package com.cumulocity.opcua.client.gateway.encryption;

import com.cumulocity.model.authentication.CumulocityBasicCredentials;
import com.cumulocity.opcua.client.gateway.datastore.DataStore;
import com.cumulocity.opcua.client.gateway.platform.configuration.PlatformProvider;
import com.cumulocity.sdk.client.PlatformImpl;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/cumulocity/opcua/client/gateway/encryption/EncryptionService.class */
public class EncryptionService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) EncryptionService.class);

    @Autowired
    private DataStore dbStore;

    @Autowired
    private PlatformProvider platformProvider;
    public static final int GCM_IV_LENGTH = 12;

    public static String encryptAESGCM(String str, String str2, String str3, byte[] bArr) throws Exception {
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), 65536, 256)).getEncoded(), AESPrivateKeyObfuscator.CIPHER_NAME), new GCMParameterSpec(128, str3.getBytes()));
        return Base64.getEncoder().encodeToString(cipher.doFinal(bArr));
    }

    public static byte[] decryptAESGCM(String str, String str2, String str3, String str4) throws Exception {
        byte[] decode = Base64.getDecoder().decode(str4);
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, new SecretKeySpec(secretKeyFactory.generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), 65536, 256)).getEncoded(), AESPrivateKeyObfuscator.CIPHER_NAME), new GCMParameterSpec(128, str3.getBytes()));
        return cipher.doFinal(decode);
    }

    public String fetchSalt() {
        return (String) this.dbStore.get("connectionSalt").orElseGet(() -> {
            try {
                String generateSecureRandomPassword = new RandomVariablesService().generateSecureRandomPassword(2, 2, 4, 2);
                this.dbStore.store("connectionSalt", generateSecureRandomPassword);
                return generateSecureRandomPassword;
            } catch (NoSuchAlgorithmException e) {
                log.error("No password found or unable to generate");
                return "";
            }
        });
    }

    public String fetchIv() {
        return (String) this.dbStore.get("initializationVector").orElseGet(() -> {
            try {
                String str = new String(new RandomVariablesService().generateIv(12));
                this.dbStore.store("initializationVector", str);
                return str;
            } catch (NoSuchAlgorithmException e) {
                log.error("No initializationVector found or unable to generate");
                return "";
            }
        });
    }

    public String getPasswordFromCredentials() {
        return ((CumulocityBasicCredentials) ((PlatformImpl) this.platformProvider.get()).getCumulocityCredentials()).getPassword();
    }

    @Autowired
    public EncryptionService() {
    }
}
