package org.springframework.security.crypto.encrypt;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Base64;
import javax.crypto.Cipher;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.KeyGenerators;

/* loaded from: input_file:BOOT-INF/lib/spring-security-crypto-6.4.4.jar:org/springframework/security/crypto/encrypt/RsaSecretEncryptor.class */
public class RsaSecretEncryptor implements BytesEncryptor, TextEncryptor, RsaKeyHolder {
    private static final String DEFAULT_ENCODING = "UTF-8";
    private static final String DEFAULT_SALT = "deadbeef";
    private final String salt;
    private RsaAlgorithm algorithm;
    private final Charset charset;
    private final PublicKey publicKey;
    private final PrivateKey privateKey;
    private final Charset defaultCharset;
    private final boolean gcm;

    public RsaSecretEncryptor(RsaAlgorithm rsaAlgorithm, String str, boolean z) {
        this(RsaKeyHelper.generateKeyPair(), rsaAlgorithm, str, z);
    }

    public RsaSecretEncryptor(RsaAlgorithm rsaAlgorithm, String str) {
        this(RsaKeyHelper.generateKeyPair(), rsaAlgorithm, str);
    }

    public RsaSecretEncryptor(RsaAlgorithm rsaAlgorithm, boolean z) {
        this(RsaKeyHelper.generateKeyPair(), rsaAlgorithm, DEFAULT_SALT, z);
    }

    public RsaSecretEncryptor(RsaAlgorithm rsaAlgorithm) {
        this(RsaKeyHelper.generateKeyPair(), rsaAlgorithm);
    }

    public RsaSecretEncryptor() {
        this(RsaKeyHelper.generateKeyPair());
    }

    public RsaSecretEncryptor(KeyPair keyPair, RsaAlgorithm rsaAlgorithm, String str, boolean z) {
        this("UTF-8", keyPair.getPublic(), keyPair.getPrivate(), rsaAlgorithm, str, z);
    }

    public RsaSecretEncryptor(KeyPair keyPair, RsaAlgorithm rsaAlgorithm, String str) {
        this("UTF-8", keyPair.getPublic(), keyPair.getPrivate(), rsaAlgorithm, str, false);
    }

    public RsaSecretEncryptor(KeyPair keyPair, RsaAlgorithm rsaAlgorithm) {
        this("UTF-8", keyPair.getPublic(), keyPair.getPrivate(), rsaAlgorithm);
    }

    public RsaSecretEncryptor(KeyPair keyPair) {
        this("UTF-8", keyPair.getPublic(), keyPair.getPrivate());
    }

    public RsaSecretEncryptor(String str, RsaAlgorithm rsaAlgorithm, String str2) {
        this(RsaKeyHelper.parseKeyPair(str), rsaAlgorithm, str2);
    }

    public RsaSecretEncryptor(String str, RsaAlgorithm rsaAlgorithm) {
        this(RsaKeyHelper.parseKeyPair(str), rsaAlgorithm);
    }

    public RsaSecretEncryptor(String str) {
        this(RsaKeyHelper.parseKeyPair(str));
    }

    public RsaSecretEncryptor(PublicKey publicKey, RsaAlgorithm rsaAlgorithm, String str, boolean z) {
        this("UTF-8", publicKey, null, rsaAlgorithm, str, z);
    }

    public RsaSecretEncryptor(PublicKey publicKey, RsaAlgorithm rsaAlgorithm, String str) {
        this("UTF-8", publicKey, null, rsaAlgorithm, str, false);
    }

    public RsaSecretEncryptor(PublicKey publicKey, RsaAlgorithm rsaAlgorithm) {
        this("UTF-8", publicKey, (PrivateKey) null, rsaAlgorithm);
    }

    public RsaSecretEncryptor(PublicKey publicKey) {
        this("UTF-8", publicKey, (PrivateKey) null);
    }

    public RsaSecretEncryptor(String str, PublicKey publicKey, PrivateKey privateKey) {
        this(str, publicKey, privateKey, RsaAlgorithm.DEFAULT);
    }

    public RsaSecretEncryptor(String str, PublicKey publicKey, PrivateKey privateKey, RsaAlgorithm rsaAlgorithm) {
        this(str, publicKey, privateKey, rsaAlgorithm, DEFAULT_SALT, false);
    }

    public RsaSecretEncryptor(String str, PublicKey publicKey, PrivateKey privateKey, RsaAlgorithm rsaAlgorithm, String str2, boolean z) {
        this.algorithm = RsaAlgorithm.DEFAULT;
        this.charset = Charset.forName(str);
        this.publicKey = publicKey;
        this.privateKey = privateKey;
        this.defaultCharset = Charset.forName("UTF-8");
        this.algorithm = rsaAlgorithm;
        this.salt = isHex(str2) ? str2 : new String(Hex.encode(str2.getBytes(this.defaultCharset)));
        this.gcm = z;
    }

