package net.sf.jstuff.core.security;

import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Map;
import java.util.WeakHashMap;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SealedObject;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import net.sf.jstuff.core.collection.ArrayUtils;
import net.sf.jstuff.core.io.SerializationUtils;
import net.sf.jstuff.core.validation.Args;

/* loaded from: input_file:net/sf/jstuff/core/security/AESEncryptor.class */
public class AESEncryptor {
    private static final int IV_SIZE = 12;
    private static final int AUTH_TAG_LEN = 128;
    private final Map<String, SecretKey> cachedAESKeys = new WeakHashMap();
    private final ThreadLocal<Cipher> ciphers = ThreadLocal.withInitial(() -> {
        try {
            return Cipher.getInstance("AES/GCM/NoPadding");
        } catch (GeneralSecurityException e) {
            throw new SecurityException(e);
        }
    });
    private final byte[] keySalt;

    /* loaded from: input_file:net/sf/jstuff/core/security/AESEncryptor$AESSealedObject.class */
    public static final class AESSealedObject extends SealedObject {
        private static final long serialVersionUID = 1;
        private byte[] iv;

        public AESSealedObject(Serializable serializable, Cipher cipher) throws IOException, IllegalBlockSizeException {
            super(serializable, cipher);
        }
    }

    public AESEncryptor(byte[] bArr) {
        this.keySalt = bArr;
    }

    public AESEncryptor(String str) {
        this.keySalt = str.getBytes(StandardCharsets.UTF_8);
    }

    public byte[] decrypt(byte[] bArr, String str) throws SecurityException {
        Args.notNull("data", bArr);
        try {
            SecretKey key = getKey(str);
            Cipher cipher = this.ciphers.get();
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, IV_SIZE);
            byte[] copyOfRange2 = Arrays.copyOfRange(bArr, IV_SIZE, bArr.length);
            cipher.init(2, key, new GCMParameterSpec(AUTH_TAG_LEN, copyOfRange));
            return cipher.doFinal(copyOfRange2);
        } catch (GeneralSecurityException e) {
            throw new SecurityException(e);
        }
    }

    public <T extends Serializable> T deserialize(byte[] bArr, String str) {
        return (T) SerializationUtils.deserialize(decrypt(bArr, str));
    }

    public byte[] encrypt(byte[] bArr, String str) throws SecurityException {
        Args.notNull("data", bArr);
        try {
            SecretKey key = getKey(str);
            Cipher cipher = this.ciphers.get();
            byte[] createRandomBytes = Crypto.createRandomBytes(IV_SIZE);
            cipher.init(1, key, new GCMParameterSpec(AUTH_TAG_LEN, createRandomBytes));
            return ArrayUtils.addAll(createRandomBytes, cipher.doFinal(bArr));
        } catch (GeneralSecurityException e) {
            throw new SecurityException(e);
        }
    }

    private SecretKey getKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        SecretKey secretKey = this.cachedAESKeys.get(str);
        if (secretKey == null) {
            secretKey = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), this.keySalt, 1024, AUTH_TAG_LEN)).getEncoded(), "AES");
            this.cachedAESKeys.put(str, secretKey);
        }
        return secretKey;
    }

    public AESSealedObject seal(Serializable serializable, String str) throws SecurityException {
        Args.notNull("object", serializable);
        try {
            SecretKey key = getKey(str);
            Cipher cipher = this.ciphers.get();
            byte[] createRandomBytes = Crypto.createRandomBytes(16);
            cipher.init(1, key, new GCMParameterSpec(AUTH_TAG_LEN, createRandomBytes));
            AESSealedObject aESSealedObject = new AESSealedObject(serializable, cipher);
            aESSealedObject.iv = createRandomBytes;
            return aESSealedObject;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public byte[] serialize(Serializable serializable, String str) {
        return encrypt(SerializationUtils.serialize(serializable), str);
    }

    public <T extends Serializable> T unseal(AESSealedObject aESSealedObject, String str) throws SecurityException {
        Args.notNull("object", aESSealedObject);
        try {
            SecretKey key = getKey(str);
            Cipher cipher = this.ciphers.get();
            cipher.init(1, key, new GCMParameterSpec(AUTH_TAG_LEN, aESSealedObject.iv));
            return (T) aESSealedObject.getObject(cipher);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }
}
