package com.unboundid.util;

import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.logging.Level;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

@ThreadSafety(level = ThreadSafetyLevel.MOSTLY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-4.0.14.jar:com/unboundid/util/PassphraseEncryptedStreamHeader.class */
public final class PassphraseEncryptedStreamHeader implements Serializable {
    static final byte TYPE_ENCODING_VERSION = Byte.MIN_VALUE;
    static final byte TYPE_KEY_FACTORY_ALGORITHM = -127;
    static final byte TYPE_KEY_FACTORY_ITERATION_COUNT = -126;
    static final byte TYPE_KEY_FACTORY_SALT = -125;
    static final byte TYPE_KEY_FACTORY_KEY_LENGTH_BITS = -124;
    static final byte TYPE_CIPHER_TRANSFORMATION = -123;
    static final byte TYPE_CIPHER_INITIALIZATION_VECTOR = -122;
    static final byte TYPE_KEY_IDENTIFIER = -121;
    static final byte TYPE_MAC_ALGORITHM = -120;
    static final byte TYPE_MAC_VALUE = -119;
    public static final byte[] MAGIC_BYTES = {80, 85, 76, 83, 80, 69, 83, 72};
    static final int ENCODING_VERSION_1 = 1;
    private static final long serialVersionUID = 6756983626170064762L;
    private final byte[] cipherInitializationVector;
    private final byte[] encodedHeader;
    private final byte[] keyFactorySalt;
    private final byte[] macValue;
    private final int keyFactoryIterationCount;
    private final int keyFactoryKeyLengthBits;
    private final SecretKey secretKey;
    private final String cipherTransformation;
    private final String keyFactoryAlgorithm;
    private final String keyIdentifier;
    private final String macAlgorithm;

    private PassphraseEncryptedStreamHeader(String str, int i, byte[] bArr, int i2, String str2, byte[] bArr2, String str3, SecretKey secretKey, String str4, byte[] bArr3, byte[] bArr4) {
        this.keyFactoryAlgorithm = str;
        this.keyFactoryIterationCount = i;
        this.keyFactorySalt = Arrays.copyOf(bArr, bArr.length);
        this.keyFactoryKeyLengthBits = i2;
        this.cipherTransformation = str2;
        this.cipherInitializationVector = Arrays.copyOf(bArr2, bArr2.length);
        this.keyIdentifier = str3;
        this.secretKey = secretKey;
        this.macAlgorithm = str4;
        this.macValue = bArr3;
        this.encodedHeader = bArr4;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PassphraseEncryptedStreamHeader(char[] cArr, String str, int i, byte[] bArr, int i2, String str2, byte[] bArr2, String str3, String str4) throws GeneralSecurityException {
        this.keyFactoryAlgorithm = str;
        this.keyFactoryIterationCount = i;
        this.keyFactorySalt = Arrays.copyOf(bArr, bArr.length);
        this.keyFactoryKeyLengthBits = i2;
        this.cipherTransformation = str2;
        this.cipherInitializationVector = Arrays.copyOf(bArr2, bArr2.length);
        this.keyIdentifier = str3;
        this.macAlgorithm = str4;
        this.secretKey = generateKeyReliably(str, str2, cArr, bArr, i, i2);
        ObjectPair<byte[], byte[]> encode = encode(str, i, this.keyFactorySalt, i2, str2, this.cipherInitializationVector, str3, this.secretKey, str4);
        this.encodedHeader = encode.getFirst();
        this.macValue = encode.getSecond();
    }

    private static ObjectPair<byte[], byte[]> encode(String str, int i, byte[] bArr, int i2, String str2, byte[] bArr2, String str3, SecretKey secretKey, String str4) throws GeneralSecurityException {
        ArrayList arrayList = new ArrayList(10);
        arrayList.add(new ASN1Integer(Byte.MIN_VALUE, 1));
        arrayList.add(new ASN1OctetString((byte) -127, str));
        arrayList.add(new ASN1Integer((byte) -126, i));
        arrayList.add(new ASN1OctetString((byte) -125, bArr));
        arrayList.add(new ASN1Integer((byte) -124, i2));
        arrayList.add(new ASN1OctetString((byte) -123, str2));
        arrayList.add(new ASN1OctetString((byte) -122, bArr2));
        if (str3 != null) {
            arrayList.add(new ASN1OctetString((byte) -121, str3));
        }
        arrayList.add(new ASN1OctetString((byte) -120, str4));
        ByteStringBuffer byteStringBuffer = new ByteStringBuffer();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            byteStringBuffer.append(((ASN1Element) it.next()).encode());
        }
        Mac mac = Mac.getInstance(str4);
        mac.init(secretKey);
        byte[] doFinal = mac.doFinal(byteStringBuffer.toByteArray());
        arrayList.add(new ASN1OctetString((byte) -119, doFinal));
        byte[] encode = new ASN1Sequence(arrayList).encode();
        byte[] bArr3 = new byte[MAGIC_BYTES.length + encode.length];
        System.arraycopy(MAGIC_BYTES, 0, bArr3, 0, MAGIC_BYTES.length);
        System.arraycopy(encode, 0, bArr3, MAGIC_BYTES.length, encode.length);
        return new ObjectPair<>(bArr3, doFinal);
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        outputStream.write(this.encodedHeader);
    }

