package tv.hd3g.authkit.mod.service;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:tv/hd3g/authkit/mod/service/CipherServiceImpl.class */
public class CipherServiceImpl implements CipherService {
    private static final String SHA3_512 = "SHA3-512";
    private static Logger log = LogManager.getLogger();
    private SecureRandom random;
    private final SecretKey secretKey;
    private final int ivSize;
    private final String transformation;
    private final int gCMParameterSpecLen;

    public CipherServiceImpl(@Value("${authkit.cipher_secret}") String str, @Value("${authkit.cipher_ivsize:12}") int i, @Value("${authkit.cipher_transformation:AES/GCM/NoPadding}") String str2, @Value("${authkit.cipher_GCMParameterSpecLen:128}") int i2) throws GeneralSecurityException {
        byte[] decode = Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8));
        this.secretKey = new SecretKeySpec(decode, "AES");
        try {
            this.random = SecureRandom.getInstance("NATIVEPRNGNONBLOCKING");
        } catch (NoSuchAlgorithmException e) {
            this.random = SecureRandom.getInstanceStrong();
        }
        this.ivSize = i;
        this.transformation = str2;
        this.gCMParameterSpecLen = i2;
        log.debug(() -> {
            return "Init cipher with secret width=" + (decode.length * 8) + " bits, ivSize=" + i + ", transformation=" + str2 + ", GCMParameterSpecLen=" + i2;
        });
        try {
            String str3 = new String(internalUnCipher(internalCipher("check".getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
            if (!str3.equals("check")) {
                throw new GeneralSecurityException("Invalid autotest result: " + str3);
            }
            try {
                MessageDigest.getInstance(SHA3_512);
            } catch (NoSuchAlgorithmException e2) {
                log.error("Init SHA-3 digest, check JVM setup/version", e2);
                throw e2;
            }
        } catch (GeneralSecurityException e3) {
            log.error("Can't do cipher self test, check JVM setup/key configuration", e3);
            throw e3;
        }
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public Random getSecureRandom() {
        return this.random;
    }

    private byte[] internalCipher(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[this.ivSize];
        this.random.nextBytes(bArr2);
        Cipher cipher = Cipher.getInstance(this.transformation);
        cipher.init(1, this.secretKey, new GCMParameterSpec(this.gCMParameterSpecLen, bArr2));
        byte[] doFinal = cipher.doFinal(bArr);
        Arrays.fill(bArr, (byte) 0);
        ByteBuffer allocate = ByteBuffer.allocate(4 + bArr2.length + doFinal.length);
        allocate.putInt(bArr2.length);
        allocate.put(bArr2);
        Arrays.fill(bArr2, (byte) 0);
        allocate.put(doFinal);
        return allocate.array();
    }

    private byte[] internalUnCipher(byte[] bArr) throws GeneralSecurityException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[wrap.getInt()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        Cipher cipher = Cipher.getInstance(this.transformation);
        cipher.init(2, this.secretKey, new GCMParameterSpec(this.gCMParameterSpecLen, bArr2));
        return cipher.doFinal(bArr3);
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public byte[] cipherFromData(byte[] bArr) {
        try {
            return internalCipher(bArr);
        } catch (GeneralSecurityException e) {
            log.error("Can't do cipher operation", e);
            return new byte[0];
        }
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public byte[] unCipherToData(byte[] bArr) {
        try {
            return internalUnCipher(bArr);
        } catch (GeneralSecurityException e) {
            log.error("Can't do cipher operation", e);
            return new byte[0];
        }
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public byte[] cipherFromString(String str) {
        return cipherFromData(str.getBytes(StandardCharsets.UTF_8));
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public String unCipherToString(byte[] bArr) {
        return new String(unCipherToData(bArr), StandardCharsets.UTF_8);
    }

    public static final String byteToString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            int i = b & 255;
            if (i < 16) {
                sb.append(0);
            }
            sb.append(Integer.toString(i, 16).toLowerCase());
        }
        return sb.toString();
    }

    @Override // tv.hd3g.authkit.mod.service.CipherService
    public String computeSHA3FromString(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SHA3_512);
            messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
            return byteToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }
}
