package io.cassandrareaper.crypto;

import com.google.common.base.Preconditions;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:io/cassandrareaper/crypto/SymmetricCryptograph.class */
public final class SymmetricCryptograph implements Cryptograph {
    private static final String PREFIX = "{cipher}";
    private static final String REGEX_PREFIX = "\\{cipher\\}";
    private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String DEFAULT_SALT = "deadbeef";
    private static final String DEFAULT_CIPHER = "AES/CBC/PKCS5Padding";
    private static final String DEFAULT_CIPHER_TYPE = "AES";
    private static final String DEFAULT_ALGORITHM = "PBKDF2WithHmacSHA512";
    private static final String DEFAULT_PROPERTY_KEY_SECRET = "CASSANDRA_REAPER_PROPERTY_KEY_SECRET";
    private static final int DEFAULT_ITERATION_COUNT = 1024;
    private static final int DEFAULT_KEY_STRENGTH = 256;
    private final String algorithm;
    private final String cipher;
    private final String cipherType;
    private final Integer iterationCount;
    private final Integer keyStrength;
    private final String salt;
    private final String systemPropertySecret;

    /* loaded from: input_file:io/cassandrareaper/crypto/SymmetricCryptograph$Builder.class */
    public static final class Builder {
        private String algorithm;
        private String cipher;
        private String cipherType;
        private Integer iterationCount;
        private Integer keyStrength;
        private String salt;
        private String systemPropertySecret;

        private Builder() {
        }

        public Builder withAlgorithm(String str) {
            this.algorithm = StringUtils.trimToNull(str);
            return this;
        }

        public Builder withCipher(String str) {
            this.cipher = StringUtils.trimToNull(str);
            return this;
        }

        public Builder withCipherType(String str) {
            this.cipherType = StringUtils.trimToNull(str);
            return this;
        }

        public Builder withIterationCount(Integer num) {
            this.iterationCount = num;
            return this;
        }

        public Builder withKeyStrength(Integer num) {
            this.keyStrength = num;
            return this;
        }

        public Builder withSalt(String str) {
            this.salt = StringUtils.trimToNull(str);
            return this;
        }

        public Builder withSystemPropertySecret(String str) {
            String trimToNull = StringUtils.trimToNull(str);
            Preconditions.checkNotNull(trimToNull);
            this.systemPropertySecret = trimToNull;
            return this;
        }

        public SymmetricCryptograph build() {
            return new SymmetricCryptograph(this);
        }
    }

    private SymmetricCryptograph(Builder builder) {
        this.salt = builder.salt == null ? DEFAULT_SALT : builder.salt;
        this.cipher = builder.cipher == null ? DEFAULT_CIPHER : builder.cipher;
        this.cipherType = builder.cipherType == null ? DEFAULT_CIPHER_TYPE : builder.cipherType;
        this.algorithm = builder.algorithm == null ? DEFAULT_ALGORITHM : builder.algorithm;
        this.iterationCount = Integer.valueOf(builder.iterationCount == null ? 1024 : builder.iterationCount.intValue());
        this.keyStrength = Integer.valueOf(builder.keyStrength == null ? 256 : builder.keyStrength.intValue());
        this.systemPropertySecret = builder.systemPropertySecret == null ? DEFAULT_PROPERTY_KEY_SECRET : builder.systemPropertySecret;
    }

    @Override // io.cassandrareaper.crypto.Cryptograph
    public String encrypt(String str) {
        String trimToNull = StringUtils.trimToNull(str);
        Preconditions.checkNotNull(trimToNull);
        try {
            return PREFIX + encryptText(fetchPassphrase(), trimToNull);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException("Unable to encrypt text", e);
        }
    }

    @Override // io.cassandrareaper.crypto.Cryptograph
    public String decrypt(String str) {
        String trimToNull = StringUtils.trimToNull(str);
        Preconditions.checkNotNull(trimToNull);
        if (!trimToNull.startsWith(PREFIX)) {
            return str;
        }
        try {
            return decryptText(fetchPassphrase(), trimToNull.replaceFirst(REGEX_PREFIX, ""));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new IllegalStateException("Unable to decrypt text", e);
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private String fetchPassphrase() {
        String str = System.getenv(this.systemPropertySecret);
        if (str == null) {
            str = System.getProperty(this.systemPropertySecret);
        }
        if (str == null) {
            throw new IllegalStateException("No passphrase detected in environment for: " + this.systemPropertySecret);
        }
        return str;
    }

    private String encryptText(String str, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(this.cipher);
        byte[] createRandomInitialVector = createRandomInitialVector(cipher);
        cipher.init(1, createSecretKey(str), new IvParameterSpec(createRandomInitialVector));
        return DatatypeConverter.printHexBinary(createRandomInitialVector) + DatatypeConverter.printHexBinary(cipher.doFinal(str2.getBytes()));
    }

    private String decryptText(String str, String str2) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        byte[] decode = decode(str2);
        if (decode.length <= 16) {
            throw new IllegalArgumentException("Invalid format for supplied encrypted value");
        }
        byte[] subArray = subArray(decode, 0, 16);
        byte[] subArray2 = subArray(decode, subArray.length, decode.length);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(subArray);
        SecretKey createSecretKey = createSecretKey(str);
        Cipher cipher = Cipher.getInstance(this.cipher);
        cipher.init(2, createSecretKey, ivParameterSpec);
        return new String(cipher.doFinal(subArray2), StandardCharsets.UTF_8);
    }

    private byte[] createRandomInitialVector(Cipher cipher) throws NoSuchAlgorithmException {
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
        byte[] bArr = new byte[cipher.getBlockSize()];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    private SecretKey createSecretKey(String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return new SecretKeySpec(SecretKeyFactory.getInstance(this.algorithm).generateSecret(new PBEKeySpec(str.toCharArray(), this.salt.getBytes(), this.iterationCount.intValue(), this.keyStrength.intValue())).getEncoded(), this.cipherType);
    }

    private byte[] decode(CharSequence charSequence) {
        int length = charSequence.length();
        if (length % 2 != 0) {
            throw new IllegalArgumentException("Hex-encoded string must have an even number of characters");
        }
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            int digit = Character.digit(charSequence.charAt(i), 16);
            int digit2 = Character.digit(charSequence.charAt(i + 1), 16);
            if (digit < 0 || digit2 < 0) {
                throw new IllegalArgumentException("Detected a Non-hex character at " + (i + 1) + " or " + (i + 2) + " position");
            }
            bArr[i / 2] = (byte) ((digit << 4) | digit2);
        }
        return bArr;
    }

    private byte[] subArray(byte[] bArr, int i, int i2) {
        int i3 = i2 - i;
        byte[] bArr2 = new byte[i3];
        System.arraycopy(bArr, i, bArr2, 0, i3);
        return bArr2;
    }
}
