package org.kuali.rice.core.impl.encryption;

import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.kuali.rice.core.api.config.property.ConfigContext;
import org.kuali.rice.core.api.encryption.EncryptionService;

/* loaded from: input_file:WEB-INF/lib/rice-core-impl-2.3.8.jar:org/kuali/rice/core/impl/encryption/DemonstrationGradeEncryptionServiceImpl.class */
public class DemonstrationGradeEncryptionServiceImpl implements EncryptionService {
    public static final String ALGORITHM = "DES/ECB/PKCS5Padding";
    public static final String HASH_ALGORITHM = "SHA";
    private static final String CHARSET = "UTF-8";
    private transient SecretKey desKey;
    private boolean isEnabled = false;

    public DemonstrationGradeEncryptionServiceImpl() throws Exception {
        if (this.desKey != null) {
            throw new RuntimeException("The secret key must be kept secret. Storing it in the Java source code is a really bad idea.");
        }
        String property = ConfigContext.getCurrentContextConfig().getProperty("encryption.key");
        if (StringUtils.isEmpty(property)) {
            return;
        }
        setSecretKey(property);
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public boolean isEnabled() {
        return this.isEnabled;
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public String encrypt(Object obj) throws GeneralSecurityException {
        checkEnabled();
        if (obj == null) {
            return "";
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(1, this.desKey);
        try {
            return new String(Base64.encodeBase64(cipher.doFinal(obj.toString().getBytes("UTF-8"))), "UTF-8");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public String decrypt(String str) throws GeneralSecurityException {
        checkEnabled();
        if (StringUtils.isBlank(str)) {
            return "";
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(2, this.desKey);
        try {
            return new String(cipher.doFinal(Base64.decodeBase64(str.getBytes("UTF-8"))), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public byte[] encryptBytes(byte[] bArr) throws GeneralSecurityException {
        checkEnabled();
        if (bArr == null) {
            return new byte[0];
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(1, this.desKey);
        return cipher.doFinal(bArr);
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public byte[] decryptBytes(byte[] bArr) throws GeneralSecurityException {
        checkEnabled();
        if (bArr == null) {
            return new byte[0];
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(2, this.desKey);
        return cipher.doFinal(bArr);
    }

    public static String generateEncodedKey() throws Exception {
        SecretKey generateKey = KeyGenerator.getInstance("DES").generateKey();
        Cipher.getInstance(ALGORITHM).init(3, generateKey);
        return new String(Base64.encodeBase64(((DESKeySpec) SecretKeyFactory.getInstance("DES").getKeySpec(generateKey, DESKeySpec.class)).getKey()));
    }

    private SecretKey unwrapEncodedKey(String str) throws Exception {
        Cipher.getInstance(ALGORITHM).init(4, KeyGenerator.getInstance("DES").generateKey());
        return SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec(Base64.decodeBase64(str.getBytes())));
    }

    public void setSecretKey(String str) throws Exception {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        this.desKey = unwrapEncodedKey(str);
        this.isEnabled = true;
        Cipher.getInstance(ALGORITHM).init(3, this.desKey);
    }

    @Override // org.kuali.rice.core.api.encryption.EncryptionService
    public String hash(Object obj) throws GeneralSecurityException {
        if (obj == null || StringUtils.isEmpty(obj.toString())) {
            return "";
        }
        try {
            return new String(Base64.encodeBase64(MessageDigest.getInstance(HASH_ALGORITHM).digest(obj.toString().getBytes("UTF-8"))), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return "";
        }
    }

    protected void checkEnabled() {
        if (!isEnabled()) {
            throw new IllegalStateException("Illegal use of encryption service.  Ecryption service is disabled, to enable please configure 'encryption.key'.");
        }
    }
}
