package org.elasticsearch.shield.crypto;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.common.Base64;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.CharArrays;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.crypto.CryptoService;
import org.elasticsearch.watcher.FileChangesListener;
import org.elasticsearch.watcher.FileWatcher;
import org.elasticsearch.watcher.ResourceWatcherService;

/* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/crypto/InternalCryptoService.class */
public class InternalCryptoService extends AbstractLifecycleComponent<InternalCryptoService> implements CryptoService {
    public static final String FILE_SETTING = "shield.system_key.file";
    public static final String KEY_ALGO = "HmacSHA512";
    public static final int KEY_SIZE = 1024;
    static final String FILE_NAME = "system_key";
    static final String HMAC_ALGO = "HmacSHA1";
    static final String DEFAULT_ENCRYPTION_ALGORITHM = "AES/CTR/NoPadding";
    static final String DEFAULT_KEY_ALGORITH = "AES";
    static final String ENCRYPTED_TEXT_PREFIX = "::es_encrypted::";
    static final byte[] ENCRYPTED_BYTE_PREFIX;
    static final int DEFAULT_KEY_LENGTH = 128;
    static final int RANDOM_KEY_SIZE = 128;
    private static final Pattern SIG_PATTERN;
    private static final byte[] HKDF_APP_INFO;
    private final Environment env;
    private final ResourceWatcherService watcherService;
    private final List<CryptoService.Listener> listeners;
    private final SecureRandom secureRandom;
    private final String encryptionAlgorithm;
    private final String keyAlgorithm;
    private final int keyLength;
    private final int ivLength;
    private Path keyFile;
    private SecretKey randomKey;
    private String randomKeyBase64;
    private volatile SecretKey encryptionKey;
    private volatile SecretKey systemKey;
    private volatile SecretKey signingKey;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/crypto/InternalCryptoService$FileListener.class */
    private class FileListener extends FileChangesListener {
        private final List<CryptoService.Listener> listeners;

        private FileListener(List<CryptoService.Listener> list) {
            this.listeners = list;
        }

        public void onFileCreated(Path path) {
            if (path.equals(InternalCryptoService.this.keyFile)) {
                SecretKey secretKey = InternalCryptoService.this.systemKey;
                SecretKey secretKey2 = InternalCryptoService.this.encryptionKey;
                InternalCryptoService.this.systemKey = InternalCryptoService.readSystemKey(path);
                InternalCryptoService.this.signingKey = InternalCryptoService.createSigningKey(InternalCryptoService.this.systemKey, InternalCryptoService.this.randomKey);
                try {
                    InternalCryptoService.this.encryptionKey = InternalCryptoService.encryptionKey(InternalCryptoService.this.signingKey, InternalCryptoService.this.keyLength, InternalCryptoService.this.keyAlgorithm);
                } catch (NoSuchAlgorithmException e) {
                    InternalCryptoService.this.logger.error("could not load encryption key", e, new Object[0]);
                    InternalCryptoService.this.encryptionKey = null;
                }
                InternalCryptoService.this.logger.info("system key [{}] has been loaded", new Object[]{path.toAbsolutePath()});
                callListeners(secretKey, secretKey2);
            }
        }

        public void onFileDeleted(Path path) {
            if (path.equals(InternalCryptoService.this.keyFile)) {
                SecretKey secretKey = InternalCryptoService.this.systemKey;
                SecretKey secretKey2 = InternalCryptoService.this.encryptionKey;
                InternalCryptoService.this.logger.error("system key file was removed! as long as the system key file is missing, elasticsearch won't function as expected for some requests (e.g. scroll/scan)", new Object[0]);
                InternalCryptoService.this.systemKey = null;
                InternalCryptoService.this.encryptionKey = null;
                InternalCryptoService.this.signingKey = InternalCryptoService.createSigningKey(InternalCryptoService.this.systemKey, InternalCryptoService.this.randomKey);
                callListeners(secretKey, secretKey2);
            }
        }

        public void onFileChanged(Path path) {
            if (path.equals(InternalCryptoService.this.keyFile)) {
                SecretKey secretKey = InternalCryptoService.this.systemKey;
                SecretKey secretKey2 = InternalCryptoService.this.encryptionKey;
                InternalCryptoService.this.logger.warn("system key file changed!", new Object[0]);
                SecretKey readSystemKey = InternalCryptoService.readSystemKey(path);
                InternalCryptoService.this.signingKey = InternalCryptoService.createSigningKey(readSystemKey, InternalCryptoService.this.randomKey);
                try {
                    InternalCryptoService.this.encryptionKey = InternalCryptoService.encryptionKey(InternalCryptoService.this.signingKey, InternalCryptoService.this.keyLength, InternalCryptoService.this.keyAlgorithm);
                } catch (NoSuchAlgorithmException e) {
                    InternalCryptoService.this.logger.error("could not load encryption key", e, new Object[0]);
                    InternalCryptoService.this.encryptionKey = null;
                }
                callListeners(secretKey, secretKey2);
            }
        }

