package org.jolokia.util;

import aQute.libg.cryptography.SHA256;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX WARN: Classes with same name are omitted:
  input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher.class
  input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher.class
  input_file:hawtio.war:WEB-INF/lib/jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher.class
 */
/* loaded from: input_file:hawtio.war:WEB-INF/lib/jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher.class */
public class JolokiaCipher {
    private static final int SALT_SIZE = 8;
    private static final int CHUNK_SIZE = 16;
    public static final String JOLOKIA_CYPHER_PASSWORD = "META-INF/jolokia-password";
    private MessageDigest digest;
    private Random random;
    private KeyHolder keyHolder;

    /* JADX WARN: Classes with same name are omitted:
      input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher$KeyHolder.class
      input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher$KeyHolder.class
      input_file:hawtio.war:WEB-INF/lib/jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher$KeyHolder.class
     */
    /* loaded from: input_file:hawtio.war:WEB-INF/lib/jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher$KeyHolder.class */
    public interface KeyHolder {
        String getKey();
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher$KeyHolderImpl.class
      input_file:hawtio.war:WEB-INF/lib/hawtio-local-jvm-mbean-1.4.0.redhat-630353.jar:jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher$KeyHolderImpl.class
      input_file:hawtio.war:WEB-INF/lib/jolokia-jvm-1.4.0.redhat-1-agent.jar:org/jolokia/util/JolokiaCipher$KeyHolderImpl.class
     */
    /* loaded from: input_file:hawtio.war:WEB-INF/lib/jolokia-core-1.4.0.redhat-1.jar:org/jolokia/util/JolokiaCipher$KeyHolderImpl.class */
    private static class KeyHolderImpl implements KeyHolder {
        private KeyHolderImpl() {
        }

        @Override // org.jolokia.util.JolokiaCipher.KeyHolder
        public String getKey() {
            InputStream resourceAsStream = ClassUtil.getResourceAsStream(JolokiaCipher.JOLOKIA_CYPHER_PASSWORD);
            if (resourceAsStream == null) {
                return "`x%_rDL9T'&ENuyA{LPcc(UDv`NzzY6NZF\"F=rba-9Ftg,HJr.y@E;amfr>B4z<UqQg}2_4kq\\Y@6mNJEpwGx#CT;&?%%.$T_br`(&%3)2vC:5?3f9ptX?KR9kYQu2;#".substring(40, 72);
            }
            try {
                return new BufferedReader(new InputStreamReader(resourceAsStream)).readLine();
            } catch (IOException e) {
                throw new IllegalStateException("Can not read password from META-INF/jolokia-password: " + e, e);
            }
        }
    }

    public JolokiaCipher() throws GeneralSecurityException {
        this(new KeyHolderImpl());
    }

    public JolokiaCipher(KeyHolder keyHolder) throws NoSuchAlgorithmException {
        this.digest = MessageDigest.getInstance(SHA256.ALGORITHM);
        this.random = new SecureRandom();
        this.keyHolder = keyHolder;
        this.random.setSeed(System.currentTimeMillis());
    }

    public String encrypt(String str) throws GeneralSecurityException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] salt = getSalt(8);
        byte[] doFinal = createCipher(salt, 1).doFinal(bytes);
        int length = doFinal.length;
        byte b = (byte) (16 - (((8 + length) + 1) % 16));
        byte[] salt2 = getSalt(8 + length + b + 1);
        System.arraycopy(salt, 0, salt2, 0, 8);
        salt2[8] = b;
        System.arraycopy(doFinal, 0, salt2, 9, length);
        return Base64Util.encode(salt2);
    }

    public String decrypt(String str) throws GeneralSecurityException {
        byte[] decode = Base64Util.decode(str);
        int length = decode.length;
        byte[] bArr = new byte[8];
        System.arraycopy(decode, 0, bArr, 0, 8);
        byte[] bArr2 = new byte[((length - 8) - 1) - decode[8]];
        System.arraycopy(decode, 9, bArr2, 0, bArr2.length);
        return new String(createCipher(bArr, 2).doFinal(bArr2), StandardCharsets.UTF_8);
    }

    private byte[] getSalt(int i) {
        byte[] bArr = new byte[i];
        this.random.nextBytes(bArr);
        return bArr;
    }

    private Cipher createCipher(byte[] bArr, int i) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        this.digest.reset();
        byte[] keyAsBytes = getKeyAsBytes();
        byte[] bArr2 = new byte[32];
        int i2 = 0;
        while (i2 < bArr2.length) {
            this.digest.update(keyAsBytes);
            this.digest.update(bArr, 0, 8);
            byte[] digest = this.digest.digest();
            int length = bArr2.length - i2;
            if (digest.length > length) {
                byte[] bArr3 = new byte[length];
                System.arraycopy(digest, 0, bArr3, 0, bArr3.length);
                digest = bArr3;
            }
            System.arraycopy(digest, 0, bArr2, i2, digest.length);
            i2 += digest.length;
            if (i2 < bArr2.length) {
                this.digest.reset();
                this.digest.update(digest);
            }
        }
        byte[] bArr4 = new byte[16];
        byte[] bArr5 = new byte[16];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr4.length);
        System.arraycopy(bArr2, bArr4.length, bArr5, 0, bArr5.length);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(i, new SecretKeySpec(bArr4, "AES"), new IvParameterSpec(bArr5));
        return cipher;
    }

    private byte[] getKeyAsBytes() {
        return this.keyHolder.getKey().getBytes(StandardCharsets.UTF_8);
    }
}
