package org.apache.knox.gateway.services.security.impl;

import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.i18n.GatewaySpiMessages;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.security.EncryptionResult;

/* loaded from: input_file:org/apache/knox/gateway/services/security/impl/ConfigurableEncryptor.class */
public class ConfigurableEncryptor {
    private static final GatewaySpiMessages LOG = (GatewaySpiMessages) MessagesFactory.get(GatewaySpiMessages.class);
    private static final int ITERATION_COUNT = 65536;
    private static final int KEY_LENGTH = 128;
    private char[] passPhrase;
    private String alg = "AES";
    private String pbeAlg = "PBKDF2WithHmacSHA1";
    private String transformation = "AES/CBC/PKCS5Padding";
    private int saltSize = 8;
    private int iterationCount = ITERATION_COUNT;
    private int keyLength = KEY_LENGTH;

    public ConfigurableEncryptor(String str) {
        this.passPhrase = str.toCharArray();
    }

    public void init(GatewayConfig gatewayConfig) {
        if (gatewayConfig != null) {
            String algorithm = gatewayConfig.getAlgorithm();
            if (algorithm != null) {
                this.alg = algorithm;
            }
            String pBEAlgorithm = gatewayConfig.getPBEAlgorithm();
            if (pBEAlgorithm != null) {
                this.pbeAlg = pBEAlgorithm;
            }
            String transformation = gatewayConfig.getTransformation();
            if (transformation != null) {
                this.transformation = transformation;
            }
            String saltSize = gatewayConfig.getSaltSize();
            if (saltSize != null) {
                this.saltSize = Integer.parseInt(saltSize);
            }
            String iterationCount = gatewayConfig.getIterationCount();
            if (iterationCount != null) {
                this.iterationCount = Integer.parseInt(iterationCount);
            }
            String keyLength = gatewayConfig.getKeyLength();
            if (keyLength != null) {
                this.keyLength = Integer.parseInt(keyLength);
            }
        }
    }

    public SecretKey getKeyFromPassword(String str, byte[] bArr) {
        SecretKey secretKey = null;
        try {
            secretKey = SecretKeyFactory.getInstance(this.pbeAlg).generateSecret(new PBEKeySpec(str.toCharArray(), bArr, this.iterationCount, this.keyLength));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.failedToGenerateKeyFromPassword(e);
        }
        return secretKey;
    }

    public EncryptionResult encrypt(String str) throws Exception {
        return encrypt(str.getBytes(StandardCharsets.UTF_8));
    }

    public EncryptionResult encrypt(byte[] bArr) throws Exception {
        byte[] bArr2 = new byte[this.saltSize];
        new SecureRandom().nextBytes(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(getKeyFromPassword(new String(this.passPhrase), bArr2).getEncoded(), this.alg);
        Cipher cipher = Cipher.getInstance(this.transformation);
        cipher.init(1, secretKeySpec);
        return new EncryptionResult(bArr2, ((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), cipher.doFinal(bArr));
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(getKeyFromPassword(new String(this.passPhrase), bArr).getEncoded(), this.alg);
        Cipher cipher = Cipher.getInstance(this.transformation);
        cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
        return cipher.doFinal(bArr3);
    }
}
