package fi.vm.sade.haku.oppija.lomake.service.impl;

import fi.vm.sade.haku.oppija.lomake.exception.ConfigurationException;
import fi.vm.sade.haku.oppija.lomake.service.EncrypterService;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service("aesEncrypter")
/* loaded from: input_file:WEB-INF/lib/hakemus-api-15.1-SNAPSHOT.jar:fi/vm/sade/haku/oppija/lomake/service/impl/AESEncrypter.class */
public class AESEncrypter implements EncrypterService {
    private static final int ITERATION_COUNT = 65436;
    private static final int KEY_LENGTH = 256;
    public static final int IV_SIZE = 16;
    private static final String RANDOM_ALGORITHM = "SHA1PRNG";
    public static final String AES = "AES";
    public static final String AES_CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";
    public static final String PBKDF_2_WITH_HMAC_SHA_1 = "PBKDF2WithHmacSHA1";
    public static final String CHARSET_NAME = "UTF-8";
    private final SecretKey secret;
    private Cipher encryptionCipher;
    private Cipher decryptionCipher;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AESEncrypter.class);
    private static final Lock encryptionLock = new ReentrantLock();
    private static final Lock decryptionLock = new ReentrantLock();

    @Autowired
    public AESEncrypter(@Value("${hakemus.aes.key}") String str, @Value("${hakemus.aes.salt}") String str2) throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException {
        this.secret = new SecretKeySpec(SecretKeyFactory.getInstance(PBKDF_2_WITH_HMAC_SHA_1).generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes("UTF-8"), ITERATION_COUNT, 256)).getEncoded(), "AES");
        initDecryptionCipher();
        initEncryptionCipher();
    }

    private void initEncryptionCipher() {
        try {
            this.encryptionCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        } catch (GeneralSecurityException e) {
            LOG.error("Encryption Cipher initialization failed", (Throwable) e);
        }
    }

    private void initDecryptionCipher() {
        try {
            this.decryptionCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        } catch (GeneralSecurityException e) {
            LOG.error("Decryption Cipher initialization failed", (Throwable) e);
        }
    }

    @Override // fi.vm.sade.haku.oppija.lomake.service.EncrypterService
    public String encrypt(String str) {
        try {
            return encryptInternal(str);
        } catch (UnsupportedEncodingException e) {
            throw new ConfigurationException(e);
        } catch (GeneralSecurityException e2) {
            throw new ConfigurationException(e2);
        }
    }

    @Override // fi.vm.sade.haku.oppija.lomake.service.EncrypterService
    public String decrypt(String str) {
        try {
            return decryptInternal(str);
        } catch (UnsupportedEncodingException e) {
            throw new ConfigurationException(e);
        } catch (GeneralSecurityException e2) {
            throw new ConfigurationException(e2);
        }
    }

    private String encryptInternal(String str) throws UnsupportedEncodingException, GeneralSecurityException {
        return DatatypeConverter.printBase64Binary(encrypt(str.getBytes("UTF-8")));
    }

    private byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        byte[] generateIv = generateIv();
        try {
            encryptionLock.lock();
            this.encryptionCipher.init(1, this.secret, new IvParameterSpec(generateIv));
            byte[] doFinal = this.encryptionCipher.doFinal(bArr);
            encryptionLock.unlock();
            return merge(generateIv, doFinal);
        } catch (GeneralSecurityException e) {
            LOG.error("Encrypt failed. Re-initializing");
            initEncryptionCipher();
            encryptionLock.unlock();
            throw e;
        }
    }

    protected byte[] merge(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private String decryptInternal(String str) throws GeneralSecurityException, UnsupportedEncodingException {
        return new String(decrypt(DatatypeConverter.parseBase64Binary(str)), "UTF-8");
    }

    protected byte[] generateIv() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[16];
        SecureRandom.getInstance(RANDOM_ALGORITHM).nextBytes(bArr);
        return bArr;
    }

    private byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        try {
            decryptionLock.lock();
            this.decryptionCipher.init(2, this.secret, new IvParameterSpec(Arrays.copyOfRange(bArr, 0, 16)));
            byte[] doFinal = this.decryptionCipher.doFinal(Arrays.copyOfRange(bArr, 16, bArr.length));
            decryptionLock.unlock();
            return doFinal;
        } catch (GeneralSecurityException e) {
            LOG.error("Decrypt failed. Re-initializing");
            initDecryptionCipher();
            decryptionLock.unlock();
            throw e;
        }
    }
}
