package com.arcadedb.event;

import com.arcadedb.TestHelper;
import com.arcadedb.database.Database;
import com.arcadedb.database.Record;
import com.arcadedb.graph.MutableVertex;
import com.arcadedb.schema.VertexType;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:com/arcadedb/event/RecordEncryptionTest.class */
public class RecordEncryptionTest extends TestHelper implements BeforeRecordCreateListener, AfterRecordReadListener, BeforeRecordUpdateListener {
    private static final String password = "JustAPassword";
    private static final String PASSWORD_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final String ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final int SALT_ITERATIONS = 65536;
    private static final int KEY_LENGTH = 256;
    private SecretKey key;
    private IvParameterSpec ivParameterSpec;
    private final AtomicInteger creates = new AtomicInteger();
    private final AtomicInteger reads = new AtomicInteger();
    private final AtomicInteger updates = new AtomicInteger();

    @Override // com.arcadedb.TestHelper
    public void beginTest() {
        VertexType createVertexType = this.database.getSchema().createVertexType("BackAccount");
        createVertexType.getEvents().registerListener(this);
        createVertexType.getEvents().registerListener(this);
        createVertexType.getEvents().registerListener(this);
        try {
            this.key = getKeyFromPassword(password, "salt");
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            this.ivParameterSpec = new IvParameterSpec(bArr);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    @Test
    public void testEncryption() {
        this.database.transaction(() -> {
            this.database.newVertex("BackAccount").set("secret", "Nobody must know John and Zuck are brothers").save();
        });
        Assertions.assertThat(this.creates.get()).isEqualTo(1);
        this.database.setTransactionIsolationLevel(Database.TRANSACTION_ISOLATION_LEVEL.REPEATABLE_READ);
        this.database.transaction(() -> {
            Assertions.assertThat(((Record) this.database.iterateType("BackAccount", true).next()).asVertex().getString("secret")).isEqualTo("Nobody must know John and Zuck are brothers");
        });
        Assertions.assertThat(this.reads.get()).isEqualTo(1);
        this.database.transaction(() -> {
            ((Record) this.database.iterateType("BackAccount", true).next()).asVertex().modify().set("secret", "Tool late, everybody knows it").save();
        });
        Assertions.assertThat(this.updates.get()).isEqualTo(1);
        Assertions.assertThat(this.reads.get()).isEqualTo(2);
        this.database.transaction(() -> {
            Assertions.assertThat(((Record) this.database.iterateType("BackAccount", true).next()).asVertex().getString("secret")).isEqualTo("Tool late, everybody knows it");
        });
        Assertions.assertThat(this.reads.get()).isEqualTo(3);
    }

    public Record onAfterRead(Record record) {
        MutableVertex modify = record.asVertex().modify();
        try {
            modify.set("secret", decrypt(ALGORITHM, modify.getString("secret"), this.key, new IvParameterSpec(Base64.getDecoder().decode(modify.getString("iv")))));
            this.reads.incrementAndGet();
            return modify;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public boolean onBeforeCreate(Record record) {
        MutableVertex modify = record.asVertex().modify();
        try {
            modify.set("secret", encrypt(ALGORITHM, modify.getString("secret"), this.key, this.ivParameterSpec));
            modify.set("iv", Base64.getEncoder().encodeToString(this.ivParameterSpec.getIV()));
            this.creates.incrementAndGet();
            return true;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public boolean onBeforeUpdate(Record record) {
        MutableVertex modify = record.asVertex().modify();
        try {
            modify.set("secret", encrypt(ALGORITHM, modify.getString("secret"), this.key, this.ivParameterSpec));
            modify.set("iv", Base64.getEncoder().encodeToString(this.ivParameterSpec.getIV()));
            this.updates.incrementAndGet();
            return true;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static String encrypt(String str, String str2, SecretKey secretKey, IvParameterSpec ivParameterSpec) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(1, secretKey, ivParameterSpec);
        return Base64.getEncoder().encodeToString(cipher.doFinal(str2.getBytes()));
    }

    public static String decrypt(String str, String str2, SecretKey secretKey, IvParameterSpec ivParameterSpec) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(2, secretKey, ivParameterSpec);
        return new String(cipher.doFinal(Base64.getDecoder().decode(str2)));
    }

    public static SecretKey getKeyFromPassword(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(PASSWORD_ALGORITHM).generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), SALT_ITERATIONS, KEY_LENGTH)).getEncoded(), "AES");
    }
}
