package de.governikus.bea.beaToolkit.crypto.handler;

import de.brak.bea.application.dto.rest.EncryptedDataDTO;
import de.governikus.bea.beaToolkit.crypto.ByteArrayOutputStream2Parts;
import de.governikus.bea.clientSecurity.util.Configuration;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.SequenceInputStream;
import java.nio.file.Files;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/handler/AESHandler.class */
public class AESHandler {
    protected static final String ALGORITHM_NAME_AES_CBC = "AES/CBC/PKCS5Padding";
    protected static final String ALGORITHM_NAME_AES_GCM = "AES/GCM/NoPadding";
    private static final int DEFAULT_KEY_LENGTH = 256;
    private static final String ALGORITHM_NAME_KEYGENERATION = "AES";
    private byte[] aesKeyByte;
    protected static Logger log = LogManager.getLogger(AESHandler.class);
    private static final Logger LOG = LogManager.getLogger(AESHandler.class);
    private static Random random = new SecureRandom();

    public AESHandler() throws GeneralSecurityException {
        initKeys();
    }

    public AESHandler(byte[] bArr) throws GeneralSecurityException {
        initKeys(bArr);
    }

    private void initKeys() throws GeneralSecurityException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM_NAME_KEYGENERATION);
        keyGenerator.init(DEFAULT_KEY_LENGTH);
        initKeys(keyGenerator.generateKey().getEncoded());
    }

    private void initKeys(byte[] bArr) throws GeneralSecurityException {
        this.aesKeyByte = bArr;
    }

    private byte[] createRandomIV(int i) {
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        return bArr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    public byte[][] encrypt(byte[] bArr, String str, String str2) throws GeneralSecurityException {
        boolean z = str != null && str.endsWith("gcm");
        ?? r0 = new byte[3];
        Cipher cipher = Cipher.getInstance(z ? ALGORITHM_NAME_AES_GCM : ALGORITHM_NAME_AES_CBC);
        byte[] createRandomIV = createRandomIV(((Integer) Configuration.getInstance(str2).getConfiguration(Configuration.ConfigurationEnum.MESSAGE_SENDING_IV_LENGTH, Integer.class)).intValue());
        cipher.init(1, new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION), new IvParameterSpec(createRandomIV));
        byte[] doFinal = cipher.doFinal(bArr);
        if (z) {
            r0[0] = createRandomIV;
            r0[1] = new byte[doFinal.length - 16];
            System.arraycopy(doFinal, 0, r0[1], 0, doFinal.length - 16);
            r0[2] = new byte[16];
            System.arraycopy(doFinal, doFinal.length - 16, r0[2], 0, 16);
        } else {
            r0[1] = new byte[doFinal.length + createRandomIV.length];
            System.arraycopy(createRandomIV, 0, r0[1], 0, createRandomIV.length);
            System.arraycopy(doFinal, 0, r0[1], createRandomIV.length, doFinal.length);
        }
        return r0;
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    public byte[][] encrypt(File file, String str, String str2) throws GeneralSecurityException, IOException {
        OutputStream byteArrayOutputStream;
        ByteArrayOutputStream byteArrayOutputStream2;
        boolean z = str != null && str.endsWith("gcm");
        ?? r0 = new byte[3];
        Cipher cipher = Cipher.getInstance(z ? ALGORITHM_NAME_AES_GCM : ALGORITHM_NAME_AES_CBC);
        byte[] createRandomIV = createRandomIV(((Integer) Configuration.getInstance(str2).getConfiguration(Configuration.ConfigurationEnum.MESSAGE_SENDING_IV_LENGTH, Integer.class)).intValue());
        FileInputStream fileInputStream = new FileInputStream(file);
        cipher.init(1, new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION), new IvParameterSpec(createRandomIV));
        long size = Files.size(file.toPath());
        File file2 = null;
        if (size > ((Integer) Configuration.getInstance(str2).getConfiguration(Configuration.ConfigurationEnum.ATTACHMENT_CRYPT_MAX_SINGLE_FILE_SIZE_KB_USING_MEMORY, Integer.class)).intValue() * 1024) {
            file2 = FileUtils.getFile(new String[]{FileUtils.getTempDirectoryPath(), file.getName() + ".tmp"});
            byteArrayOutputStream = new FileOutputStream(file2);
        } else if (z) {
            byteArrayOutputStream = new ByteArrayOutputStream2Parts(16);
        } else {
            byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(createRandomIV, 0, createRandomIV.length);
        }
        CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
        byte[] bArr = new byte[1048576];
        int i = 0;
        int read = fileInputStream.read(bArr);
        while (true) {
            int i2 = read;
            if (i2 <= 0) {
                break;
            }
            cipherOutputStream.write(bArr, 0, i2);
            i += i2 / 1024;
            log.info("encrypted " + i + " [kb] out of " + (size / 1024) + "[kb]");
            read = fileInputStream.read(bArr);
        }
        cipherOutputStream.close();
        fileInputStream.close();
        if (file2 != null) {
            byteArrayOutputStream.close();
            byteArrayOutputStream2 = z ? new ByteArrayOutputStream2Parts(16) : new ByteArrayOutputStream();
            FileInputStream fileInputStream2 = new FileInputStream(file2);
            int read2 = fileInputStream2.read(bArr);
            while (true) {
                int i3 = read2;
                if (i3 <= 0) {
                    break;
                }
                byteArrayOutputStream2.write(bArr, 0, i3);
                read2 = fileInputStream2.read(bArr);
            }
            fileInputStream2.close();
            if (file2.exists()) {
                file2.delete();
            }
        } else {
            byteArrayOutputStream2 = (ByteArrayOutputStream) byteArrayOutputStream;
        }
        byte[] byteArray = byteArrayOutputStream2.toByteArray();
        if (z) {
            r0[0] = createRandomIV;
            r0[1] = byteArray;
            r0[2] = ((ByteArrayOutputStream2Parts) byteArrayOutputStream2).toByteArray2ndPart();
        } else {
            r0[1] = byteArray;
        }
        return r0;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], byte[][]] */
    public byte[][] encryptSubject(byte[] bArr, String str) throws GeneralSecurityException {
        boolean z = str != null && str.endsWith("gcm");
        ?? r0 = new byte[3];
        Cipher cipher = Cipher.getInstance(z ? ALGORITHM_NAME_AES_GCM : ALGORITHM_NAME_AES_CBC);
        byte[] bArr2 = new byte[16];
        if (z) {
            bArr2 = createRandomIV(12);
        }
        cipher.init(1, new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION), new IvParameterSpec(bArr2));
        byte[] doFinal = cipher.doFinal(bArr);
        if (z) {
            r0[0] = bArr2;
            r0[1] = new byte[doFinal.length - 16];
            System.arraycopy(doFinal, 0, r0[1], 0, doFinal.length - 16);
            r0[2] = new byte[16];
            System.arraycopy(doFinal, doFinal.length - 16, r0[2], 0, 16);
        } else {
            r0[1] = doFinal;
        }
        return r0;
    }

