package org.elasticsoftware.akces.gdpr;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HexFormat;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.kafka.common.errors.SerializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/elasticsoftware/akces/gdpr/EncryptingGDPRContext.class */
public final class EncryptingGDPRContext implements GDPRContext {
    private static final Logger logger = LoggerFactory.getLogger(EncryptingGDPRContext.class);
    private final String aggregateId;
    private final Cipher encryptingCipher;
    private final Cipher decryptingCipher;
    private final byte[] encryptionKey;

    public EncryptingGDPRContext(@Nonnull String str, @Nonnull byte[] bArr, boolean z) {
        if (bArr.length != 32) {
            throw new IllegalArgumentException("Key size needs to be 32 bytes");
        }
        this.aggregateId = str;
        this.encryptionKey = bArr;
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        IvParameterSpec ivParameterSpec = null;
        Object obj = "ECB";
        if (z) {
            UUID fromString = UUID.fromString(str);
            ivParameterSpec = new IvParameterSpec(ByteBuffer.wrap(new byte[16]).putLong(fromString.getMostSignificantBits()).putLong(fromString.getLeastSignificantBits()).array());
            obj = "CBC";
        }
        try {
            this.encryptingCipher = Cipher.getInstance("AES/" + obj + "/PKCS5PADDING");
            this.decryptingCipher = Cipher.getInstance("AES/" + obj + "/PKCS5PADDING");
            this.encryptingCipher.init(1, secretKeySpec, ivParameterSpec, GDPRKeyUtils.secureRandom());
            this.decryptingCipher.init(2, secretKeySpec, ivParameterSpec, GDPRKeyUtils.secureRandom());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new SerializationException(e);
        } catch (InvalidKeyException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    @Override // org.elasticsoftware.akces.gdpr.GDPRContext
    @Nullable
    public String encrypt(@Nullable String str) {
        if (str == null) {
            return null;
        }
        try {
            logger.trace("Encrypting data for aggregateId '{}' with algorithm {} and encryptionKey (hash) {}", new Object[]{this.aggregateId, this.encryptingCipher.getAlgorithm(), HexFormat.of().formatHex(this.encryptionKey)});
            return Base64.getUrlEncoder().encodeToString(this.encryptingCipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new SerializationException(e);
        }
    }

    @Override // org.elasticsoftware.akces.gdpr.GDPRContext
    @Nullable
    public String decrypt(@Nullable String str) {
        if (str == null) {
            return null;
        }
        try {
            if (str.length() % 4 == 0) {
                byte[] decode = Base64.getUrlDecoder().decode(str);
                if (decode.length % 16 == 0) {
                    logger.trace("Decrypting data for aggregateId '{}' with algorithm {} and encryptionKey (hash) {}", new Object[]{this.aggregateId, this.decryptingCipher.getAlgorithm(), HexFormat.of().formatHex(this.encryptionKey)});
                    return new String(this.decryptingCipher.doFinal(decode), StandardCharsets.UTF_8);
                }
            }
        } catch (IllegalArgumentException e) {
        } catch (BadPaddingException | IllegalBlockSizeException e2) {
            throw new SerializationException(e2);
        }
        return str;
    }

    @Override // org.elasticsoftware.akces.gdpr.GDPRContext
    @Nonnull
    public String aggregateId() {
        return this.aggregateId;
    }

    @Override // org.elasticsoftware.akces.gdpr.GDPRContext
    @Nullable
    public byte[] getEncryptionKey() {
        return this.encryptionKey;
    }
}
