package org.apache.druid.crypto;

import com.google.common.base.Preconditions;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import javax.annotation.Nullable;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.druid.hll.HyperLogLogCollector;
import org.apache.druid.java.util.common.StringUtils;

/* loaded from: input_file:org/apache/druid/crypto/CryptoService.class */
public class CryptoService {
    private static final SecureRandom SECURE_RANDOM_INSTANCE = new SecureRandom();
    private final char[] passPhrase;
    private final String secretKeyFactoryAlg;
    private final int saltSize;
    private final int iterationCount;
    private final int keyLength;
    private final String cipherAlgName;
    private final String cipherAlgMode;
    private final String cipherAlgPadding;
    private final String transformation;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/druid/crypto/CryptoService$EncryptedData.class */
    public static class EncryptedData {
        private final byte[] salt;
        private final byte[] iv;
        private final byte[] cipher;

        public EncryptedData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.salt = bArr;
            this.iv = bArr2;
            this.cipher = bArr3;
        }

        public byte[] getSalt() {
            return this.salt;
        }

        public byte[] getIv() {
            return this.iv;
        }

        public byte[] getCipher() {
            return this.cipher;
        }

        public byte[] toByteAray() {
            ByteBuffer allocate = ByteBuffer.allocate(this.salt.length + this.iv.length + this.cipher.length + 12);
            allocate.putInt(this.salt.length).putInt(this.iv.length).putInt(this.cipher.length).put(this.salt).put(this.iv).put(this.cipher);
            allocate.flip();
            return allocate.array();
        }

        public static EncryptedData fromByteArray(byte[] bArr) {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            int i = wrap.getInt();
            int i2 = wrap.getInt();
            int i3 = wrap.getInt();
            byte[] bArr2 = new byte[i];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[i2];
            wrap.get(bArr3);
            byte[] bArr4 = new byte[i3];
            wrap.get(bArr4);
            return new EncryptedData(bArr2, bArr3, bArr4);
        }
    }

    public CryptoService(String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String str5, @Nullable Integer num, @Nullable Integer num2, @Nullable Integer num3) {
        Preconditions.checkArgument((str == null || str.isEmpty()) ? false : true, "null/empty passPhrase");
        this.passPhrase = str.toCharArray();
        this.cipherAlgName = str2 == null ? "AES" : str2;
        this.cipherAlgMode = str3 == null ? "CBC" : str3;
        this.cipherAlgPadding = str4 == null ? "PKCS5Padding" : str4;
        this.transformation = StringUtils.format("%s/%s/%s", this.cipherAlgName, this.cipherAlgMode, this.cipherAlgPadding);
        this.secretKeyFactoryAlg = str5 == null ? "PBKDF2WithHmacSHA256" : str5;
        this.saltSize = num == null ? 8 : num.intValue();
        this.iterationCount = num2 == null ? 65536 : num2.intValue();
        this.keyLength = num3 == null ? HyperLogLogCollector.DENSE_THRESHOLD : num3.intValue();
        Preconditions.checkState("duh! !! !!!".equals(StringUtils.fromUtf8(decrypt(encrypt(StringUtils.toUtf8("duh! !! !!!"))))), "decrypt(encrypt(testString)) failed");
    }

    public byte[] encrypt(byte[] bArr) {
        try {
            byte[] bArr2 = new byte[this.saltSize];
            SECURE_RANDOM_INSTANCE.nextBytes(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(getKeyFromPassword(this.passPhrase, bArr2).getEncoded(), this.cipherAlgName);
            Cipher cipher = Cipher.getInstance(this.transformation);
            cipher.init(1, secretKeySpec);
            return new EncryptedData(bArr2, ((IvParameterSpec) cipher.getParameters().getParameterSpec(IvParameterSpec.class)).getIV(), cipher.doFinal(bArr)).toByteAray();
        } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidParameterSpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    public byte[] decrypt(byte[] bArr) {
        try {
            EncryptedData fromByteArray = EncryptedData.fromByteArray(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(getKeyFromPassword(this.passPhrase, fromByteArray.getSalt()).getEncoded(), this.cipherAlgName);
            Cipher cipher = Cipher.getInstance(this.transformation);
            cipher.init(2, secretKeySpec, new IvParameterSpec(fromByteArray.getIv()));
            return cipher.doFinal(fromByteArray.getCipher());
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    }

    private SecretKey getKeyFromPassword(char[] cArr, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return SecretKeyFactory.getInstance(this.secretKeyFactoryAlg).generateSecret(new PBEKeySpec(cArr, bArr, this.iterationCount, this.keyLength));
    }
}