    public InputStream encrypt(InputStream inputStream, String str) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_AES_CBC);
        byte[] createRandomIV = createRandomIV(((Integer) Configuration.getInstance(str).getConfiguration(Configuration.ConfigurationEnum.MESSAGE_SENDING_IV_LENGTH, Integer.class)).intValue());
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(createRandomIV);
        cipher.init(1, secretKeySpec, new IvParameterSpec(createRandomIV));
        return new SequenceInputStream(byteArrayInputStream, new CipherInputStream(inputStream, cipher));
    }

    /* JADX WARN: Removed duplicated region for block: B:6:0x0023 A[Catch: IOException -> 0x0090, TryCatch #0 {IOException -> 0x0090, blocks: (B:12:0x0004, B:4:0x0012, B:6:0x0023, B:9:0x0054), top: B:11:0x0004 }] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0054 A[Catch: IOException -> 0x0090, TRY_ENTER, TryCatch #0 {IOException -> 0x0090, blocks: (B:12:0x0004, B:4:0x0012, B:6:0x0023, B:9:0x0054), top: B:11:0x0004 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.io.InputStream decrypt(byte[] r8, java.io.InputStream r9, java.lang.String r10) throws java.security.GeneralSecurityException {
        /*
            r7 = this;
            r0 = r10
            if (r0 == 0) goto L11
            r0 = r10
            java.lang.String r1 = "gcm"
            boolean r0 = r0.endsWith(r1)     // Catch: java.io.IOException -> L90
            if (r0 == 0) goto L11
            r0 = 1
            goto L12
        L11:
            r0 = 0
        L12:
            r11 = r0
            java.io.DataInputStream r0 = new java.io.DataInputStream     // Catch: java.io.IOException -> L90
            r1 = r0
            r2 = r9
            r1.<init>(r2)     // Catch: java.io.IOException -> L90
            r12 = r0
            r0 = r11
            if (r0 == 0) goto L54
            java.lang.String r0 = "AES/GCM/NoPadding"
            javax.crypto.Cipher r0 = javax.crypto.Cipher.getInstance(r0)     // Catch: java.io.IOException -> L90
            r13 = r0
            javax.crypto.spec.SecretKeySpec r0 = new javax.crypto.spec.SecretKeySpec     // Catch: java.io.IOException -> L90
            r1 = r0
            r2 = r7
            byte[] r2 = r2.aesKeyByte     // Catch: java.io.IOException -> L90
            java.lang.String r3 = "AES"
            r1.<init>(r2, r3)     // Catch: java.io.IOException -> L90
            r14 = r0
            r0 = r13
            r1 = 2
            r2 = r14
            javax.crypto.spec.IvParameterSpec r3 = new javax.crypto.spec.IvParameterSpec     // Catch: java.io.IOException -> L90
            r4 = r3
            r5 = r8
            r4.<init>(r5)     // Catch: java.io.IOException -> L90
            r0.init(r1, r2, r3)     // Catch: java.io.IOException -> L90
            javax.crypto.CipherInputStream r0 = new javax.crypto.CipherInputStream     // Catch: java.io.IOException -> L90
            r1 = r0
            r2 = r9
            r3 = r13
            r1.<init>(r2, r3)     // Catch: java.io.IOException -> L90
            return r0
        L54:
            java.lang.String r0 = "AES/CBC/PKCS5Padding"
            javax.crypto.Cipher r0 = javax.crypto.Cipher.getInstance(r0)     // Catch: java.io.IOException -> L90
            r13 = r0
            r0 = 16
            byte[] r0 = new byte[r0]     // Catch: java.io.IOException -> L90
            r8 = r0
            r0 = r12
            r1 = r8
            r0.readFully(r1)     // Catch: java.io.IOException -> L90
            javax.crypto.spec.SecretKeySpec r0 = new javax.crypto.spec.SecretKeySpec     // Catch: java.io.IOException -> L90
            r1 = r0
            r2 = r7
            byte[] r2 = r2.aesKeyByte     // Catch: java.io.IOException -> L90
