package com.cloudera.enterprise.crypto;

import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/cloudera/enterprise/crypto/EncryptUtil.class */
public class EncryptUtil {
    private static final int PBKDF2_ROUNDS = 4096;
    private static final int SALT_LENGTH = 16;
    private static final int HMAC_KEY_SIZE = 32;
    private static final int AES_KEY_SIZE = 16;
    private static final int HMAC_SIZE = 32;
    private static final String PBKDF2_ALGO = "PBKDF2WithHmacSHA1";
    private static final String HASH_ALGO = "SHA-256";
    private static final String HMAC_ALGO = "HmacSHA256";
    private static final String CIPHER_ALGO = "AES";
    private static final String CIPHER_SPEC = "AES/CBC/PKCS5Padding";
    private static final byte VERSION_1 = 1;
    private static byte clearByteCtr = 23;
    private static char clearCharCtr = 'X';

    private static byte[] genSalt() {
        byte[] bArr = new byte[16];
        RandomUtils.getBytes(bArr);
        return bArr;
    }

    private static byte[] genSaltFromString(String str) throws GeneralSecurityException, UnsupportedEncodingException {
        byte[] bArr = new byte[16];
        System.arraycopy(MessageDigest.getInstance(HASH_ALGO).digest(str.getBytes("UTF-8")), 0, bArr, 0, 16);
        return bArr;
    }

    private static byte[] getIV(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        for (int i = 0; i < 16; i += VERSION_1) {
            bArr2[i] = (byte) (bArr[i] ^ (-1));
        }
        return bArr2;
    }

    private static byte[] getKeys(char[] cArr, byte[] bArr) throws GeneralSecurityException {
        return SecretKeyFactory.getInstance(PBKDF2_ALGO).generateSecret(new PBEKeySpec(cArr, bArr, PBKDF2_ROUNDS, 768)).getEncoded();
    }

    public static void cleanse(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        for (int i = 0; i < bArr.length; i += VERSION_1) {
            clearByteCtr = (byte) (clearByteCtr ^ bArr[i]);
            bArr[i] = clearByteCtr;
        }
    }

    public static void cleanse(char[] cArr) {
        if (cArr == null) {
            return;
        }
        for (int i = 0; i < cArr.length; i += VERSION_1) {
            clearCharCtr = (char) (clearCharCtr ^ cArr[i]);
            cArr[i] = clearCharCtr;
        }
    }

    private static byte[] char2byte(char[] cArr) {
        byte[] bArr = new byte[cArr.length * 2];
        for (int i = 0; i < cArr.length; i += VERSION_1) {
            bArr[i * 2] = (byte) ((cArr[i] >> '\b') & 255);
            bArr[(i * 2) + VERSION_1] = (byte) (cArr[i] & 255);
        }
        return bArr;
    }

    private static char[] byte2char(byte[] bArr) {
        Preconditions.checkArgument(bArr.length % 2 == 0);
        char[] cArr = new char[bArr.length / 2];
        for (int i = 0; i < cArr.length; i += VERSION_1) {
            cArr[i] = (char) (((bArr[i * 2] & 255) << 8) | (bArr[(i * 2) + VERSION_1] & 255));
        }
        return cArr;
    }

    public static String encrypt(char[] cArr, char[] cArr2) throws GeneralSecurityException, UnsupportedEncodingException {
        byte[] genSalt = genSalt();
        try {
            String encrypt = encrypt(cArr, genSalt, cArr2);
            cleanse(genSalt);
            return encrypt;
        } catch (Throwable th) {
            cleanse(genSalt);
            throw th;
        }
    }

    public static String encrypt(char[] cArr, String str, char[] cArr2) throws GeneralSecurityException, UnsupportedEncodingException {
        byte[] genSaltFromString = genSaltFromString(str);
        try {
            String encrypt = encrypt(cArr, genSaltFromString, cArr2);
            cleanse(genSaltFromString);
            return encrypt;
        } catch (Throwable th) {
            cleanse(genSaltFromString);
            throw th;
        }
    }

