package com.bazaarvoice.emodb.auth.util;

import com.google.common.base.Charsets;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import io.swagger.models.properties.StringProperty;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.cassandra.auth.PasswordAuthenticator;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/util/CredentialEncrypter.class */
public class CredentialEncrypter {
    private static final String ALGORITHM = "AES";
    private static final String CIPHER = "AES/CBC/PKCS5Padding";
    private static final String SEED_PRNG = "SHA1PRNG";
    private static final int MINIMUM_LENGTH = 48;
    private static final String SEED = "XrOo5o4lQGlZxKU/e4BWZVil3ot8bkBSTl1f6BJ5QPX1yDVw7hQc9S+9HQxKvJWqa2I6cd7ZopqFkCnc";
    private transient SecretKey _key;
    private IvParameterSpec _iv;

    public CredentialEncrypter(byte[] bArr) {
        Preconditions.checkNotNull(bArr, "initializationBytes");
        this._key = createKey(bArr);
        this._iv = createInitializationVector(bArr);
    }

    public CredentialEncrypter(String str) {
        this(((String) Preconditions.checkNotNull(str, "initializationString")).getBytes(Charsets.UTF_8));
    }

    private SecretKey createKey(byte[] bArr) {
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(BaseEncoding.base64().decode(SEED));
            secureRandom.setSeed(bArr);
            byte[] bArr2 = new byte[16];
            secureRandom.nextBytes(bArr2);
            return new SecretKeySpec(bArr2, "AES");
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    private IvParameterSpec createInitializationVector(byte[] bArr) {
        byte[] asBytes = Hashing.sha256().hashBytes(bArr).asBytes();
        for (int i = 0; i < 16; i++) {
            asBytes[i] = (byte) (asBytes[i] ^ asBytes[i + 16]);
        }
        return new IvParameterSpec(Arrays.copyOfRange(asBytes, 0, 16));
    }

    public String encryptBytes(byte[] bArr) {
        Preconditions.checkNotNull(bArr, PasswordAuthenticator.LEGACY_CREDENTIALS_TABLE);
        try {
            byte[] array = ByteBuffer.wrap(new byte[Math.max(bArr.length + 4, 48)]).putInt(bArr.length).put(bArr).array();
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, this._key, this._iv);
            return BaseEncoding.base64().omitPadding().encode(cipher.doFinal(array));
        } catch (Throwable th) {
            throw Throwables.propagate(th);
        }
    }

    public String encryptString(String str) {
        return encryptBytes(((String) Preconditions.checkNotNull(str, PasswordAuthenticator.LEGACY_CREDENTIALS_TABLE)).getBytes(Charsets.UTF_8));
    }

    public byte[] decryptBytes(String str) {
        Preconditions.checkNotNull(str, "encryptedCredentials");
        try {
            byte[] decode = BaseEncoding.base64().omitPadding().decode(str);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, this._key, this._iv);
            ByteBuffer wrap = ByteBuffer.wrap(cipher.doFinal(decode));
            byte[] bArr = new byte[wrap.getInt()];
            wrap.get(bArr);
            return bArr;
        } catch (Throwable th) {
            throw Throwables.propagate(th);
        }
    }

    public String decryptString(String str) {
        return new String(decryptBytes(str), Charsets.UTF_8);
    }

    public static boolean isPotentiallyEncryptedBytes(byte[] bArr) {
        Preconditions.checkNotNull(bArr, "bytes");
        try {
            if (bArr.length != 0) {
                if (bArr.length % Cipher.getInstance("AES/CBC/PKCS5Padding").getBlockSize() == 0) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            throw Throwables.propagate(th);
        }
    }

    public static boolean isPotentiallyEncryptedString(String str) {
        Preconditions.checkNotNull(str, StringProperty.TYPE);
        try {
            return isPotentiallyEncryptedBytes(BaseEncoding.base64().omitPadding().decode(str));
        } catch (IllegalArgumentException e) {
            return false;
        }
    }
}
