package org.apache.activemq.artemis.utils;

import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.activemq.artemis.core.journal.impl.JournalImpl;
import org.jboss.logging.Logger;

/* loaded from: input_file:artemis-commons-2.10.1.jar:org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec.class */
public class DefaultSensitiveStringCodec implements SensitiveDataCodec<String> {
    private static final Logger logger = Logger.getLogger(DefaultSensitiveStringCodec.class);
    public static final String ALGORITHM = "algorithm";
    public static final String BLOWFISH_KEY = "key";
    public static final String ONE_WAY = "one-way";
    public static final String TWO_WAY = "two-way";
    private CodecAlgorithm algorithm = new BlowfishAlgorithm(Collections.EMPTY_MAP);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:artemis-commons-2.10.1.jar:org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec$BlowfishAlgorithm.class */
    public class BlowfishAlgorithm extends CodecAlgorithm {
        private byte[] internalKey;

        BlowfishAlgorithm(Map<String, String> map) {
            super(map);
            this.internalKey = "clusterpassword".getBytes();
            String str = map.get(DefaultSensitiveStringCodec.BLOWFISH_KEY);
            if (str != null) {
                updateKey(str);
            }
        }

        private void updateKey(String str) {
            this.internalKey = str.getBytes();
        }

        @Override // org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.CodecAlgorithm
        public String decode(String str) throws Exception {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.internalKey, "Blowfish");
            try {
                byte[] byteArray = new BigInteger(str, 16).toByteArray();
                if (byteArray.length % 8 != 0) {
                    int length = byteArray.length;
                    int i = ((length / 8) + 1) * 8;
                    byteArray = new byte[i];
                    System.arraycopy(byteArray, 0, byteArray, i - length, byteArray.length);
                }
                Cipher cipher = Cipher.getInstance("Blowfish");
                cipher.init(2, secretKeySpec);
                return new String(cipher.doFinal(byteArray));
            } catch (Exception e) {
                if (DefaultSensitiveStringCodec.logger.isDebugEnabled()) {
                    DefaultSensitiveStringCodec.logger.debug(e.getMessage(), e);
                }
                throw new IllegalArgumentException("Password must be encrypted.");
            }
        }

        @Override // org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.CodecAlgorithm
        public String encode(String str) throws Exception {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.internalKey, "Blowfish");
            Cipher cipher = Cipher.getInstance("Blowfish");
            cipher.init(1, secretKeySpec);
            return new BigInteger(cipher.doFinal(str.getBytes())).toString(16);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:artemis-commons-2.10.1.jar:org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec$CodecAlgorithm.class */
    public abstract class CodecAlgorithm {
        protected Map<String, String> params;

        CodecAlgorithm(Map<String, String> map) {
            this.params = map;
        }

        public abstract String decode(String str) throws Exception;

        public abstract String encode(String str) throws Exception;

        public boolean verify(char[] cArr, String str) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:artemis-commons-2.10.1.jar:org/apache/activemq/artemis/utils/DefaultSensitiveStringCodec$PBKDF2Algorithm.class */
    public class PBKDF2Algorithm extends CodecAlgorithm {
        private static final String SEPARATOR = ":";
        private String sceretKeyAlgorithm;
        private String randomScheme;
        private int keyLength;
        private int saltLength;
        private int iterations;
        private SecretKeyFactory skf;

        PBKDF2Algorithm(Map<String, String> map) throws NoSuchAlgorithmException {
            super(map);
            this.sceretKeyAlgorithm = "PBKDF2WithHmacSHA1";
            this.randomScheme = "SHA1PRNG";
            this.keyLength = 512;
            this.saltLength = 32;
            this.iterations = JournalImpl.MIN_FILE_SIZE;
            this.skf = SecretKeyFactory.getInstance(this.sceretKeyAlgorithm);
        }

        @Override // org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.CodecAlgorithm
        public String decode(String str) throws Exception {
            throw new IllegalArgumentException("Algorithm doesn't support decoding");
        }

        public byte[] getSalt() throws NoSuchAlgorithmException {
            return RandomUtil.randomBytes(this.saltLength);
        }

        @Override // org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.CodecAlgorithm
        public String encode(String str) throws Exception {
            char[] charArray = str.toCharArray();
            byte[] salt = getSalt();
            StringBuilder sb = new StringBuilder();
            sb.append(this.iterations).append(SEPARATOR).append(ByteUtil.bytesToHex(salt)).append(SEPARATOR);
            sb.append(ByteUtil.bytesToHex(this.skf.generateSecret(new PBEKeySpec(charArray, salt, this.iterations, this.keyLength)).getEncoded()));
            return sb.toString();
        }

        @Override // org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec.CodecAlgorithm
        public boolean verify(char[] cArr, String str) {
            String[] split = str.split(SEPARATOR);
            int parseInt = Integer.parseInt(split[0]);
            byte[] hexToBytes = ByteUtil.hexToBytes(split[1]);
            byte[] hexToBytes2 = ByteUtil.hexToBytes(split[2]);
            try {
                return Arrays.equals(this.skf.generateSecret(new PBEKeySpec(cArr, hexToBytes, parseInt, hexToBytes2.length * 8)).getEncoded(), hexToBytes2);
            } catch (InvalidKeySpecException e) {
                return false;
            }
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.activemq.artemis.utils.SensitiveDataCodec
    public String decode(Object obj) throws Exception {
        return this.algorithm.decode((String) obj);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.activemq.artemis.utils.SensitiveDataCodec
    public String encode(Object obj) throws Exception {
        return this.algorithm.encode((String) obj);
    }

    @Override // org.apache.activemq.artemis.utils.SensitiveDataCodec
    public void init(Map<String, String> map) throws Exception {
        String str = map.get(ALGORITHM);
        if (str == null || str.equals(TWO_WAY)) {
            this.algorithm = new BlowfishAlgorithm(map);
        } else {
            if (!str.equals(ONE_WAY)) {
                throw new IllegalArgumentException("Invalid algorithm: " + str);
            }
            this.algorithm = new PBKDF2Algorithm(map);
        }
    }

    public static void main(String[] strArr) throws Exception {
        if (strArr.length != 1) {
            System.err.println("Use: java -cp <classPath> org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec password-to-encode");
            System.err.println("Error: no password on the args");
            System.exit(-1);
        }
        DefaultSensitiveStringCodec defaultSensitiveStringCodec = new DefaultSensitiveStringCodec();
        HashMap hashMap = new HashMap();
        Properties properties = System.getProperties();
        synchronized (properties) {
            for (String str : properties.stringPropertyNames()) {
                hashMap.put(str, properties.getProperty(str));
            }
        }
        defaultSensitiveStringCodec.init(hashMap);
        System.out.println("Encoded password (without quotes): \"" + ((Object) defaultSensitiveStringCodec.encode((Object) strArr[0])) + "\"");
    }

    public boolean verify(char[] cArr, String str) {
        return this.algorithm.verify(cArr, str);
    }
}
