package com.thingworx.security.encryption;

import com.thingworx.common.RESTAPIConstants;
import com.thingworx.common.utils.Base64Decoder;
import com.thingworx.common.utils.Base64Encoder;
import com.thingworx.communications.common.modules.CommunicationConfigConstants;
import com.thingworx.metadata.annotations.ThingworxExtensionApiClass;
import com.thingworx.metadata.annotations.ThingworxExtensionApiMethod;
import com.thingworx.types.constants.CommonPropertyNames;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

@ThingworxExtensionApiClass(since = {6, 6})
@Deprecated
/* loaded from: input_file:com/thingworx/security/encryption/SecureData.class */
public final class SecureData {

    /* loaded from: input_file:com/thingworx/security/encryption/SecureData$Constants.class */
    static class Constants {
        protected static final String CIPHER_ENCODING = "UTF-8";
        protected static final int IMAGE_SIZE = 16;
        protected static final int AES_BLOCK_SIZE = 16;
        protected static final String ENCODE_DELIMETER = ":";

        Constants() {
        }
    }

    private SecureData() {
    }

    @ThingworxExtensionApiMethod(since = {6, 6}, deprecatedSince = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    @Deprecated
    public static String encryptBase64(String str, String str2) throws Exception {
        try {
            return new Base64Encoder(encrypt(str, str2.getBytes(RESTAPIConstants.UTF8_ENCODING))).processString();
        } catch (Exception e) {
            throw new Exception("Encrypt ERROR: " + e.getMessage(), e);
        }
    }

    @ThingworxExtensionApiMethod(since = {6, 6}, deprecatedSince = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    @Deprecated
    public static String decryptBase64(String str, String str2) throws Exception {
        return new String(decrypt(str, new Base64Decoder(str2).processBytes()), RESTAPIConstants.UTF8_ENCODING);
    }

    @ThingworxExtensionApiMethod(since = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    public static byte[] encryptWithCustomKey(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] bArr3 = new byte[16];
        new SecureRandom().nextBytes(bArr3);
        byte[] cipherData = cipherData(bArr, bArr3, bArr2, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            try {
                byteArrayOutputStream.write(bArr3);
                byteArrayOutputStream.write(cipherData);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArrayOutputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayOutputStream.close();
                    }
                }
                return byteArray;
            } finally {
            }
        } catch (Throwable th3) {
            if (byteArrayOutputStream != null) {
                if (th != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th3;
        }
    }

    @ThingworxExtensionApiMethod(since = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    public static byte[] decryptWithCustomKey(byte[] bArr, byte[] bArr2) throws Exception {
        return cipherData(bArr, Arrays.copyOfRange(bArr2, 0, 16), Arrays.copyOfRange(bArr2, 16, bArr2.length), false);
    }

    public static String encryptBase64Internal(String str) throws Exception {
        try {
            return new Base64Encoder(encryptInternal(str.getBytes(RESTAPIConstants.UTF8_ENCODING))).processString();
        } catch (Exception e) {
            throw new Exception("Encrypt ERROR: " + e.getMessage(), e);
        }
    }

    public static String decryptBase64Internal(String str) throws Exception {
        return new String(decryptInternal(new Base64Decoder(str).processBytes()), RESTAPIConstants.UTF8_ENCODING);
    }

    public static String encryptBase64Shared(String str) throws Exception {
        try {
            return new Base64Encoder(encrypt(SecurityImages.SHARED_IMAGE, str.getBytes(RESTAPIConstants.UTF8_ENCODING))).processString();
        } catch (Exception e) {
            throw new Exception("Encrypt ERROR: " + e.getMessage(), e);
        }
    }

    public static String decryptBase64Shared(String str) throws Exception {
        return new String(decrypt(SecurityImages.SHARED_IMAGE, new Base64Decoder(str).processBytes()), RESTAPIConstants.UTF8_ENCODING);
    }

    @ThingworxExtensionApiMethod(since = {6, 6}, deprecatedSince = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    @Deprecated
    public static byte[] encrypt(String str, byte[] bArr) throws Exception {
        return cipherData(getImagePK(str), getImageIV(str), bArr, true);
    }

