package edu.internet2.middleware.grouperClient.encryption;

import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import edu.internet2.middleware.grouperClientExt.org.apache.commons.codec.binary.Base64;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/grouperClient-4.1.2.jar:edu/internet2/middleware/grouperClient/encryption/GcSymmetricEncryptAesCbcPkcs5Padding.class */
public class GcSymmetricEncryptAesCbcPkcs5Padding implements GcEncryptionInterface {
    public static void main(String[] strArr) {
        String generateKeyAes128base64 = GcGenerateKey.generateKeyAes128base64();
        System.out.println("Key is: " + generateKeyAes128base64);
        String encrypt = new GcSymmetricEncryptAesCbcPkcs5Padding().encrypt(generateKeyAes128base64, "xyz");
        System.out.println("xyz encrypted: " + encrypt);
        System.out.println("Clear (should be xyz): " + new GcSymmetricEncryptAesCbcPkcs5Padding().decrypt(generateKeyAes128base64, encrypt));
        String encrypt2 = new GcSymmetricEncryptAesCbcPkcs5Padding().encrypt(generateKeyAes128base64, "xyz");
        System.out.println("xyz encrypted (should be different with different initialization vector): " + encrypt2);
        System.out.println("Clear (should be xyz): " + new GcSymmetricEncryptAesCbcPkcs5Padding().decrypt(generateKeyAes128base64, encrypt2));
    }

    @Override // edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
    public String encrypt(String str, String str2) {
        try {
            try {
                byte[] decode = new Base64().decode(str.getBytes());
                if (decode.length != 16) {
                    throw new RuntimeException("Key must be 128 bit and encoded with base64");
                }
                SecretKeySpec secretKeySpec = new SecretKeySpec(decode, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
                byte[] bArr = new byte[16];
                new Random().nextBytes(bArr);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(1, secretKeySpec, ivParameterSpec);
                byte[] doFinal = cipher.doFinal(str2.getBytes());
                byte[] bArr2 = new byte[bArr.length + doFinal.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(doFinal, 0, bArr2, bArr.length, doFinal.length);
                return new String(new Base64().encode(bArr2), "UTF-8");
            } catch (Exception e) {
                throw new RuntimeException("Key must be 128 bit and encoded with base64", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
    public String decrypt(String str, String str2) {
        try {
            try {
                byte[] decode = new Base64().decode(str.getBytes());
                if (decode.length != 16) {
                    throw new RuntimeException("Key must be 128 bit and encoded with base64");
                }
                SecretKeySpec secretKeySpec = new SecretKeySpec(decode, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
                byte[] bArr = new byte[16];
                byte[] decode2 = new Base64().decode(str2.getBytes());
                byte[] bArr2 = new byte[decode2.length - bArr.length];
                System.arraycopy(decode2, 0, bArr, 0, bArr.length);
                System.arraycopy(decode2, bArr.length, bArr2, 0, bArr2.length);
                IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(2, secretKeySpec, ivParameterSpec);
                return new String(cipher.doFinal(bArr2), "UTF-8");
            } catch (Exception e) {
                throw new RuntimeException("Key must be 128 bit and encoded with base64", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }
}