    @Override // org.springframework.security.crypto.encrypt.RsaKeyHolder
    public String getPublicKey() {
        return RsaKeyHelper.encodePublicKey((RSAPublicKey) this.publicKey, "application");
    }

    @Override // org.springframework.security.crypto.encrypt.TextEncryptor
    public String encrypt(String str) {
        return new String(Base64.getEncoder().encode(encrypt(str.getBytes(this.charset))), this.defaultCharset);
    }

    @Override // org.springframework.security.crypto.encrypt.TextEncryptor
    public String decrypt(String str) {
        if (canDecrypt()) {
            return new String(decrypt(Base64.getDecoder().decode(str.getBytes(this.defaultCharset))), this.charset);
        }
        throw new IllegalStateException("Encryptor is not configured for decryption");
    }

    @Override // org.springframework.security.crypto.encrypt.BytesEncryptor
    public byte[] encrypt(byte[] bArr) {
        return encrypt(bArr, this.publicKey, this.algorithm, this.salt, this.gcm);
    }

    @Override // org.springframework.security.crypto.encrypt.BytesEncryptor
    public byte[] decrypt(byte[] bArr) {
        if (canDecrypt()) {
            return decrypt(bArr, this.privateKey, this.algorithm, this.salt, this.gcm);
        }
        throw new IllegalStateException("Encryptor is not configured for decryption");
    }

    private static byte[] encrypt(byte[] bArr, PublicKey publicKey, RsaAlgorithm rsaAlgorithm, String str, boolean z) {
        byte[] generateKey = KeyGenerators.secureRandom(16).generateKey();
        BytesEncryptor stronger = z ? Encryptors.stronger(new String(Hex.encode(generateKey)), str) : Encryptors.standard(new String(Hex.encode(generateKey)), str);
        try {
            Cipher cipher = Cipher.getInstance(rsaAlgorithm.getJceName());
            cipher.init(1, publicKey);
            byte[] doFinal = cipher.doFinal(generateKey);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + 20);
            writeInt(byteArrayOutputStream, doFinal.length);
            byteArrayOutputStream.write(doFinal);
            byteArrayOutputStream.write(stronger.encrypt(bArr));
            return byteArrayOutputStream.toByteArray();
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new IllegalStateException("Cannot encrypt", e2);
        }
    }

    private static void writeInt(ByteArrayOutputStream byteArrayOutputStream, int i) throws IOException {
        byteArrayOutputStream.write(new byte[]{(byte) ((i >> 8) & 255), (byte) (i & 255)});
    }

    private static int readInt(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] bArr = new byte[2];
        byteArrayInputStream.read(bArr);
        return ((bArr[0] & 255) << 8) | (bArr[1] & 255);
    }

    private static byte[] decrypt(byte[] bArr, PrivateKey privateKey, RsaAlgorithm rsaAlgorithm, String str, boolean z) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length);
        try {
            byte[] bArr2 = new byte[readInt(byteArrayInputStream)];
            byteArrayInputStream.read(bArr2);
            Cipher cipher = Cipher.getInstance(rsaAlgorithm.getJceName());
            cipher.init(2, privateKey);
            String str2 = new String(Hex.encode(cipher.doFinal(bArr2)));
            byte[] bArr3 = new byte[(bArr.length - bArr2.length) - 2];
            byteArrayInputStream.read(bArr3);
            byteArrayOutputStream.write((z ? Encryptors.stronger(str2, str) : Encryptors.standard(str2, str)).decrypt(bArr3));
            return byteArrayOutputStream.toByteArray();
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new IllegalStateException("Cannot decrypt", e2);
        }
    }

    private static boolean isHex(String str) {
        try {
            Hex.decode(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public boolean canDecrypt() {
        return this.privateKey != null;
    }
}
