package org.apache.ranger.plugin.util;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.sun.jersey.core.util.Base64;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ranger/plugin/util/PasswordUtils.class */
public class PasswordUtils {
    private final String cryptAlgo;
    private String password;
    private final int iterationCount;
    private final char[] encryptKey;
    private final byte[] salt;
    private final byte[] iv;
    private static final String LEN_SEPARATOR_STR = ":";
    public static final String PBE_SHA512_AES_128 = "PBEWITHHMACSHA512ANDAES_128";
    public static final String DEFAULT_CRYPT_ALGO = "PBEWithMD5AndDES";
    public static final String DEFAULT_ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV";
    public static final String DEFAULT_SALT = "f77aLYLo";
    public static final int DEFAULT_ITERATION_COUNT = 17;
    private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class);
    public static final byte[] DEFAULT_INITIAL_VECTOR = new byte[16];

    public static String encryptPassword(String str) throws IOException {
        return build(str).encrypt();
    }

    public static PasswordUtils build(String str) {
        return new PasswordUtils(str);
    }

    private String encrypt() throws IOException {
        String str = this.password == null ? "" : this.password.length() + ":" + this.password;
        try {
            Cipher cipher = Cipher.getInstance(this.cryptAlgo);
            cipher.init(1, SecretKeyFactory.getInstance(this.cryptAlgo).generateSecret(new PBEKeySpec(this.encryptKey)), new PBEParameterSpec(this.salt, this.iterationCount, new IvParameterSpec(this.iv)));
            return new String(Base64.encode(cipher.doFinal(str.getBytes())));
        } catch (Throwable th) {
            LOG.error("Unable to encrypt password due to error", th);
            throw new IOException("Unable to encrypt password due to error", th);
        }
    }

    PasswordUtils(String str) {
        char[] charArray;
        byte[] bytes;
        String[] strArr = null;
        if (str != null && str.contains(",")) {
            strArr = (String[]) Lists.newArrayList(Splitter.on(",").split(str)).toArray(new String[0]);
        }
        if (strArr == null || strArr.length <= 4) {
            this.cryptAlgo = DEFAULT_CRYPT_ALGO;
            charArray = DEFAULT_ENCRYPT_KEY.toCharArray();
            bytes = DEFAULT_SALT.getBytes();
            this.iterationCount = 17;
            this.iv = DEFAULT_INITIAL_VECTOR;
            this.password = str;
        } else {
            int i = 0 + 1;
            this.cryptAlgo = strArr[0];
            int i2 = i + 1;
            charArray = strArr[i].toCharArray();
            int i3 = i2 + 1;
            bytes = strArr[i2].getBytes();
            int i4 = i3 + 1;
            this.iterationCount = Integer.parseInt(strArr[i3]);
            if (needsIv(this.cryptAlgo)) {
                i4++;
                this.iv = Base64.decode(strArr[i4]);
            } else {
                this.iv = DEFAULT_INITIAL_VECTOR;
            }
            int i5 = i4;
            int i6 = i4 + 1;
            this.password = strArr[i5];
            if (strArr.length > i6) {
                for (int i7 = i6; i7 < strArr.length; i7++) {
                    this.password += "," + strArr[i7];
                }
            }
        }
        Map<String, String> map = System.getenv();
        String str2 = map.get("ENCRYPT_KEY");
        if (str2 == null) {
            this.encryptKey = charArray;
        } else {
            this.encryptKey = str2.toCharArray();
        }
        String str3 = map.get("ENCRYPT_SALT");
        if (str3 == null) {
            this.salt = bytes;
        } else {
            this.salt = str3.getBytes();
        }
    }

    public static String decryptPassword(String str) throws IOException {
        return build(str).decrypt();
    }

    private String decrypt() throws IOException {
        try {
            byte[] decode = Base64.decode(this.password);
            Cipher cipher = Cipher.getInstance(this.cryptAlgo);
            cipher.init(2, SecretKeyFactory.getInstance(this.cryptAlgo).generateSecret(new PBEKeySpec(this.encryptKey)), new PBEParameterSpec(this.salt, this.iterationCount, new IvParameterSpec(this.iv)));
            String str = new String(cipher.doFinal(decode));
            int indexOf = str.indexOf(":");
            return indexOf > -1 ? str.length() > indexOf ? str.substring(indexOf + 1) : "" : null;
        } catch (Throwable th) {
            LOG.error("Unable to decrypt password due to error", th);
            throw new IOException("Unable to decrypt password due to error", th);
        }
    }

    public static boolean needsIv(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        return PBE_SHA512_AES_128.toLowerCase().equals(str.toLowerCase()) || str.toLowerCase().contains("aes_128") || str.toLowerCase().contains("aes_256");
    }

    public static String generateIvIfNeeded(String str) throws NoSuchAlgorithmException {
        if (needsIv(str)) {
            return generateBase64EncodedIV();
        }
        return null;
    }

    private static String generateBase64EncodedIV() throws NoSuchAlgorithmException {
        byte[] bArr = new byte[16];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return new String(Base64.encode(bArr));
    }

    public String getCryptAlgo() {
        return this.cryptAlgo;
    }

    public String getPassword() {
        return this.password;
    }

    public int getIterationCount() {
        return this.iterationCount;
    }

    public char[] getEncryptKey() {
        return this.encryptKey;
    }

    public byte[] getSalt() {
        return this.salt;
    }

    public byte[] getIv() {
        return this.iv;
    }

    public String getIvAsString() {
        return new String(Base64.encode(getIv()));
    }

    public static String getDecryptPassword(String str) {
        String str2 = null;
        try {
            try {
                str2 = decryptPassword(str);
                if (str2 == null) {
                    str2 = str;
                }
            } catch (Exception e) {
                LOG.warn("Password decryption failed, trying original password string.");
                str2 = null;
                if (0 == 0) {
                    str2 = str;
                }
            }
            return str2;
        } catch (Throwable th) {
            if (str2 == null) {
            }
            throw th;
        }
    }
}
