package org.springframework.security.crypto.encrypt;

import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.BytesKeyGenerator;
import org.springframework.security.crypto.keygen.KeyGenerators;
import org.springframework.security.crypto.util.EncodingUtils;

/* loaded from: input_file:WEB-INF/lib/spring-security-crypto-5.8.3.jar:org/springframework/security/crypto/encrypt/AesBytesEncryptor.class */
public final class AesBytesEncryptor implements BytesEncryptor {
    private final SecretKey secretKey;
    private final Cipher encryptor;
    private final Cipher decryptor;
    private final BytesKeyGenerator ivGenerator;
    private CipherAlgorithm alg;
    private static final String AES_CBC_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String AES_GCM_ALGORITHM = "AES/GCM/NoPadding";
    private static final BytesKeyGenerator NULL_IV_GENERATOR = new BytesKeyGenerator() { // from class: org.springframework.security.crypto.encrypt.AesBytesEncryptor.1
        private final byte[] VALUE = new byte[16];

        @Override // org.springframework.security.crypto.keygen.BytesKeyGenerator
        public int getKeyLength() {
            return this.VALUE.length;
        }

        @Override // org.springframework.security.crypto.keygen.BytesKeyGenerator
        public byte[] generateKey() {
            return this.VALUE;
        }
    };

    /* loaded from: input_file:WEB-INF/lib/spring-security-crypto-5.8.3.jar:org/springframework/security/crypto/encrypt/AesBytesEncryptor$CipherAlgorithm.class */
    public enum CipherAlgorithm {
        CBC(AesBytesEncryptor.AES_CBC_ALGORITHM, AesBytesEncryptor.NULL_IV_GENERATOR),
        GCM(AesBytesEncryptor.AES_GCM_ALGORITHM, KeyGenerators.secureRandom(16));

        private BytesKeyGenerator ivGenerator;
        private String name;

        CipherAlgorithm(String str, BytesKeyGenerator bytesKeyGenerator) {
            this.name = str;
            this.ivGenerator = bytesKeyGenerator;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }

        public AlgorithmParameterSpec getParameterSpec(byte[] bArr) {
            return this != CBC ? new GCMParameterSpec(128, bArr) : new IvParameterSpec(bArr);
        }

        public Cipher createCipher() {
            return CipherUtils.newCipher(toString());
        }

        public BytesKeyGenerator defaultIvGenerator() {
            return this.ivGenerator;
        }
    }

    public AesBytesEncryptor(String str, CharSequence charSequence) {
        this(str, charSequence, (BytesKeyGenerator) null);
    }

    public AesBytesEncryptor(String str, CharSequence charSequence, BytesKeyGenerator bytesKeyGenerator) {
        this(str, charSequence, bytesKeyGenerator, CipherAlgorithm.CBC);
    }

    public AesBytesEncryptor(String str, CharSequence charSequence, BytesKeyGenerator bytesKeyGenerator, CipherAlgorithm cipherAlgorithm) {
        this(CipherUtils.newSecretKey("PBKDF2WithHmacSHA1", new PBEKeySpec(str.toCharArray(), Hex.decode(charSequence), 1024, 256)), bytesKeyGenerator, cipherAlgorithm);
    }

    public AesBytesEncryptor(SecretKey secretKey, BytesKeyGenerator bytesKeyGenerator, CipherAlgorithm cipherAlgorithm) {
        this.secretKey = new SecretKeySpec(secretKey.getEncoded(), "AES");
        this.alg = cipherAlgorithm;
        this.encryptor = cipherAlgorithm.createCipher();
        this.decryptor = cipherAlgorithm.createCipher();
        this.ivGenerator = bytesKeyGenerator != null ? bytesKeyGenerator : cipherAlgorithm.defaultIvGenerator();
    }

    /* JADX WARN: Type inference failed for: r0v17, types: [byte[], byte[][]] */
    @Override // org.springframework.security.crypto.encrypt.BytesEncryptor
    public byte[] encrypt(byte[] bArr) {
        byte[] concatenate;
        synchronized (this.encryptor) {
            byte[] generateKey = this.ivGenerator.generateKey();
            CipherUtils.initCipher(this.encryptor, 1, this.secretKey, this.alg.getParameterSpec(generateKey));
            byte[] doFinal = CipherUtils.doFinal(this.encryptor, bArr);
            concatenate = this.ivGenerator != NULL_IV_GENERATOR ? EncodingUtils.concatenate(new byte[]{generateKey, doFinal}) : doFinal;
        }
        return concatenate;
    }

    @Override // org.springframework.security.crypto.encrypt.BytesEncryptor
    public byte[] decrypt(byte[] bArr) {
        byte[] doFinal;
        synchronized (this.decryptor) {
            byte[] iv = iv(bArr);
            CipherUtils.initCipher(this.decryptor, 2, this.secretKey, this.alg.getParameterSpec(iv));
            doFinal = CipherUtils.doFinal(this.decryptor, this.ivGenerator != NULL_IV_GENERATOR ? encrypted(bArr, iv.length) : bArr);
        }
        return doFinal;
    }

    private byte[] iv(byte[] bArr) {
        return this.ivGenerator != NULL_IV_GENERATOR ? EncodingUtils.subArray(bArr, 0, this.ivGenerator.getKeyLength()) : NULL_IV_GENERATOR.generateKey();
    }

    private byte[] encrypted(byte[] bArr, int i) {
        return EncodingUtils.subArray(bArr, i, bArr.length);
    }
}
