package com.hazelcast.internal.nio;

import com.hazelcast.config.SymmetricEncryptionConfig;
import com.hazelcast.internal.util.BasicSymmetricCipherBuilder;
import com.hazelcast.internal.util.ExceptionUtil;
import com.hazelcast.internal.util.StringUtil;
import com.hazelcast.logging.ILogger;
import com.hazelcast.logging.Logger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;

/* loaded from: input_file:com/hazelcast/internal/nio/CipherHelper.class */
public final class CipherHelper {
    private static final ILogger LOGGER = Logger.getLogger(CipherHelper.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/hazelcast/internal/nio/CipherHelper$SymmetricCipherBuilder.class */
    public static class SymmetricCipherBuilder extends BasicSymmetricCipherBuilder {
        private final String passPhrase;
        private final int iterationCount;

        SymmetricCipherBuilder(SymmetricEncryptionConfig symmetricEncryptionConfig) {
            super(symmetricEncryptionConfig);
            this.passPhrase = String.valueOf(symmetricEncryptionConfig.getPassword());
            this.iterationCount = symmetricEncryptionConfig.getIterationCount();
        }

        @Override // com.hazelcast.internal.util.BasicSymmetricCipherBuilder
        public Cipher create(boolean z, byte[] bArr) {
            if (bArr == null) {
                try {
                    int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(this.algorithm);
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                    byte[] stringToBytes = StringUtil.stringToBytes(this.passPhrase);
                    ByteBuffer wrap = ByteBuffer.wrap(new byte[stringToBytes.length + this.salt.length]);
                    wrap.put(stringToBytes);
                    wrap.put(this.salt);
                    int min = Math.min(maxAllowedKeyLength / 8, 32);
                    bArr = new byte[min];
                    System.arraycopy(messageDigest.digest(wrap.array()), 0, bArr, 0, min);
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException(e);
                }
            }
            return super.create(z, bArr);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.hazelcast.internal.util.BasicSymmetricCipherBuilder
        public BasicSymmetricCipherBuilder.CipherParams createCipherParams(byte[] bArr) throws GeneralSecurityException {
            if (!this.algorithm.startsWith("PBEWith")) {
                return super.createCipherParams(bArr);
            }
            return new BasicSymmetricCipherBuilder.CipherParams(8, SecretKeyFactory.getInstance(findKeyAlgorithm(this.algorithm)).generateSecret(new PBEKeySpec(this.passPhrase.toCharArray(), this.salt, this.iterationCount)), new PBEParameterSpec(this.salt, this.iterationCount));
        }
    }

    private CipherHelper() {
    }

    public static Cipher createSymmetricReaderCipher(SymmetricEncryptionConfig symmetricEncryptionConfig) {
        return createSymmetricReaderCipher(symmetricEncryptionConfig, null);
    }

    public static Cipher createSymmetricReaderCipher(SymmetricEncryptionConfig symmetricEncryptionConfig, Connection connection) {
        return createCipher(symmetricEncryptionConfig, connection, false, "Symmetric Cipher for ReadHandler cannot be initialized");
    }

    public static Cipher createSymmetricWriterCipher(SymmetricEncryptionConfig symmetricEncryptionConfig) {
        return createSymmetricWriterCipher(symmetricEncryptionConfig, null);
    }

    public static Cipher createSymmetricWriterCipher(SymmetricEncryptionConfig symmetricEncryptionConfig, Connection connection) {
        return createCipher(symmetricEncryptionConfig, connection, true, "Symmetric Cipher for WriteHandler cannot be initialized");
    }

    private static synchronized Cipher createCipher(SymmetricEncryptionConfig symmetricEncryptionConfig, Connection connection, boolean z, String str) {
        try {
            return new SymmetricCipherBuilder(symmetricEncryptionConfig).create(z, symmetricEncryptionConfig.getKey());
        } catch (Exception e) {
            LOGGER.severe(str, e);
            if (connection != null) {
                connection.close(null, e);
            }
            throw ExceptionUtil.rethrow(e);
        }
    }

    static void initBouncySecurityProvider() {
        try {
            if (Boolean.getBoolean("hazelcast.security.bouncy.enabled")) {
                Security.addProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance());
            }
        } catch (Exception e) {
            LOGGER.warning(e);
        }
    }

    static {
        initBouncySecurityProvider();
    }
}
