package com.bea.common.security.utils;

import com.rsa.jsafe.JSAFE_Exception;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;

/* loaded from: input_file:com/bea/common/security/utils/LegacyEncryptorKey.class */
public class LegacyEncryptorKey {
    private static final String ALGORITHM_3DES = "3DES_EDE/CBC/PKCS5Padding";
    private static final String ALGORITHM_AES = "AES/CBC/PKCS5Padding";
    private static final String ALGORITHM_AES256 = "AES256/CBC/PKCS5Padding";
    private static final String ALGORITHM_RANDOM = "HMACDRBG";
    private static final String FALLBACK_ALGORITHM_RANDOM = "FIPS186Random";
    private static final String PREFIX_3DES = "{3DES}";
    private static final int RANDOM_LEN_3DES = 0;
    private static final int KEY_LEN_3DES = 168;
    private static final String PREFIX_AES = "{AES}";
    private static final String PREFIX_AES256 = "{AES256}";
    private static final int RANDOM_LEN_AES = 16;
    private static final int KEY_LEN_AES = 128;
    private static final int ENCRYPTED_KEY_LEN_AES256 = 40;
    private static final int SALT_LENGTH = 8;
    private static final String PBE_ALGORITHM = "PBE/SHA1/RC2/CBC/PKCS12PBE-5-128";
    private static final int VERSION = 2;
    private static final int UPDATED_VERSION = 1;
    private static boolean nonFIPS140Ctx = false;
    private byte[] salt;
    private byte[] encryptedKey;
    private byte[] encryptedAESKey;
    private JSAFE_SecretKey secretKey;
    private JSAFE_SecretKey secretAESKey;
    private KeyContextMap keyContextMap;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/bea/common/security/utils/LegacyEncryptorKey$KeyContext.class */
    public class KeyContext {
        String prefix;
        String algorithm;
        int randomLen;
        private byte[] salt;
        private JSAFE_SecretKey secretKey;
        private JSAFE_SecureRandom randomIV;

        private KeyContext() {
            this.randomIV = null;
        }

        private synchronized void initRandomIV() throws NoSuchAlgorithmException {
            if (this.randomIV == null) {
                this.randomIV = LegacyEncryptorKey.access$600();
                this.randomIV.autoseed();
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public void getRandomIV(byte[] bArr, int i, int i2) throws KeyException {
            try {
                initRandomIV();
                this.randomIV.generateRandomBytes(bArr, i, i2);
            } catch (NoSuchAlgorithmException e) {
                throw LegacyEncryptorKey.getKeyException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized JSAFE_SymmetricCipher getEncryptCipher() throws KeyException {
            try {
                JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(this.algorithm, "Java");
                if (this.salt != null) {
                    jSAFE_SymmetricCipher.setIV(this.salt, 0, this.salt.length);
                }
                jSAFE_SymmetricCipher.encryptInit(this.secretKey);
                return jSAFE_SymmetricCipher;
            } catch (Exception e) {
                throw LegacyEncryptorKey.getKeyException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public synchronized JSAFE_SymmetricCipher getDecryptCipher() throws KeyException {
            try {
                JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(this.algorithm, "Java");
                if (this.salt != null) {
                    jSAFE_SymmetricCipher.setIV(this.salt, 0, this.salt.length);
                }
                jSAFE_SymmetricCipher.decryptInit(this.secretKey);
                return jSAFE_SymmetricCipher;
            } catch (Exception e) {
                throw LegacyEncryptorKey.getKeyException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/bea/common/security/utils/LegacyEncryptorKey$KeyContextMap.class */
    public class KeyContextMap {
        private KeyContext kcDefault;
        private HashMap keyContexts;

