package org.clazzes.osgi.runner;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Properties;
import java.util.function.BiFunction;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:org/clazzes/osgi/runner/SecretsStore.class */
public class SecretsStore implements BiFunction<String, String, String> {
    private final byte[] masterKey;
    private final Properties properties;
    private static final int GCM_IV_LENGTH = 12;
    private static final int GCM_TAG_LENGTH = 16;
    private static final String AES_GCM_ALGO = "AES-GCM";
    private static final SecureRandom secureRandom = new SecureRandom();

    public SecretsStore(Properties properties, String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        if (decode.length != 32) {
            throw new IllegalArgumentException("Secrets store must be initialized with a 32 byte AES-256 master key.");
        }
        this.properties = properties;
        this.masterKey = decode;
    }

    public Properties getProperties() {
        return this.properties;
    }

    public byte[] diversifyMasterKey(String str, String str2) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(str.getBytes("UTF-8"));
        messageDigest.update((byte) 10);
        messageDigest.update(str2.getBytes());
        messageDigest.update((byte) 10);
        byte[] digest = messageDigest.digest();
        for (int i = 0; i < GCM_TAG_LENGTH; i++) {
            int i2 = i;
            digest[i2] = (byte) (digest[i2] ^ digest[i + GCM_TAG_LENGTH]);
        }
        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
        cipher.init(1, new SecretKeySpec(this.masterKey, "AES"));
        return cipher.doFinal(digest, 0, GCM_TAG_LENGTH);
    }

    public void encrypt(String str, String str2, String str3) throws Exception {
        byte[] diversifyMasterKey = diversifyMasterKey(str, str2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(diversifyMasterKey, "AES");
        byte[] bArr = new byte[GCM_IV_LENGTH];
        secureRandom.nextBytes(bArr);
        cipher.init(1, secretKeySpec, new GCMParameterSpec(128, bArr));
        byte[] doFinal = cipher.doFinal(str3.getBytes("UTF-8"));
        Base64.Encoder encoder = Base64.getEncoder();
        this.properties.setProperty(str2, "{AES-GCM," + encoder.encodeToString(bArr) + "}" + encoder.encodeToString(doFinal));
    }

    public String decrypt(String str, String str2) throws Exception {
        String property = this.properties.getProperty(str2);
        if (property == null) {
            throw new IllegalArgumentException("There no value with key [" + str2 + "].");
        }
        if (!property.startsWith("{")) {
            throw new IllegalArgumentException("Encyrpted value does not contain an encryption tag.");
        }
        int indexOf = property.indexOf(125, 1);
        if (indexOf < 0) {
            throw new IllegalArgumentException("Encyrpted value does not contain the end of an encryption tag.");
        }
        String[] split = property.substring(1, indexOf).split(",");
        String str3 = split[0];
        if (!AES_GCM_ALGO.equals(str3)) {
            throw new IllegalArgumentException("Encyrpted value contains encryption tag with unknown algorithm [" + str3 + "].");
        }
        if (split.length != 2) {
            throw new IllegalArgumentException("Encyrpted value contains encryption tag for algorithm [" + str3 + "] with wrong number of arguments.");
        }
        Base64.Decoder decoder = Base64.getDecoder();
        byte[] decode = decoder.decode(split[1]);
        byte[] decode2 = decoder.decode(property.substring(indexOf + 1));
        byte[] diversifyMasterKey = diversifyMasterKey(str, str2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(diversifyMasterKey, "AES"), new GCMParameterSpec(128, decode));
        return new String(cipher.doFinal(decode2), "UTF-8");
    }

    @Override // java.util.function.BiFunction
    public String apply(String str, String str2) {
        try {
            if (str2.startsWith("prop:")) {
                return decrypt(str, str2);
            }
            throw new IllegalArgumentException("Unsuported key scheme, must be [prop:] or [file:]");
        } catch (Exception e) {
            throw new RuntimeException("Fetching secret key [" + str2 + "] for PID [" + str + "]", e);
        }
    }
}
