package com.ibm.ws.security.social.tai;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.crypto.util.AESKeyManager;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.encoding.EncodingUtils;
import com.ibm.ws.security.social.SocialLoginConfig;
import com.ibm.ws.security.social.error.SocialLoginException;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.MessageDigest;
import java.security.PublicKey;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/social/tai/TAIEncryptionUtils.class */
public class TAIEncryptionUtils {
    public static final TraceComponent tc = Tr.register(TAIEncryptionUtils.class, "SOCIAL", "com.ibm.ws.security.social.resources.SocialMessages");
    private static final String TRANSFORMATION_RSA = "RSA/ECB/PKCS1Padding";
    private static final String TRANSFORMATION_AES = "AES/CBC/PKCS5Padding";
    private static final String ALG_RSA = "RSA";
    private static final String ALG_AES = "AES";
    private final EncodingUtils encodingUtils = new EncodingUtils();
    static final long serialVersionUID = 7284298322202926442L;

    @Sensitive
    public String getEncryptedAccessToken(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws SocialLoginException {
        if (str == null) {
            throw new SocialLoginException("ACCESS_TOKEN_TO_ENCRYPT_IS_NULL", null, new Object[0]);
        }
        return getEncryptedAccessTokenUsingAlgorithm(socialLoginConfig, str, socialLoginConfig.getAlgorithm());
    }

    String getEncryptedAccessTokenUsingAlgorithm(SocialLoginConfig socialLoginConfig, @Sensitive String str, String str2) throws SocialLoginException {
        if (ALG_RSA.equals(str2)) {
            return encryptAccessTokenUsingRsa(socialLoginConfig, str);
        }
        if (ALG_AES.equals(str2)) {
            return encryptAccessTokenUsingAes(socialLoginConfig, str);
        }
        return null;
    }

    @FFDCIgnore({SocialLoginException.class})
    String encryptAccessTokenUsingRsa(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws SocialLoginException {
        try {
            return rsaEncrypt(socialLoginConfig, str);
        } catch (SocialLoginException e) {
            throw new SocialLoginException("ERROR_GETTING_ENCRYPTED_ACCESS_TOKEN_RSA", e, new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIEncryptionUtils", "72", this, new Object[]{socialLoginConfig, "<sensitive java.lang.String>"});
            throw new SocialLoginException("ERROR_GETTING_ENCRYPTED_ACCESS_TOKEN_RSA", e2, new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
        }
    }

    @FFDCIgnore({SocialLoginException.class})
    String encryptAccessTokenUsingAes(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws SocialLoginException {
        try {
            return aesEncrypt(socialLoginConfig, str);
        } catch (SocialLoginException e) {
            throw new SocialLoginException("ERROR_GETTING_ENCRYPTED_ACCESS_TOKEN_AES", e, new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIEncryptionUtils", "83", this, new Object[]{socialLoginConfig, "<sensitive java.lang.String>"});
            throw new SocialLoginException("ERROR_GETTING_ENCRYPTED_ACCESS_TOKEN_AES", e2, new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
        }
    }

    @Sensitive
    protected String getDecryptedAccessToken(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws Exception {
        if (str != null) {
            return getDecryptedAccessTokenUsingAlgorithm(socialLoginConfig, str, socialLoginConfig.getAlgorithm());
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Provided token is null", new Object[0]);
        return null;
    }

    String getDecryptedAccessTokenUsingAlgorithm(SocialLoginConfig socialLoginConfig, @Sensitive String str, String str2) throws SocialLoginException {
        if (ALG_RSA.equals(str2)) {
            return decryptAccessTokenUsingRsa(socialLoginConfig, str);
        }
        if (ALG_AES.equals(str2)) {
            return decryptAccessTokenUsingAes(socialLoginConfig, str);
        }
        return null;
    }

    @FFDCIgnore({SocialLoginException.class})
    String decryptAccessTokenUsingRsa(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws SocialLoginException {
        try {
            return rsaDecrypt(socialLoginConfig, str);
        } catch (SocialLoginException e) {
            throw new SocialLoginException("ERROR_GETTING_DECRYPTED_ACCESS_TOKEN_RSA", e, new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIEncryptionUtils", "115", this, new Object[]{socialLoginConfig, "<sensitive java.lang.String>"});
            throw new SocialLoginException("ERROR_GETTING_DECRYPTED_ACCESS_TOKEN_RSA", e2, new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
        }
    }

