i];
        optional.orElse(new SecureRandom()).nextBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    public static IvParameterSpec readIV(int i, InputStream inputStream) throws IOException {
        byte[] bArr = new byte[i];
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= i) {
                return new IvParameterSpec(bArr);
            }
            int read = inputStream.read(bArr, i3, i - i3);
            if (read == -1) {
                throw new IOException("Too few bytes for IV in input stream");
            }
            i2 = i3 + read;
        }
    }

    public static byte[] decryptBytes(SecretKey secretKey, byte[] bArr) throws SakuliCipherException {
        checkCipherParameters(secretKey, bArr);
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            Cipher cipher = Cipher.getInstance(CBC_ALGORITHM);
            cipher.init(2, secretKey, readIV(cipher.getBlockSize(), byteArrayInputStream));
            byte[] bArr2 = new byte[1024];
            Throwable th = null;
            try {
                CipherInputStream cipherInputStream = new CipherInputStream(byteArrayInputStream, cipher);
                try {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    while (true) {
                        try {
                            int read = cipherInputStream.read(bArr2);
                            if (read == -1) {
                                break;
                            }
                            byteArrayOutputStream.write(bArr2, 0, read);
                        } catch (Throwable th2) {
                            if (byteArrayOutputStream != null) {
                                byteArrayOutputStream.close();
                            }
                            throw th2;
                        }
                    }
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (byteArrayOutputStream != null) {
                        byteArrayOutputStream.close();
                    }
                    if (cipherInputStream != null) {
                        cipherInputStream.close();
                    }
                    return byteArray;
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    if (cipherInputStream != null) {
                        cipherInputStream.close();
                    }
                    throw th;
                }
            } catch (Throwable th4) {
                if (0 == 0) {
                    th = th4;
                } else if (null != th4) {
                    th.addSuppressed(th4);
                }
                throw th;
            }
        } catch (Exception e) {
            throw new SakuliCipherException(e, "Error during decrypting secret!");
        }
    }

    public static byte[] encryptBytes(SecureRandom secureRandom, SecretKey secretKey, byte[] bArr) throws SakuliCipherException {
        checkCipherParameters(secretKey, bArr);
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Cipher cipher = Cipher.getInstance(CBC_ALGORITHM);
            IvParameterSpec createIV = createIV(cipher.getBlockSize(), Optional.of(secureRandom));
            cipher.init(1, secretKey, createIV);
            byteArrayOutputStream.write(createIV.getIV());
            Throwable th = null;
            try {
                CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                try {
                    cipherOutputStream.write(bArr);
                    if (cipherOutputStream != null) {
                        cipherOutputStream.close();
                    }
                    return byteArrayOutputStream.toByteArray();
                } catch (Throwable th2) {
                    if (cipherOutputStream != null) {
                        cipherOutputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            throw new SakuliCipherException(e, "Error during encrypting secret!");
        }
    }

    public static String encryptString(String str, SecretKey secretKey) throws SakuliCipherException {
        return new BASE64Encoder().encode(encryptBytes(new SecureRandom(), secretKey, convertStringToBytes(str)));
    }

    public static String decryptString(String str, SecretKey secretKey) throws SakuliCipherException {
        if (StringUtils.isEmpty(str)) {
            throw new SakuliCipherException("Empty secret can not en-/decrypted!");
        }
        try {
            return convertBytesToString(decryptBytes(secretKey, new BASE64Decoder().decodeBuffer(str)));
        } catch (IOException unused) {
            throw new SakuliCipherException("Can not decrypt invalid Base64 secret: " + str);
        }
    }

    private static void checkCipherParameters(SecretKey secretKey, byte[] bArr) throws SakuliCipherException {
        if (secretKey == null || secretKey.getEncoded() == null || secretKey.getEncoded().length == 0) {
            throw new SakuliCipherException("Provided AES key is null or empty");
        }
        if (bArr == null || bArr.length == 0) {
            throw new SakuliCipherException("Empty secret can not en-/decrypted!");
        }
    }

    static byte[] convertStringToBytes(String str) {
        if (str == null) {
            return null;
        }
        return str.getBytes(StandardCharsets.UTF_8);
    }

    static String convertBytesToString(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return new String(bArr, StandardCharsets.UTF_8);
    }
}
