package net.jrouter.worker.common.security.service;

import cn.hutool.core.codec.Base64Decoder;
import cn.hutool.core.util.StrUtil;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.jrouter.worker.common.JWorkerException;
import net.jrouter.worker.common.config.CommonProperties;
import net.jrouter.worker.common.util.CommonConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/jrouter/worker/common/security/service/AesService.class */
public class AesService {
    private static final Logger log = LoggerFactory.getLogger(AesService.class);
    private static final String AES_ALGORITHM = "AES";
    private static final String AES_ALGORITHM_NAME = "AES/CBC/PKCS5Padding";
    private static final int AES_KEY_LENGTH = 32;
    private static final int IV_KEY_LENGTH = 16;
    private final transient byte[] aesSecret;
    private final int aesSecretLength;
    private final transient byte[] aesIv;
    private final transient String cipherName;

    public AesService(CommonProperties.Aes aes) {
        if (StrUtil.isBlank(aes.getSecret())) {
            throw new IllegalArgumentException("AES secret should not be blank.");
        }
        byte[] bytes = StrUtil.bytes(aes.getSecret(), StandardCharsets.UTF_8);
        if (bytes.length > AES_KEY_LENGTH) {
            log.warn("AES key length {} exceeds {}, will be truncated", Integer.valueOf(bytes.length), Integer.valueOf(AES_KEY_LENGTH));
        }
        this.aesSecretLength = getSecretLength(aes.getSecretLength());
        this.aesSecret = buildKey(bytes, this.aesSecretLength);
        byte[] bytes2 = StrUtil.bytes(aes.getIv(), StandardCharsets.UTF_8);
        this.aesIv = bytes2 == null ? null : buildKey(bytes2, IV_KEY_LENGTH);
        this.cipherName = StrUtil.blankToDefault(aes.getCipherName(), AES_ALGORITHM_NAME);
    }

    public byte[] encrypt(byte[] bArr) {
        return encrypt(bArr, this.aesSecret, this.aesIv);
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] buildKey = buildKey(bArr2, this.aesSecretLength);
        byte[] buildIv = buildIv(bArr3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(buildKey, AES_ALGORITHM);
        try {
            Cipher cipher = Cipher.getInstance(this.cipherName);
            AlgorithmParameterSpec algorithmParameterSpec = getAlgorithmParameterSpec(buildIv);
            if (algorithmParameterSpec == null) {
                cipher.init(1, secretKeySpec);
            } else {
                cipher.init(1, secretKeySpec, algorithmParameterSpec);
            }
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            throw new JWorkerException(e);
        }
    }

    public String encrypt(String str) {
        return new String(Base64.getEncoder().encode(encrypt(str.getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
    }

    public String encryptUrlSafe(String str) {
        return new String(CommonConstants.BASE64_URL_ENCODER.encode(encrypt(str.getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
    }

    public String encrypt(String str, byte[] bArr, byte[] bArr2) {
        return new String(Base64.getEncoder().encode(encrypt(str.getBytes(StandardCharsets.UTF_8), buildKey(bArr, this.aesSecretLength), buildIv(bArr2))), StandardCharsets.UTF_8);
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] buildKey = buildKey(bArr2, this.aesSecretLength);
        byte[] buildIv = buildIv(bArr3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(buildKey, AES_ALGORITHM);
        try {
            Cipher cipher = Cipher.getInstance(this.cipherName);
            AlgorithmParameterSpec algorithmParameterSpec = getAlgorithmParameterSpec(buildIv);
            if (algorithmParameterSpec == null) {
                cipher.init(2, secretKeySpec);
            } else {
                cipher.init(2, secretKeySpec, algorithmParameterSpec);
            }
            return cipher.doFinal(Base64Decoder.decode(bArr));
        } catch (GeneralSecurityException e) {
            throw new JWorkerException(e);
        }
    }

    public byte[] decrypt(byte[] bArr) {
        return decrypt(bArr, this.aesSecret, this.aesIv);
    }

    public String decryptString(byte[] bArr) {
        return new String(decrypt(bArr), StandardCharsets.UTF_8);
    }

    public String decryptString(String str, byte[] bArr, byte[] bArr2) {
        return new String(decrypt(str.getBytes(StandardCharsets.UTF_8), buildKey(bArr, this.aesSecretLength), buildIv(bArr2)), StandardCharsets.UTF_8);
    }

    public String decryptString(String str) {
        return decryptString(str.getBytes(StandardCharsets.UTF_8));
    }

    private AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return new IvParameterSpec(bArr);
    }

    private static int getSecretLength(int i) {
        return i < AES_KEY_LENGTH ? IV_KEY_LENGTH : AES_KEY_LENGTH;
    }

    private static byte[] buildIv(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return buildKey(bArr, IV_KEY_LENGTH);
    }

    private static byte[] buildKey(byte[] bArr, int i) {
        return bArr.length == i ? bArr : Arrays.copyOf(bArr, i);
    }
}
