package at.gv.egovernment.moa.id.util;

import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.security.cipher.PBEKey;
import iaik.security.spec.PBEKeyAndParameterSpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.class */
public abstract class AbstractEncrytionUtil {
    protected static final String CIPHER_MODE = "AES/GCM/NoPadding";
    public static final int GCM_NONCE_LENGTH = 12;
    public static final int GCM_TAG_LENGTH = 16;
    protected static final String KEYNAME = "AES";
    private SecretKey secret = null;

    public AbstractEncrytionUtil() throws DatabaseEncryptionException {
        initialize(getKey(), getSalt());
    }

    protected abstract String getSalt();

    protected abstract String getKey();

    protected void initialize(String str, String str2) throws DatabaseEncryptionException {
        try {
            if (MiscUtil.isNotEmpty(str)) {
                if (MiscUtil.isEmpty(str2)) {
                    str2 = "TestSalt";
                }
                PBEKey generateSecret = SecretKeyFactory.getInstance("PKCS#5", "IAIK").generateSecret(new PBEKeySpec(str.toCharArray()));
                SecureRandom secureRandom = new SecureRandom();
                KeyGenerator keyGenerator = KeyGenerator.getInstance("PBKDF2", "IAIK");
                keyGenerator.init((AlgorithmParameterSpec) new PBEKeyAndParameterSpec(generateSecret.getEncoded(), str2.getBytes(), 2000, 16), secureRandom);
                this.secret = SecretKeyFactory.getInstance(KEYNAME, "IAIK").generateSecret(new SecretKeySpec(keyGenerator.generateKey().getEncoded(), KEYNAME));
            } else {
                Logger.error("Database encryption can not initialized. No key found!");
            }
        } catch (InvalidAlgorithmParameterException e) {
            Logger.error("Database encryption can not initialized", e);
            throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
        } catch (NoSuchAlgorithmException e2) {
            Logger.error("Database encryption can not initialized", e2);
            throw new DatabaseEncryptionException("Database encryption can not initialized", null, e2);
        } catch (NoSuchProviderException e3) {
            Logger.error("Database encryption can not initialized", e3);
            throw new DatabaseEncryptionException("Database encryption can not initialized", null, e3);
        } catch (InvalidKeySpecException e4) {
            Logger.error("Database encryption can not initialized", e4);
            throw new DatabaseEncryptionException("Database encryption can not initialized", null, e4);
        }
    }

    public EncryptedData encrypt(byte[] bArr) throws BuildException {
        if (this.secret == null) {
            return new EncryptedData(bArr, null);
        }
        try {
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, Random.nextBytes(12));
            Cipher cipher = Cipher.getInstance(CIPHER_MODE);
            cipher.init(1, this.secret, gCMParameterSpec);
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] iv = cipher.getIV();
            Logger.trace("Encrypt MOASession");
            return new EncryptedData(doFinal, iv);
        } catch (Exception e) {
            Logger.warn("MOASession is not encrypted", e);
            throw new BuildException("MOASession is not encrypted", new Object[0], e);
        }
    }

    public byte[] decrypt(EncryptedData encryptedData) throws BuildException {
        if (this.secret == null) {
            return encryptedData.getEncData();
        }
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_MODE);
            cipher.init(2, this.secret, new GCMParameterSpec(128, encryptedData.getIv()));
            Logger.trace("Decrypt MOASession");
            return cipher.doFinal(encryptedData.getEncData());
        } catch (Exception e) {
            Logger.warn("MOASession is not decrypted", e);
            throw new BuildException("MOASession is not decrypted", new Object[0], e);
        }
    }
}
