package org.kuali.kfs.core.impl.encryption;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.encryption.EncryptionService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2025-02-26.jar:org/kuali/kfs/core/impl/encryption/AesEncryptionServiceImpl.class */
public class AesEncryptionServiceImpl implements EncryptionService {
    private static final String ALGORITHM_MODE = "AES/CBC/PKCS5PADDING";
    private static final String ALGORITHM = "AES";
    private static final String HASH_ALGORITHM = "SHA";
    private static final int IV_LENGTH = 16;
    private boolean isEnabled;
    private Key secretKey;
    private String ivParameter;
    private static final Logger LOG = LogManager.getLogger();
    private static final byte[] ZERO_BYTES = new byte[0];

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String encrypt(Object obj) throws GeneralSecurityException {
        return (obj == null || StringUtils.isBlank(obj.toString())) ? "" : new String(encryptBytes(obj.toString().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public byte[] encryptBytes(byte[] bArr) throws GeneralSecurityException {
        if (bArr == null) {
            return ZERO_BYTES;
        }
        Cipher cipher = Cipher.getInstance(ALGORITHM_MODE);
        cipher.init(1, this.secretKey, new IvParameterSpec(Base64.getDecoder().decode(this.ivParameter.getBytes(StandardCharsets.UTF_8))));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] iv = cipher.getIV();
        byte[] bArr2 = new byte[iv.length + doFinal.length];
        System.arraycopy(iv, 0, bArr2, 0, iv.length);
        System.arraycopy(doFinal, 0, bArr2, iv.length, doFinal.length);
        return Base64.getEncoder().encode(bArr2);
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String decrypt(String str) throws GeneralSecurityException {
        LOG.debug("decrypt(...) - Enter : ciphertext={}", str);
        return StringUtils.isBlank(str) ? "" : new String(decryptBytes(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public byte[] decryptBytes(byte[] bArr) throws GeneralSecurityException {
        if (bArr == null) {
            return ZERO_BYTES;
        }
        byte[] decode = Base64.getDecoder().decode(bArr);
        byte[] copyOfRange = Arrays.copyOfRange(decode, 0, 16);
        byte[] copyOfRange2 = Arrays.copyOfRange(decode, 16, decode.length);
        Cipher cipher = Cipher.getInstance(ALGORITHM_MODE);
        cipher.init(2, this.secretKey, new IvParameterSpec(copyOfRange));
        return cipher.doFinal(copyOfRange2);
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public boolean isEnabled() {
        return this.isEnabled;
    }

    @Override // org.kuali.kfs.core.api.encryption.EncryptionService
    public String hash(Object obj) throws GeneralSecurityException {
        if (obj == null || StringUtils.isEmpty(obj.toString())) {
            return "";
        }
        return new String(Base64.getEncoder().encode(MessageDigest.getInstance("SHA").digest(obj.toString().getBytes(StandardCharsets.UTF_8))), StandardCharsets.UTF_8);
    }

    public void setSecretKey(String str) {
        if (StringUtils.isNotEmpty(str)) {
            this.secretKey = new SecretKeySpec(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), "AES");
            this.isEnabled = true;
        }
    }

    public void setIvParameter(String str) {
        this.ivParameter = str;
    }
}
