package org.kuali.kfs.core.impl.encryption;

import com.prowidesoftware.swift.SchemeConstantsD;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Base64;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.kuali.kfs.core.api.encryption.EncryptionService;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/core/impl/encryption/EncryptionServiceImpl.class */
public class EncryptionServiceImpl implements EncryptionService, InitializingBean {
    private static final String HASH_ALGORITHM = "SHA";
    private static final String DEFAULT_CHARSET = "UTF-8";
    private final EncryptionStrategy encryptionStrategy;
    private transient SecretKey secretKey;
    private transient String secretKeyValue;
    private String charset = "UTF-8";
    private boolean isEnabled;

    /* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/core/impl/encryption/EncryptionServiceImpl$DESEncryptionStrategy.class */
    public static class DESEncryptionStrategy implements EncryptionStrategy {
        private static final String ALGORITHM = "DES";
        private static final String MODE = "ECB";
        private static final String PADDING = "PKCS5Padding";
        private static final String TRANSFORMATION = "DES/ECB/PKCS5Padding";

        @Override // org.kuali.kfs.core.impl.encryption.EncryptionStrategy
        public String getTransformation() {
            return TRANSFORMATION;
        }

        @Override // org.kuali.kfs.core.impl.encryption.EncryptionStrategy
        public SecretKey loadSecretKey(byte[] bArr) throws GeneralSecurityException {
            return SecretKeyFactory.getInstance("DES").generateSecret(new DESKeySpec(bArr));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/kfs-core-2024-10-30.jar:org/kuali/kfs/core/impl/encryption/EncryptionServiceImpl$DESedeEncryptionStrategy.class */
    public static class DESedeEncryptionStrategy implements EncryptionStrategy {
        private static final String ALGORITHM = "DESede";
        private static final String MODE = "ECB";
        private static final String PADDING = "PKCS5Padding";
        private static final String TRANSFORMATION = "DESede/ECB/PKCS5Padding";

        @Override // org.kuali.kfs.core.impl.encryption.EncryptionStrategy
        public String getTransformation() {
            return TRANSFORMATION;
        }

        @Override // org.kuali.kfs.core.impl.encryption.EncryptionStrategy
        public SecretKey loadSecretKey(byte[] bArr) throws GeneralSecurityException {
            return SecretKeyFactory.getInstance(ALGORITHM).generateSecret(new DESedeKeySpec(bArr));
        }
    }

    public EncryptionServiceImpl(@Value("${encryption.algorithm}") String str) {
        Validate.isTrue(Set.of(SchemeConstantsD.DES, "DESede").contains(str), "encryption.algorithm must be provided and must be a valid value", new Object[0]);
        this.encryptionStrategy = str.equals(SchemeConstantsD.DES) ? new DESEncryptionStrategy() : new DESedeEncryptionStrategy();
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws GeneralSecurityException {
        if (StringUtils.isBlank(this.secretKeyValue)) {
            return;
        }
        this.secretKey = unwrapEncodedKey(this.secretKeyValue);
        this.isEnabled = true;
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public boolean isEnabled() {
        return this.isEnabled;
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String encrypt(Object obj) throws GeneralSecurityException {
        checkEnabled();
        if (obj == null) {
            return "";
        }
        Cipher cipher = Cipher.getInstance(this.encryptionStrategy.getTransformation());
        cipher.init(1, this.secretKey);
        try {
            return new String(Base64.getEncoder().encode(cipher.doFinal(obj.toString().getBytes(this.charset))), this.charset);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Ensure a valid charset has been configured.", e);
        }
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String decrypt(String str) throws GeneralSecurityException {
        checkEnabled();
        if (StringUtils.isBlank(str)) {
            return "";
        }
        Cipher cipher = Cipher.getInstance(this.encryptionStrategy.getTransformation());
        cipher.init(2, this.secretKey);
        try {
            return new String(cipher.doFinal(Base64.getDecoder().decode(str.getBytes(this.charset))), this.charset);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Ensure a valid charset has been configured.", e);
        }
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public byte[] encryptBytes(byte[] bArr) throws GeneralSecurityException {
        checkEnabled();
        if (bArr == null) {
            return ArrayUtils.EMPTY_BYTE_ARRAY;
        }
        Cipher cipher = Cipher.getInstance(this.encryptionStrategy.getTransformation());
        cipher.init(1, this.secretKey);
        return cipher.doFinal(bArr);
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public byte[] decryptBytes(byte[] bArr) throws GeneralSecurityException {
        checkEnabled();
        if (bArr == null) {
            return ArrayUtils.EMPTY_BYTE_ARRAY;
        }
        Cipher cipher = Cipher.getInstance(this.encryptionStrategy.getTransformation());
        cipher.init(2, this.secretKey);
        return cipher.doFinal(bArr);
    }

    private SecretKey unwrapEncodedKey(String str) throws GeneralSecurityException {
        return this.encryptionStrategy.loadSecretKey(Base64.getDecoder().decode(str.getBytes()));
    }

    public void setSecretKey(String str) {
        this.secretKeyValue = str;
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String hash(Object obj) throws GeneralSecurityException {
        if (obj == null || StringUtils.isEmpty(obj.toString())) {
            return "";
        }
        try {
            return new String(Base64.getEncoder().encode(MessageDigest.getInstance("SHA").digest(obj.toString().getBytes(this.charset))), this.charset);
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Ensure a valid charset has been configured.", e);
        }
    }

    private void checkEnabled() {
        if (!this.isEnabled) {
            throw new IllegalStateException("Illegal use of encryption service. Encryption service is disabled, to enable please configure 'encryption.key'.");
        }
    }

    public void setCharset(String str) {
        this.charset = str;
    }
}
