package com.solutionappliance.core.crypto.cipher;

import com.solutionappliance.core.crypto.SaCryptoException;
import com.solutionappliance.core.crypto.digest.CommonDigest;
import com.solutionappliance.core.crypto.digest.Digestible;
import com.solutionappliance.core.crypto.key.SaRsaPrivateKey;
import com.solutionappliance.core.crypto.key.SaRsaPublicKey;
import com.solutionappliance.core.crypto.property.CryptoConfig;
import com.solutionappliance.core.data.int8.ByteArray;
import com.solutionappliance.core.data.int8.ByteReader;
import com.solutionappliance.core.data.int8.ByteWriter;
import com.solutionappliance.core.data.int8.array.ByteArrayBuilder;
import com.solutionappliance.core.data.int8.array.ImmutableByteArray;
import com.solutionappliance.core.data.int8.codec.DataCodecs;
import com.solutionappliance.core.data.int8.codec.TextCodec;
import com.solutionappliance.core.data.int8.codec.VariableLengthEncoder;
import com.solutionappliance.core.entity.codegen.WrapperClassFile;
import com.solutionappliance.core.io.SaIoRuntimeException;
import com.solutionappliance.core.lang.MultiPartName;
import com.solutionappliance.core.system.ActorContext;
import com.solutionappliance.core.text.writer.TextPrinter;
import com.solutionappliance.core.type.JavaType;
import com.solutionappliance.core.util.StringUtil;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.checkerframework.dataflow.qual.SideEffectFree;

/* loaded from: input_file:com/solutionappliance/core/crypto/cipher/AesWithRsaKeyCipher.class */
public class AesWithRsaKeyCipher implements SaCipher {
    public static final JavaType<AesWithRsaKeyCipher> type = (JavaType) JavaType.forClass(AesWithRsaKeyCipher.class).convertsFrom(ByteArray.rawType, (actorContext, byteArray) -> {
        return valueOf(actorContext, byteArray);
    });
    private final String rsaKeyName;
    private final SaRsaPrivateKey privKey;
    private final int bitStrength;
    private final ByteArray salt;
    private final String algorithm = "AES/CBC/PKCS5Padding";

    public AesWithRsaKeyCipher(ActorContext actorContext, String str) {
        this(actorContext, str, WrapperClassFile.ADDTO_LIST);
    }

    public AesWithRsaKeyCipher(ActorContext actorContext, String str, int i) {
        this.algorithm = "AES/CBC/PKCS5Padding";
        CryptoConfig cryptoConfig = CryptoConfig.key.get(actorContext);
        this.rsaKeyName = str;
        this.privKey = (SaRsaPrivateKey) CryptoConfig.key.get(actorContext).getPrivateKey(actorContext, str, SaRsaPrivateKey.type);
        this.bitStrength = i;
        this.salt = cryptoConfig.randomBytes(16);
    }

    public AesWithRsaKeyCipher(SaRsaPrivateKey saRsaPrivateKey, int i) {
        this.algorithm = "AES/CBC/PKCS5Padding";
        this.rsaKeyName = null;
        this.privKey = saRsaPrivateKey;
        this.bitStrength = i;
        this.salt = ByteArray.valueOf(new byte[16]);
    }

    public AesWithRsaKeyCipher(SaRsaPrivateKey saRsaPrivateKey, int i, Digestible... digestibleArr) {
        this.algorithm = "AES/CBC/PKCS5Padding";
        this.rsaKeyName = null;
        this.privKey = saRsaPrivateKey;
        this.bitStrength = i;
        if (digestibleArr.length == 0) {
            this.salt = ByteArray.valueOf(new byte[16]);
        } else {
            this.salt = CommonDigest.sha256.digest(digestibleArr).slice(0, 16);
        }
    }

    private AesWithRsaKeyCipher(ActorContext actorContext, String str, int i, ByteArray byteArray, int i2) {
        this.algorithm = "AES/CBC/PKCS5Padding";
        this.rsaKeyName = str;
        this.privKey = (SaRsaPrivateKey) CryptoConfig.key.get(actorContext).getPrivateKey(actorContext, str, SaRsaPrivateKey.type);
        this.salt = byteArray;
        this.bitStrength = i;
    }