        private KeyContextMap() {
            this.keyContexts = new HashMap(2);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public String getDefaultKeyContext() {
            return this.kcDefault.prefix;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean isKeyContextAvailable(String str) {
            return this.keyContexts.containsKey(str);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public KeyContext getKeyContextFromString(String str) {
            KeyContext keyContext = (KeyContext) this.keyContexts.get(str);
            if (keyContext == null) {
                throw new IllegalStateException("KeyContext Unavailable!");
            }
            return keyContext;
        }
    }

    public LegacyEncryptorKey(char[] cArr) throws KeyException {
        try {
            generateInitialValues(cArr);
            initializeKeyContexts(cArr);
        } catch (NoSuchAlgorithmException e) {
            throw getKeyException(e);
        } catch (JSAFE_Exception e2) {
            throw getKeyException(e2);
        }
    }

    public LegacyEncryptorKey(char[] cArr, byte[] bArr, byte[] bArr2) throws KeyException {
        this(cArr, bArr, bArr2, null);
    }

    public LegacyEncryptorKey(char[] cArr, byte[] bArr, byte[] bArr2, byte[] bArr3) throws KeyException {
        this(cArr, bArr, bArr2, bArr3, null);
    }

    private static void setNonFIPS140Ctx(boolean z) {
        nonFIPS140Ctx = z;
    }

    public LegacyEncryptorKey(char[] cArr, byte[] bArr, byte[] bArr2, byte[] bArr3, Object obj) throws KeyException {
        if (obj != null) {
            setNonFIPS140Ctx(true);
        }
        try {
            this.salt = makeCopy(bArr);
            this.encryptedKey = makeCopy(bArr2);
            if (bArr3 != null) {
                this.encryptedAESKey = makeCopy(bArr3);
            }
            initializeKeyContexts(cArr);
        } catch (JSAFE_Exception e) {
            throw getKeyException(e);
        }
    }

    public LegacyEncryptorKey(char[] cArr, InputStream inputStream) throws IOException, KeyException {
        this.salt = readBytes(inputStream);
        int read = inputStream.read();
        try {
            if (read != -1) {
                this.encryptedKey = readBytes(inputStream);
                if (read >= 2) {
                    this.encryptedAESKey = readBytes(inputStream);
                }
            } else {
                generateInitialValues(cArr);
            }
            initializeKeyContexts(cArr);
        } catch (NoSuchAlgorithmException e) {
            throw getKeyException(e);
        } catch (JSAFE_Exception e2) {
            throw getKeyException(e2);
        }
    }

    private void generateInitialValues(char[] cArr) throws JSAFE_Exception, NoSuchAlgorithmException {
        JSAFE_SecureRandom jSAFE_SecureRandom = null;
        try {
            jSAFE_SecureRandom = (JSAFE_SecureRandom) getRandom();
            jSAFE_SecureRandom.autoseed();
            if (this.salt == null) {
                this.salt = jSAFE_SecureRandom.generateRandomBytes(8);
            }
            this.encryptedKey = generateKey(ALGORITHM_3DES, 168, jSAFE_SecureRandom, this.salt, cArr);
            this.encryptedAESKey = generateKey(ALGORITHM_AES, 128, jSAFE_SecureRandom, this.salt, cArr);
            if (jSAFE_SecureRandom != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
        } catch (Throwable th) {
            if (jSAFE_SecureRandom != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
            throw th;
        }
    }

    private static SecureRandom getRandom() throws NoSuchAlgorithmException {
        SecureRandom jSAFE_SecureRandom;
        try {
            jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance(ALGORITHM_RANDOM, "Java");
        } catch (NoSuchAlgorithmException e) {
            jSAFE_SecureRandom = JSAFE_SecureRandom.getInstance(FALLBACK_ALGORITHM_RANDOM, "Java");
        }
        return jSAFE_SecureRandom;
    }

