package com.palantir.config.crypto.algorithm.aes;

import com.google.errorprone.annotations.Immutable;
import com.palantir.config.crypto.EncryptedValue;
import com.palantir.config.crypto.KeyWithType;
import com.palantir.config.crypto.algorithm.Encrypter;
import com.palantir.config.crypto.algorithm.KeyType;
import com.palantir.config.crypto.util.Suppliers;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

@Immutable
/* loaded from: input_file:com/palantir/config/crypto/algorithm/aes/AesGcmEncrypter.class */
public enum AesGcmEncrypter implements Encrypter {
    INSTANCE;

    private static final int IV_SIZE_BITS = 96;
    private static final int TAG_SIZE_BITS = 128;

    @Override // com.palantir.config.crypto.algorithm.Encrypter
    public final EncryptedValue encrypt(KeyWithType keyWithType, String str) {
        KeyType.AES.checkKeyArgument(keyWithType, AesKey.class);
        SecretKey secretKey = ((AesKey) keyWithType.getKey()).getSecretKey();
        return (EncryptedValue) Suppliers.silently(() -> {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            byte[] bArr = new byte[12];
            new SecureRandom().nextBytes(bArr);
            cipher.init(1, secretKey, new GCMParameterSpec(TAG_SIZE_BITS, bArr));
            byte[] doFinal = cipher.doFinal(str.getBytes(StandardCharsets.UTF_8));
            byte[] copyOfRange = Arrays.copyOfRange(doFinal, 0, doFinal.length - 16);
            return ImmutableAesEncryptedValue.builder().iv(bArr).ciphertext(copyOfRange).tag(Arrays.copyOfRange(doFinal, doFinal.length - 16, doFinal.length)).build();
        });
    }
}
