package org.sonatype.nexus.crypto.internal;

import com.fasterxml.jackson.core.Base64Variants;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.bouncycastle.util.encoders.Hex;
import org.sonatype.nexus.crypto.CryptoHelper;
import org.sonatype.nexus.crypto.internal.PbeCipherFactory;
import org.sonatype.nexus.crypto.internal.error.CipherException;
import org.sonatype.nexus.crypto.secrets.EncryptedSecret;
import org.sonatype.nexus.crypto.secrets.internal.EncryptionKeyList;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/crypto/internal/PbeCipherFactoryImpl.class */
public class PbeCipherFactoryImpl implements PbeCipherFactory {
    private final CryptoHelper cryptoHelper;

    /* loaded from: input_file:org/sonatype/nexus/crypto/internal/PbeCipherFactoryImpl$PbeCipherImpl.class */
    class PbeCipherImpl implements PbeCipherFactory.PbeCipher {
        private static final String ALGORITHM = "AES/CBC/PKCS5Padding";
        private static final String KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
        private static final String KEY_ALGORITHM = "AES";
        private static final int KEY_ITERATIONS = 1024;
        private static final int KEY_LENGTH = 128;
        private final SecureRandom random;
        private final CryptoHelper cryptoHelper;
        private final EncryptionKeyList.SecretEncryptionKey secretEncryptionKey;
        private final SecretKeyFactory keyFactory;

        public PbeCipherImpl(CryptoHelper cryptoHelper, EncryptionKeyList.SecretEncryptionKey secretEncryptionKey) throws CipherException {
            this.random = cryptoHelper.createSecureRandom();
            this.cryptoHelper = cryptoHelper;
            this.secretEncryptionKey = secretEncryptionKey;
            try {
                this.keyFactory = cryptoHelper.createSecretKeyFactory(KEY_FACTORY_ALGORITHM);
            } catch (NoSuchAlgorithmException e) {
                throw new CipherException(e.getMessage(), e);
            }
        }

        private byte[] randomBytes(int i) {
            byte[] bArr = new byte[i];
            this.random.nextBytes(bArr);
            return bArr;
        }

        @Override // org.sonatype.nexus.crypto.internal.PbeCipherFactory.PbeCipher
        public EncryptedSecret encrypt(byte[] bArr) throws CipherException {
            try {
                byte[] randomBytes = randomBytes(16);
                byte[] randomBytes2 = randomBytes(16);
                return new EncryptedSecret(ALGORITHM, null, PbeCipherFactoryImpl.toBase64(randomBytes2), PbeCipherFactoryImpl.toBase64(transform(1, new SecretKeySpec(this.keyFactory.generateSecret(new PBEKeySpec(this.secretEncryptionKey.getKey().toCharArray(), randomBytes2, 1024, 128)).getEncoded(), KEY_ALGORITHM), new IvParameterSpec(randomBytes), bArr)), ImmutableMap.of("iv", Hex.toHexString(randomBytes), "key_iteration", String.valueOf(1024), "key_len", String.valueOf(128)));
            } catch (InvalidKeySpecException e) {
                throw new CipherException(e.getMessage(), e);
            }
        }

        @Override // org.sonatype.nexus.crypto.internal.PbeCipherFactory.PbeCipher
        public byte[] decrypt(EncryptedSecret encryptedSecret) throws CipherException {
            try {
                byte[] decode = Hex.decode(encryptedSecret.getAttributes().get("iv"));
                byte[] fromBase64 = PbeCipherFactoryImpl.fromBase64(encryptedSecret.getSalt());
                byte[] fromBase642 = PbeCipherFactoryImpl.fromBase64(encryptedSecret.getValue());
                int parseInt = Integer.parseInt(encryptedSecret.getAttributes().get("key_iteration"));
                int parseInt2 = Integer.parseInt(encryptedSecret.getAttributes().get("key_len"));
                return transform(2, new SecretKeySpec(this.keyFactory.generateSecret(new PBEKeySpec(this.secretEncryptionKey.getKey().toCharArray(), fromBase64, parseInt, parseInt2)).getEncoded(), KEY_ALGORITHM), new IvParameterSpec(decode), fromBase642);
            } catch (InvalidKeySpecException e) {
                throw new CipherException(e.getMessage(), e);
            }
        }

        private byte[] transform(int i, SecretKey secretKey, AlgorithmParameterSpec algorithmParameterSpec, byte[] bArr) throws CipherException {
            try {
                Cipher createCipher = this.cryptoHelper.createCipher(ALGORITHM);
                createCipher.init(i, secretKey, algorithmParameterSpec);
                return createCipher.doFinal(bArr, 0, bArr.length);
            } catch (Exception e) {
                Throwables.throwIfUnchecked(e);
                throw new CipherException(e.getMessage(), e);
            }
        }
    }

    @Inject
    public PbeCipherFactoryImpl(CryptoHelper cryptoHelper) {
        this.cryptoHelper = (CryptoHelper) Preconditions.checkNotNull(cryptoHelper);
    }

    @Override // org.sonatype.nexus.crypto.internal.PbeCipherFactory
    public PbeCipherFactory.PbeCipher create(EncryptionKeyList.SecretEncryptionKey secretEncryptionKey) throws CipherException {
        Preconditions.checkNotNull(secretEncryptionKey);
        return new PbeCipherImpl(this.cryptoHelper, secretEncryptionKey);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String toBase64(byte[] bArr) {
        return Base64Variants.getDefaultVariant().encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] fromBase64(String str) {
        return Base64Variants.getDefaultVariant().decode(str);
    }
}
