package org.elasticsearch.license;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/license/CryptUtils.class */
public class CryptUtils {
    private static final String KEY_ALGORITHM = "RSA";
    private static final String KDF_ALGORITHM = "PBKDF2WithHmacSHA512";
    private static final int KDF_ITERATION_COUNT = 10000;
    private static final String CIPHER_ALGORITHM = "AES";
    private static final int ENCRYPTION_KEY_LENGTH = 128;
    private static final byte[] SALT = {116, 104, 105, 115, 105, 115, 116, 104, 101, 115, 97, 108, 116, 119, 101, 117};
    private static final char[] DEFAULT_PASS_PHRASE = "elasticsearch-license".toCharArray();
    private static final SecureRandom RANDOM = new SecureRandom();

    public static PrivateKey readEncryptedPrivateKey(byte[] bArr) {
        return readEncryptedPrivateKey(bArr, DEFAULT_PASS_PHRASE, false);
    }

    public static byte[] writeEncryptedPrivateKey(PrivateKey privateKey) {
        return writeEncryptedPrivateKey(privateKey, DEFAULT_PASS_PHRASE);
    }

    public static PrivateKey readEncryptedPrivateKey(byte[] bArr, char[] cArr, boolean z) {
        try {
            return KeyFactory.getInstance(KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(z ? decryptV3Format(bArr) : decrypt(bArr, cArr)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    public static PublicKey readPublicKey(byte[] bArr) {
        try {
            return KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    public static byte[] writeEncryptedPublicKey(PublicKey publicKey) {
        return encrypt(new X509EncodedKeySpec(publicKey.getEncoded()).getEncoded(), DEFAULT_PASS_PHRASE);
    }

    public static byte[] writeEncryptedPrivateKey(PrivateKey privateKey, char[] cArr) {
        return encrypt(new PKCS8EncodedKeySpec(privateKey.getEncoded()).getEncoded(), cArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] encrypt(byte[] bArr) {
        return encrypt(bArr, DEFAULT_PASS_PHRASE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decrypt(byte[] bArr) {
        return decrypt(bArr, DEFAULT_PASS_PHRASE);
    }

    private static byte[] encrypt(byte[] bArr, char[] cArr) {
        try {
            return getEncryptionCipher(deriveSecretKey(cArr)).doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException(e);
        }
    }

    private static byte[] decrypt(byte[] bArr, char[] cArr) {
        try {
            return getDecryptionCipher(deriveSecretKey(cArr)).doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] encryptV3Format(byte[] bArr) {
        try {
            return getEncryptionCipher(getV3Key()).doFinal(pad(bArr, 20));
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptV3Format(byte[] bArr) {
        try {
            return unPad(getDecryptionCipher(getV3Key()).doFinal(bArr));
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    private static SecretKey getV3Key() throws NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] encoded = SecretKeyFactory.getInstance("PBEWithSHA1AndDESede").generateSecret(new PBEKeySpec(Base64.getEncoder().encodeToString(MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA512).digest("elasticsearch-license".getBytes(StandardCharsets.UTF_8))).toCharArray(), new byte[]{-87, -94, -75, -34, 42, -118, -102, -26}, 1024, 128)).getEncoded();
        byte[] bArr = new byte[16];
        int i = 0;
        for (int i2 = 0; i2 < 16; i2++) {
            bArr[i2] = encoded[i];
            i++;
            if (i == encoded.length) {
                i = 0;
            }
        }
        return new SecretKeySpec(bArr, CIPHER_ALGORITHM);
    }

    private static SecretKey deriveSecretKey(char[] cArr) {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance(KDF_ALGORITHM).generateSecret(new PBEKeySpec(cArr, SALT, 10000, 128)).getEncoded(), CIPHER_ALGORITHM);
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new IllegalStateException(e);
        }
    }

    private static Cipher getEncryptionCipher(SecretKey secretKey) {
        return getCipher(1, secretKey);
    }

    private static Cipher getDecryptionCipher(SecretKey secretKey) {
        return getCipher(2, secretKey);
    }

    private static Cipher getCipher(int i, SecretKey secretKey) {
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(i, secretKey, RANDOM);
            return cipher;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException(e);
        }
    }

    private static byte[] pad(byte[] bArr, int i) {
        if (bArr.length >= i) {
            byte[] bArr2 = new byte[bArr.length + 1];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            bArr2[bArr.length] = 1;
            return bArr2;
        }
        byte[] bArr3 = new byte[i + 1];
        int i2 = 0;
        while (i2 < bArr.length) {
            bArr3[i2] = bArr[i2];
            i2++;
        }
        int i3 = i - i2;
        byte[] bArr4 = new byte[i3 - 1];
        RANDOM.nextBytes(bArr4);
        System.arraycopy(bArr4, 0, bArr3, i2, i3 - 1);
        bArr3[i] = (byte) (i3 + 1);
        return bArr3;
    }

    private static byte[] unPad(byte[] bArr) {
        int length = bArr.length - bArr[bArr.length - 1];
        byte[] bArr2 = new byte[length];
        System.arraycopy(bArr, 0, bArr2, 0, length);
        return bArr2;
    }
}
