package de.carne.security.secret;

import de.carne.boot.logging.Log;
import de.carne.security.util.Destroyables;
import de.carne.security.util.Randomness;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:de/carne/security/secret/AESCipher.class */
public class AESCipher extends Cipher {
    private static final Log LOG = new Log();
    private static final String KEY_FACTORY_ALG = "PBKDF2WithHmacSHA256";
    private static final String CIPHER_ALG = "AES/GCM/NoPadding";
    private static final int SALT_LENGTH = 8;
    private static final int IV_LENGTH = 12;
    private static final int GCM_TLEN = 128;
    public static final String KEY_ALG = "AES";
    public static final byte ID = 1;
    private final SecretKeySpec secretKeySpec;
    private final byte[] salt;

    AESCipher(SecretKeySpec secretKeySpec, byte[] bArr, int i, int i2) {
        this.secretKeySpec = secretKeySpec;
        this.salt = new byte[i2];
        System.arraycopy(bArr, i, this.salt, 0, i2);
    }

    public static byte[] generateSecret(int i) throws GeneralSecurityException {
        LOG.info("Generating AES-{0} cipher secret...", new Object[]{Integer.valueOf(i)});
        byte[] bArr = new byte[SALT_LENGTH];
        Randomness.get().nextBytes(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(KEY_FACTORY_ALG).generateSecret(new PBEKeySpec(null, bArr, 65536, i));
        try {
            byte[] bArr2 = (byte[]) Objects.requireNonNull(generateSecret.getEncoded());
            Destroyables.safeDestroy(generateSecret);
            byte[] bArr3 = new byte[1 + bArr.length + bArr2.length];
            bArr3[0] = 1;
            System.arraycopy(bArr, 0, bArr3, 1, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, 1 + bArr.length, bArr2.length);
            Arrays.fill(bArr, (byte) 0);
            Arrays.fill(bArr2, (byte) 0);
            return bArr3;
        } catch (Throwable th) {
            Destroyables.safeDestroy(generateSecret);
            throw th;
        }
    }

    public static AESCipher getInstance(byte[] bArr) {
        if (bArr.length < 9 || bArr[0] != 1) {
            throw new IllegalArgumentException("Invalid AES cipher secret");
        }
        return new AESCipher(new SecretKeySpec(bArr, 9, (bArr.length - 1) - SALT_LENGTH, KEY_ALG), bArr, 1, SALT_LENGTH);
    }

    @Override // de.carne.security.secret.Cipher
    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[IV_LENGTH];
        Randomness.get().nextBytes(bArr2);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(GCM_TLEN, bArr2);
        javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CIPHER_ALG);
        cipher.init(1, this.secretKeySpec, gCMParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr3 = new byte[bArr2.length + doFinal.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        Arrays.fill(bArr2, (byte) 0);
        System.arraycopy(doFinal, 0, bArr3, bArr2.length, doFinal.length);
        Arrays.fill(doFinal, (byte) 0);
        return bArr3;
    }

    @Override // de.carne.security.secret.Cipher
    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(GCM_TLEN, bArr, 0, IV_LENGTH);
        javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CIPHER_ALG);
        cipher.init(2, this.secretKeySpec, gCMParameterSpec);
        return cipher.doFinal(bArr, IV_LENGTH, bArr.length - IV_LENGTH);
    }

    @Override // de.carne.security.secret.Cipher, java.lang.AutoCloseable
    public void close() {
        Arrays.fill(this.salt, (byte) 0);
        Destroyables.safeDestroy(this.secretKeySpec);
    }
}
