package weblogic.security.internal.encryption;

import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_InvalidParameterException;
import com.rsa.jsafe.JSAFE_InvalidUseException;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import com.rsa.jsafe.JSAFE_UnimplementedException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.Method;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import weblogic.diagnostics.debug.DebugLogger;

/* loaded from: input_file:weblogic/security/internal/encryption/JSafeEncryptionServiceImpl.class */
public final class JSafeEncryptionServiceImpl implements EncryptionServiceV2 {
    private static final boolean USE_AES256_KEY = false;
    static final String ENABLE_AES256_PROPERTY = "weblogic.security.internal.encryption.enableAES256";
    static final String OVERALL_ALGORITHM = "3DES";
    static final String ALGORITHM_3DES = "3DES_EDE/CBC/PKCS5Padding";
    static final String ALGORITHM_AES = "AES/CBC/PKCS5Padding";
    static final String ALGORITHM_AES256 = "AES256/CBC/PKCS5Padding";
    static final String ALGORITHM_RANDOM_ALTERNATIVE = "HMACDRBG-256-0";
    private static final String PREFIX_3DES = "{3DES}";
    private static final int RANDOM_LEN_3DES = 0;
    private static final int KEY_LEN_3DES = 168;
    static final String PREFIX_AES = "{AES}";
    static final String PREFIX_AES256 = "{AES256}";
    private static final int RANDOM_LEN_AES = 16;
    private static final int KEY_LEN_AES = 128;
    private static final int KEY_LEN_AES256 = 256;
    private static final int ENCRYPTED_KEY_LEN_AES256 = 40;
    static final String ENCODING = "UTF-8";
    private JSAFE_SecureRandom randomIV;
    private KeyContext keyContext3DES;
    private KeyContext keyContextAES;
    private HashMap keyContextMap;
    private static FIPS140Context NON_FIPS140_CONTEXT;
    private static final int INSTANCE_RANDOM_SEED_SIZE = 32;
    static final String ALGORITHM_RANDOM = "HMACDRBG";
    private static String algorithm_used = ALGORITHM_RANDOM;
    private static DebugLogger logger = DebugLogger.getDebugLogger("DebugSecurityEncryptionService");
    private static final Object seedingLock = new Object();
    private static JSAFE_SecureRandom seedingRandom = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/internal/encryption/JSafeEncryptionServiceImpl$KeyContext.class */
    public class KeyContext {
        public String prefix;
        public String algorithm;
        public int randomLen;
        private byte[] salt;
        private JSAFE_SecretKey secretKey;

        private KeyContext() {
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionService
    public byte[] encryptBytes(byte[] bArr) throws EncryptionServiceException {
        return encryptBytes(bArr, this.keyContext3DES);
    }

    private byte[] encryptBytes(byte[] bArr, KeyContext keyContext) throws EncryptionServiceException {
        JSAFE_SymmetricCipher encryptCipher = getEncryptCipher(keyContext);
        try {
            try {
                if (logger.isDebugEnabled()) {
                    log("starting encrypt operation " + keyContext.prefix);
                }
                int i = keyContext.randomLen;
                byte[] bArr2 = new byte[i + encryptCipher.getOutputBufferSize(bArr.length)];
                if (i > 0) {
                    getRandomIV(bArr2, 0, i);
                    encryptCipher.setIV(bArr2, 0, i);
                    encryptCipher.encryptReInit();
                }
                encryptCipher.encryptFinal(bArr2, encryptCipher.encryptUpdate(bArr, 0, bArr.length, bArr2, i) + i);
                if (logger.isDebugEnabled()) {
                    log("done with encrypt operation " + keyContext.prefix);
                }
                return bArr2;
            } catch (Exception e) {
                throw new EncryptionServiceException(e);
            }
        } finally {
            encryptCipher.clearSensitiveData();
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionService
    public byte[] decryptBytes(byte[] bArr) throws EncryptionServiceException {
        return decryptBytes(bArr, this.keyContext3DES);
    }