        private void callListeners(SecretKey secretKey, SecretKey secretKey2) {
            Throwable th = null;
            Iterator<CryptoService.Listener> it = this.listeners.iterator();
            while (it.hasNext()) {
                try {
                    it.next().onKeyChange(secretKey, secretKey2);
                } catch (Throwable th2) {
                    if (th == null) {
                        th = th2;
                    } else {
                        th.addSuppressed(th2);
                    }
                }
            }
            if (th != null) {
                InternalCryptoService.this.logger.error("called all key change listeners but one or more exceptions was thrown", th, new Object[0]);
                if (th instanceof RuntimeException) {
                    throw ((RuntimeException) th);
                }
                if (!(th instanceof Error)) {
                    throw new RuntimeException(th);
                }
                throw ((Error) th);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/crypto/InternalCryptoService$HmacSHA1HKDF.class */
    public static class HmacSHA1HKDF {
        private static final int HMAC_SHA1_BYTE_LENGTH = 20;
        private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";

        private HmacSHA1HKDF() {
        }

        static byte[] extractAndExpand(@Nullable SecretKey secretKey, byte[] bArr, @Nullable byte[] bArr2, int i) {
            Objects.requireNonNull(bArr, "the input keying material must not be null");
            if (i < 1) {
                throw new IllegalArgumentException("output length must be positive int >= 1");
            }
            if (i > 5100) {
                throw new IllegalArgumentException("output length must be <= 255*20");
            }
            if (secretKey == null) {
                secretKey = new SecretKeySpec(new byte[HMAC_SHA1_BYTE_LENGTH], HMAC_SHA1_ALGORITHM);
            }
            if (bArr2 == null) {
                bArr2 = new byte[0];
            }
            Mac createMac = InternalCryptoService.createMac(secretKey);
            SecretKeySpec secretKeySpec = new SecretKeySpec(createMac.doFinal(bArr), HMAC_SHA1_ALGORITHM);
            int i2 = i % HMAC_SHA1_BYTE_LENGTH == 0 ? i / HMAC_SHA1_BYTE_LENGTH : (i / HMAC_SHA1_BYTE_LENGTH) + 1;
            byte[] bArr3 = new byte[0];
            ByteBuffer allocate = ByteBuffer.allocate(multiplyExact(i2, HMAC_SHA1_BYTE_LENGTH));
            try {
                createMac.init(secretKeySpec);
                for (int i3 = 1; i3 <= i2; i3++) {
                    createMac.reset();
                    createMac.update(bArr3);
                    createMac.update(bArr2);
                    createMac.update((byte) i3);
                    bArr3 = createMac.doFinal();
                    allocate.put(bArr3);
                }
                byte[] bArr4 = new byte[i];
                allocate.rewind();
                allocate.get(bArr4, 0, i);
                return bArr4;
            } catch (InvalidKeyException e) {
                throw new ElasticsearchException("failed to initialize the mac", e, new Object[0]);
            }
        }

        private static int multiplyExact(int i, int i2) {
            long j = i * i2;
            if (((int) j) != j) {
                throw new ArithmeticException("integer overflow");
            }
            return (int) j;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/shield.jar:org/elasticsearch/shield/crypto/InternalCryptoService$HmacSHA1Provider.class */
    public static class HmacSHA1Provider {
        private static final Mac mac;

        private HmacSHA1Provider() {
        }

        private static Mac hmacSHA1() {
            try {
                Mac mac2 = (Mac) mac.clone();
                mac2.reset();
                return mac2;
            } catch (CloneNotSupportedException e) {
                throw new IllegalStateException("could not create [HmacSHA1] MAC", e);
            }
        }

        static /* synthetic */ Mac access$100() {
            return hmacSHA1();
        }

        static {
            try {
                mac = Mac.getInstance(InternalCryptoService.HMAC_ALGO);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("could not create message authentication code instance with algorithm [HmacSHA1]", e);
            }
        }
    }

