package com.appiancorp.encryption;

import com.appiancorp.core.expr.portable.encryption.UrlContextEncryptor;
import com.appiancorp.encryption.metrics.UrlEncryptionLatencyRecorder;
import com.appiancorp.encryption.metrics.UrlEncryptionPerformanceMetricsObserver;
import com.appiancorp.security.symmetric.SymmetricKey;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/appiancorp/encryption/AbstractUrlContextEncryptor.class */
public abstract class AbstractUrlContextEncryptor implements UrlContextEncryptor {
    protected static final String TRANSFORM_ALGORITHM = "AES/GCM/NoPadding";
    protected static final String KEY_ALGORITHM = "AES";
    protected static final int IV_SIZE = 16;
    protected static final int GCM_TAG_SIZE = 128;
    protected static final SecureRandom SECURE_RANDOM = new SecureRandom();
    protected static final int ENCRYPTION_PROTOCOL_VERSION = 2;
    protected static final long HARDCODED_KEY_VERSION_23_3 = 1;
    protected final UrlEncryptionPerformanceMetricsObserver metricsObserver;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractUrlContextEncryptor(UrlEncryptionPerformanceMetricsObserver urlEncryptionPerformanceMetricsObserver) {
        this.metricsObserver = urlEncryptionPerformanceMetricsObserver;
    }

    protected abstract SymmetricKey getKeyFromLookupAndVersion(String str, long j);

    public byte[] encrypt(String str, byte[] bArr, String str2) {
        UrlEncryptionLatencyRecorder recordEncryptionLatency = this.metricsObserver.recordEncryptionLatency();
        Throwable th = null;
        try {
            try {
                try {
                    SymmetricKey keyFromLookupAndVersion = getKeyFromLookupAndVersion(str, 1L);
                    byte[] generateIv = generateIv();
                    Cipher cipher = Cipher.getInstance(TRANSFORM_ALGORITHM);
                    cipher.init(1, new SecretKeySpec(keyFromLookupAndVersion.getKey(), "AES"), new GCMParameterSpec(128, generateIv));
                    byte[] bytes = str2.getBytes(StandardCharsets.UTF_8);
                    byte[] prependVersions = UrlContextEncryptionData.prependVersions(2, 1L, generateIv, cipher.doFinal(ByteBuffer.allocate(bArr.length + bytes.length).put(bArr).put(bytes).array()));
                    if (recordEncryptionLatency != null) {
                        if (0 != 0) {
                            try {
                                recordEncryptionLatency.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            recordEncryptionLatency.close();
                        }
                    }
                    return prependVersions;
                } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
                    recordEncryptionLatency.hasError();
                    throw new EncryptorRuntimeError("An error occurred while attempting to encrypt the data", e);
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (recordEncryptionLatency != null) {
                if (th != null) {
                    try {
                        recordEncryptionLatency.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    recordEncryptionLatency.close();
                }
            }
            throw th3;
        }
    }

    public String decrypt(String str, byte[] bArr, byte[] bArr2) {
        UrlEncryptionLatencyRecorder recordDecryptionLatency = this.metricsObserver.recordDecryptionLatency();
        Throwable th = null;
        try {
            try {
                try {
                    UrlContextEncryptionData fromCombinedData = UrlContextEncryptionData.fromCombinedData(bArr2);
                    if (recordDecryptionLatency != null) {
                        if (0 != 0) {
                            try {
                                recordDecryptionLatency.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            recordDecryptionLatency.close();
                        }
                    }
                    switch (fromCombinedData.getProtocolVersion()) {
                        case 1:
                            return new String(decryptProtocol1(str, fromCombinedData), StandardCharsets.UTF_8);
                        case 2:
                            return new String(decryptProtocol2(str, bArr, fromCombinedData), StandardCharsets.UTF_8);
                        default:
                            throw new EncryptorRuntimeError(String.format("Invalid protocol version: %s", Integer.valueOf(fromCombinedData.getProtocolVersion())));
                    }
                } catch (RuntimeException e) {
                    recordDecryptionLatency.hasError();
                    throw new EncryptorRuntimeError("Could not read encryption metadata", e);
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (recordDecryptionLatency != null) {
                if (th != null) {
                    try {
                        recordDecryptionLatency.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    recordDecryptionLatency.close();
                }
            }
            throw th3;
        }
    }

    private byte[] decryptProtocol2(String str, byte[] bArr, UrlContextEncryptionData urlContextEncryptionData) {
        ByteBuffer wrap = ByteBuffer.wrap(decryptProtocol1(str, urlContextEncryptionData));
        if (bArr.length > wrap.remaining()) {
            throw new EncryptorRuntimeError("Decrypted data has a length that is too small");
        }
        byte[] readBytes = readBytes(wrap, bArr.length);
        if (Arrays.equals(bArr, readBytes)) {
            return readBytes(wrap, wrap.remaining());
        }
        Base64.Encoder encoder = Base64.getEncoder();
        throw new EncryptorRuntimeError(String.format("Salt %s did not match expected salt %s", encoder.encodeToString(readBytes), encoder.encodeToString(bArr)));
    }

    private byte[] decryptProtocol1(String str, UrlContextEncryptionData urlContextEncryptionData) {
        SymmetricKey keyFromLookupAndVersion = getKeyFromLookupAndVersion(str, urlContextEncryptionData.getKeyVersion());
        try {
            byte[] encryptedData = urlContextEncryptionData.getEncryptedData();
            byte[] iv = urlContextEncryptionData.getIv();
            Cipher cipher = Cipher.getInstance(TRANSFORM_ALGORITHM);
            cipher.init(2, new SecretKeySpec(keyFromLookupAndVersion.getKey(), "AES"), new GCMParameterSpec(128, iv));
            return cipher.doFinal(encryptedData);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptorRuntimeError("An error occurred while attempting to decrypt the data", e);
        }
    }

    private static byte[] generateIv() {
        byte[] bArr = new byte[16];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    protected static byte[] readBytes(ByteBuffer byteBuffer, int i) {
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        return bArr;
    }
}
