package io.nessus.cipher;

import io.nessus.utils.AssertArgument;
import io.nessus.utils.StreamUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:io/nessus/cipher/AESCipher.class */
public class AESCipher {
    private final SecureRandom secureRandom = new SecureRandom();

    public SecretKey getSecretKey() {
        byte[] bArr = new byte[16];
        this.secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    public String encodeSecretKey(SecretKey secretKey) {
        return Base64.getEncoder().encodeToString(secretKey.getEncoded());
    }

    public SecretKey decodeSecretKey(String str) {
        byte[] decode = Base64.getDecoder().decode(str);
        AssertArgument.assertTrue(Boolean.valueOf(decode.length == 16), "Expected 128 bit");
        return new SecretKeySpec(decode, "AES");
    }

    public InputStream encrypt(SecretKey secretKey, InputStream inputStream) throws IOException, GeneralSecurityException {
        return encrypt(secretKey, null, inputStream);
    }

    public InputStream encrypt(SecretKey secretKey, byte[] bArr, InputStream inputStream) throws IOException, GeneralSecurityException {
        byte[] bArr2 = new byte[12];
        this.secureRandom.nextBytes(bArr2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, new GCMParameterSpec(128, bArr2));
        if (bArr != null) {
            cipher.updateAAD(bArr);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StreamUtils.copyStream(cipherInputStream, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        ByteBuffer allocate = ByteBuffer.allocate(4 + bArr2.length + byteArray.length);
        allocate.putInt(bArr2.length);
        allocate.put(bArr2);
        allocate.put(byteArray);
        return new ByteArrayInputStream(allocate.array());
    }

    public InputStream decrypt(SecretKey secretKey, InputStream inputStream) throws IOException, GeneralSecurityException {
        return decrypt(secretKey, null, inputStream);
    }

    public InputStream decrypt(SecretKey secretKey, byte[] bArr, InputStream inputStream) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StreamUtils.copyStream(inputStream, byteArrayOutputStream);
        ByteBuffer wrap = ByteBuffer.wrap(byteArrayOutputStream.toByteArray());
        byte[] bArr2 = new byte[wrap.getInt()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKey, new GCMParameterSpec(128, bArr2));
        if (bArr != null) {
            cipher.updateAAD(bArr);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr3), cipher);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        StreamUtils.copyStream(cipherInputStream, byteArrayOutputStream2);
        return new ByteArrayInputStream(byteArrayOutputStream2.toByteArray());
    }
}
