package org.apache.solr.util;

import java.lang.invoke.MethodHandles;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/solr-core-5.5.4.jar:org/apache/solr/util/CryptoKeys.class */
public final class CryptoKeys {
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final Map<String, PublicKey> keys;
    private Exception exception;

    /* loaded from: input_file:WEB-INF/lib/solr-core-5.5.4.jar:org/apache/solr/util/CryptoKeys$RSAKeyPair.class */
    public static class RSAKeyPair {
        private final String pubKeyStr;
        private final PublicKey publicKey;
        private final PrivateKey privateKey;
        private final SecureRandom random = new SecureRandom();

        public RSAKeyPair() {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(512);
                KeyPair genKeyPair = keyPairGenerator.genKeyPair();
                this.privateKey = genKeyPair.getPrivate();
                this.publicKey = genKeyPair.getPublic();
                this.pubKeyStr = Base64.byteArrayToBase64(new X509EncodedKeySpec(this.publicKey.getEncoded()).getEncoded());
            } catch (NoSuchAlgorithmException e) {
                throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
            }
        }

        public String getPublicKeyStr() {
            return this.pubKeyStr;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        public byte[] encrypt(ByteBuffer byteBuffer) {
            try {
                Cipher cipher = Cipher.getInstance("RSA/ECB/nopadding");
                cipher.init(1, this.privateKey);
                return cipher.doFinal(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
            } catch (Exception e) {
                throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
            }
        }

        public byte[] signSha256(byte[] bArr) throws InvalidKeyException, SignatureException {
            try {
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initSign(this.privateKey);
                signature.update(bArr, 0, bArr.length);
                return signature.sign();
            } catch (NoSuchAlgorithmException e) {
                throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
            }
        }
    }

    public CryptoKeys(Map<String, byte[]> map) throws Exception {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, byte[]> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), getX509PublicKey(entry.getValue()));
        }
        this.keys = hashMap;
    }

    public String verify(String str, ByteBuffer byteBuffer) {
        boolean verify;
        this.exception = null;
        for (Map.Entry<String, PublicKey> entry : this.keys.entrySet()) {
            try {
                verify = verify(entry.getValue(), Base64.base64ToByteArray(str), byteBuffer);
                log.info("verified {} ", Boolean.valueOf(verify));
            } catch (Exception e) {
                this.exception = e;
                log.info("NOT verified  ");
            }
            if (verify) {
                return entry.getKey();
            }
            continue;
        }
        return null;
    }

    public static PublicKey getX509PublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static boolean verify(PublicKey publicKey, byte[] bArr, ByteBuffer byteBuffer) throws InvalidKeyException, SignatureException {
        int position = byteBuffer.position();
        try {
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(publicKey);
            signature.update(byteBuffer);
            boolean verify = signature.verify(bArr);
            byteBuffer.position(position);
            return verify;
        } catch (NoSuchAlgorithmException e) {
            byteBuffer.position(position);
            return false;
        } catch (Throwable th) {
            byteBuffer.position(position);
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private static byte[][] evpBytesTokey(int i, int i2, MessageDigest messageDigest, byte[] bArr, byte[] bArr2, int i3) {
        byte[] bArr3 = new byte[i];
        int i4 = 0;
        byte[] bArr4 = new byte[i2];
        int i5 = 0;
        ?? r0 = {bArr3, bArr4};
        byte[] bArr5 = null;
        int i6 = i;
        int i7 = i2;
        if (bArr2 == null) {
            return r0;
        }
        int i8 = 0;
        while (true) {
            messageDigest.reset();
            int i9 = i8;
            i8++;
            if (i9 > 0) {
                messageDigest.update(bArr5);
            }
            messageDigest.update(bArr2);
            if (null != bArr) {
                messageDigest.update(bArr, 0, 8);
            }
            bArr5 = messageDigest.digest();
            for (int i10 = 1; i10 < i3; i10++) {
                messageDigest.reset();
                messageDigest.update(bArr5);
                bArr5 = messageDigest.digest();
            }
            int i11 = 0;
            if (i6 > 0) {
                while (i6 != 0 && i11 != bArr5.length) {
                    int i12 = i4;
                    i4++;
                    bArr3[i12] = bArr5[i11];
                    i6--;
                    i11++;
                }
            }
            if (i7 > 0 && i11 != bArr5.length) {
                while (i7 != 0 && i11 != bArr5.length) {
                    int i13 = i5;
                    i5++;
                    bArr4[i13] = bArr5[i11];
                    i7--;
                    i11++;
                }
            }
            if (i6 == 0 && i7 == 0) {
                break;
            }
        }
        for (int i14 = 0; i14 < bArr5.length; i14++) {
            bArr5[i14] = 0;
        }
        return r0;
    }

    public static String decodeAES(String str, String str2) {
        Exception exc = null;
        for (int i : new int[]{256, 192, 128}) {
            try {
                return decodeAES(str, str2, i);
            } catch (Exception e) {
                exc = e;
            }
        }
        throw new SolrException(SolrException.ErrorCode.BAD_REQUEST, "Error decoding ", exc);
    }

    public static String decodeAES(String str, String str2, int i) {
        Charset forName = Charset.forName("ASCII");
        try {
            byte[] base64ToByteArray = Base64.base64ToByteArray(str);
            byte[] copyOfRange = Arrays.copyOfRange(base64ToByteArray, 8, 16);
            byte[] copyOfRange2 = Arrays.copyOfRange(base64ToByteArray, 16, base64ToByteArray.length);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            byte[][] evpBytesTokey = evpBytesTokey(i / 8, cipher.getBlockSize(), MessageDigest.getInstance("MD5"), copyOfRange, str2.getBytes(forName), 1);
            cipher.init(2, new SecretKeySpec(evpBytesTokey[0], "AES"), new IvParameterSpec(evpBytesTokey[1]));
            return new String(cipher.doFinal(copyOfRange2), forName);
        } catch (BadPaddingException e) {
            throw new IllegalStateException("Bad password, algorithm, mode or padding; no salt, wrong number of iterations or corrupted ciphertext.", e);
        } catch (IllegalBlockSizeException e2) {
            throw new IllegalStateException("Bad algorithm, mode or corrupted (resized) ciphertext.", e2);
        } catch (GeneralSecurityException e3) {
            throw new IllegalStateException(e3);
        }
    }

    public static PublicKey deserializeX509PublicKey(String str) {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.base64ToByteArray(str)));
        } catch (Exception e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
        }
    }

    public static byte[] decryptRSA(byte[] bArr, PublicKey publicKey) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/nopadding");
            cipher.init(2, publicKey);
            return cipher.doFinal(bArr, 0, bArr.length);
        } catch (Exception e) {
            throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
        }
    }

    public static void main(String[] strArr) throws Exception {
        RSAKeyPair rSAKeyPair = new RSAKeyPair();
        System.out.println(rSAKeyPair.getPublicKeyStr());
        PublicKey deserializeX509PublicKey = deserializeX509PublicKey(rSAKeyPair.getPublicKeyStr());
        byte[] bytes = "Hello World!".getBytes(StandardCharsets.UTF_8);
        byte[] encrypt = rSAKeyPair.encrypt(ByteBuffer.wrap(bytes));
        System.out.println("encrypted: " + Base64.byteArrayToBase64(encrypt));
        System.out.println("signed: " + Base64.byteArrayToBase64(rSAKeyPair.signSha256(bytes)));
        System.out.println("decrypted " + new String(decryptRSA(encrypt, deserializeX509PublicKey), StandardCharsets.UTF_8));
    }
}