    @Inject
    public InternalCryptoService(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService) {
        this(settings, environment, resourceWatcherService, Collections.emptyList());
    }

    InternalCryptoService(Settings settings, Environment environment, ResourceWatcherService resourceWatcherService, List<CryptoService.Listener> list) {
        super(settings);
        this.secureRandom = new SecureRandom();
        this.env = environment;
        this.watcherService = resourceWatcherService;
        this.listeners = new CopyOnWriteArrayList(list);
        this.encryptionAlgorithm = settings.get("shield.encryption.algorithm", DEFAULT_ENCRYPTION_ALGORITHM);
        this.keyLength = settings.getAsInt("shield.encryption_key.length", 128).intValue();
        this.ivLength = this.keyLength / 8;
        this.keyAlgorithm = settings.get("shield.encryption_key.algorithm", DEFAULT_KEY_ALGORITH);
    }

    protected void doStart() throws ElasticsearchException {
        if (this.keyLength % 8 != 0) {
            throw new IllegalArgumentException("invalid key length [" + this.keyLength + "]. value must be a multiple of 8");
        }
        loadKeys();
        FileWatcher fileWatcher = new FileWatcher(this.keyFile.getParent());
        fileWatcher.addListener(new FileListener(this.listeners));
        try {
            this.watcherService.add(fileWatcher, ResourceWatcherService.Frequency.HIGH);
        } catch (IOException e) {
            throw new ElasticsearchException("failed to start watching system key file [" + this.keyFile.toAbsolutePath() + "]", e, new Object[0]);
        }
    }

    protected void doStop() throws ElasticsearchException {
    }

    protected void doClose() throws ElasticsearchException {
    }

    private void loadKeys() {
        this.keyFile = resolveSystemKey(this.settings, this.env);
        this.systemKey = readSystemKey(this.keyFile);
        this.randomKey = generateSecretKey(128);
        try {
            this.randomKeyBase64 = Base64.encodeBytes(this.randomKey.getEncoded(), 0, this.randomKey.getEncoded().length, 16);
            this.signingKey = createSigningKey(this.systemKey, this.randomKey);
            try {
                this.encryptionKey = encryptionKey(this.systemKey, this.keyLength, this.keyAlgorithm);
            } catch (NoSuchAlgorithmException e) {
                throw new ElasticsearchException("failed to start crypto service. could not load encryption key", e, new Object[0]);
            }
        } catch (IOException e2) {
            throw new ElasticsearchException("failed to encode key data as base64", e2, new Object[0]);
        }
    }

    public static byte[] generateKey() {
        return generateSecretKey(KEY_SIZE).getEncoded();
    }

    static SecretKey generateSecretKey(int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGO);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new ElasticsearchException("failed to generate key", e, new Object[0]);
        }
    }

    public static Path resolveSystemKey(Settings settings, Environment environment) {
        String str = settings.get(FILE_SETTING);
        return str == null ? ShieldPlugin.resolveConfigFile(environment, FILE_NAME) : environment.binFile().getParent().resolve(str);
    }

