package org.netnix;

import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import keywhiz.hkdf.Hkdf;
import org.rapidoid.crypto.Crypto;
import org.rapidoid.u.U;

/* loaded from: input_file:org/netnix/AES.class */
public class AES {
    private static final String HMAC_SHA_256 = "HmacSHA256";
    private static final String AES_CTR_NO_PADDING = "AES/CTR/NoPadding";
    private static final Hkdf HKDF = Hkdf.usingDefaults();
    public static final int AES_KEY_LENGTH = calcAESKeyLength();

    private static int calcAESKeyLength() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") > 256 ? 256 : 128;
        } catch (NoSuchAlgorithmException e) {
            throw U.rte(e);
        }
    }

    public static byte[] generateKey(String str, byte[] bArr, int i, int i2) throws Exception {
        return getPBKDFInstance().generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, i2)).getEncoded();
    }

    private static SecretKeyFactory getPBKDFInstance() throws NoSuchAlgorithmException {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        } catch (NoSuchAlgorithmException e) {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        }
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2) throws Exception {
        byte[] randomSalt = Crypto.randomSalt();
        SecretKeySpec secretKeySpec = new SecretKeySpec(hkdf(bArr2, randomSalt, AES_KEY_LENGTH), "AES");
        Cipher cipher = Cipher.getInstance(AES_CTR_NO_PADDING);
        cipher.init(1, secretKeySpec, new IvParameterSpec(new byte[16]));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] randomSalt2 = Crypto.randomSalt();
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(hkdf(bArr2, randomSalt2, 160), HMAC_SHA_256);
        Mac mac = Mac.getInstance(HMAC_SHA_256);
        mac.init(secretKeySpec2);
        byte[] doFinal2 = mac.doFinal(doFinal);
        byte[] bArr3 = new byte[40 + doFinal.length + 32];
        System.arraycopy(randomSalt, 0, bArr3, 0, 20);
        System.arraycopy(randomSalt2, 0, bArr3, 20, 20);
        System.arraycopy(doFinal, 0, bArr3, 40, doFinal.length);
        System.arraycopy(doFinal2, 0, bArr3, 40 + doFinal.length, 32);
        return bArr3;
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2) throws Exception {
        U.must(bArr.length >= 72, "Not enough data to decrypt!");
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 20);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 20, 40);
        byte[] copyOfRange3 = Arrays.copyOfRange(bArr, 40, bArr.length - 32);
        byte[] copyOfRange4 = Arrays.copyOfRange(bArr, bArr.length - 32, bArr.length);
        SecretKeySpec secretKeySpec = new SecretKeySpec(hkdf(bArr2, copyOfRange2, 160), HMAC_SHA_256);
        Mac mac = Mac.getInstance(HMAC_SHA_256);
        mac.init(secretKeySpec);
        if (!Arrays.equals(copyOfRange4, mac.doFinal(copyOfRange3))) {
            throw U.rte("Cannot decrypt corrupted data!");
        }
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(hkdf(bArr2, copyOfRange, AES_KEY_LENGTH), "AES");
        Cipher cipher = Cipher.getInstance(AES_CTR_NO_PADDING);
        cipher.init(2, secretKeySpec2, new IvParameterSpec(new byte[16]));
        return cipher.doFinal(copyOfRange3);
    }

    private static byte[] hkdf(byte[] bArr, byte[] bArr2, int i) {
        return HKDF.expand(new SecretKeySpec(bArr, HMAC_SHA_256), bArr2, i / 8);
    }
}