    @FFDCIgnore({SocialLoginException.class})
    String decryptAccessTokenUsingAes(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws SocialLoginException {
        try {
            return aesDecrypt(socialLoginConfig, str);
        } catch (SocialLoginException e) {
            throw new SocialLoginException("ERROR_GETTING_DECRYPTED_ACCESS_TOKEN_AES", e, new Object[]{socialLoginConfig.getUniqueId(), e.getLocalizedMessage()});
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.social.tai.TAIEncryptionUtils", "126", this, new Object[]{socialLoginConfig, "<sensitive java.lang.String>"});
            throw new SocialLoginException("ERROR_GETTING_DECRYPTED_ACCESS_TOKEN_AES", e2, new Object[]{socialLoginConfig.getUniqueId(), e2.getLocalizedMessage()});
        }
    }

    @Trivial
    protected String rsaEncrypt(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws Exception {
        String str2 = null;
        if (str == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Access token is null", new Object[0]);
            return null;
        }
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_RSA);
        PublicKey publicKey = socialLoginConfig.getPublicKey();
        if (publicKey != null) {
            cipher.init(1, publicKey);
            str2 = this.encodingUtils.bytesToHexString(getBytes(cipher, str.getBytes("UTF-8"), 53));
        }
        return str2;
    }

    @Trivial
    protected String rsaDecrypt(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws Exception {
        if (str != null) {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_RSA);
            cipher.init(2, socialLoginConfig.getPrivateKey());
            return new String(getBytes(cipher, hexStringToBytes(str), 64), "UTF-8");
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Encrypted token is null", new Object[0]);
        return null;
    }

    @Trivial
    protected byte[] getBytes(Cipher cipher, byte[] bArr, int i) throws Exception {
        if (bArr == null) {
            return null;
        }
        if (i <= 0) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Algorithm output offset length was not positive", new Object[0]);
            return null;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int length = bArr.length;
        int i2 = i;
        int i3 = 0;
        while (i3 < bArr.length) {
            if (length < i2) {
                i2 = length;
            }
            byte[] doFinal = cipher.doFinal(bArr, i3, i2);
            if (doFinal != null) {
                byteArrayOutputStream.write(doFinal);
            }
            i3 += i2;
            length -= i2;
        }
        return byteArrayOutputStream.toByteArray();
    }

    @Trivial
    protected String aesEncrypt(SocialLoginConfig socialLoginConfig, @Sensitive String str) throws Exception {
        String str2 = null;
        if (str == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Access token is null", new Object[0]);
            return null;
        }
        Key secretKey = getSecretKey(socialLoginConfig);
        if (secretKey != null) {
            IvParameterSpec ivSpec = getIvSpec(socialLoginConfig);
            Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES);
            cipher.init(1, secretKey, ivSpec);
            str2 = this.encodingUtils.bytesToHexString(cipher.doFinal(str.getBytes("UTF-8")));
        }
        return str2;
    }

    @Trivial
    protected String aesDecrypt(SocialLoginConfig socialLoginConfig, String str) throws Exception {
        if (str == null) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Encrypted token is null", new Object[0]);
            return null;
        }
        Key secretKey = getSecretKey(socialLoginConfig);
        IvParameterSpec ivSpec = getIvSpec(socialLoginConfig);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_AES);
        cipher.init(2, secretKey, ivSpec);
        return new String(cipher.doFinal(hexStringToBytes(str)), "UTF-8");
    }

    Key getSecretKey(SocialLoginConfig socialLoginConfig) throws Exception {
        return AESKeyManager.getKey(this.encodingUtils.bytesToHexString(getClientSecretHash(socialLoginConfig.getClientSecret())));
    }

    IvParameterSpec getIvSpec(SocialLoginConfig socialLoginConfig) throws Exception {
        return AESKeyManager.getIV(this.encodingUtils.bytesToHexString(getClientSecretHash(socialLoginConfig.getClientSecret())));
    }

    byte[] getClientSecretHash(@Sensitive String str) {
        if (str == null) {
            return null;
        }
        MessageDigest messageDigest = getMessageDigest("SHA-256");
        if (messageDigest != null) {
            return messageDigest.digest(str.getBytes(Charset.forName("UTF-8")));
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "The secret key and initialization vector couldn't be initialized because a MessageDigest could not be created", new Object[0]);
        return null;
    }

    @FFDCIgnore({Exception.class})
    MessageDigest getMessageDigest(String str) {
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance(str);
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "A MessageDigest object failed to be acquired: " + e, new Object[0]);
            }
        }
        return messageDigest;
    }

    @Trivial
    protected String bytesToHexString(byte[] bArr) {
        return this.encodingUtils.bytesToHexString(bArr);
    }

    @Trivial
    protected byte[] hexStringToBytes(String str) throws SocialLoginException {
        try {
            return this.encodingUtils.hexStringToBytes(str);
        } catch (NumberFormatException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.social.tai.TAIEncryptionUtils", "279", this, new Object[]{str});
            throw new SocialLoginException("VALUE_NOT_HEXADECIMAL", e, new Object[0]);
        }
    }
}