            java.lang.String r3 = "AES"
            r1.<init>(r2, r3)     // Catch: java.io.IOException -> L90
            r14 = r0
            r0 = r13
            r1 = 2
            r2 = r14
            javax.crypto.spec.IvParameterSpec r3 = new javax.crypto.spec.IvParameterSpec     // Catch: java.io.IOException -> L90
            r4 = r3
            r5 = r8
            r4.<init>(r5)     // Catch: java.io.IOException -> L90
            r0.init(r1, r2, r3)     // Catch: java.io.IOException -> L90
            javax.crypto.CipherInputStream r0 = new javax.crypto.CipherInputStream     // Catch: java.io.IOException -> L90
            r1 = r0
            r2 = r9
            r3 = r13
            r1.<init>(r2, r3)     // Catch: java.io.IOException -> L90
            return r0
        L90:
            r11 = move-exception
            org.apache.logging.log4j.Logger r0 = de.governikus.bea.beaToolkit.crypto.handler.AESHandler.LOG
            java.lang.String r1 = "Corrupted encrypted InputStream"
            r2 = r11
            r0.error(r1, r2)
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: de.governikus.bea.beaToolkit.crypto.handler.AESHandler.decrypt(byte[], java.io.InputStream, java.lang.String):java.io.InputStream");
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws GeneralSecurityException {
        if (str != null && str.endsWith("gcm")) {
            if (bArr2 == null || bArr2.length <= 0) {
                return new byte[0];
            }
            byte[] bArr4 = new byte[bArr2.length + bArr3.length];
            System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
            System.arraycopy(bArr3, 0, bArr4, bArr2.length, bArr3.length);
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION);
            Cipher cipher = Cipher.getInstance(ALGORITHM_NAME_AES_GCM);
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
            return cipher.doFinal(bArr4);
        }
        if (bArr2 == null || bArr2.length <= 0) {
            return new byte[0];
        }
        byte[] bArr5 = new byte[16];
        byte[] bArr6 = new byte[bArr2.length - bArr5.length];
        System.arraycopy(bArr2, 0, bArr5, 0, bArr5.length);
        System.arraycopy(bArr2, bArr5.length, bArr6, 0, bArr6.length);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(this.aesKeyByte, ALGORITHM_NAME_KEYGENERATION);
        Cipher cipher2 = Cipher.getInstance(ALGORITHM_NAME_AES_CBC);
        cipher2.init(2, secretKeySpec2, new IvParameterSpec(bArr5));
        return cipher2.doFinal(bArr6);
    }

    public byte[] decrypt(EncryptedDataDTO encryptedDataDTO) throws GeneralSecurityException, IllegalStateException, InvalidCipherTextException {
        byte[] iv = encryptedDataDTO.getIv();
        byte[] value = encryptedDataDTO.getValue();
        byte[] tag = encryptedDataDTO.getTag();
        if (value == null || value.length <= 0 || iv == null || iv.length <= 0) {
            return new byte[0];
        }
        byte[] bArr = new byte[tag.length + value.length];
        System.arraycopy(value, 0, bArr, 0, value.length);
        System.arraycopy(tag, 0, bArr, value.length, tag.length);
        AEADParameters aEADParameters = new AEADParameters(new KeyParameter(this.aesKeyByte), tag.length * 8, iv, (byte[]) null);
        GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(new AESEngine());
        gCMBlockCipher.init(false, aEADParameters);
        byte[] bArr2 = new byte[gCMBlockCipher.getOutputSize(bArr.length)];
        gCMBlockCipher.doFinal(bArr2, gCMBlockCipher.processBytes(bArr, 0, bArr.length, bArr2, 0));
        return bArr2;
    }

    public byte[] getAESKey() {
        return this.aesKeyByte;
    }

    public void setAESKey(byte[] bArr) {
        this.aesKeyByte = bArr;
    }
}
