package uk.gov.ida.common.shared.security;

import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Optional;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:uk/gov/ida/common/shared/security/CryptoHelper.class */
public class CryptoHelper {
    private static final Logger LOG = LoggerFactory.getLogger(CryptoHelper.class);
    static final int KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES = 16;
    private static final String UTF8 = "UTF-8";
    private static final String CIPHER_SUITE = "AES/CBC/PKCS5Padding";
    private static final int PADDED_LENGTH = 528;
    private final SecretKeySpec aesKey;
    private final SecureRandom random;
    private IvParameterSpec iv;

    public CryptoHelper(String str) {
        byte[] unBase64 = unBase64(str);
        if (unBase64.length != KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES) {
            throw new IllegalArgumentException("Incorrect key length");
        }
        this.aesKey = new SecretKeySpec(unBase64, "AES");
        this.random = new SecureRandom();
        this.iv = new IvParameterSpec(getInitializationVector());
    }

    public Optional<String> encrypt_yesIKnowThisCryptoCodeHasNotBeenAudited(String str) {
        try {
            byte[] addNonceAndPadding = addNonceAndPadding(bytes(str));
            try {
                return Optional.of(base64(encrypt(addNonceAndPadding)));
            } catch (GeneralSecurityException e) {
                LOG.warn(MessageFormat.format("Unable to encode: {0}, exception message: {1}", addNonceAndPadding, e.getMessage()));
                return Optional.empty();
            }
        } catch (UnsupportedEncodingException e2) {
            LOG.warn(MessageFormat.format("UnsupportedEncoding (not UTF8) for entityId: {0}", str));
            return Optional.empty();
        }
    }

    public Optional<String> decrypt_yesIKnowThisCryptoCodeHasNotBeenAudited(String str) {
        if (str.isEmpty()) {
            LOG.warn("entityId is empty");
            return Optional.empty();
        }
        byte[] unBase64 = unBase64(str);
        try {
            byte[] removeNonceAndPadding = removeNonceAndPadding(decrypt(unBase64));
            try {
                return Optional.of(string(removeNonceAndPadding));
            } catch (UnsupportedEncodingException e) {
                LOG.warn(MessageFormat.format("UnsupportedEncoding (UTF8) could not encode entityId as utf8: {0}", removeNonceAndPadding));
                return Optional.empty();
            }
        } catch (InvalidKeyException e2) {
            LOG.warn(MessageFormat.format("Key is invalid for message: {0}", unBase64));
            return Optional.empty();
        } catch (BadPaddingException e3) {
            LOG.warn(MessageFormat.format("BadPadding (possibly incorrect key) trying to decrypt message: {0}", unBase64));
            return Optional.empty();
        } catch (GeneralSecurityException e4) {
            LOG.warn(MessageFormat.format("Failed to decrypt message: {0}", unBase64));
            return Optional.empty();
        }
    }

    private byte[] unBase64(String str) {
        return DatatypeConverter.parseBase64Binary(str);
    }

    private String base64(byte[] bArr) {
        return DatatypeConverter.printBase64Binary(bArr);
    }

    private byte[] bytes(String str) throws UnsupportedEncodingException {
        return str.getBytes(UTF8);
    }

    private String string(byte[] bArr) throws UnsupportedEncodingException {
        return new String(bArr, UTF8);
    }

    private byte[] addNonceAndPadding(byte[] bArr) {
        if (bArr.length + KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES > PADDED_LENGTH) {
            throw new IllegalArgumentException("That's a very long IDP entityId!");
        }
        byte[] bArr2 = new byte[PADDED_LENGTH];
        System.arraycopy(newNonce(), 0, bArr2, 0, KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES);
        System.arraycopy(bArr, 0, bArr2, KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES, bArr.length);
        return bArr2;
    }

    private byte[] removeNonceAndPadding(byte[] bArr) {
        int i = KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES;
        while (i < bArr.length && bArr[i] != 0) {
            i++;
        }
        byte[] bArr2 = new byte[i - KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES];
        System.arraycopy(bArr, KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(CIPHER_SUITE);
        cipher.init(1, this.aesKey, this.iv);
        return cipher.doFinal(bArr);
    }

    private byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(CIPHER_SUITE);
        cipher.init(2, this.aesKey, this.iv);
        return cipher.doFinal(bArr);
    }

    private byte[] getInitializationVector() {
        return newNonce();
    }

    private byte[] newNonce() {
        byte[] bArr = new byte[KEY_AND_NONCE_AND_IV_LENGTH_IN_BYTES];
        this.random.nextBytes(bArr);
        return bArr;
    }
}