    private byte[] generateKey(String str, int i, JSAFE_SecureRandom jSAFE_SecureRandom, byte[] bArr, char[] cArr) throws JSAFE_Exception, NoSuchAlgorithmException {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(str, "Java");
            jSAFE_SecretKey = jSAFE_SymmetricCipher.getBlankKey();
            jSAFE_SecretKey.generateInit(new int[]{i}, jSAFE_SecureRandom);
            jSAFE_SecretKey.generate();
            byte[] encryptKey = encryptKey(cArr, bArr, jSAFE_SecretKey);
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
            return encryptKey;
        } catch (Throwable th) {
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
            throw th;
        }
    }

    private static boolean isAES256EncryptedKey(byte[] bArr) {
        return bArr != null && bArr.length >= 40;
    }

    private void initializeKeyContexts(char[] cArr) throws JSAFE_Exception {
        KeyContext keyContext = null;
        this.keyContextMap = new KeyContextMap();
        this.secretKey = decryptKey(ALGORITHM_3DES, cArr, this.salt, this.encryptedKey);
        KeyContext create3DESKeyContext = create3DESKeyContext(this.secretKey);
        if (this.encryptedAESKey != null) {
            if (isAES256EncryptedKey(this.encryptedAESKey)) {
                this.secretAESKey = decryptKey(ALGORITHM_AES256, cArr, this.salt, this.encryptedAESKey);
                keyContext = createAES256KeyContext(this.secretAESKey);
            } else {
                this.secretAESKey = decryptKey(ALGORITHM_AES, cArr, this.salt, this.encryptedAESKey);
                keyContext = createAESKeyContext(this.secretAESKey);
            }
        }
        if (keyContext == null) {
            this.keyContextMap.kcDefault = create3DESKeyContext;
        } else {
            this.keyContextMap.kcDefault = keyContext;
        }
    }

    private KeyContext create3DESKeyContext(JSAFE_SecretKey jSAFE_SecretKey) throws JSAFE_Exception {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_3DES;
        keyContext.algorithm = ALGORITHM_3DES;
        keyContext.randomLen = 0;
        keyContext.salt = this.salt;
        if (this.salt.length != 8) {
            byte[] bArr = new byte[8];
            int i = 0;
            int i2 = 0;
            while (i < bArr.length) {
                if (i2 >= this.salt.length) {
                    i2 = 0;
                }
                bArr[i] = this.salt[i2];
                i++;
                i2++;
            }
            keyContext.salt = bArr;
        }
        setupKey(keyContext, jSAFE_SecretKey);
        return keyContext;
    }

    private KeyContext createAESKeyContext(JSAFE_SecretKey jSAFE_SecretKey) throws JSAFE_Exception {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_AES;
        keyContext.algorithm = ALGORITHM_AES;
        keyContext.randomLen = 16;
        keyContext.salt = null;
        setupKey(keyContext, jSAFE_SecretKey);
        return keyContext;
    }

    private KeyContext createAES256KeyContext(JSAFE_SecretKey jSAFE_SecretKey) throws JSAFE_Exception {
        KeyContext keyContext = new KeyContext();
        keyContext.prefix = PREFIX_AES256;
        keyContext.algorithm = ALGORITHM_AES256;
        keyContext.randomLen = 16;
        keyContext.salt = null;
        setupKey(keyContext, jSAFE_SecretKey);
        return keyContext;
    }

    private void setupKey(KeyContext keyContext, JSAFE_SecretKey jSAFE_SecretKey) throws JSAFE_Exception {
        keyContext.secretKey = jSAFE_SecretKey;
        this.keyContextMap.keyContexts.put(keyContext.prefix, keyContext);
    }

    public byte[] getSalt() {
        checkDisposed();
        return makeCopy(this.salt);
    }

    public byte[] getEncryptedSecretKey() {
        checkDisposed();
        return makeCopy(this.encryptedKey);
    }

    public byte[] getEncryptedAESSecretKey() {
        checkDisposed();
        if (this.encryptedAESKey == null) {
            return null;
        }
        return makeCopy(this.encryptedAESKey);
    }

