package org.apache.qpid.server.security.encryption;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.qpid.server.util.Strings;

/* loaded from: input_file:org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.class */
class AESKeyFileEncrypter implements ConfigurationSecretEncrypter {
    private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
    private static final int AES_INITIALIZATION_VECTOR_LENGTH = 16;
    private static final String AES_ALGORITHM = "AES";
    private final SecretKey _secretKey;
    private final SecureRandom _random = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AESKeyFileEncrypter(SecretKey secretKey) {
        if (secretKey == null) {
            throw new NullPointerException("A non null secret key must be supplied");
        }
        if (!AES_ALGORITHM.equals(secretKey.getAlgorithm())) {
            throw new IllegalArgumentException("Provided secret key was for the algorithm: " + secretKey.getAlgorithm() + "when" + AES_ALGORITHM + "was needed.");
        }
        this._secretKey = secretKey;
    }

    @Override // org.apache.qpid.server.security.encryption.ConfigurationSecretEncrypter
    public String encrypt(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            byte[] bArr = new byte[16];
            this._random.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(CIPHER_NAME);
            cipher.init(1, this._secretKey, new IvParameterSpec(bArr));
            byte[] readFromCipherStream = EncryptionHelper.readFromCipherStream(bytes, cipher);
            byte[] bArr2 = new byte[16 + readFromCipherStream.length];
            System.arraycopy(bArr, 0, bArr2, 0, 16);
            System.arraycopy(readFromCipherStream, 0, bArr2, 16, readFromCipherStream.length);
            return Base64.getEncoder().encodeToString(bArr2);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("Unable to encrypt secret", e);
        }
    }

    @Override // org.apache.qpid.server.security.encryption.ConfigurationSecretEncrypter
    public String decrypt(String str) {
        if (!EncryptionHelper.isValidBase64(str)) {
            throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + str + "'");
        }
        byte[] decodeBase64 = Strings.decodeBase64(str);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_NAME);
            cipher.init(2, this._secretKey, new IvParameterSpec(decodeBase64, 0, 16));
            return new String(EncryptionHelper.readFromCipherStream(decodeBase64, 16, decodeBase64.length - 16, cipher), StandardCharsets.UTF_8);
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("Unable to decrypt secret", e);
        }
    }
}