    static SecretKey createSigningKey(@Nullable SecretKey secretKey, SecretKey secretKey2) {
        if (!$assertionsDisabled && secretKey2 == null) {
            throw new AssertionError();
        }
        if (secretKey != null) {
            return secretKey;
        }
        byte[] extractAndExpand = HmacSHA1HKDF.extractAndExpand(null, secretKey2.getEncoded(), HKDF_APP_INFO, 128);
        if ($assertionsDisabled || extractAndExpand.length * 8 == 1024) {
            return new SecretKeySpec(extractAndExpand, KEY_ALGO);
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey readSystemKey(Path path) {
        if (!Files.exists(path, new LinkOption[0])) {
            return null;
        }
        try {
            return new SecretKeySpec(Files.readAllBytes(path), KEY_ALGO);
        } catch (IOException e) {
            throw new ElasticsearchException("could not read secret key", e, new Object[0]);
        }
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public String sign(String str) throws IOException {
        return sign(str, this.signingKey, this.systemKey);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public String sign(String str, SecretKey secretKey, @Nullable SecretKey secretKey2) throws IOException {
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError();
        }
        String signInternal = signInternal(str, secretKey);
        return "$$" + signInternal.length() + "$$" + (secretKey2 == secretKey ? "" : this.randomKeyBase64) + "$$" + signInternal + str;
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public String unsignAndVerify(String str) {
        return unsignAndVerify(str, this.systemKey);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public String unsignAndVerify(String str, SecretKey secretKey) {
        SecretKey createSigningKey;
        if (!str.startsWith("$$") || str.length() < 2) {
            throw new IllegalArgumentException("tampered signed text");
        }
        String[] split = str.split("\\$\\$");
        if (split.length != 4 || !split[0].equals("")) {
            this.logger.debug("received signed text [{}] with [{}] parts", new Object[]{str, Integer.valueOf(split.length)});
            throw new IllegalArgumentException("tampered signed text");
        }
        try {
            int parseInt = Integer.parseInt(split[1]);
            String str2 = split[2];
            String substring = split[3].substring(0, parseInt);
            String substring2 = split[3].substring(parseInt);
            if (str2.isEmpty()) {
                if (secretKey == null) {
                    this.logger.debug("received signed text without random key information and no system key is present", new Object[0]);
                    throw new IllegalArgumentException("tampered signed text");
                }
                createSigningKey = secretKey;
            } else {
                if (secretKey != null) {
                    this.logger.debug("received signed text with random key information but a system key is present", new Object[0]);
                    throw new IllegalArgumentException("tampered signed text");
                }
                try {
                    byte[] decode = Base64.decode(str2, 16);
                    if (decode.length * 8 != 128) {
                        this.logger.debug("incorrect random key data length. received [{}] bytes", new Object[]{Integer.valueOf(decode.length)});
                        throw new IllegalArgumentException("tampered signed text");
                    }
                    createSigningKey = createSigningKey(secretKey, new SecretKeySpec(decode, KEY_ALGO));
                } catch (IOException e) {
                    this.logger.error("error occurred while decoding key data", e, new Object[0]);
                    throw new IllegalStateException("error while verifying the signed text");
                }
            }
            try {
                if (SecuredString.constantTimeEquals(signInternal(substring2, createSigningKey), substring)) {
                    return substring2;
                }
                throw new IllegalArgumentException("tampered signed text");
            } catch (Throwable th) {
                this.logger.error("error occurred while verifying signed text", th, new Object[0]);
                throw new IllegalStateException("error while verifying the signed text");
            }
        } catch (Throwable th2) {
            this.logger.error("error occurred while parsing signed text", th2, new Object[0]);
            throw new IllegalArgumentException("tampered signed text");
        }
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public boolean signed(String str) {
        return SIG_PATTERN.matcher(str).matches();
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public char[] encrypt(char[] cArr) {
        SecretKey secretKey = this.encryptionKey;
        if (secretKey != null) {
            return ENCRYPTED_TEXT_PREFIX.concat(Base64.encodeBytes(encryptInternal(CharArrays.toUtf8Bytes(cArr), secretKey))).toCharArray();
        }
        this.logger.warn("encrypt called without a key, returning plain text. run syskeygen and copy same key to all nodes to enable encryption", new Object[0]);
        return cArr;
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public byte[] encrypt(byte[] bArr) {
        SecretKey secretKey = this.encryptionKey;
        if (secretKey == null) {
            this.logger.warn("encrypt called without a key, returning plain text. run syskeygen and copy same key to all nodes to enable encryption", new Object[0]);
            return bArr;
        }
        byte[] encryptInternal = encryptInternal(bArr, secretKey);
        byte[] bArr2 = new byte[ENCRYPTED_BYTE_PREFIX.length + encryptInternal.length];
        System.arraycopy(ENCRYPTED_BYTE_PREFIX, 0, bArr2, 0, ENCRYPTED_BYTE_PREFIX.length);
        System.arraycopy(encryptInternal, 0, bArr2, ENCRYPTED_BYTE_PREFIX.length, encryptInternal.length);
        return bArr2;
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public char[] decrypt(char[] cArr) {
        return decrypt(cArr, this.encryptionKey);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public char[] decrypt(char[] cArr, SecretKey secretKey) {
        if (secretKey != null && encrypted(cArr)) {
            try {
                return CharArrays.utf8BytesToChars(decryptInternal(Base64.decode(new String(cArr, ENCRYPTED_TEXT_PREFIX.length(), cArr.length - ENCRYPTED_TEXT_PREFIX.length())), secretKey));
            } catch (IOException e) {
                throw new ElasticsearchException("unable to decode encrypted data", e, new Object[0]);
            }
        }
        return cArr;
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public byte[] decrypt(byte[] bArr) {
        return decrypt(bArr, this.encryptionKey);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public byte[] decrypt(byte[] bArr, SecretKey secretKey) {
        if (secretKey != null && encrypted(bArr)) {
            return decryptInternal(Arrays.copyOfRange(bArr, ENCRYPTED_BYTE_PREFIX.length, bArr.length), secretKey);
        }
        return bArr;
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public boolean encrypted(char[] cArr) {
        return CharArrays.charsBeginsWith(ENCRYPTED_TEXT_PREFIX, cArr);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public boolean encrypted(byte[] bArr) {
        return bytesBeginsWith(ENCRYPTED_BYTE_PREFIX, bArr);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public void register(CryptoService.Listener listener) {
        this.listeners.add(listener);
    }