    private static String encrypt(char[] cArr, byte[] bArr, char[] cArr2) throws GeneralSecurityException, UnsupportedEncodingException {
        Preconditions.checkNotNull(cArr);
        Preconditions.checkNotNull(cArr2);
        Preconditions.checkArgument(cArr.length > 0);
        Preconditions.checkArgument(cArr2.length > 0);
        Preconditions.checkState(bArr.length == 16);
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        byte[] bArr4 = null;
        byte[] bArr5 = null;
        byte[] bArr6 = null;
        byte[] bArr7 = null;
        try {
            bArr2 = getIV(bArr);
            bArr3 = getKeys(cArr, bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, 0, 16, CIPHER_ALGO);
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr3, 16, 32, HMAC_ALGO);
            Cipher cipher = Cipher.getInstance(CIPHER_SPEC);
            cipher.init(VERSION_1, secretKeySpec, new IvParameterSpec(bArr2));
            bArr4 = char2byte(cArr2);
            bArr5 = cipher.doFinal(bArr4);
            Mac mac = Mac.getInstance(HMAC_ALGO);
            mac.init(secretKeySpec2);
            bArr6 = mac.doFinal(bArr5);
            bArr7 = new byte[4 + bArr.length + bArr6.length + bArr5.length];
            bArr7[0] = 67;
            bArr7[VERSION_1] = 77;
            bArr7[2] = 69;
            bArr7[3] = VERSION_1;
            System.arraycopy(bArr, 0, bArr7, 4, bArr.length);
            System.arraycopy(bArr6, 0, bArr7, 4 + bArr.length, bArr6.length);
            System.arraycopy(bArr5, 0, bArr7, 4 + bArr.length + bArr6.length, bArr5.length);
            String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(bArr7);
            cleanse(bArr2);
            cleanse(bArr3);
            cleanse(bArr4);
            cleanse(bArr5);
            cleanse(bArr6);
            cleanse(bArr7);
            return encodeBase64URLSafeString;
        } catch (Throwable th) {
            cleanse(bArr2);
            cleanse(bArr3);
            cleanse(bArr4);
            cleanse(bArr5);
            cleanse(bArr6);
            cleanse(bArr7);
            throw th;
        }
    }

    public static char[] decrypt(char[] cArr, String str) throws GeneralSecurityException {
        Preconditions.checkNotNull(cArr);
        Preconditions.checkNotNull(str);
        Preconditions.checkArgument(cArr.length > 0);
        Preconditions.checkArgument(!str.isEmpty());
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str);
            if (decodeBase64.length == 0) {
                throw new BadPaddingException("Input ciphertext not base 64");
            }
            if (decodeBase64.length < 4) {
                throw new BadPaddingException("Input ciphertext much too short");
            }
            if (decodeBase64[0] != 67 || decodeBase64[VERSION_1] != 77 || decodeBase64[2] != 69) {
                throw new BadPaddingException("Invalid Ciphertext String");
            }
            if (decodeBase64[3] != VERSION_1) {
                throw new BadPaddingException("Invalid Ciphertext Version");
            }
            if (decodeBase64.length < 52) {
                throw new BadPaddingException("Input ciphertext too short");
            }
            byte[] bArr = new byte[16];
            byte[] bArr2 = new byte[32];
            byte[] bArr3 = new byte[decodeBase64.length - ((4 + bArr.length) + bArr2.length)];
            System.arraycopy(decodeBase64, 4, bArr, 0, bArr.length);
            System.arraycopy(decodeBase64, 4 + bArr.length, bArr2, 0, bArr2.length);
            System.arraycopy(decodeBase64, 4 + bArr.length + bArr2.length, bArr3, 0, bArr3.length);
            byte[] iv = getIV(bArr);
            byte[] keys = getKeys(cArr, bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(keys, 0, 16, CIPHER_ALGO);
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(keys, 16, 32, HMAC_ALGO);
            Mac mac = Mac.getInstance(HMAC_ALGO);
            mac.init(secretKeySpec2);
            byte[] doFinal = mac.doFinal(bArr3);
            if (!Arrays.equals(doFinal, bArr2)) {
                throw new BadPaddingException("Detected ciphertext tampering");
            }
            Cipher cipher = Cipher.getInstance(CIPHER_SPEC);
            cipher.init(2, secretKeySpec, new IvParameterSpec(iv));
            byte[] doFinal2 = cipher.doFinal(bArr3);
            char[] byte2char = byte2char(doFinal2);
            cleanse(decodeBase64);
            cleanse(bArr);
            cleanse(bArr2);
            cleanse(bArr3);
            cleanse(iv);
            cleanse(doFinal);
            cleanse(keys);
            cleanse(doFinal2);
            return byte2char;
        } catch (Throwable th) {
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            cleanse((byte[]) null);
            throw th;
        }
    }

    public static String decryptUsingEnvironment(String str, String str2) throws GeneralSecurityException {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return str;
        }
        String str3 = System.getenv(str2);
        if (str3 != null) {
            char[] cArr = null;
            char[] cArr2 = null;
            try {
                cArr = str3.toCharArray();
                cArr2 = decrypt(cArr, str);
                str = new String(cArr2);
                cleanse(cArr);
                cleanse(cArr2);
            } catch (Throwable th) {
                cleanse(cArr);
                cleanse(cArr2);
                throw th;
            }
        }
        return str;
    }
}