    private byte[] decryptBytes(byte[] bArr, KeyContext keyContext) throws EncryptionServiceException {
        JSAFE_SymmetricCipher decryptCipher = getDecryptCipher(keyContext);
        try {
            try {
                if (logger.isDebugEnabled()) {
                    log("starting decrypt operation " + keyContext.prefix);
                }
                int i = keyContext.randomLen;
                int length = bArr.length - i;
                if (length < 0) {
                    throw new IllegalStateException("Invalid input length");
                }
                byte[] bArr2 = new byte[length];
                if (i > 0) {
                    decryptCipher.setIV(bArr, 0, i);
                    decryptCipher.decryptReInit();
                }
                int decryptUpdate = decryptCipher.decryptUpdate(bArr, i, length, bArr2, 0);
                int decryptFinal = decryptUpdate + decryptCipher.decryptFinal(bArr2, decryptUpdate);
                if (decryptFinal < bArr2.length) {
                    byte[] bArr3 = new byte[decryptFinal];
                    System.arraycopy(bArr2, 0, bArr3, 0, decryptFinal);
                    bArr2 = bArr3;
                }
                if (logger.isDebugEnabled()) {
                    log("done with decrypt operation " + keyContext.prefix);
                }
                return bArr2;
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    log("Exception during decrypt operation " + e.getMessage());
                }
                throw new EncryptionServiceException(e);
            }
        } finally {
            decryptCipher.clearSensitiveData();
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionService
    public byte[] encryptString(String str) throws EncryptionServiceException {
        try {
            return encryptBytes(str.getBytes(ENCODING));
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionServiceException(e);
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionService
    public String decryptString(byte[] bArr) throws EncryptionServiceException {
        try {
            return new String(decryptBytes(bArr), ENCODING);
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionServiceException(e);
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public byte[] encryptBytes(String str, byte[] bArr) throws EncryptionServiceException {
        return encryptBytes(bArr, getKeyContextFromString(str));
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public byte[] decryptBytes(String str, byte[] bArr) throws EncryptionServiceException {
        return decryptBytes(bArr, getKeyContextFromString(str));
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public byte[] encryptString(String str, String str2) throws EncryptionServiceException {
        try {
            return encryptBytes(str2.getBytes(ENCODING), getKeyContextFromString(str));
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionServiceException(e);
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public String decryptString(String str, byte[] bArr) throws EncryptionServiceException {
        try {
            return new String(decryptBytes(bArr, getKeyContextFromString(str)), ENCODING);
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionServiceException(e);
        }
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public boolean isKeyContextAvailable(String str) {
        return this.keyContextMap.containsKey(str);
    }

    @Override // weblogic.security.internal.encryption.EncryptionServiceV2
    public String getDefaultKeyContext() {
        return this.keyContextAES != null ? this.keyContextAES.prefix : this.keyContext3DES.prefix;
    }

    private KeyContext getKeyContextFromString(String str) {
        KeyContext keyContext = (KeyContext) this.keyContextMap.get(str);
        if (keyContext == null) {
            throw new IllegalStateException("KeyContext Unavailable!");
        }
        return keyContext;
    }

    @Deprecated
    static byte[] createEncryptedSecretKey(String str, byte[] bArr) throws EncryptionServiceException {
        return createEncryptedSecretKey(ALGORITHM_3DES, KEY_LEN_3DES, str, bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createEncryptedSecretKey(char[] cArr, byte[] bArr) throws EncryptionServiceException {
        return createEncryptedSecretKey(ALGORITHM_3DES, KEY_LEN_3DES, cArr, bArr);
    }

    @Deprecated
    static byte[] createAESEncryptedSecretKey(String str, byte[] bArr) throws EncryptionServiceException {
        return isAES256KeyEnabled() ? createEncryptedSecretKey(ALGORITHM_AES256, KEY_LEN_AES256, str, bArr) : createEncryptedSecretKey(ALGORITHM_AES, KEY_LEN_AES, str, bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createAESEncryptedSecretKey(char[] cArr, byte[] bArr) throws EncryptionServiceException {
        return isAES256KeyEnabled() ? createEncryptedSecretKey(ALGORITHM_AES256, KEY_LEN_AES256, cArr, bArr) : createEncryptedSecretKey(ALGORITHM_AES, KEY_LEN_AES, cArr, bArr);
    }

    private static byte[] createEncryptedSecretKey(String str, int i, String str2, byte[] bArr) throws EncryptionServiceException {
        char[] cArr = new char[str2.length()];
        str2.getChars(0, str2.length(), cArr, 0);
        return createEncryptedSecretKey(str, i, cArr, bArr);
    }

