package ca.carleton.gcrc.couch.user.token;

import ca.carleton.gcrc.security.ber.BerBytes;
import ca.carleton.gcrc.security.ber.BerConstructed;
import ca.carleton.gcrc.security.ber.BerImplementation;
import ca.carleton.gcrc.security.ber.BerObject;
import ca.carleton.gcrc.security.ber.encoding.BerDecoder;
import ca.carleton.gcrc.security.ber.encoding.BerEncoder;
import ca.carleton.gcrc.security.kdf.impl.KDFCounterModeImpl;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/nunaliit2-couch-user-2.1.5.jar:ca/carleton/gcrc/couch/user/token/TokenEncryptor.class */
public class TokenEncryptor {
    private static final byte[] LABEL = {101, 110, 99, 114, 121, 112, 116};

    public static byte[] encryptToken(byte[] bArr, byte[] bArr2, Token token) throws Exception {
        SecretKeySpec deriveKey = deriveKey(bArr, bArr2);
        try {
            byte[] encode = token.encode();
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, deriveKey, new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}));
            byte[] doFinal = cipher.doFinal(encode);
            BerImplementation berImplementation = new BerImplementation();
            BerConstructed createConstructed = berImplementation.createConstructed(BerObject.TypeClass.APPLICATION, 1);
            BerBytes createOctetString = berImplementation.createOctetString();
            createOctetString.setValue(bArr2);
            createConstructed.add(createOctetString);
            BerBytes createOctetString2 = berImplementation.createOctetString();
            createOctetString2.setValue(doFinal);
            createConstructed.add(createOctetString2);
            return BerEncoder.encode(createConstructed);
        } catch (Exception e) {
            throw new Exception("Error during encryption of token", e);
        }
    }

    public static Token decryptToken(byte[] bArr, byte[] bArr2) throws Exception {
        try {
            BerObject decode = BerDecoder.decode(bArr2);
            if (false == decode.isTypeConstructed() || false == (decode instanceof BerConstructed)) {
                throw new Exception("Object is not constructed.");
            }
            if (1 != decode.getType()) {
                throw new Exception("Unexpected type.");
            }
            BerConstructed berConstructed = (BerConstructed) decode;
            if (berConstructed.size() < 2) {
                throw new Exception("Not enough components.");
            }
            BerObject berObject = berConstructed.get(0);
            if (false == (berObject instanceof BerBytes)) {
                throw new Exception("Invalid context.");
            }
            byte[] value = ((BerBytes) berObject).getValue();
            BerObject berObject2 = berConstructed.get(1);
            if (false == (berObject2 instanceof BerBytes)) {
                throw new Exception("Invalid encrypted payload.");
            }
            byte[] value2 = ((BerBytes) berObject2).getValue();
            SecretKeySpec deriveKey = deriveKey(bArr, value);
            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(2, deriveKey, new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}));
                return new TokenDecoder().decode(cipher.doFinal(value2));
            } catch (Exception e) {
                throw new Exception("Decryption error", e);
            }
        } catch (Exception e2) {
            throw new Exception("Error while decrypting token", e2);
        }
    }

    private static SecretKeySpec deriveKey(byte[] bArr, byte[] bArr2) throws Exception {
        return new SecretKeySpec(new KDFCounterModeImpl().deriveKey(bArr, LABEL, bArr2, 16), "AES");
    }
}
