package org.dataconservancy.pass.authz.usertoken;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base32;

/* loaded from: input_file:BOOT-INF/lib/pass-authz-usertoken-0.4.1.jar:org/dataconservancy/pass/authz/usertoken/Codec.class */
class Codec {
    static final SecureRandom random = new SecureRandom();
    static final Base32 base32 = new Base32();
    private final SecretKey key;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Codec(Key key) {
        this.key = new SecretKeySpec(key.bytes, "AES");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encrypt(String str) {
        byte[] bArr = new byte[12];
        random.nextBytes(bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, this.key, new GCMParameterSpec(128, bArr));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(bArr.length);
                byteArrayOutputStream.write(bArr);
                try {
                    byteArrayOutputStream.write(cipher.doFinal(str.getBytes()));
                    return base32.encodeAsString(byteArrayOutputStream.toByteArray()).replaceAll("=", "");
                } catch (Exception e) {
                    throw new RuntimeException("Error while writing cipher text", e);
                }
            } catch (IOException e2) {
                throw new RuntimeException("Panic: Exception wile writing to a byte array", e2);
            }
        } catch (Exception e3) {
            throw new RuntimeException("Error initializing token ciper", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String decrypt(String str) {
        ByteBuffer wrap = ByteBuffer.wrap(base32.decode(str));
        byte[] bArr = new byte[wrap.get()];
        try {
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            try {
                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                try {
                    cipher.init(2, this.key, new GCMParameterSpec(128, bArr));
                    try {
                        return new String(cipher.doFinal(bArr2));
                    } catch (BadPaddingException | IllegalBlockSizeException e) {
                        throw new BadTokenException("Encountered encrypted data that is likely corrupt", e);
                    }
                } catch (InvalidAlgorithmParameterException e2) {
                    throw new BadTokenException("Encountered encrypted data that is likely corrupt", e2);
                } catch (InvalidKeyException e3) {
                    throw new RuntimeException("Bad decryption key", e3);
                }
            } catch (Exception e4) {
                throw new BadTokenException("Error initializing token cipher");
            }
        } catch (BufferUnderflowException e5) {
            throw new BadTokenException("Encountered encrypted data that is likely corrupt", e5);
        }
    }
}
