package io.quarkus.cli.config;

import io.netty.handler.codec.http.HttpHeaders;
import io.quarkus.devtools.messagewriter.MessageIcons;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.concurrent.Callable;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.maven.project.MavenProject;
import picocli.CommandLine;

@CommandLine.Command(name = "encrypt", aliases = {"enc"}, header = {"Encrypt Secrets"}, description = {"Encrypt a Secret value using the AES/GCM/NoPadding algorithm as a default. The encryption key is generated unless a specific key is set with the --key option."})
/* loaded from: input_file:io/quarkus/cli/config/Encrypt.class */
public class Encrypt extends BaseConfigCommand implements Callable<Integer> {

    @CommandLine.Parameters(index = MavenProject.EMPTY_PROJECT_VERSION, paramLabel = "SECRET", description = {"The Secret value to encrypt"})
    String secret;

    @CommandLine.Option(names = {"-k", "--key"}, description = {"The Encryption Key"})
    String encryptionKey;

    @CommandLine.Option(names = {"-f", "--format"}, description = {"The Encryption Key Format (base64 / plain)"}, defaultValue = HttpHeaders.Values.BASE64)
    KeyFormat encryptionKeyFormat;

    @CommandLine.Option(hidden = true, names = {"-a", "--algorithm"}, description = {"Algorithm"}, defaultValue = "AES")
    String algorithm;

    @CommandLine.Option(hidden = true, names = {"-m", "--mode"}, description = {"Mode"}, defaultValue = "GCM")
    String mode;

    @CommandLine.Option(hidden = true, names = {"-p", "--padding"}, description = {"Padding"}, defaultValue = "NoPadding")
    String padding;

    @CommandLine.Option(hidden = true, names = {"-q", "--quiet"}, defaultValue = "false")
    boolean quiet;
    private String encryptedSecret;

    /* loaded from: input_file:io/quarkus/cli/config/Encrypt$KeyFormat.class */
    public enum KeyFormat {
        base64,
        plain
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Integer call() throws Exception {
        boolean z = false;
        if (this.encryptionKey == null) {
            this.encryptionKey = encodeToString(generateEncryptionKey().getEncoded());
            z = true;
        } else if (this.encryptionKeyFormat.equals(KeyFormat.base64)) {
            this.encryptionKey = encodeToString(this.encryptionKey.getBytes());
        }
        Cipher cipher = Cipher.getInstance(this.algorithm + "/" + this.mode + "/" + this.padding);
        byte[] bArr = new byte[12];
        new SecureRandom().nextBytes(bArr);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(this.encryptionKey.getBytes(StandardCharsets.UTF_8));
        cipher.init(1, new SecretKeySpec(messageDigest.digest(), "AES"), new GCMParameterSpec(128, bArr));
        byte[] doFinal = cipher.doFinal(this.secret.getBytes(StandardCharsets.UTF_8));
        ByteBuffer allocate = ByteBuffer.allocate(1 + bArr.length + doFinal.length);
        allocate.put((byte) bArr.length);
        allocate.put(bArr);
        allocate.put(doFinal);
        this.encryptedSecret = Base64.getUrlEncoder().withoutPadding().encodeToString(allocate.array());
        if (!this.quiet) {
            String str = MessageIcons.SUCCESS_ICON + " The secret @|bold " + this.secret + "|@ was encrypted to @|bold " + this.encryptedSecret + "|@";
            if (z) {
                str = str + " with the generated encryption key (" + this.encryptionKeyFormat + "): @|bold " + this.encryptionKey + "|@";
            }
            this.output.info(str);
        }
        return 0;
    }

    private SecretKey generateEncryptionKey() {
        try {
            return KeyGenerator.getInstance(this.algorithm).generateKey();
        } catch (Exception e) {
            this.output.error("Error while generating the encryption key: ");
            this.output.printStackTrace(e);
            System.exit(-1);
            return null;
        }
    }

    public String getEncryptedSecret() {
        return this.encryptedSecret;
    }

    public String getEncryptionKey() {
        return this.encryptionKey;
    }
}