    @ThingworxExtensionApiMethod(since = {6, 6})
    public static byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        return cipherData(bArr, bArr2, bArr3, true);
    }

    @ThingworxExtensionApiMethod(since = {6, 6}, deprecatedSince = {8, CommunicationConfigConstants.DefaultValues.AuthTimeout})
    @Deprecated
    public static byte[] decrypt(String str, byte[] bArr) throws Exception {
        return cipherData(getImagePK(str), getImageIV(str), bArr, false);
    }

    @ThingworxExtensionApiMethod(since = {6, 6})
    public static byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        return cipherData(bArr, bArr2, bArr3, false);
    }

    private static byte[] encryptInternal(byte[] bArr) throws Exception {
        return cipherData(getImagePK(SecurityImages.INTERNAL_IMAGE), getImageIV(SecurityImages.INTERNAL_IMAGE), bArr, true);
    }

    private static byte[] decryptInternal(byte[] bArr) throws Exception {
        return cipherData(getImagePK(SecurityImages.INTERNAL_IMAGE), getImageIV(SecurityImages.INTERNAL_IMAGE), bArr, false);
    }

    private static byte[] cipherData(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance(CommonPropertyNames.CDN.PROP_AES_CBC_PKCS5_PADDING, "SunJCE");
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, CommonPropertyNames.CDN.PROP_AES);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            if (z) {
                cipher.init(1, secretKeySpec, ivParameterSpec);
            } else {
                cipher.init(2, secretKeySpec, ivParameterSpec);
            }
            byte[] bArr4 = new byte[cipher.getOutputSize(bArr3.length)];
            int update = cipher.update(bArr3, 0, bArr3.length, bArr4, 0);
            byte[] bArr5 = new byte[update + cipher.doFinal(bArr4, update)];
            System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
            return bArr5;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ShortBufferException e) {
            throw new Exception(String.format("error %s secure data: %s", z ? "encrypting" : "decrypting", e.getMessage()), e);
        }
    }

    public static byte[] getImagePK(String str) throws UnsupportedEncodingException {
        byte[] bArr = new byte[16];
        byte[] bytes = new Base64Encoder(str).processString().getBytes(RESTAPIConstants.UTF8_ENCODING);
        int length = bytes.length - 16;
        for (int i = 0; i < 16; i++) {
            bArr[i] = bytes[length + i];
        }
        return bArr;
    }

    public static byte[] getImageIV(String str) throws UnsupportedEncodingException {
        byte[] bArr = new byte[16];
        byte[] bytes = new Base64Encoder(str).processString().getBytes(RESTAPIConstants.UTF8_ENCODING);
        for (int i = 0; i < 16; i++) {
            bArr[i] = bytes[i];
        }
        return bArr;
    }

    public static byte[] generateKey(int i) throws NoSuchAlgorithmException {
        SecureRandom secureRandom = new SecureRandom();
        KeyGenerator keyGenerator = KeyGenerator.getInstance(CommonPropertyNames.CDN.PROP_AES);
        keyGenerator.init(i, secureRandom);
        return keyGenerator.generateKey().getEncoded();
    }

    public static String encode(String str, Charset charset, byte[] bArr) throws Exception {
        if (str == null || charset == null || bArr == null) {
            throw new IllegalArgumentException("Parameters cannot be null");
        }
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        return new Base64Encoder(bArr2).processString() + ":" + new Base64Encoder(encrypt(bArr, bArr2, str.getBytes(charset))).processString();
    }

    public static String decode(String str, Charset charset, byte[] bArr) throws Exception {
        if (str == null || charset == null || bArr == null) {
            throw new IllegalArgumentException("Parameters cannot be null");
        }
        String[] split = str.split(":");
        if (split.length != 2) {
            throw new Exception("Encoded value does not match expected format");
        }
        if (Base64Encoder.matchesBase64Pattern(split[0]) && Base64Encoder.matchesBase64Pattern(split[1])) {
            return new String(decrypt(bArr, new Base64Decoder(split[0]).processBytes(), new Base64Decoder(split[1]).processBytes()), charset);
        }
        throw new Exception("Encoded value does not match expected format");
    }
}
