package com.huawei.wienerchain.security.tee;

import com.google.common.base.Charsets;
import com.huawei.wienerchain.exception.CryptoException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/huawei/wienerchain/security/tee/SymmetricCrypto.class */
public class SymmetricCrypto {
    private static final String KEY_ALGORITHM = "AES";
    private static final String AES_CIPHER_ALGORITHM = "AES/GCM/NoPadding";
    private static final int AES_LEN = 128;
    private static final int IV_LEN = 12;
    private SecretKey secretKey;
    private byte[] pubKey;

    public SymmetricCrypto(SecretKey secretKey) {
        this.secretKey = secretKey;
    }

    public static SecretKey generateKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        keyGenerator.init(AES_LEN);
        return keyGenerator.generateKey();
    }

    public static SecretKey generateKey(String str) throws NoSuchAlgorithmException {
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(str.getBytes(Charsets.UTF_8));
        KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM);
        keyGenerator.init(AES_LEN, secureRandom);
        return keyGenerator.generateKey();
    }

    public static SecretKey loadSecretKey(String str) throws IOException {
        return new SecretKeySpec(Files.readAllBytes(Paths.get(str, new String[0])), KEY_ALGORITHM);
    }

    public void saveSecretKey(String str) throws IOException {
        Files.write(Paths.get(str, new String[0]), this.secretKey.getEncoded(), new OpenOption[0]);
    }

    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        byte[] bArr2 = new byte[12];
        new SecureRandom().nextBytes(bArr2);
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(AES_LEN, bArr2);
        Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
        cipher.init(1, this.secretKey, gCMParameterSpec);
        byte[] doFinal = cipher.doFinal(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(4 + bArr2.length + doFinal.length);
        allocate.putInt(bArr2.length);
        allocate.put(bArr2);
        allocate.put(doFinal);
        return allocate.array();
    }

    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        if (bArr == null || bArr.length == 0) {
            return new byte[0];
        }
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[wrap.getInt()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        Cipher cipher = Cipher.getInstance(AES_CIPHER_ALGORITHM);
        cipher.init(2, this.secretKey, new GCMParameterSpec(AES_LEN, bArr2));
        return cipher.doFinal(bArr3);
    }

    public byte[] getRsaDecryptedSecretKey() throws GeneralSecurityException, CryptoException {
        if (this.pubKey == null) {
            throw new CryptoException("Do not set public key. ");
        }
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(new String(this.pubKey).replace("-----BEGIN RSA PUBLICKEY KEY-----", "").replace("-----END RSA PUBLICKEY KEY-----", "").replaceAll("\n", "").replaceAll("\r", ""))));
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
        cipher.init(1, generatePublic);
        return cipher.doFinal(this.secretKey.getEncoded());
    }

    public void setPubKey(byte[] bArr) {
        this.pubKey = bArr;
    }
}