    public static final AesWithRsaKeyCipher valueOf(ActorContext actorContext, ByteArray byteArray) {
        ByteReader openReader = byteArray.openReader();
        try {
            int readAsInt = openReader.readAsInt();
            if (readAsInt != 1) {
                throw new SaIoRuntimeException(new MultiPartName("sacore", "crypto", "aeswithrsa", "invalid"), "Unsupported version $[version]", null).add("version", (Object) Integer.valueOf(readAsInt));
            }
            AesWithRsaKeyCipher aesWithRsaKeyCipher = new AesWithRsaKeyCipher(actorContext, StringUtil.removePrefix((String) openReader.read(TextCodec.varLenUtf8), "privateKey."), ((Long) openReader.read(VariableLengthEncoder.codec)).intValue(), (ByteArray) openReader.read(DataCodecs.varLenByteArray), readAsInt);
            if (openReader != null) {
                openReader.close();
            }
            return aesWithRsaKeyCipher;
        } catch (Throwable th) {
            if (openReader != null) {
                try {
                    openReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public String encodedId() {
        if (this.rsaKeyName == null) {
            throw new IllegalStateException("Cannot encode cipher as rsaKey name was not provided");
        }
        ByteArrayBuilder byteArrayBuilder = new ByteArrayBuilder(WrapperClassFile.ADDTO_LIST);
        try {
            byteArrayBuilder.write(1);
            byteArrayBuilder.write(VariableLengthEncoder.codec, Long.valueOf(this.bitStrength));
            byteArrayBuilder.write(TextCodec.varLenUtf8, this.rsaKeyName);
            byteArrayBuilder.write(DataCodecs.varLenByteArray, this.salt);
            String str = (String) byteArrayBuilder.done().read(TextCodec.base64url);
            byteArrayBuilder.close();
            return str;
        } catch (Throwable th) {
            try {
                byteArrayBuilder.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @SideEffectFree
    public String toString() {
        return TextPrinter.forClass(getClass()).printKeyValueLine("pkName", this.rsaKeyName).printKeyValueLine("pk", this.privKey).printKeyValueLine("alg", "AES/CBC/PKCS5Padding").printKeyValueLine("strength", Integer.valueOf(this.bitStrength)).printKeyValueLine("salt", this.salt.read(TextCodec.base64url)).done().toString();
    }

    private Cipher toEncryptionCipher(ActorContext actorContext, ByteWriter byteWriter) {
        SaRsaPublicKey publicKey = this.privKey.toPublicKey();
        CryptoConfig cryptoConfig = CryptoConfig.key.get(actorContext);
        try {
            byteWriter.write(1);
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(this.bitStrength);
            SecretKey generateKey = keyGenerator.generateKey();
            byteWriter.write(DataCodecs.varLenByteArray, publicKey.encrypt(actorContext, ByteArray.valueOf(generateKey.getEncoded())));
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, generateKey, new IvParameterSpec(this.salt.toArray()));
            byteWriter.write(ByteArray.valueOf(cipher.update(cryptoConfig.randomBytes(32).toArray())));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new SaCryptoException(new MultiPartName("sacore", "crypto", "aes", "Cipher failed"), e.getMessage(), e);
        }
    }

    @Override // com.solutionappliance.core.crypto.cipher.Encryptor
    public CipherWriter encryptionWriter(ActorContext actorContext) {
        ByteArrayBuilder byteArrayBuilder = new ByteArrayBuilder(16384, 1073741824);
        return CipherWriter.valueOf(toEncryptionCipher(actorContext, byteArrayBuilder), byteArrayBuilder);
    }

    @Override // com.solutionappliance.core.crypto.cipher.Encryptor
    public EncryptionWriter encryptionWriter(ActorContext actorContext, ByteWriter byteWriter) {
        return new EncryptionWriter(toEncryptionCipher(actorContext, byteWriter), byteWriter);
    }

    private Cipher toDecryptionCipher(ActorContext actorContext, ByteReader byteReader, int i) {
        try {
            if (i != 1) {
                throw new SaIoRuntimeException(new MultiPartName("sacore", "crypto", "aeswithrsa", "invalid"), "Unsupported version $[version]", null).add("version", (Object) Integer.valueOf(i));
            }
            ByteArray decrypt = this.privKey.decrypt(actorContext, (ByteArray) byteReader.read(DataCodecs.varLenByteArray));
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(decrypt.toArray(), "AES"), new IvParameterSpec(this.salt.toArray()));
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new SaCryptoException(new MultiPartName("sacore", "crypto", "aes", "Cipher failed"), e.getMessage(), e);
        }
    }

    @Override // com.solutionappliance.core.crypto.cipher.Decryptor
    public ByteArray decrypt(ActorContext actorContext, ByteArray byteArray) {
        try {
            ByteReader openReader = byteArray.openReader();
            try {
                ImmutableByteArray valueOf = ByteArray.valueOf(toDecryptionCipher(actorContext, openReader, openReader.readAsInt()).doFinal(openReader.readArrayFully().toArray()));
                ImmutableByteArray slice = valueOf.slice(32, valueOf.size() - 32);
                if (openReader != null) {
                    openReader.close();
                }
                return slice;
            } finally {
            }
        } catch (GeneralSecurityException e) {
            throw new SaCryptoException(new MultiPartName("sacore", "crypto", "aes", "Cipher failed"), e.getMessage(), e);
        }
    }

    @Override // com.solutionappliance.core.crypto.cipher.Decryptor
    public AesDecryptionReader decryptionReader(ActorContext actorContext, ByteReader byteReader) {
        AesDecryptionReader aesDecryptionReader = new AesDecryptionReader(toDecryptionCipher(actorContext, byteReader, byteReader.readAsInt()), byteReader);
        aesDecryptionReader.skip(32);
        return aesDecryptionReader;
    }
}
