package org.graylog2.security;

import com.google.common.base.Preconditions;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
import org.cryptomator.siv.SivMode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog2/security/AESTools.class */
public class AESTools {
    private static final Logger LOG = LoggerFactory.getLogger(AESTools.class);
    private static final SivMode SIV_MODE = new SivMode();
    private static final String CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    private static final String CIPHER_NO_PADDING_TRANSFORMATION = "AES/CBC/NoPadding";

    @Nullable
    public static String encrypt(String str, String str2, String str3) {
        Preconditions.checkNotNull(str, "Plain text must not be null.");
        Preconditions.checkNotNull(str2, "Encryption key must not be null.");
        Preconditions.checkNotNull(str3, "Salt must not be null.");
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(1, new SecretKeySpec(adjustToIdealKeyLength(str2), "AES"), new IvParameterSpec(str3.getBytes(StandardCharsets.UTF_8)));
            return Hex.encodeHexString(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            LOG.error("Could not encrypt value.", e);
            return null;
        }
    }

    @Nullable
    public static String decrypt(String str, String str2, String str3) {
        try {
            return tryDecrypt(str, str2, str3);
        } catch (Exception e) {
            LOG.error("Could not decrypt (legacy) value.", e);
            return null;
        }
    }

    public static String tryDecrypt(String str, String str2, String str3) throws InvalidCipherTextException, GeneralSecurityException {
        Preconditions.checkNotNull(str, "Cipher text must not be null.");
        Preconditions.checkNotNull(str2, "Encryption key must not be null.");
        Preconditions.checkNotNull(str3, "Salt must not be null.");
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(2, new SecretKeySpec(adjustToIdealKeyLength(str2), "AES"), new IvParameterSpec(str3.getBytes(StandardCharsets.UTF_8)));
            return new String(cipher.doFinal(Hex.decodeHex(str)), StandardCharsets.UTF_8);
        } catch (Exception e) {
            return decryptLegacy(str, str2, str3);
        }
    }

    private static String decryptLegacy(String str, String str2, String str3) throws GeneralSecurityException, InvalidCipherTextException {
        Cipher cipher = Cipher.getInstance(CIPHER_NO_PADDING_TRANSFORMATION);
        cipher.init(2, new SecretKeySpec(adjustToIdealKeyLength(str2), "AES"), new IvParameterSpec(str3.getBytes(StandardCharsets.UTF_8)));
        try {
            byte[] doFinal = cipher.doFinal(Hex.decodeHex(str));
            return new String(Arrays.copyOf(doFinal, doFinal.length - new ISO10126d2Padding().padCount(doFinal)), StandardCharsets.UTF_8);
        } catch (DecoderException e) {
            throw new IllegalArgumentException("Unable to decode ciphertext", e);
        }
    }

    /* JADX WARN: Type inference failed for: r4v3, types: [byte[], byte[][]] */
    @Nullable
    public static String encryptSiv(String str, byte[] bArr) {
        validateTextAndEncryptionKey(str, bArr);
        try {
            return Hex.encodeHexString(SIV_MODE.encrypt(Arrays.copyOf(bArr, 16), Arrays.copyOfRange(bArr, 16, 32), str.getBytes(StandardCharsets.UTF_8), (byte[][]) new byte[0]));
        } catch (Exception e) {
            LOG.error("Couldn't encrypt value", e);
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r4v2, types: [byte[], byte[][]] */
    @Nullable
    public static String decryptSiv(String str, byte[] bArr) {
        validateTextAndEncryptionKey(str, bArr);
        try {
            return new String(SIV_MODE.decrypt(Arrays.copyOf(bArr, 16), Arrays.copyOfRange(bArr, 16, 32), Hex.decodeHex(str), (byte[][]) new byte[0]), StandardCharsets.UTF_8);
        } catch (Exception e) {
            LOG.error("Couldn't decrypt value", e);
            return null;
        }
    }

    public static String generateNewSalt() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        return Hex.encodeHexString(bArr);
    }

    private static void validateTextAndEncryptionKey(String str, byte[] bArr) {
        if (str == null) {
            throw new IllegalArgumentException("text value cannot be null");
        }
        if (bArr == null || bArr.length < 32) {
            throw new IllegalArgumentException("encryptionKey cannot be null and must be at least 32 bytes long");
        }
    }

    private static int desiredKeyLength(byte[] bArr) {
        int length = bArr.length;
        if (length == 16 || length == 24 || length == 32) {
            return length;
        }
        if (length < 16) {
            return 16;
        }
        if (length > 32) {
            return 32;
        }
        return ((length / 8) + 1) * 8;
    }

    private static byte[] cutToLength(byte[] bArr, int i) {
        Preconditions.checkArgument(bArr.length >= i, "Input string must be greater or of desired length");
        return bArr.length > i ? Arrays.copyOfRange(bArr, 0, i) : bArr;
    }

    private static byte[] padToLength(byte[] bArr, int i) {
        Preconditions.checkArgument(bArr.length < i, "Input string must be smaller than desired length");
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private static byte[] cutOrPadToLength(byte[] bArr, int i) {
        return bArr.length == i ? bArr : bArr.length > i ? cutToLength(bArr, i) : padToLength(bArr, i);
    }

    private static byte[] adjustToIdealKeyLength(String str) {
        Preconditions.checkNotNull(str);
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        return cutOrPadToLength(bytes, desiredKeyLength(bytes));
    }
}
