package org.netbeans.modules.keyring.fallback;

import java.awt.GraphicsEnvironment;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.prefs.Preferences;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.netbeans.api.keyring.Keyring;
import org.netbeans.modules.keyring.spi.EncryptionProvider;
import org.netbeans.modules.keyring.utils.Utils;
import org.openide.util.Mutex;
import org.openide.util.NbPreferences;

/* loaded from: input_file:org/netbeans/modules/keyring/fallback/MasterPasswordEncryption.class */
public class MasterPasswordEncryption implements EncryptionProvider {
    private static final Logger LOG;
    private static final String ENCRYPTION_ALGORITHM = "PBEWithSHA1AndDESede";
    private SecretKeyFactory KEY_FACTORY;
    private AlgorithmParameterSpec PARAM_SPEC;
    private Cipher encrypt;
    private Cipher decrypt;
    private boolean unlocked;
    private Callable<Void> encryptionChanging;
    private char[] newMasterPassword;
    private boolean fresh;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public boolean enabled() {
        if (Boolean.getBoolean("netbeans.keyring.no.master")) {
            LOG.fine("master password encryption disabled");
            return false;
        }
        if (GraphicsEnvironment.isHeadless()) {
            LOG.fine("disabling master password encryption in headless mode");
            return false;
        }
        try {
            this.KEY_FACTORY = SecretKeyFactory.getInstance(ENCRYPTION_ALGORITHM);
            this.encrypt = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            this.decrypt = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            Preferences forModule = NbPreferences.forModule(Keyring.class);
            Utils.goMinusR(forModule);
            byte[] byteArray = forModule.getByteArray("salt", null);
            if (byteArray == null) {
                byteArray = new byte[36];
                new SecureRandom().nextBytes(byteArray);
                forModule.putByteArray("salt", byteArray);
            }
            this.PARAM_SPEC = new PBEParameterSpec(byteArray, 20);
            LOG.warning("Falling back to master password encryption; add -J-Dorg.netbeans.modules.keyring.level=0 to netbeans.conf to see why native keyrings could not be loaded");
            return true;
        } catch (Exception e) {
            LOG.log(Level.INFO, "Cannot initialize security using PBEWithSHA1AndDESede", (Throwable) e);
            return false;
        }
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public String id() {
        return "general";
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public byte[] encrypt(char[] cArr) throws Exception {
        if (!unlockIfNecessary()) {
            throw new Exception("cannot unlock");
        }
        try {
            return doEncrypt(cArr);
        } catch (Exception e) {
            this.unlocked = false;
            throw e;
        }
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public char[] decrypt(byte[] bArr) throws Exception {
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        if (!unlockIfNecessary(atomicBoolean)) {
            throw new Exception("cannot unlock");
        }
        try {
            try {
                char[] doDecrypt = doDecrypt(bArr);
                if (atomicBoolean.get()) {
                    try {
                        this.encryptionChanging.call();
                    } catch (Exception e) {
                        LOG.log(Level.FINE, "failed to change encryption", (Throwable) e);
                    }
                }
                return doDecrypt;
            } catch (Exception e2) {
                this.unlocked = false;
                throw e2;
            }
        } catch (Throwable th) {
            if (atomicBoolean.get()) {
                try {
                    this.encryptionChanging.call();
                } catch (Exception e3) {
                    LOG.log(Level.FINE, "failed to change encryption", (Throwable) e3);
                }
            }
            throw th;
        }
    }

    private boolean unlockIfNecessary() {
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        boolean unlockIfNecessary = unlockIfNecessary(atomicBoolean);
        if (atomicBoolean.get()) {
            try {
                this.encryptionChanging.call();
            } catch (Exception e) {
                LOG.log(Level.FINE, "failed to change encryption", (Throwable) e);
            }
        }
        return unlockIfNecessary;
    }

    private boolean unlockIfNecessary(AtomicBoolean atomicBoolean) {
        if (this.unlocked) {
            return true;
        }
        char[][] cArr = (char[][]) Mutex.EVENT.readAccess(new Mutex.Action<char[][]>() { // from class: org.netbeans.modules.keyring.fallback.MasterPasswordEncryption.1
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public char[][] m2run() {
                return new MasterPasswordPanel().display(MasterPasswordEncryption.this.fresh);
            }
        });
        if (cArr == null) {
            LOG.fine("cancelled master password dialog");
            return false;
        }
        try {
            unlock(cArr[0]);
            Arrays.fill(cArr[0], (char) 0);
            if (cArr.length != 2) {
                return true;
            }
            this.newMasterPassword = cArr[1];
            LOG.fine("will set new master password");
            atomicBoolean.set(true);
            return true;
        } catch (Exception e) {
            LOG.log(Level.FINE, "failed to initialize ciphers", (Throwable) e);
            return false;
        }
    }

    void unlock(char[] cArr) throws Exception {
        LOG.fine("switching to new master password");
        SecretKey generateSecret = this.KEY_FACTORY.generateSecret(new PBEKeySpec(cArr));
        this.encrypt.init(1, generateSecret, this.PARAM_SPEC);
        this.decrypt.init(2, generateSecret, this.PARAM_SPEC);
        this.unlocked = true;
    }

    byte[] doEncrypt(char[] cArr) throws Exception {
        if (!$assertionsDisabled && !this.unlocked) {
            throw new AssertionError();
        }
        byte[] chars2Bytes = Utils.chars2Bytes(cArr);
        byte[] doFinal = this.encrypt.doFinal(chars2Bytes);
        Arrays.fill(chars2Bytes, (byte) 0);
        return doFinal;
    }

    char[] doDecrypt(byte[] bArr) throws Exception {
        if (!$assertionsDisabled && !this.unlocked) {
            throw new AssertionError();
        }
        byte[] doFinal = this.decrypt.doFinal(bArr);
        char[] bytes2Chars = Utils.bytes2Chars(doFinal);
        Arrays.fill(doFinal, (byte) 0);
        return bytes2Chars;
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public boolean decryptionFailed() {
        this.unlocked = false;
        return unlockIfNecessary();
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public void encryptionChangingCallback(Callable<Void> callable) {
        this.encryptionChanging = callable;
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public void encryptionChanged() {
        if (!$assertionsDisabled && this.newMasterPassword == null) {
            throw new AssertionError();
        }
        LOG.fine("encryption changed");
        try {
            unlock(this.newMasterPassword);
        } catch (Exception e) {
            LOG.log(Level.FINE, "failed to initialize ciphers", (Throwable) e);
        }
        Arrays.fill(this.newMasterPassword, (char) 0);
        this.newMasterPassword = null;
    }

    @Override // org.netbeans.modules.keyring.spi.EncryptionProvider
    public void freshKeyring(boolean z) {
        this.fresh = z;
    }

    static {
        $assertionsDisabled = !MasterPasswordEncryption.class.desiredAssertionStatus();
        LOG = Logger.getLogger(MasterPasswordEncryption.class.getName());
    }
}