    public void generateAESKey(char[] cArr) throws KeyException {
        checkDisposed();
        if (this.encryptedAESKey != null) {
            throw getKeyException(new IllegalStateException("Key Exists"));
        }
        JSAFE_SecureRandom jSAFE_SecureRandom = null;
        try {
            try {
                jSAFE_SecureRandom = (JSAFE_SecureRandom) getRandom();
                jSAFE_SecureRandom.autoseed();
                this.encryptedAESKey = generateKey(ALGORITHM_AES, 128, jSAFE_SecureRandom, this.salt, cArr);
                if (jSAFE_SecureRandom != null) {
                    jSAFE_SecureRandom.clearSensitiveData();
                }
            } catch (JSAFE_Exception e) {
                throw getKeyException(e);
            } catch (NoSuchAlgorithmException e2) {
                throw getKeyException(e2);
            }
        } catch (Throwable th) {
            if (jSAFE_SecureRandom != null) {
                jSAFE_SecureRandom.clearSensitiveData();
            }
            throw th;
        }
    }

    public void updateProtection(char[] cArr, byte[] bArr) throws KeyException {
        checkDisposed();
        try {
            this.encryptedKey = encryptKey(cArr, bArr, this.secretKey);
            this.salt = bArr;
            if (this.secretAESKey != null) {
                this.encryptedAESKey = encryptKey(cArr, bArr, this.secretAESKey);
            }
        } catch (JSAFE_Exception e) {
            throw getKeyException(e);
        }
    }

    public void write(OutputStream outputStream) throws IOException {
        checkDisposed();
        int i = 2;
        if (this.encryptedAESKey == null) {
            i = 1;
        }
        outputStream.write(this.salt.length);
        outputStream.write(this.salt);
        outputStream.write(i);
        outputStream.write(this.encryptedKey.length);
        outputStream.write(this.encryptedKey);
        if (i == 2) {
            outputStream.write(this.encryptedAESKey.length);
            outputStream.write(this.encryptedAESKey);
        }
    }

    public void dispose() {
        if (this.salt != null) {
            Arrays.fill(this.salt, (byte) 0);
        }
        if (this.encryptedKey != null) {
            Arrays.fill(this.encryptedKey, (byte) 0);
        }
        if (this.encryptedAESKey != null) {
            Arrays.fill(this.encryptedAESKey, (byte) 0);
        }
        this.salt = null;
        this.encryptedKey = null;
        this.encryptedAESKey = null;
        this.secretAESKey = null;
        this.secretKey = null;
        this.keyContextMap = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyContextMap getKeyContextMap() {
        checkDisposed();
        return this.keyContextMap;
    }

    private final void checkDisposed() {
        if (this.secretKey == null) {
            throw new IllegalStateException("The key is disposed");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final KeyException getKeyException(Exception exc) {
        KeyException keyException = new KeyException(exc.getLocalizedMessage());
        keyException.initCause(exc);
        return keyException;
    }

    private static byte[] readBytes(InputStream inputStream) throws IOException {
        int read = inputStream.read();
        if (read < 0) {
            throw new IOException("Stream is empty");
        }
        byte[] bArr = new byte[read];
        int i = 0;
        while (i < read) {
            int read2 = inputStream.read(bArr, i, read - i);
            if (read2 == -1) {
                throw new IOException("End of stream while expecting " + (read - i) + " more bytes");
            }
            i += read2;
        }
        return bArr;
    }

    private static final byte[] makeCopy(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private static byte[] encryptKey(char[] cArr, byte[] bArr, JSAFE_SecretKey jSAFE_SecretKey) throws JSAFE_Exception {
        byte[] secretKeyData = jSAFE_SecretKey.getSecretKeyData();
        try {
            byte[] pbeEncrypt = pbeEncrypt(cArr, bArr, secretKeyData);
            Arrays.fill(secretKeyData, (byte) 0);
            return pbeEncrypt;
        } catch (Throwable th) {
            Arrays.fill(secretKeyData, (byte) 0);
            throw th;
        }
    }