    /* JADX WARN: Finally extract failed */
    private static byte[] createEncryptedSecretKey(String str, int i, char[] cArr, byte[] bArr) throws EncryptionServiceException {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        JSAFE_SecureRandom jSAFE_SecureRandom = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            try {
                log("creating new key: " + str);
                jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(str, "Java");
                jSAFE_SecureRandom = getSeededSecureRandomInstance();
                jSAFE_SecretKey = jSAFE_SymmetricCipher.getBlankKey();
                generateInit(jSAFE_SecretKey, new int[]{i}, jSAFE_SecureRandom);
                jSAFE_SecretKey.generate();
                log("created new key: " + jSAFE_SecretKey.toString());
                byte[] encryptSecretKey = JSafeSecretKeyEncryptor.encryptSecretKey(jSAFE_SecretKey, cArr, bArr);
                log("new key (encrypted) key byte array length: " + encryptSecretKey.length);
                for (int i2 = 0; i2 < cArr.length; i2++) {
                    cArr[i2] = 0;
                }
                if (jSAFE_SymmetricCipher != null) {
                    jSAFE_SymmetricCipher.clearSensitiveData();
                }
                if (jSAFE_SecureRandom != null) {
                    jSAFE_SecureRandom.clearSensitiveData();
                }
                if (jSAFE_SecretKey != null) {
                    jSAFE_SecretKey.clearSensitiveData();
                }
                return encryptSecretKey;
            } catch (Exception e) {
                throw new EncryptionServiceException(e);
            }
        } catch (Throwable th) {
            for (int i3 = 0; i3 < cArr.length; i3++) {
                cArr[i3] = 0;
            }
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecureRandom != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            throw th;
        }
    }

    private static void generateInit(JSAFE_SecretKey jSAFE_SecretKey, int[] iArr, JSAFE_SecureRandom jSAFE_SecureRandom) throws Exception {
        Method method;
        Object[] objArr;
        Class<?> cls = jSAFE_SecretKey.getClass();
        try {
            log("Attempting generateInit() with RSA V6 library");
            method = cls.getMethod("generateInit", int[].class, SecureRandom.class, byte[][].class);
            objArr = new Object[]{iArr, jSAFE_SecureRandom, new byte[0]};
        } catch (Exception e) {
            log("Fallback to generateInit() with RSA V5 library");
            method = cls.getMethod("generateInit", int[].class, SecureRandom.class);
            objArr = new Object[]{iArr, jSAFE_SecureRandom};
        }
        method.invoke(jSAFE_SecretKey, objArr);
        log("secretKey.generateInit(...) success");
    }

    @Deprecated
    static byte[] reEncryptSecretKey(String str, byte[] bArr, String str2, byte[] bArr2, String str3, byte[] bArr3) throws EncryptionServiceException {
        char[] cArr = new char[str2.length()];
        str2.getChars(0, str2.length(), cArr, 0);
        char[] cArr2 = new char[str3.length()];
        str3.getChars(0, str3.length(), cArr2, 0);
        return reEncryptSecretKey(str, bArr, cArr, bArr2, cArr2, bArr3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public static byte[] reEncryptSecretKey(String str, byte[] bArr, char[] cArr, byte[] bArr2, char[] cArr2, byte[] bArr3) throws EncryptionServiceException {
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            try {
                jSAFE_SecretKey = JSafeSecretKeyEncryptor.decryptSecretKey(str, bArr, cArr, bArr2);
                byte[] encryptSecretKey = JSafeSecretKeyEncryptor.encryptSecretKey(jSAFE_SecretKey, cArr2, bArr3);
                for (int i = 0; i < cArr.length; i++) {
                    cArr[i] = 0;
                }
                for (int i2 = 0; i2 < cArr2.length; i2++) {
                    cArr2[i2] = 0;
                }
                if (jSAFE_SecretKey != null) {
                    jSAFE_SecretKey.clearSensitiveData();
                }
                return encryptSecretKey;
            } catch (Exception e) {
                throw new EncryptionServiceException(e);
            }
        } catch (Throwable th) {
            for (int i3 = 0; i3 < cArr.length; i3++) {
                cArr[i3] = 0;
            }
            for (int i4 = 0; i4 < cArr2.length; i4++) {
                cArr2[i4] = 0;
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            throw th;
        }
    }

