package com.mulesoft.modules.configuration.properties.internal.jce;

import com.mulesoft.modules.configuration.properties.internal.MuleEncryptionException;
import com.mulesoft.modules.configuration.properties.internal.NotSupportedInFipsModeException;
import com.mulesoft.modules.configuration.properties.internal.jce.algorithms.EncryptionAlgorithm;
import com.mulesoft.modules.configuration.properties.internal.jce.algorithms.EncryptionMode;
import com.mulesoft.modules.configuration.properties.internal.jce.algorithms.EncryptionPadding;
import com.mulesoft.modules.configuration.properties.internal.keyfactories.AESFactory;
import com.mulesoft.modules.configuration.properties.internal.keyfactories.EncryptionKeyFactory;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:com/mulesoft/modules/configuration/properties/internal/jce/JCEEncrypter.class */
public class JCEEncrypter {
    protected EncryptionAlgorithm encryptionAlgorithm;
    protected EncryptionMode encryptionMode;
    protected EncryptionPadding encryptionPadding;
    private EncryptionKeyFactory keyFactory;
    private static final String INSTALL_JCE_MESSAGE = "You need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files";
    private static final String FIPS_MODE_MESSAGE = "You're running in FIPS mode  so please verify that the algorithm is compliant with FIPS.";
    private static final String SHORT_KEY_MESSAGE = "You need to increment your key size  The minimum allowed key size is: %d  But your key size is: %d";
    private static final String LONG_KEY_MESSAGE = "Your key size exceeds the maximum allowed key size in your JVM.  The maximum allowed key size is: %d But your key size is: %d.";

    public JCEEncrypter(EncryptionAlgorithm encryptionAlgorithm, EncryptionMode encryptionMode, EncryptionPadding encryptionPadding, EncryptionKeyFactory encryptionKeyFactory) {
        this.encryptionAlgorithm = encryptionAlgorithm;
        this.encryptionMode = encryptionMode;
        this.encryptionPadding = encryptionPadding;
        this.keyFactory = encryptionKeyFactory;
    }

    public byte[] decrypt(byte[] bArr) throws MuleEncryptionException {
        try {
            Cipher cipher = AESFactory.getCipher(createXForm());
            runCipher(cipher, this.keyFactory.buildDecryptionKey(), 2, this.keyFactory.getPlainKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw buildEncryptionException(e, this.keyFactory.getPlainKey());
        }
    }

    private String createXForm() {
        return this.encryptionAlgorithm.name() + "/" + this.encryptionMode.name() + "/" + this.encryptionPadding.name();
    }

    private void runCipher(Cipher cipher, Key key, int i, String str) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.encryptionMode.equals(EncryptionMode.ECB)) {
            cipher.init(i, key);
        } else {
            cipher.init(i, key, new IvParameterSpec(Arrays.copyOfRange(str.getBytes(), 0, ivSize())));
        }
    }

    private int ivSize() {
        if (this.encryptionAlgorithm.getIvSize() == 0) {
            return 8;
        }
        return this.encryptionAlgorithm.getIvSize();
    }

    private MuleEncryptionException buildEncryptionException(Exception exc, String str) {
        return exc instanceof InvalidAlgorithmParameterException ? handleInvalidAlgorithmParameterException((InvalidAlgorithmParameterException) exc) : exc instanceof InvalidKeyException ? handleInvalidKeyException((InvalidKeyException) exc, str) : exc instanceof NoSuchAlgorithmException ? wrapNoSuchAlgorithmException((NoSuchAlgorithmException) exc) : new MuleEncryptionException("Could not encrypt or decrypt the data.", exc);
    }

    private MuleEncryptionException handleInvalidAlgorithmParameterException(InvalidAlgorithmParameterException invalidAlgorithmParameterException) {
        String format = String.format("Wrong configuration for algorithm: %s.", this.encryptionAlgorithm.name());
        if (!AESFactory.isJCEInstalled()) {
            format = format + INSTALL_JCE_MESSAGE;
        }
        return new MuleEncryptionException(format, invalidAlgorithmParameterException);
    }

    private MuleEncryptionException wrapNoSuchAlgorithmException(NoSuchAlgorithmException noSuchAlgorithmException) {
        String format = String.format("Invalid algorithm: %s.", this.encryptionAlgorithm.name());
        return !AESFactory.isJCEInstalled() ? new MuleEncryptionException(format + INSTALL_JCE_MESSAGE, noSuchAlgorithmException) : AESFactory.isFipsEnabled() ? new MuleEncryptionException(format, new NotSupportedInFipsModeException(FIPS_MODE_MESSAGE, noSuchAlgorithmException)) : new MuleEncryptionException(format, noSuchAlgorithmException);
    }

    private MuleEncryptionException handleInvalidKeyException(InvalidKeyException invalidKeyException, String str) {
        String format = String.format("Invalid key: %s. ", str);
        if (str.getBytes().length > this.encryptionAlgorithm.getMaxKeySize()) {
            format = format + String.format(LONG_KEY_MESSAGE, Integer.valueOf(this.encryptionAlgorithm.getMaxKeySize()), Integer.valueOf(str.getBytes().length));
            if (!AESFactory.isJCEInstalled()) {
                format = format + INSTALL_JCE_MESSAGE;
            }
        } else if (str.getBytes().length < this.encryptionAlgorithm.getMinKeySize()) {
            format = format + String.format(SHORT_KEY_MESSAGE, Integer.valueOf(this.encryptionAlgorithm.getMinKeySize()), Integer.valueOf(str.getBytes().length));
        }
        return new MuleEncryptionException(format, invalidKeyException);
    }

    public byte[] encrypt(byte[] bArr) throws MuleEncryptionException {
        try {
            Cipher cipher = AESFactory.getCipher(createXForm());
            runCipher(cipher, this.keyFactory.buildEncryptionKey(), 1, this.keyFactory.getPlainKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw buildEncryptionException(e, this.keyFactory.getPlainKey());
        }
    }
}