    private static JSAFE_SecretKey decryptKey(String str, char[] cArr, byte[] bArr, byte[] bArr2) throws JSAFE_Exception {
        byte[] pbeDecrypt = pbeDecrypt(cArr, bArr, bArr2);
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        try {
            jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance(str, "Java");
            JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
            blankKey.setSecretKeyData(pbeDecrypt, 0, pbeDecrypt.length);
            Arrays.fill(pbeDecrypt, (byte) 0);
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            return blankKey;
        } catch (Throwable th) {
            Arrays.fill(pbeDecrypt, (byte) 0);
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            throw th;
        }
    }

    private static byte[] pbeEncrypt(char[] cArr, byte[] bArr, byte[] bArr2) throws JSAFE_Exception {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            jSAFE_SymmetricCipher = getNonFIPSSymmetricCipher(PBE_ALGORITHM, "Java");
            jSAFE_SymmetricCipher.setSalt(bArr, 0, bArr.length);
            jSAFE_SecretKey = jSAFE_SymmetricCipher.getBlankKey();
            jSAFE_SecretKey.setPassword(cArr, 0, cArr.length);
            jSAFE_SymmetricCipher.encryptInit(jSAFE_SecretKey);
            byte[] bArr3 = new byte[jSAFE_SymmetricCipher.getOutputBufferSize(bArr2.length)];
            jSAFE_SymmetricCipher.encryptFinal(bArr3, jSAFE_SymmetricCipher.encryptUpdate(bArr2, 0, bArr2.length, bArr3, 0));
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            return bArr3;
        } catch (Throwable th) {
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            throw th;
        }
    }

    private static byte[] pbeDecrypt(char[] cArr, byte[] bArr, byte[] bArr2) throws JSAFE_Exception {
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            jSAFE_SymmetricCipher = getNonFIPSSymmetricCipher(PBE_ALGORITHM, "Java");
            jSAFE_SymmetricCipher.setSalt(bArr, 0, bArr.length);
            jSAFE_SecretKey = jSAFE_SymmetricCipher.getBlankKey();
            jSAFE_SecretKey.setPassword(cArr, 0, cArr.length);
            jSAFE_SymmetricCipher.decryptInit(jSAFE_SecretKey);
            byte[] bArr3 = new byte[bArr2.length];
            int decryptUpdate = jSAFE_SymmetricCipher.decryptUpdate(bArr2, 0, bArr2.length, bArr3, 0);
            int decryptFinal = decryptUpdate + jSAFE_SymmetricCipher.decryptFinal(bArr3, decryptUpdate);
            if (bArr3.length > decryptFinal) {
                byte[] bArr4 = new byte[decryptFinal];
                System.arraycopy(bArr3, 0, bArr4, 0, decryptFinal);
                bArr3 = bArr4;
            }
            byte[] bArr5 = bArr3;
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            return bArr5;
        } catch (Throwable th) {
            if (jSAFE_SymmetricCipher != null) {
                jSAFE_SymmetricCipher.clearSensitiveData();
            }
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            throw th;
        }
    }

    private static JSAFE_SymmetricCipher getNonFIPSSymmetricCipher(String str, String str2) throws JSAFE_Exception {
        if (nonFIPS140Ctx) {
            try {
                return (JSAFE_SymmetricCipher) Class.forName("weblogic.security.internal.encryption.JSafeEncryptionServiceImpl").getMethod("getSymmetricCipher", String.class, String.class).invoke(null, str, str2);
            } catch (Exception e) {
            } catch (LinkageError e2) {
            }
        }
        return JSAFE_SymmetricCipher.getInstance(str, str2);
    }

    static /* synthetic */ SecureRandom access$600() throws NoSuchAlgorithmException {
        return getRandom();
    }
}
