package com.hcl.products.onetest.datasets.security.internal;

import com.hcl.products.onetest.datasets.DataSetException;
import com.hcl.products.onetest.datasets.exceptions.DataSetSecurityException;
import com.hcl.products.onetest.datasets.security.ISecureDecrypt;
import com.hcl.products.onetest.datasets.security.ISecureEncrypt;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.util.Arrays;

/* JADX WARN: Classes with same name are omitted:
  input_file:libraries/datasets-backend-jar-with-dependencies.jar:com/hcl/products/onetest/datasets/security/internal/SecureSharedV2.class
 */
/* loaded from: input_file:libraries/datasets-backend.jar:com/hcl/products/onetest/datasets/security/internal/SecureSharedV2.class */
public class SecureSharedV2 implements ISecureEncrypt, ISecureDecrypt {
    protected static final String CIPHER_TYPE = "AES/GCM/NoPadding";
    protected static final String KEYSPEC_TYPE = "AES";
    protected byte[] userKeyBytes = null;
    protected byte[] userKeySalt = null;
    protected byte[] primaryKeyBytes;
    SecretKeySpec primaryKeySpec;
    private static SecureRandom rnd;
    protected static final String ARGON_PREFIX = "$argon2d$v=19$m=65536,t=3,p=2$";

    public SecureSharedV2(String str, String str2) throws InvalidKeyException {
        this.primaryKeyBytes = null;
        if (str2 != null) {
            decryptEncryptedKey(str, str2);
            return;
        }
        generateUserKeyBytes(str, null);
        this.primaryKeyBytes = getRandom(32);
        this.primaryKeySpec = new SecretKeySpec(this.primaryKeyBytes, KEYSPEC_TYPE);
    }

    protected byte[] getRandom(int i) {
        byte[] bArr = new byte[i];
        rnd.nextBytes(bArr);
        return bArr;
    }

    protected void generateUserKeyBytes(String str, byte[] bArr) {
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        if (bArr != null) {
            this.userKeySalt = bArr;
        } else {
            this.userKeySalt = getRandom(32);
        }
        argon2BytesGenerator.init(new Argon2Parameters.Builder(2).withVersion(19).withIterations(3).withMemoryAsKB(65536).withParallelism(2).withSalt(this.userKeySalt).build());
        this.userKeyBytes = new byte[32];
        argon2BytesGenerator.generateBytes(str.getBytes(StandardCharsets.UTF_8), this.userKeyBytes, 0, this.userKeyBytes.length);
    }

    protected void decryptEncryptedKey(String str, String str2) throws InvalidKeyException {
        try {
            String[] split = str2.split("\\*");
            if (split.length != 2) {
                throw new InvalidKeyException("Encrypted Key is corrupt");
            }
            generateUserKeyBytes(str, Base64.decodeBase64(split[0].substring(ARGON_PREFIX.length())));
            this.primaryKeyBytes = decryptKey(this.userKeyBytes, split[1]);
            this.primaryKeySpec = new SecretKeySpec(this.primaryKeyBytes, KEYSPEC_TYPE);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new InvalidKeyException("Encrypted key is invalid", e);
        }
    }

    protected byte[] decryptKey(byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
        return decrypt(new SecretKeySpec(bArr, KEYSPEC_TYPE), Base64.decodeBase64(str));
    }

    @Override // com.hcl.products.onetest.datasets.security.ISecureEncrypt
    public String encrypt(String str) {
        return encrypt(this.primaryKeySpec, str.getBytes(StandardCharsets.UTF_8));
    }

    private String encrypt(SecretKeySpec secretKeySpec, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
            byte[] random = getRandom(12);
            cipher.init(1, secretKeySpec, new GCMParameterSpec(128, random));
            return Base64.encodeBase64String(Arrays.concatenate(random, cipher.doFinal(bArr)));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new DataSetSecurityException("Encrypt failed", e);
        }
    }

    @Override // com.hcl.products.onetest.datasets.security.ISecureEncrypt
    public String getEncryptedKey() {
        return ARGON_PREFIX + Base64.encodeBase64String(this.userKeySalt) + "*" + encrypt(new SecretKeySpec(this.userKeyBytes, KEYSPEC_TYPE), this.primaryKeyBytes);
    }

    @Override // com.hcl.products.onetest.datasets.security.ISecureDecrypt
    public String decrypt(String str) throws DataSetException {
        try {
            return new String(decrypt(this.primaryKeySpec, Base64.decodeBase64(str)), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new DataSetException("Data to be decrypted was invalid", e);
        }
    }

    private byte[] decrypt(SecretKeySpec secretKeySpec, byte[] bArr) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
        cipher.init(2, secretKeySpec, new GCMParameterSpec(128, bArr, 0, 12));
        return cipher.doFinal(bArr, 12, bArr.length - 12);
    }

    static {
        try {
            rnd = SecureRandom.getInstance("NativePRNGNonBlocking");
        } catch (NoSuchAlgorithmException e) {
            try {
                rnd = SecureRandom.getInstanceStrong();
            } catch (NoSuchAlgorithmException e2) {
                throw new DataSetSecurityException("Unable to get Random algorithm", e2);
            }
        }
    }
}
