package de.petendi.commons.crypto;

import de.petendi.commons.crypto.connector.SecurityProviderConnector;
import de.petendi.commons.crypto.model.HybridEncrypted;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:lib/commons-crypto-2.0.0.jar:de/petendi/commons/crypto/HybridCrypto.class */
public class HybridCrypto {
    private final String SYMMETRIC_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private byte[] iv = null;
    private SecretKey symmetricKey = null;
    private byte[] concatenated = null;
    private HybridEncrypted encryptedMessage = new HybridEncrypted();
    private AsymmetricCrypto asymmetricCrypto;
    private final SecurityProviderConnector securityProviderConnector;

    public HybridCrypto(SecurityProviderConnector securityProviderConnector) {
        this.securityProviderConnector = securityProviderConnector;
        this.asymmetricCrypto = new AsymmetricCrypto(securityProviderConnector);
        this.encryptedMessage.setHeaders(new HashMap());
        this.encryptedMessage.setRecipients(new HashMap());
        this.encryptedMessage.setCertificates(new HashMap());
    }

    private synchronized void createSymmetricPassphrase() {
        if (this.symmetricKey == null) {
            this.symmetricKey = this.securityProviderConnector.generateSecretKey();
            SecureRandom secureRandom = new SecureRandom();
            this.iv = new byte[16];
            secureRandom.nextBytes(this.iv);
            byte[] encoded = this.symmetricKey.getEncoded();
            this.concatenated = new byte[this.iv.length + encoded.length];
            System.arraycopy(this.iv, 0, this.concatenated, 0, this.iv.length);
            System.arraycopy(encoded, 0, this.concatenated, this.iv.length, encoded.length);
        }
    }

    public HybridCrypto addRecipient(String str, Reader reader) {
        try {
            createSymmetricPassphrase();
            String iOUtils = IOUtils.toString(reader);
            this.encryptedMessage.getRecipients().put(str, this.asymmetricCrypto.encrypt(this.concatenated, new StringReader(iOUtils)));
            this.encryptedMessage.getCertificates().put(str, iOUtils);
            return this;
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    public HybridCrypto addRecipient(String str, X509Certificate x509Certificate) {
        try {
            createSymmetricPassphrase();
            this.encryptedMessage.getRecipients().put(str, this.asymmetricCrypto.encrypt(this.concatenated, x509Certificate.getPublicKey()));
            StringWriter stringWriter = new StringWriter();
            this.securityProviderConnector.writeCertificate(stringWriter, x509Certificate);
            this.encryptedMessage.getCertificates().put(str, stringWriter.toString());
            return this;
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    public HybridEncrypted build(byte[] bArr, char[] cArr, InputStream inputStream) {
        this.encryptedMessage.setSignature(new Signature(this.securityProviderConnector).sign(encryptInternal(bArr), cArr, inputStream));
        return this.encryptedMessage;
    }

    public HybridEncrypted build(byte[] bArr, PrivateKey privateKey) {
        this.encryptedMessage.setSignature(new Signature(this.securityProviderConnector).sign(encryptInternal(bArr), privateKey));
        return this.encryptedMessage;
    }

    private byte[] encryptInternal(byte[] bArr) {
        createSymmetricPassphrase();
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, this.symmetricKey, new IvParameterSpec(this.iv));
            byte[] doFinal = cipher.doFinal(bArr);
            this.encryptedMessage.setEncryptedBody(doFinal);
            return doFinal;
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public byte[] decrypt(HybridEncrypted hybridEncrypted, String str, char[] cArr, InputStream inputStream) {
        try {
            ArrayList<byte[]> retrieveSecretAndIV = retrieveSecretAndIV(hybridEncrypted.getRecipients().get(str), cArr, inputStream);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(retrieveSecretAndIV.get(1), 0, retrieveSecretAndIV.get(1).length, "AES"), new IvParameterSpec(retrieveSecretAndIV.get(0)));
            return cipher.doFinal(hybridEncrypted.getEncryptedBody());
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    public byte[] decrypt(HybridEncrypted hybridEncrypted, String str, PrivateKey privateKey) {
        try {
            ArrayList<byte[]> retrieveSecretAndIV = retrieveSecretAndIV(hybridEncrypted.getRecipients().get(str), privateKey);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(retrieveSecretAndIV.get(1), 0, retrieveSecretAndIV.get(1).length, "AES"), new IvParameterSpec(retrieveSecretAndIV.get(0)));
            return cipher.doFinal(hybridEncrypted.getEncryptedBody());
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private ArrayList<byte[]> retrieveSecretAndIV(byte[] bArr, PrivateKey privateKey) {
        return splitSecretAndIV(this.asymmetricCrypto.decrypt(bArr, privateKey));
    }

    private ArrayList<byte[]> retrieveSecretAndIV(byte[] bArr, char[] cArr, InputStream inputStream) {
        return splitSecretAndIV(this.asymmetricCrypto.decrypt(bArr, cArr, inputStream));
    }

    private ArrayList<byte[]> splitSecretAndIV(byte[] bArr) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 16);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 16, bArr.length);
        ArrayList<byte[]> arrayList = new ArrayList<>(2);
        arrayList.add(0, copyOfRange);
        arrayList.add(1, copyOfRange2);
        return arrayList;
    }
}
