package com.rethinkdb.net;

import com.rethinkdb.gen.exc.ReqlDriverError;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: input_file:com/rethinkdb/net/Crypto.class */
class Crypto {
    private static final String DEFAULT_SSL_PROTOCOL = "TLSv1.2";
    private static final String HMAC_SHA_256 = "HmacSHA256";
    private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA256";
    private static final Base64.Encoder encoder = Base64.getEncoder();
    private static final Base64.Decoder decoder = Base64.getDecoder();
    private static final SecureRandom secureRandom = new SecureRandom();
    private static final Map<PasswordLookup, byte[]> pbkdf2Cache = new ConcurrentHashMap();
    private static final int NONCE_BYTES = 18;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/rethinkdb/net/Crypto$PasswordLookup.class */
    public static class PasswordLookup {
        final byte[] password;
        final byte[] salt;
        final int iterations;

        PasswordLookup(byte[] bArr, byte[] bArr2, int i) {
            this.password = bArr;
            this.salt = bArr2;
            this.iterations = i;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PasswordLookup passwordLookup = (PasswordLookup) obj;
            if (this.iterations == passwordLookup.iterations && Arrays.equals(this.password, passwordLookup.password)) {
                return Arrays.equals(this.salt, passwordLookup.salt);
            }
            return false;
        }

        public int hashCode() {
            return (31 * ((31 * Arrays.hashCode(this.password)) + Arrays.hashCode(this.salt))) + this.iterations;
        }
    }

    Crypto() {
    }

    private static byte[] cacheLookup(byte[] bArr, byte[] bArr2, int i) {
        return pbkdf2Cache.get(new PasswordLookup(bArr, bArr2, i));
    }

    private static void setCache(byte[] bArr, byte[] bArr2, int i, byte[] bArr3) {
        pbkdf2Cache.put(new PasswordLookup(bArr, bArr2, i), bArr3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] sha256(byte[] bArr) {
        try {
            return MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new ReqlDriverError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] hmac(byte[] bArr, String str) {
        try {
            Mac mac = Mac.getInstance(HMAC_SHA_256);
            mac.init(new SecretKeySpec(bArr, HMAC_SHA_256));
            return mac.doFinal(Util.toUTF8(str));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new ReqlDriverError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] pbkdf2(byte[] bArr, byte[] bArr2, Integer num) {
        byte[] cacheLookup = cacheLookup(bArr, bArr2, num.intValue());
        if (cacheLookup != null) {
            return cacheLookup;
        }
        try {
            byte[] encoded = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM).generateSecret(new PBEKeySpec(Util.fromUTF8(bArr).toCharArray(), bArr2, num.intValue(), 256)).getEncoded();
            setCache(bArr, bArr2, num.intValue(), encoded);
            return encoded;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new ReqlDriverError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String makeNonce() {
        byte[] bArr = new byte[18];
        secureRandom.nextBytes(bArr);
        return toBase64(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] xor(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            throw new ReqlDriverError("arrays must be the same length");
        }
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr3.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String toBase64(byte[] bArr) {
        return Util.fromUTF8(encoder.encode(bArr));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] fromBase64(String str) {
        return decoder.decode(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Optional<SSLContext> handleCertfile(Optional<InputStream> optional, Optional<SSLContext> optional2) {
        if (!optional.isPresent()) {
            return optional2;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(optional.get());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            keyStore.setCertificateEntry("caCert", x509Certificate);
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance(DEFAULT_SSL_PROTOCOL);
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return Optional.of(sSLContext);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new ReqlDriverError(e);
        }
    }
}
