package org.sonatype.nexus.orient;

import com.google.common.base.Preconditions;
import com.orientechnologies.orient.core.id.ORID;
import com.orientechnologies.orient.core.id.ORecordId;
import com.orientechnologies.orient.core.metadata.schema.OClass;
import com.orientechnologies.orient.core.security.OSecurityManager;
import java.nio.ByteBuffer;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.sonatype.nexus.common.io.Hex;
import org.sonatype.nexus.crypto.CryptoHelper;

@Singleton
@Named("encrypted")
/* loaded from: input_file:org/sonatype/nexus/orient/EncryptedRecordIdObfuscator.class */
public class EncryptedRecordIdObfuscator extends RecordIdObfuscatorSupport {
    private static final String CPREFIX = "${nexus.orient.encryptedRecordIdObfuscator";
    private static final String TRANSFORMATION = "DES/CBC/NoPadding";
    private final CryptoHelper crypto;
    private final AlgorithmParameterSpec paramSpec;
    private final SecretKey secretKey;

    @Inject
    public EncryptedRecordIdObfuscator(CryptoHelper cryptoHelper, @Named("${nexus.orient.encryptedRecordIdObfuscator.password:-changeme}") String str, @Named("${nexus.orient.encryptedRecordIdObfuscator.salt:-changeme}") String str2, @Named("${nexus.orient.encryptedRecordIdObfuscator.iv:-0123456789ABCDEF}") String str3) throws Exception {
        this.crypto = (CryptoHelper) Preconditions.checkNotNull(cryptoHelper);
        Preconditions.checkNotNull(str3);
        this.paramSpec = new IvParameterSpec(Hex.decode(str3));
        SecretKeyFactory createSecretKeyFactory = cryptoHelper.createSecretKeyFactory(OSecurityManager.PBKDF2_ALGORITHM);
        Preconditions.checkNotNull(str);
        Preconditions.checkNotNull(str2);
        this.secretKey = new SecretKeySpec(createSecretKeyFactory.generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), 1024, 64)).getEncoded(), "DES");
    }

    @Override // org.sonatype.nexus.orient.RecordIdObfuscatorSupport
    protected String doEncode(OClass oClass, ORID orid) throws Exception {
        Cipher createCipher = this.crypto.createCipher(TRANSFORMATION);
        byte[] array = ByteBuffer.allocate(16).put(orid.toStream()).array();
        createCipher.init(1, this.secretKey, this.paramSpec);
        return Hex.encode(createCipher.doFinal(array));
    }

    @Override // org.sonatype.nexus.orient.RecordIdObfuscatorSupport
    protected ORID doDecode(OClass oClass, String str) throws Exception {
        Cipher createCipher = this.crypto.createCipher(TRANSFORMATION);
        byte[] decode = Hex.decode(str);
        createCipher.init(2, this.secretKey, this.paramSpec);
        return new ORecordId().fromStream(createCipher.doFinal(decode));
    }
}
