package org.onehippo.sso;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/onehippo/sso/CredentialCipher.class */
public final class CredentialCipher {
    static final Logger log = LoggerFactory.getLogger(CredentialCipher.class);
    private static final CredentialCipher instance = new CredentialCipher();
    public static final String HIPPO_CLUSTER_KEY = "hippo.cluster.sso.key";
    private SecretKeySpec secret;

    public static CredentialCipher getInstance() {
        return instance;
    }

    CredentialCipher() {
        String property = System.getProperty(HIPPO_CLUSTER_KEY);
        if (property != null) {
            try {
                this.secret = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(property.toCharArray(), HIPPO_CLUSTER_KEY.getBytes(), 1024, 128)).getEncoded(), "AES");
                return;
            } catch (NoSuchAlgorithmException e) {
                log.error("Could not initialize secret from shared secret in system property ''hippo.cluster.sso.key', generating own key", e);
            } catch (InvalidKeySpecException e2) {
                log.error("Could not initialize secret from shared secret in system property ''hippo.cluster.sso.key', generating own key", e2);
            }
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(128);
            this.secret = new SecretKeySpec(keyGenerator.generateKey().getEncoded(), "AES");
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Encryption method AES could not be found", e3);
        }
    }

    public byte[] encrypt(String str, SimpleCredentials simpleCredentials) {
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(1, this.secret);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
            objectOutputStream.writeObject(str);
            objectOutputStream.writeObject(simpleCredentials);
            return cipher.doFinal(byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            throw new RuntimeException("Failed to encrypt credentials", e);
        } catch (InvalidKeyException e2) {
            throw new RuntimeException("Failed to encrypt credentials", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new RuntimeException("Failed to encrypt credentials", e3);
        } catch (BadPaddingException e4) {
            throw new RuntimeException("Failed to encrypt credentials", e4);
        } catch (IllegalBlockSizeException e5) {
            throw new RuntimeException("Failed to encrypt credentials", e5);
        } catch (NoSuchPaddingException e6) {
            throw new RuntimeException("Failed to encrypt credentials", e6);
        }
    }

    public String getEncryptedString(String str, SimpleCredentials simpleCredentials) {
        return UrlSafeBase64.encode(encrypt(str, simpleCredentials));
    }

    public Credentials decryptFromString(String str, String str2) throws SignatureException {
        return decrypt(str, UrlSafeBase64.decode(str2));
    }

    public Credentials decrypt(String str, byte[] bArr) throws SignatureException {
        try {
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(2, this.secret);
            ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(cipher.doFinal(bArr)));
            if (str.equals((String) objectInputStream.readObject())) {
                return (Credentials) objectInputStream.readObject();
            }
            throw new SignatureException("Provided key does not match encrypted key");
        } catch (IOException e) {
            throw new RuntimeException("Could not decrypt credentials", e);
        } catch (ClassNotFoundException e2) {
            throw new RuntimeException("Could not decrypt credentials", e2);
        } catch (InvalidKeyException e3) {
            throw new RuntimeException("Could not decrypt credentials", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new RuntimeException("Could not decrypt credentials", e4);
        } catch (BadPaddingException e5) {
            throw new RuntimeException("Could not decrypt credentials", e5);
        } catch (IllegalBlockSizeException e6) {
            throw new RuntimeException("Could not decrypt credentials", e6);
        } catch (NoSuchPaddingException e7) {
            throw new RuntimeException("Could not decrypt credentials", e7);
        }
    }
}
