package com.bol.crypt;

import com.bol.util.JCEPolicy;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.util.function.Function;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.scheduling.annotation.Scheduled;

/* loaded from: input_file:com/bol/crypt/CryptVault.class */
public class CryptVault {
    static final String DEFAULT_CIPHER = "AES/CBC/PKCS5Padding";
    static final String DEFAULT_ALGORITHM = "AES";
    static final int DEFAULT_SALT_LENGTH = 16;
    private CryptVersion[] cryptVersions = new CryptVersion[256];
    int defaultVersion = -1;
    private SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final Logger LOG = LoggerFactory.getLogger(CryptVault.class);
    static final Function<Integer, Integer> AESLengthCalculator = num -> {
        return Integer.valueOf((num.intValue() | 15) + 1);
    };

    public CryptVault with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(int i, byte[] bArr) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("invalid AES key size; should be 256 bits!");
        }
        return withKey(i, new CryptVersion(DEFAULT_SALT_LENGTH, DEFAULT_CIPHER, new SecretKeySpec(bArr, DEFAULT_ALGORITHM), AESLengthCalculator));
    }

    public CryptVault withKey(int i, CryptVersion cryptVersion) {
        if (i < 0 || i > 255) {
            throw new IllegalArgumentException("version must be a byte");
        }
        if (this.cryptVersions[i] != null) {
            throw new IllegalArgumentException("version " + i + " is already defined");
        }
        this.cryptVersions[i] = cryptVersion;
        if (i > this.defaultVersion) {
            this.defaultVersion = i;
        }
        return this;
    }

    public CryptVault withDefaultKeyVersion(int i) {
        if (i < 0 || i > 255) {
            throw new IllegalArgumentException("version must be a byte");
        }
        if (this.cryptVersions[i] == null) {
            throw new IllegalArgumentException("version " + i + " is undefined");
        }
        this.defaultVersion = i;
        return this;
    }

    Cipher cipher(String str) {
        try {
            return Cipher.getInstance(str);
        } catch (Exception e) {
            throw new IllegalStateException("spring-data-mongodb-encrypt: init failed for cipher " + str, e);
        }
    }

    @Scheduled(initialDelay = 3600000, fixedDelay = 3600000)
    public void reinitSecureRandomHourly() {
        this.SECURE_RANDOM = new SecureRandom();
    }

    byte[] urandomBytes(int i) {
        byte[] bArr = new byte[i];
        this.SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    public byte[] encrypt(byte[] bArr) {
        return encrypt(this.defaultVersion, bArr);
    }

    public byte[] encrypt(int i, byte[] bArr) {
        CryptVersion cryptVersion = cryptVersion(i);
        try {
            int intValue = cryptVersion.encryptedLength.apply(Integer.valueOf(bArr.length)).intValue();
            byte[] bArr2 = new byte[intValue + cryptVersion.saltLength + 1];
            bArr2[0] = toSignedByte(i);
            byte[] urandomBytes = urandomBytes(cryptVersion.saltLength);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(urandomBytes);
            System.arraycopy(urandomBytes, 0, bArr2, 1, cryptVersion.saltLength);
            Cipher cipher = cipher(cryptVersion.cipher);
            cipher.init(1, cryptVersion.key, ivParameterSpec);
            int doFinal = cipher.doFinal(bArr, 0, bArr.length, bArr2, cryptVersion.saltLength + 1);
            if (doFinal < intValue) {
                LOG.info("len was " + doFinal + " instead of " + intValue);
            }
            return bArr2;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
            throw new CryptOperationException("JCE exception caught while encrypting with version " + i, e);
        }
    }

    public byte[] decrypt(byte[] bArr) {
        int fromSignedByte = fromSignedByte(bArr[0]);
        CryptVersion cryptVersion = cryptVersion(fromSignedByte);
        try {
            byte[] bArr2 = new byte[cryptVersion.saltLength];
            System.arraycopy(bArr, 1, bArr2, 0, cryptVersion.saltLength);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            Cipher cipher = cipher(this.cryptVersions[fromSignedByte].cipher);
            cipher.init(2, this.cryptVersions[fromSignedByte].key, ivParameterSpec);
            return cipher.doFinal(bArr, cryptVersion.saltLength + 1, (bArr.length - cryptVersion.saltLength) - 1);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            throw new CryptOperationException("JCE exception caught while decrypting with key version " + fromSignedByte, e);
        }
    }

    public int expectedCryptedLength(int i) {
        return expectedCryptedLength(this.defaultVersion, i);
    }

    public int expectedCryptedLength(int i, int i2) {
        CryptVersion cryptVersion = cryptVersion(i);
        return cryptVersion.saltLength + 1 + cryptVersion.encryptedLength.apply(Integer.valueOf(i2)).intValue();
    }

    private CryptVersion cryptVersion(int i) {
        try {
            CryptVersion cryptVersion = this.cryptVersions[i];
            if (cryptVersion == null) {
                throw new IllegalArgumentException("version " + i + " undefined");
            }
            return cryptVersion;
        } catch (IndexOutOfBoundsException e) {
            if (i < 0) {
                throw new IllegalStateException("encryption keys are not initialized");
            }
            throw new IllegalArgumentException("version must be a byte (0-255)");
        }
    }

    public int size() {
        int i = 0;
        for (int i2 = 0; i2 < this.cryptVersions.length; i2++) {
            if (this.cryptVersions[i2] != null) {
                i++;
            }
        }
        return i;
    }

    public static byte toSignedByte(int i) {
        return (byte) (i - 128);
    }

    public static int fromSignedByte(byte b) {
        return b - Byte.MIN_VALUE;
    }

    static {
        JCEPolicy.allowUnlimitedStrength();
    }
}
