package com.newrelic.agent.security.intcodeagent.utils;

import com.newrelic.agent.security.deps.org.apache.commons.codec.DecoderException;
import com.newrelic.agent.security.deps.org.apache.commons.codec.binary.Hex;
import com.newrelic.agent.security.deps.org.apache.commons.lang3.StringUtils;
import com.newrelic.agent.security.instrumentator.utils.HashGenerator;
import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.security.InvalidAlgorithmParameterException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:newrelic/newrelic-agent.jar:newrelic-security-agent.jar:com/newrelic/agent/security/intcodeagent/utils/EncryptorUtils.class */
public class EncryptorUtils {
    public static final String PBKDF_2_WITH_HMAC_SHA_1 = "PBKDF2WithHmacSHA1";
    public static final String AES_CBC_PKCS_5_PADDING = "AES/CBC/PKCS5Padding";
    public static final String AES = "AES";
    private static final int ITERATION = 1024;
    private static final int KEY_LEN = 256;
    private static final int OFFSET = 16;
    private static final String ERROR_WHILE_GENERATING_REQUIRED_SALT_FROM_S_S = "Error while generating required salt from %s : %s";
    private static final String ERROR_WHILE_DECRYPTION = "Error while decryption %s : %s ";
    private static final String ENCRYPTED_DATA_S_DECRYPTED_DATA_S = "Encrypted Data : %s , Decrypted data %s ";
    public static final String INCORRECT_SECRET_PROVIDED_S_S = "Incorrect Password / salt provided : %s";
    public static final String EMPTY_PASSWORD_PROVIDED_S = "Empty Password provided %s";
    public static final String DATA_TO_BE_DECRYPTED_IS_EMPTY_S = "Data to be decrypted is Empty %s";
    private static Cipher cipher = null;

    private static void prepareCipherInstance(String str) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(PBKDF_2_WITH_HMAC_SHA_1).generateSecret(new PBEKeySpec(str.toCharArray(), generateSalt(str), 1024, 256)).getEncoded(), AES);
        cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING);
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        cipher.init(2, secretKeySpec, new IvParameterSpec(bArr));
    }

    public static String decrypt(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(EMPTY_PASSWORD_PROVIDED_S, str), EncryptorUtils.class.getName());
            return null;
        }
        if (StringUtils.isBlank(str2)) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(DATA_TO_BE_DECRYPTED_IS_EMPTY_S, str2), EncryptorUtils.class.getName());
            return null;
        }
        try {
            if (cipher == null) {
                prepareCipherInstance(str);
            }
            byte[] doFinal = cipher.doFinal(Hex.decodeHex(str2));
            String str3 = new String(doFinal, 16, doFinal.length - 16);
            NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(ENCRYPTED_DATA_S_DECRYPTED_DATA_S, str2, str3), EncryptorUtils.class.getName());
            return str3;
        } catch (DecoderException e) {
            return null;
        } catch (InvalidAlgorithmParameterException e2) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(INCORRECT_SECRET_PROVIDED_S_S, e2.getMessage()), EncryptorUtils.class.getName());
            return null;
        } catch (Exception e3) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(ERROR_WHILE_DECRYPTION, str2, e3.getMessage()), EncryptorUtils.class.getName());
            return null;
        }
    }

    public static boolean verifyHashData(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format("Decrypted Data is empty %s", str2), EncryptorUtils.class.getName());
            return false;
        }
        if (!StringUtils.isBlank(str)) {
            return StringUtils.equals(HashGenerator.getSHA256HexDigest(str2), str);
        }
        NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format("Known-Decrypted Data Hash is empty %s", str), EncryptorUtils.class.getName());
        return false;
    }

    private static byte[] generateSalt(String str) throws DecoderException {
        try {
            return Hex.decodeHex(String.valueOf(Hex.encodeHex(StringUtils.left(str, 16).getBytes())));
        } catch (DecoderException e) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(ERROR_WHILE_GENERATING_REQUIRED_SALT_FROM_S_S, str, e.getMessage()), EncryptorUtils.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.WARNING, String.format(ERROR_WHILE_GENERATING_REQUIRED_SALT_FROM_S_S, str, e.getMessage()), e, EncryptorUtils.class.getName());
            throw e;
        }
    }
}
