package org.opendaylight.aaa.encrypt;

import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang3.RandomStringUtils;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.AaaEncryptServiceConfig;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev160915.AaaEncryptServiceConfigBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/opendaylight/aaa/encrypt/AAAEncryptionServiceImpl.class */
public class AAAEncryptionServiceImpl implements AAAEncryptionService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AAAEncryptionServiceImpl.class);
    private final String DEFAULT_CONFIG_FILE_PATH = "etc" + File.separator + "opendaylight" + File.separator + "datastore" + File.separator + "initial" + File.separator + "config" + File.separator + "aaa-encrypt-service-config.xml";
    private final SecretKey key;
    private final IvParameterSpec ivspec;
    private final Cipher encryptCipher;
    private final Cipher decryptCipher;

    public AAAEncryptionServiceImpl(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        SecretKeySpec secretKeySpec = null;
        IvParameterSpec ivParameterSpec = null;
        if (aaaEncryptServiceConfig.getEncryptSalt() == null) {
            throw new IllegalArgumentException("null encryptSalt in AaaEncryptServiceConfig: " + aaaEncryptServiceConfig.toString());
        }
        if (aaaEncryptServiceConfig.getEncryptKey() != null && aaaEncryptServiceConfig.getEncryptKey().isEmpty()) {
            LOG.debug("Set the Encryption service password and encrypt salt");
            String random = RandomStringUtils.random(aaaEncryptServiceConfig.getPasswordLength().intValue(), true, true);
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.getEncoder().encodeToString(bArr);
            aaaEncryptServiceConfig = new AaaEncryptServiceConfigBuilder(aaaEncryptServiceConfig).setEncryptKey(random).setEncryptSalt(encodeToString).build();
            updateEncrySrvConfig(random, encodeToString);
        }
        byte[] decode = Base64.getDecoder().decode(aaaEncryptServiceConfig.getEncryptSalt());
        try {
            secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(aaaEncryptServiceConfig.getEncryptMethod()).generateSecret(new PBEKeySpec(aaaEncryptServiceConfig.getEncryptKey().toCharArray(), decode, aaaEncryptServiceConfig.getEncryptIterationCount().intValue(), aaaEncryptServiceConfig.getEncryptKeyLength().intValue())).getEncoded(), aaaEncryptServiceConfig.getEncryptType());
            ivParameterSpec = new IvParameterSpec(decode);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.error("Failed to initialize secret key", e);
        }
        this.key = secretKeySpec;
        this.ivspec = ivParameterSpec;
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance(aaaEncryptServiceConfig.getCipherTransforms());
            cipher.init(1, this.key, this.ivspec);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e2) {
            LOG.error("Failed to create encrypt cipher.", e2);
        }
        this.encryptCipher = cipher;
        Cipher cipher2 = null;
        try {
            cipher2 = Cipher.getInstance(aaaEncryptServiceConfig.getCipherTransforms());
            cipher2.init(2, this.key, this.ivspec);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e3) {
            LOG.error("Failed to create decrypt cipher.", e3);
        }
        this.decryptCipher = cipher2;
    }

    @Override // org.opendaylight.aaa.encrypt.AAAEncryptionService
    public String encrypt(String str) {
        String printBase64Binary;
        if (this.key == null) {
            LOG.warn("Encryption Key is NULL, will not encrypt data.");
            return str;
        }
        try {
            synchronized (this.encryptCipher) {
                printBase64Binary = DatatypeConverter.printBase64Binary(this.encryptCipher.doFinal(str.getBytes()));
            }
            return printBase64Binary;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            LOG.error("Failed to encrypt data.", e);
            return str;
        }
    }

    @Override // org.opendaylight.aaa.encrypt.AAAEncryptionService
    public String decrypt(String str) {
        if (this.key == null || str == null || str.length() == 0) {
            LOG.warn("String {} was not decrypted.", str);
            return str;
        }
        try {
            return new String(this.decryptCipher.doFinal(DatatypeConverter.parseBase64Binary(str)));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            LOG.error("Failed to decrypt encoded data", e);
            return str;
        }
    }

    @Override // org.opendaylight.aaa.encrypt.AAAEncryptionService
    public byte[] encrypt(byte[] bArr) {
        byte[] doFinal;
        if (this.key == null) {
            LOG.warn("Encryption Key is NULL, will not encrypt data.");
            return bArr;
        }
        try {
            synchronized (this.encryptCipher) {
                doFinal = this.encryptCipher.doFinal(bArr);
            }
            return doFinal;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            LOG.error("Failed to encrypt data.", e);
            return bArr;
        }
    }

    @Override // org.opendaylight.aaa.encrypt.AAAEncryptionService
    public byte[] decrypt(byte[] bArr) {
        if (bArr == null) {
            LOG.warn("encData is null.");
            return bArr;
        }
        try {
            return this.decryptCipher.doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            LOG.error("Failed to decrypt encoded data", e);
            return bArr;
        }
    }

    private void updateEncrySrvConfig(String str, String str2) {
        try {
            LOG.debug("Update encryption service config file");
            File file = new File(this.DEFAULT_CONFIG_FILE_PATH);
            if (file.exists()) {
                Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file);
                parse.getElementsByTagName("encrypt-key").item(0).setTextContent(str);
                parse.getElementsByTagName("encrypt-salt").item(0).setTextContent(str2);
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new StreamResult(new File(this.DEFAULT_CONFIG_FILE_PATH)));
            } else {
                LOG.warn("The encryption service config file does not exist {}", this.DEFAULT_CONFIG_FILE_PATH);
            }
        } catch (IOException | ParserConfigurationException | TransformerException | SAXException e) {
            LOG.error("Error while updating the encryption service config file", e);
        }
    }
}