    static boolean isAES256KeyEnabled() {
        boolean z = false;
        try {
            String property = System.getProperty(ENABLE_AES256_PROPERTY);
            if (property != null) {
                z = !property.equalsIgnoreCase("false");
            }
        } catch (Exception e) {
        }
        log("isAES256KeyEnabled() = " + z);
        return z;
    }

    static boolean isAES256EncryptedKey(byte[] bArr) {
        return bArr != null && bArr.length >= ENCRYPTED_KEY_LEN_AES256;
    }

    @Override // weblogic.security.internal.encryption.EncryptionService
    public String getAlgorithm() {
        return OVERALL_ALGORITHM;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JSafeEncryptionServiceImpl(byte[] bArr, byte[] bArr2, char[] cArr, byte[] bArr3) throws EncryptionServiceException {
        this.randomIV = null;
        this.keyContext3DES = null;
        this.keyContextAES = null;
        this.keyContextMap = new HashMap(2);
        char[] cArr2 = new char[cArr.length];
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        try {
            log("Encryption service constructor called");
            create3DESKeyContext(bArr, cArr, bArr2);
            if (bArr3 != null) {
                if (isAES256EncryptedKey(bArr3)) {
                    log("Encryption service AES256 key available");
                    createAES256KeyContext(bArr3, cArr2, bArr2);
                } else {
                    log("Encryption service AES key available");
                    createAESKeyContext(bArr3, cArr2, bArr2);
                }
            }
        } catch (Exception e) {
            throw new EncryptionServiceException(e);
        }
    }

    JSafeEncryptionServiceImpl(byte[] bArr, byte[] bArr2, String str, byte[] bArr3) throws EncryptionServiceException {
        this(bArr, bArr2, str.toCharArray(), bArr3);
    }

    private void create3DESKeyContext(byte[] bArr, char[] cArr, byte[] bArr2) throws EncryptionServiceException {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_3DES;
        keyContext.algorithm = ALGORITHM_3DES;
        keyContext.randomLen = 0;
        keyContext.salt = JSafeSecretKeyEncryptor.doubleSalt(bArr2);
        setupKey(keyContext, bArr, cArr, bArr2);
        this.keyContext3DES = keyContext;
    }

    private void createAESKeyContext(byte[] bArr, char[] cArr, byte[] bArr2) throws EncryptionServiceException {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_AES;
        keyContext.algorithm = ALGORITHM_AES;
        keyContext.randomLen = RANDOM_LEN_AES;
        keyContext.salt = null;
        setupKey(keyContext, bArr, cArr, bArr2);
        this.keyContextAES = keyContext;
    }

    private void createAES256KeyContext(byte[] bArr, char[] cArr, byte[] bArr2) throws EncryptionServiceException {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_AES256;
        keyContext.algorithm = ALGORITHM_AES256;
        keyContext.randomLen = RANDOM_LEN_AES;
        keyContext.salt = null;
        setupKey(keyContext, bArr, cArr, bArr2);
        this.keyContextAES = keyContext;
    }

    private void setupKey(KeyContext keyContext, byte[] bArr, char[] cArr, byte[] bArr2) throws EncryptionServiceException {
        try {
            log("Initializing key: " + keyContext.prefix);
            JSAFE_SecretKey decryptSecretKey = JSafeSecretKeyEncryptor.decryptSecretKey(keyContext.algorithm, bArr, cArr, bArr2);
            log("key: " + decryptSecretKey.toString());
            keyContext.secretKey = decryptSecretKey;
            log("Placing KeyContext into Map: " + keyContext.prefix);
            this.keyContextMap.put(keyContext.prefix, keyContext);
        } catch (Exception e) {
            throw new EncryptionServiceException(e);
        }
    }

    private synchronized void initRandomIV() throws NoSuchAlgorithmException {
        if (this.randomIV == null) {
            this.randomIV = getSeededSecureRandomInstance();
        }
    }

    private synchronized void getRandomIV(byte[] bArr, int i, int i2) throws Exception {
        initRandomIV();
        this.randomIV.generateRandomBytes(bArr, i, i2);
    }