    public static PassphraseEncryptedStreamHeader readFrom(InputStream inputStream, char[] cArr) throws IOException, LDAPException, InvalidKeyException, GeneralSecurityException {
        for (int i = 0; i < MAGIC_BYTES.length; i++) {
            int read = inputStream.read();
            if (read < 0) {
                throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_END_OF_STREAM_IN_MAGIC.get());
            }
            if (read != MAGIC_BYTES[i]) {
                throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_MAGIC_MISMATCH.get());
            }
        }
        try {
            ASN1Element readFrom = ASN1Element.readFrom(inputStream);
            if (readFrom == null) {
                throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_END_OF_STREAM_AFTER_MAGIC.get());
            }
            byte[] encode = readFrom.encode();
            byte[] bArr = new byte[MAGIC_BYTES.length + encode.length];
            System.arraycopy(MAGIC_BYTES, 0, bArr, 0, MAGIC_BYTES.length);
            System.arraycopy(encode, 0, bArr, MAGIC_BYTES.length, encode.length);
            return decodeHeaderSequence(bArr, ASN1Sequence.decodeAsSequence(readFrom), cArr);
        } catch (LDAPException | IOException | GeneralSecurityException e) {
            Debug.debugException(e);
            throw e;
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_ASN1_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    public static PassphraseEncryptedStreamHeader decode(byte[] bArr, char[] cArr) throws LDAPException, InvalidKeyException, GeneralSecurityException {
        if (bArr.length <= MAGIC_BYTES.length) {
            throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_TOO_SHORT.get());
        }
        for (int i = 0; i < MAGIC_BYTES.length; i++) {
            if (bArr[i] != MAGIC_BYTES[i]) {
                throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_MAGIC_MISMATCH.get());
            }
        }
        try {
            byte[] bArr2 = new byte[bArr.length - MAGIC_BYTES.length];
            System.arraycopy(bArr, MAGIC_BYTES.length, bArr2, 0, bArr2.length);
            return decodeHeaderSequence(bArr, ASN1Sequence.decodeAsSequence(bArr2), cArr);
        } catch (Exception e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_ASN1_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private static PassphraseEncryptedStreamHeader decodeHeaderSequence(byte[] bArr, ASN1Sequence aSN1Sequence, char[] cArr) throws LDAPException, InvalidKeyException, GeneralSecurityException {
        SecretKey generateKeyReliably;
        try {
            ASN1Element[] elements = aSN1Sequence.elements();
            ASN1Integer decodeAsInteger = ASN1Integer.decodeAsInteger(elements[0]);
            if (decodeAsInteger.intValue() != 1) {
                throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_UNSUPPORTED_VERSION.get(Integer.valueOf(decodeAsInteger.intValue())));
            }
            String stringValue = ASN1OctetString.decodeAsOctetString(elements[1]).stringValue();
            int intValue = ASN1Integer.decodeAsInteger(elements[2]).intValue();
            byte[] value = ASN1OctetString.decodeAsOctetString(elements[3]).getValue();
            int intValue2 = ASN1Integer.decodeAsInteger(elements[4]).intValue();
            String stringValue2 = ASN1OctetString.decodeAsOctetString(elements[5]).stringValue();
            byte[] value2 = ASN1OctetString.decodeAsOctetString(elements[6]).getValue();
            byte[] bArr2 = null;
            int i = -1;
            String str = null;
            String str2 = null;
            for (int i2 = 7; i2 < elements.length; i2++) {
                switch (elements[i2].getType()) {
                    case -121:
                        str = ASN1OctetString.decodeAsOctetString(elements[i2]).stringValue();
                        break;
                    case TYPE_MAC_ALGORITHM /* -120 */:
                        str2 = ASN1OctetString.decodeAsOctetString(elements[i2]).stringValue();
                        break;
                    case TYPE_MAC_VALUE /* -119 */:
                        i = i2;
                        bArr2 = ASN1OctetString.decodeAsOctetString(elements[i2]).getValue();
                        break;
                    default:
                        throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_UNRECOGNIZED_ELEMENT_TYPE.get(StaticUtils.toHex(elements[i2].getType())));
                }
            }
            if (cArr == null) {
                generateKeyReliably = null;
            } else {
                generateKeyReliably = generateKeyReliably(stringValue, stringValue2, cArr, value, intValue, intValue2);
                ByteStringBuffer byteStringBuffer = new ByteStringBuffer();
                for (int i3 = 0; i3 < elements.length; i3++) {
                    if (i3 != i) {
                        byteStringBuffer.append(elements[i3].encode());
                    }
                }
                Mac mac = Mac.getInstance(str2);
                mac.init(generateKeyReliably);
                if (!Arrays.equals(mac.doFinal(byteStringBuffer.toByteArray()), bArr2)) {
                    throw new InvalidKeyException(UtilityMessages.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_BAD_PW.get());
                }
            }
            return new PassphraseEncryptedStreamHeader(stringValue, intValue, value, intValue2, stringValue2, value2, str, generateKeyReliably, str2, bArr2, bArr);
        } catch (LDAPException | GeneralSecurityException e) {
            Debug.debugException(e);
            throw e;
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new LDAPException(ResultCode.DECODING_ERROR, UtilityMessages.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    private static SecretKey generateKeyReliably(String str, String str2, char[] cArr, byte[] bArr, int i, int i2) throws GeneralSecurityException {
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        for (int i3 = 0; i3 < 10; i3++) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, bArr, i, i2)).getEncoded(), str2.substring(0, str2.indexOf(47)));
            byte[] encoded = secretKeySpec.getEncoded();
            if (Arrays.equals(encoded, bArr2) && Arrays.equals(encoded, bArr3)) {
                if (i3 > 2) {
                    Debug.debug(Level.WARNING, DebugType.OTHER, "The secret key was generated inconsistently initially, but after " + i3 + " iterations, we were able to generate a consistent value.");
                }
                return secretKeySpec;
            }
            bArr3 = bArr2;
            bArr2 = encoded;
        }
        Debug.debug(Level.SEVERE, DebugType.OTHER, "Even after 10 iterations, the secret key could not be reliably generated.");
        throw new InvalidKeyException(UtilityMessages.ERR_PW_ENCRYPTED_STREAM_HEADER_CANNOT_GENERATE_KEY.get());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Cipher createCipher(int i) throws InvalidKeyException, GeneralSecurityException {
        if (this.secretKey == null) {
            throw new InvalidKeyException(UtilityMessages.ERR_PW_ENCRYPTED_HEADER_NO_KEY_AVAILABLE.get());
        }
        Cipher cipher = Cipher.getInstance(this.cipherTransformation);
        cipher.init(i, this.secretKey, new IvParameterSpec(this.cipherInitializationVector));
        return cipher;
    }

