package com.arcadedb.database;

import com.arcadedb.exception.EncryptionException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/arcadedb/database/DefaultDataEncryption.class */
public class DefaultDataEncryption implements DataEncryption {
    public static final int DEFAULT_SALT_ITERATIONS = 65536;
    public static final int DEFAULT_KEY_LENGTH = 256;
    public static final String DEFAULT_PASSWORD_ALGORITHM = "PBKDF2WithHmacSHA256";
    public static final String DEFAULT_SECRET_KEY_ALGORITHM = "AES";
    public static final String DEFAULT_ALGORITHM = "AES/GCM/NoPadding";
    public static final int DEFAULT_IV_SIZE = 12;
    public static final int DEFAULT_TAG_SIZE = 128;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private SecretKey secretKey;
    private String algorithm;
    private int ivSize;
    private int tagSize;

    public DefaultDataEncryption(SecretKey secretKey, String str, int i, int i2) throws NoSuchAlgorithmException, NoSuchPaddingException {
        this.secretKey = secretKey;
        this.algorithm = str;
        this.ivSize = i;
        this.tagSize = i2;
        Cipher.getInstance(str);
    }

    @Override // com.arcadedb.database.DataEncryption
    public byte[] encrypt(byte[] bArr) {
        try {
            byte[] generateIv = generateIv(this.ivSize);
            Cipher cipher = Cipher.getInstance(this.algorithm);
            cipher.init(1, this.secretKey, new GCMParameterSpec(this.tagSize, generateIv));
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] bArr2 = new byte[generateIv.length + doFinal.length];
            System.arraycopy(generateIv, 0, bArr2, 0, generateIv.length);
            System.arraycopy(doFinal, 0, bArr2, generateIv.length, doFinal.length);
            return bArr2;
        } catch (Exception e) {
            throw new EncryptionException("Error while encrypting data", e);
        }
    }

    @Override // com.arcadedb.database.DataEncryption
    public byte[] decrypt(byte[] bArr) {
        try {
            byte[] bArr2 = new byte[this.ivSize];
            byte[] bArr3 = new byte[bArr.length - this.ivSize];
            System.arraycopy(bArr, 0, bArr2, 0, this.ivSize);
            System.arraycopy(bArr, this.ivSize, bArr3, 0, bArr3.length);
            Cipher cipher = Cipher.getInstance(this.algorithm);
            cipher.init(2, this.secretKey, new GCMParameterSpec(this.tagSize, bArr2));
            return cipher.doFinal(bArr3);
        } catch (Exception e) {
            throw new EncryptionException("Error while decrypting data", e);
        }
    }

    public static DefaultDataEncryption useDefaults(SecretKey secretKey) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return new DefaultDataEncryption(secretKey, DEFAULT_ALGORITHM, 12, 128);
    }

    public static SecretKey generateRandomSecretKeyUsingDefaults() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(DEFAULT_SECRET_KEY_ALGORITHM);
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }

    public static SecretKey getSecretKeyFromPasswordUsingDefaults(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return getKeyFromPassword(str, str2, DEFAULT_PASSWORD_ALGORITHM, DEFAULT_SECRET_KEY_ALGORITHM, DEFAULT_SALT_ITERATIONS, 256);
    }

    private static byte[] generateIv(int i) {
        byte[] bArr = new byte[i];
        SECURE_RANDOM.nextBytes(bArr);
        return bArr;
    }

    public static SecretKey getKeyFromPassword(String str, String str2, String str3, String str4, int i, int i2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(str3).generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), i, i2)).getEncoded(), str4);
    }
}
