package com.linkedin.dagli.util.cryptography;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/linkedin/dagli/util/cryptography/DefaultCryptographyProvider.class */
public final class DefaultCryptographyProvider implements CryptographyProvider {
    private static final String SYMMETRIC_CIPHER = "AES/CTR/NoPadding";
    private static final int KEY_BIT_SIZE = 128;
    private static final int BLOCK_SIZE_IN_BYTES = 16;
    private final SecretKey _key;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final byte[] SALT = {-37, 125, 95, 118, 99, 91, 77, 59, -117, -50, -47, 50, -103, 96, 111, -2};
    private static final SecretKey SESSION_KEY = createAES128Key();
    private static final boolean IS_SYMMETRIC_CIPHER_SECURE = isSymmetricCipherSecure();

    public DefaultCryptographyProvider() {
        this._key = SESSION_KEY;
    }

    public DefaultCryptographyProvider(String str) throws NoSuchAlgorithmException {
        this._key = createAES128Key(str);
    }

    private static SecretKey createAES128Key() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(KEY_BIT_SIZE, SECURE_RANDOM);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    private static SecretKey createAES128Key(String str) throws NoSuchAlgorithmException {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), SALT, 65536, KEY_BIT_SIZE)).getEncoded(), "AES");
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean isSymmetricCipherSecure() {
        try {
            Cipher cipher = Cipher.getInstance(SYMMETRIC_CIPHER);
            byte[] bArr = new byte[BLOCK_SIZE_IN_BYTES];
            byte[] bArr2 = new byte[BLOCK_SIZE_IN_BYTES];
            Arrays.fill(bArr2, (byte) -1);
            try {
                cipher.init(1, SESSION_KEY, new IvParameterSpec(bArr2));
                for (byte b : cipher.getIV()) {
                    if (b != -1) {
                        throw new IllegalStateException("IV not properly initialized!");
                    }
                }
                cipher.update(bArr);
                byte[] doFinal = cipher.doFinal(bArr);
                cipher.init(1, SESSION_KEY, new IvParameterSpec(bArr));
                return Arrays.equals(doFinal, cipher.doFinal(bArr)) && !Arrays.equals(doFinal, bArr);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
                return false;
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            return false;
        }
    }

    @Override // com.linkedin.dagli.util.cryptography.CryptographyProvider
    public CipherOutputStream getOutputStream(OutputStream outputStream) throws NoSuchAlgorithmException, IOException {
        if (!IS_SYMMETRIC_CIPHER_SECURE) {
            throw new NoSuchAlgorithmException();
        }
        try {
            byte[] bArr = new byte[BLOCK_SIZE_IN_BYTES];
            SECURE_RANDOM.nextBytes(bArr);
            Cipher cipher = Cipher.getInstance(SYMMETRIC_CIPHER);
            cipher.init(1, this._key, new IvParameterSpec(bArr));
            outputStream.write(bArr);
            return new CipherOutputStream(outputStream, cipher);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchPaddingException e) {
            throw new NoSuchAlgorithmException(e);
        }
    }

    @Override // com.linkedin.dagli.util.cryptography.CryptographyProvider
    public CipherInputStream getInputStream(InputStream inputStream) throws NoSuchAlgorithmException, IOException {
        if (!IS_SYMMETRIC_CIPHER_SECURE) {
            throw new NoSuchAlgorithmException();
        }
        try {
            byte[] bArr = new byte[BLOCK_SIZE_IN_BYTES];
            int i = 0;
            while (true) {
                int read = inputStream.read(bArr, i, bArr.length - i);
                if (read <= 0) {
                    break;
                }
                i += read;
            }
            if (i < bArr.length) {
                throw new IOException("Unable to read initialization vector from the source stream");
            }
            Cipher cipher = Cipher.getInstance(SYMMETRIC_CIPHER);
            cipher.init(2, this._key, new IvParameterSpec(bArr));
            return new CipherInputStream(inputStream, cipher);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchPaddingException e) {
            throw new NoSuchAlgorithmException(e);
        }
    }
}