    private synchronized JSAFE_SymmetricCipher getEncryptCipher(KeyContext keyContext) throws EncryptionServiceException {
        try {
            JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(keyContext.algorithm, "Java");
            if (keyContext.salt != null) {
                jSAFE_SymmetricCipher.setIV(keyContext.salt, 0, keyContext.salt.length);
            }
            jSAFE_SymmetricCipher.encryptInit(keyContext.secretKey);
            return jSAFE_SymmetricCipher;
        } catch (Exception e) {
            throw new EncryptionServiceException(e);
        }
    }

    private synchronized JSAFE_SymmetricCipher getDecryptCipher(KeyContext keyContext) throws EncryptionServiceException {
        try {
            JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(keyContext.algorithm, "Java");
            if (keyContext.salt != null) {
                jSAFE_SymmetricCipher.setIV(keyContext.salt, 0, keyContext.salt.length);
            }
            jSAFE_SymmetricCipher.decryptInit(keyContext.secretKey);
            return jSAFE_SymmetricCipher;
        } catch (Exception e) {
            throw new EncryptionServiceException(e);
        }
    }

    public static EncryptionServiceFactory getFactory() throws EncryptionServiceException {
        return new JSafeEncryptionServiceFactory();
    }

    public static void log(String str) {
        if (logger.isDebugEnabled()) {
            logger.debug(System.currentTimeMillis() + " : " + Thread.currentThread().getName() + " : " + str);
        }
    }

    public static JSAFE_SymmetricCipher getSymmetricCipher(String str, String str2) throws JSAFE_UnimplementedException, JSAFE_InvalidParameterException {
        return getNonFIPS140Ctx() == null ? JSAFE_SymmetricCipher.getInstance(str, str2) : JSAFE_SymmetricCipher.getInstance(str, str2, getNonFIPS140Ctx());
    }

    public static FIPS140Context getNonFIPS140Ctx() {
        if (CryptoJ.isFIPS140Compliant() && NON_FIPS140_CONTEXT == null) {
            try {
                NON_FIPS140_CONTEXT = CryptoJ.getFIPS140Context().setMode(1);
            } catch (JSAFE_InvalidUseException e) {
                throw new EncryptionServiceException(e.getMessage());
            }
        }
        return NON_FIPS140_CONTEXT;
    }

    private static JSAFE_SecureRandom getSeededSecureRandomInstance() throws NoSuchAlgorithmException {
        byte[] generateRandomBytes;
        if (logger.isDebugEnabled()) {
            log("starting getSeededSecureRandomInstance - default: HMACDRBG");
        }
        synchronized (seedingLock) {
            if (seedingRandom == null) {
                algorithm_used = ALGORITHM_RANDOM;
                try {
                    seedingRandom = initSecureRandom(algorithm_used);
                } catch (Exception e) {
                    algorithm_used = ALGORITHM_RANDOM_ALTERNATIVE;
                    seedingRandom = initSecureRandom(algorithm_used);
                }
                try {
                    generateRandomBytes = seedingRandom.generateRandomBytes(INSTANCE_RANDOM_SEED_SIZE);
                } catch (SecurityException e2) {
                    seedingRandom.clearSensitiveData();
                    algorithm_used = ALGORITHM_RANDOM_ALTERNATIVE;
                    seedingRandom = initSecureRandom(algorithm_used);
                    generateRandomBytes = seedingRandom.generateRandomBytes(INSTANCE_RANDOM_SEED_SIZE);
                }
            } else {
                generateRandomBytes = seedingRandom.generateRandomBytes(INSTANCE_RANDOM_SEED_SIZE);
            }
        }
        JSAFE_SecureRandom jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance(algorithm_used, "Java");
        jSAFE_SecureRandom.setSeed(generateRandomBytes);
        if (logger.isDebugEnabled()) {
            log("done getSeededSecureRandomInstance - used: " + algorithm_used);
        }
        return jSAFE_SecureRandom;
    }

    private static JSAFE_SecureRandom initSecureRandom(String str) throws NoSuchAlgorithmException {
        JSAFE_SecureRandom jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance(str, "Java");
        jSAFE_SecureRandom.autoseed();
        return jSAFE_SecureRandom;
    }
}
