package org.mule.encryption.jce;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import org.mule.encryption.Encrypter;
import org.mule.encryption.exception.MuleEncryptionException;
import org.mule.encryption.exception.MuleInvalidAlgorithmConfigurationException;
import org.mule.encryption.exception.MuleInvalidKeyException;
import org.mule.encryption.key.EncryptionKeyFactory;

/* loaded from: input_file:repository/org/mule/mule-encryption/1.3.0/mule-encryption-1.3.0.jar:org/mule/encryption/jce/JCEEncrypter.class */
public class JCEEncrypter implements Encrypter {
    private static final String INSTALL_JCE_MESSAGE = " You need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files";
    private static final String ECB = "ECB";
    private static final String RSA = "RSA";
    private static final String NONE = "NONE";
    private final String provider;
    private final String transformation;
    private final EncryptionKeyFactory keyFactory;
    private final boolean useRandomIV;

    public JCEEncrypter(String str, EncryptionKeyFactory encryptionKeyFactory) {
        this(str, (String) null, encryptionKeyFactory);
    }

    public JCEEncrypter(String str, String str2, EncryptionKeyFactory encryptionKeyFactory) {
        this(str, str2, encryptionKeyFactory, false);
    }

    public JCEEncrypter(String str, EncryptionKeyFactory encryptionKeyFactory, boolean z) {
        this(str, null, encryptionKeyFactory, z);
    }

    public JCEEncrypter(String str, String str2, EncryptionKeyFactory encryptionKeyFactory, boolean z) {
        this.transformation = str;
        this.provider = str2;
        this.keyFactory = encryptionKeyFactory;
        this.useRandomIV = z;
    }

    @Override // org.mule.encryption.Encrypter
    public byte[] decrypt(byte[] bArr) throws MuleEncryptionException {
        return runCipher(bArr, this.keyFactory.decryptionKey(), 2);
    }

    @Override // org.mule.encryption.Encrypter
    public byte[] encrypt(byte[] bArr) throws MuleEncryptionException {
        return runCipher(bArr, this.keyFactory.encryptionKey(), 1);
    }

    protected AlgorithmParameterSpec getAlgorithmParameterSpec(IvParameterSpec ivParameterSpec) {
        return ivParameterSpec;
    }

    private boolean doesNotUseIV() {
        String[] split = this.transformation.split("/");
        return split.length >= 2 && (ECB.equals(split[1]) || (RSA.equals(split[0]) && NONE.equalsIgnoreCase(split[1])));
    }

    private byte[] runCipher(byte[] bArr, Key key, int i) throws MuleEncryptionException {
        try {
            Cipher cipher = getCipher();
            if (doesNotUseIV()) {
                cipher.init(i, key);
                return cipher.doFinal(bArr);
            }
            SecureRandom secureRandom = new SecureRandom();
            byte[] bArr2 = new byte[cipher.getBlockSize()];
            if (!this.useRandomIV) {
                bArr2 = Arrays.copyOfRange(key.getEncoded(), 0, bArr2.length);
            } else if (i == 1) {
                secureRandom.nextBytes(bArr2);
            } else {
                bArr2 = Arrays.copyOfRange(bArr, 0, bArr2.length);
                bArr = Arrays.copyOfRange(bArr, bArr2.length, bArr.length);
            }
            cipher.init(i, key, getAlgorithmParameterSpec(new IvParameterSpec(bArr2)), secureRandom);
            byte[] doFinal = cipher.doFinal(bArr);
            if (i != 1 || !this.useRandomIV) {
                return doFinal;
            }
            byte[] bArr3 = new byte[bArr2.length + doFinal.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(doFinal, 0, bArr3, bArr2.length, doFinal.length);
            return bArr3;
        } catch (InvalidAlgorithmParameterException e) {
            throw invalidAlgorithmConfigurationException(String.format("Wrong configuration for algorithm '%s'", this.transformation), e);
        } catch (InvalidKeyException e2) {
            throw handleInvalidKeyException(e2, new String(key.getEncoded()));
        } catch (NoSuchAlgorithmException e3) {
            throw invalidAlgorithmConfigurationException(String.format("Cipher '%s' not found", this.transformation), e3);
        } catch (NoSuchProviderException e4) {
            throw invalidAlgorithmConfigurationException(String.format("Provider '%s' not found", this.provider), e4);
        } catch (NoSuchPaddingException e5) {
            throw invalidAlgorithmConfigurationException(String.format("Invalid padding selected for cipher '%s'", this.transformation), e5);
        } catch (Exception e6) {
            throw new MuleEncryptionException("Could not encrypt or decrypt the data.", e6);
        }
    }

    private Cipher getCipher() throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException {
        return this.provider == null ? Cipher.getInstance(this.transformation) : Cipher.getInstance(this.transformation, this.provider);
    }

    private MuleEncryptionException invalidAlgorithmConfigurationException(String str, Exception exc) {
        if (!JCE.isJCEInstalled()) {
            str = str + INSTALL_JCE_MESSAGE;
        }
        return new MuleInvalidAlgorithmConfigurationException(str, exc);
    }

    private MuleEncryptionException handleInvalidKeyException(InvalidKeyException invalidKeyException, String str) {
        return new MuleInvalidKeyException(String.format("The key is invalid, please make sure it's of a supported size (actual is %s)", Integer.valueOf(str.length())), invalidKeyException);
    }
}