    public String getKeyFactoryAlgorithm() {
        return this.keyFactoryAlgorithm;
    }

    public int getKeyFactoryIterationCount() {
        return this.keyFactoryIterationCount;
    }

    public byte[] getKeyFactorySalt() {
        return Arrays.copyOf(this.keyFactorySalt, this.keyFactorySalt.length);
    }

    public int getKeyFactoryKeyLengthBits() {
        return this.keyFactoryKeyLengthBits;
    }

    public String getCipherTransformation() {
        return this.cipherTransformation;
    }

    public byte[] getCipherInitializationVector() {
        return Arrays.copyOf(this.cipherInitializationVector, this.cipherInitializationVector.length);
    }

    public String getKeyIdentifier() {
        return this.keyIdentifier;
    }

    public String getMACAlgorithm() {
        return this.macAlgorithm;
    }

    public byte[] getEncodedHeader() {
        return Arrays.copyOf(this.encodedHeader, this.encodedHeader.length);
    }

    public boolean isSecretKeyAvailable() {
        return this.secretKey != null;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(StringBuilder sb) {
        sb.append("PassphraseEncryptedStreamHeader(keyFactoryAlgorithm='");
        sb.append(this.keyFactoryAlgorithm);
        sb.append("', keyFactoryIterationCount=");
        sb.append(this.keyFactoryIterationCount);
        sb.append(", keyFactorySaltLengthBytes=");
        sb.append(this.keyFactorySalt.length);
        sb.append(", keyFactoryKeyLengthBits=");
        sb.append(this.keyFactoryKeyLengthBits);
        sb.append(", cipherTransformation'=");
        sb.append(this.cipherTransformation);
        sb.append("', cipherInitializationVectorLengthBytes=");
        sb.append(this.cipherInitializationVector.length);
        sb.append('\'');
        if (this.keyIdentifier != null) {
            sb.append(", keyIdentifier='");
            sb.append(this.keyIdentifier);
            sb.append('\'');
        }
        sb.append(", macAlgorithm='");
        sb.append(this.macAlgorithm);
        sb.append("', macValueLengthBytes=");
        sb.append(this.macValue.length);
        sb.append(", secretKeyAvailable=");
        sb.append(isSecretKeyAvailable());
        sb.append(", encodedHeaderLengthBytes=");
        sb.append(this.encodedHeader.length);
        sb.append(')');
    }
}