    @Override // org.elasticsearch.shield.crypto.CryptoService
    public boolean encryptionEnabled() {
        return this.encryptionKey != null;
    }

    private byte[] encryptInternal(byte[] bArr, SecretKey secretKey) {
        byte[] bArr2 = new byte[this.ivLength];
        this.secureRandom.nextBytes(bArr2);
        try {
            byte[] doFinal = cipher(1, this.encryptionAlgorithm, secretKey, bArr2).doFinal(bArr);
            byte[] bArr3 = new byte[bArr2.length + doFinal.length];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(doFinal, 0, bArr3, bArr2.length, doFinal.length);
            return bArr3;
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new ElasticsearchException("error encrypting data", e, new Object[0]);
        }
    }

    private byte[] decryptInternal(byte[] bArr, SecretKey secretKey) {
        if (bArr.length < this.ivLength) {
            this.logger.error("received data for decryption with size [{}] that is less than IV length [{}]", new Object[]{Integer.valueOf(bArr.length), Integer.valueOf(this.ivLength)});
            throw new IllegalArgumentException("invalid data to decrypt");
        }
        byte[] bArr2 = new byte[this.ivLength];
        System.arraycopy(bArr, 0, bArr2, 0, this.ivLength);
        byte[] bArr3 = new byte[bArr.length - this.ivLength];
        System.arraycopy(bArr, this.ivLength, bArr3, 0, bArr.length - this.ivLength);
        try {
            return cipher(2, this.encryptionAlgorithm, secretKey, bArr2).doFinal(bArr3);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException("error decrypting data", e);
        }
    }

    static Mac createMac(SecretKey secretKey) {
        try {
            Mac access$100 = HmacSHA1Provider.access$100();
            access$100.init(secretKey);
            return access$100;
        } catch (Exception e) {
            throw new ElasticsearchException("could not initialize mac", e, new Object[0]);
        }
    }

    private static String signInternal(String str, SecretKey secretKey) throws IOException {
        byte[] doFinal = createMac(secretKey).doFinal(str.getBytes(StandardCharsets.UTF_8));
        return Base64.encodeBytes(doFinal, 0, doFinal.length, 16);
    }

    static Cipher cipher(int i, String str, SecretKey secretKey, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(i, secretKey, new IvParameterSpec(bArr));
            return cipher;
        } catch (Exception e) {
            throw new ElasticsearchException("error creating cipher", e, new Object[0]);
        }
    }

    static SecretKey encryptionKey(SecretKey secretKey, int i, String str) throws NoSuchAlgorithmException {
        if (secretKey == null) {
            return null;
        }
        byte[] encoded = secretKey.getEncoded();
        if (encoded.length * 8 < i) {
            throw new IllegalArgumentException("at least " + i + " bits should be provided as key data");
        }
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(encoded);
        if (!$assertionsDisabled && digest.length != 32) {
            throw new AssertionError();
        }
        if (digest.length * 8 < i) {
            throw new IllegalArgumentException("requested key length is too large");
        }
        return new SecretKeySpec(Arrays.copyOfRange(digest, 0, i / 8), str);
    }

    private static boolean bytesBeginsWith(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null || bArr == null || bArr.length > bArr2.length) {
            return false;
        }
        for (int i = 0; i < bArr.length; i++) {
            if (bArr2[i] != bArr[i]) {
                return false;
            }
        }
        return true;
    }

    static {
        $assertionsDisabled = !InternalCryptoService.class.desiredAssertionStatus();
        ENCRYPTED_BYTE_PREFIX = ENCRYPTED_TEXT_PREFIX.getBytes(StandardCharsets.UTF_8);
        SIG_PATTERN = Pattern.compile("^\\$\\$[0-9]+\\$\\$[^\\$]*\\$\\$.+");
        HKDF_APP_INFO = "es-shield-crypto-service".getBytes(StandardCharsets.UTF_8);
    }
}
