package org.apache.commons.jcs3.utils.serialization;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.jcs3.engine.behavior.IElementSerializer;

/* loaded from: input_file:org/apache/commons/jcs3/utils/serialization/EncryptingSerializer.class */
public class EncryptingSerializer extends StandardSerializer {
    private static final String DEFAULT_SECRET_KEY_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final String DEFAULT_CIPHER = "AES/ECB/PKCS5Padding";
    private static final int KEYHASH_ITERATION_COUNT = 1000;
    private static final int KEY_LENGTH = 256;
    private static final int TAG_LENGTH = 128;
    private static final int IV_LENGTH = 12;
    private static final int SALT_LENGTH = 16;
    private String psk;
    private String cipherTransformation;
    private final SecureRandom secureRandom;
    private final SecretKeyFactory secretKeyFactory;
    private final IElementSerializer serializer;

    public EncryptingSerializer() {
        this(new StandardSerializer());
    }

    public EncryptingSerializer(IElementSerializer iElementSerializer) {
        this.cipherTransformation = DEFAULT_CIPHER;
        this.serializer = iElementSerializer;
        try {
            this.secureRandom = new SecureRandom();
            this.secretKeyFactory = SecretKeyFactory.getInstance(DEFAULT_SECRET_KEY_ALGORITHM);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not set up encryption tools", e);
        }
    }

    public void setPreSharedKey(String str) {
        this.psk = str;
    }

    public void setAesCipherTransformation(String str) {
        this.cipherTransformation = str;
    }

    private byte[] getRandomBytes(int i) {
        byte[] bArr = new byte[i];
        this.secureRandom.nextBytes(bArr);
        return bArr;
    }

    private SecretKey createSecretKey(String str, byte[] bArr) throws InvalidKeySpecException {
        return new SecretKeySpec(this.secretKeyFactory.generateSecret(new PBEKeySpec(str.toCharArray(), bArr, 1000, 256)).getEncoded(), "AES");
    }

    private byte[] encrypt(byte[] bArr) throws IOException {
        try {
            byte[] randomBytes = getRandomBytes(16);
            byte[] randomBytes2 = getRandomBytes(12);
            SecretKey createSecretKey = createSecretKey(this.psk, randomBytes);
            Cipher cipher = Cipher.getInstance(this.cipherTransformation);
            if (cipher.getAlgorithm().startsWith("AES/GCM")) {
                cipher.init(1, createSecretKey, new GCMParameterSpec(128, randomBytes2));
            } else {
                cipher.init(1, createSecretKey);
            }
            byte[] doFinal = cipher.doFinal(bArr);
            return ByteBuffer.allocate(28 + doFinal.length).put(randomBytes2).put(randomBytes).put(doFinal).array();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IOException("Error while encrypting", e);
        }
    }

    private byte[] decrypt(byte[] bArr) throws IOException {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[12];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[16];
            wrap.get(bArr3);
            byte[] bArr4 = new byte[wrap.remaining()];
            wrap.get(bArr4);
            SecretKey createSecretKey = createSecretKey(this.psk, bArr3);
            Cipher cipher = Cipher.getInstance(this.cipherTransformation);
            if (cipher.getAlgorithm().startsWith("AES/GCM")) {
                cipher.init(2, createSecretKey, new GCMParameterSpec(128, bArr2));
            } else {
                cipher.init(2, createSecretKey);
            }
            return cipher.doFinal(bArr4);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IOException("Error while decrypting", e);
        }
    }

    @Override // org.apache.commons.jcs3.utils.serialization.StandardSerializer, org.apache.commons.jcs3.engine.behavior.IElementSerializer
    public <T> byte[] serialize(T t) throws IOException {
        return encrypt(this.serializer.serialize(t));
    }

    @Override // org.apache.commons.jcs3.utils.serialization.StandardSerializer, org.apache.commons.jcs3.engine.behavior.IElementSerializer
    public <T> T deSerialize(byte[] bArr, ClassLoader classLoader) throws IOException, ClassNotFoundException {
        if (bArr == null) {
            return null;
        }
        return (T) this.serializer.deSerialize(decrypt(bArr), classLoader);
    }
}
