package org.opends.server.crypto;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.SortedSet;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.opends.admin.ads.ADSContext;
import org.opends.messages.CoreMessages;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.CryptoManagerCfg;
import org.opends.server.api.Backend;
import org.opends.server.backends.TrustStoreBackend;
import org.opends.server.config.ConfigConstants;
import org.opends.server.config.ConfigException;
import org.opends.server.core.AddOperation;
import org.opends.server.core.DirectoryServer;
import org.opends.server.extensions.ExtensionsConstants;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.ldap.ExtendedRequestProtocolOp;
import org.opends.server.protocols.ldap.ExtendedResponseProtocolOp;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.schema.BinarySyntax;
import org.opends.server.schema.DirectoryStringSyntax;
import org.opends.server.schema.IntegerSyntax;
import org.opends.server.tools.LDAPConnection;
import org.opends.server.tools.LDAPConnectionOptions;
import org.opends.server.tools.LDAPReader;
import org.opends.server.tools.ToolConstants;
import org.opends.server.types.Attribute;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.ByteStringFactory;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.CryptoManager;
import org.opends.server.types.CryptoManagerException;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DereferencePolicy;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.Entry;
import org.opends.server.types.IdentifiedException;
import org.opends.server.types.InitializationException;
import org.opends.server.types.Modification;
import org.opends.server.types.ModificationType;
import org.opends.server.types.ObjectClass;
import org.opends.server.types.RDN;
import org.opends.server.types.ResultCode;
import org.opends.server.types.SearchFilter;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
import org.opends.server.util.Base64;
import org.opends.server.util.CertificateManager;
import org.opends.server.util.SelectableCertificateKeyManager;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;
import org.opends.server.util.Validator;

/* loaded from: input_file:org/opends/server/crypto/CryptoManagerImpl.class */
public class CryptoManagerImpl implements ConfigurationChangeListener<CryptoManagerCfg>, CryptoManager {
    private static final DebugTracer TRACER;
    private static AttributeType attrKeyID;
    private static AttributeType attrPublicKeyCertificate;
    private static AttributeType attrTransformation;
    private static AttributeType attrMacAlgorithm;
    private static AttributeType attrSymmetricKey;
    private static AttributeType attrInitVectorLength;
    private static AttributeType attrKeyLength;
    private static AttributeType attrCompromisedTime;
    private static ObjectClass ocCertRequest;
    private static ObjectClass ocInstanceKey;
    private static ObjectClass ocCipherKey;
    private static ObjectClass ocMacKey;
    private static DN localTruststoreDN;
    private static DN instanceKeysDN;
    private static DN secretKeysDN;
    private static DN serversDN;
    private static boolean schemaInitDone;
    private static final SecureRandom secureRandom;
    private static final Random pseudoRandom;
    private static final int CIPHERTEXT_PROLOGUE_VERSION = 1;
    private final Map<KeyEntryID, CipherKeyEntry> cipherKeyEntryCache = new ConcurrentHashMap();
    private final Map<KeyEntryID, MacKeyEntry> macKeyEntryCache = new ConcurrentHashMap();
    private String preferredKeyWrappingTransformation;
    private String preferredDigestAlgorithm;
    private String preferredCipherTransformation;
    private int preferredCipherTransformationKeyLengthBits;
    private String preferredMACAlgorithm;
    private int preferredMACAlgorithmKeyLengthBits;
    private final String sslCertNickname;
    private final boolean sslEncryption;
    private final SortedSet<String> sslProtocols;
    private final SortedSet<String> sslCipherSuites;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/crypto/CryptoManagerImpl$CipherKeyEntry.class */
    public static class CipherKeyEntry extends SecretKeyEntry {
        private final String fType;
        private int fIVLengthBits;

        public static CipherKeyEntry generateKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, int i) throws CryptoManagerException {
            Map map = null == cryptoManagerImpl ? null : cryptoManagerImpl.cipherKeyEntryCache;
            CipherKeyEntry cipherKeyEntry = new CipherKeyEntry(str, i);
            byte[] iv = CryptoManagerImpl.getCipher(cipherKeyEntry, 1, null).getIV();
            cipherKeyEntry.setIVLengthBits(null == iv ? 0 : iv.length * 8);
            if (null != map) {
                publishKeyEntry(cryptoManagerImpl, cipherKeyEntry);
                map.put(cipherKeyEntry.getKeyID(), cipherKeyEntry);
            }
            return cipherKeyEntry;
        }

        private static void publishKeyEntry(CryptoManagerImpl cryptoManagerImpl, CipherKeyEntry cipherKeyEntry) throws CryptoManagerException {
            AttributeValue attributeValue = new AttributeValue(CryptoManagerImpl.attrKeyID, cipherKeyEntry.getKeyID().getStringValue());
            DN concat = CryptoManagerImpl.secretKeysDN.concat(RDN.create(CryptoManagerImpl.attrKeyID, attributeValue));
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(DirectoryServer.getTopObjectClass(), "top");
            linkedHashMap.put(CryptoManagerImpl.ocCipherKey, ConfigConstants.OC_CRYPTO_CIPHER_KEY);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(0);
            LinkedHashMap linkedHashMap3 = new LinkedHashMap();
            LinkedHashSet linkedHashSet = new LinkedHashSet(1);
            linkedHashSet.add(attributeValue);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(new Attribute(CryptoManagerImpl.attrKeyID, CryptoManagerImpl.attrKeyID.getNameOrOID(), linkedHashSet));
            linkedHashMap3.put(CryptoManagerImpl.attrKeyID, arrayList);
            LinkedHashSet linkedHashSet2 = new LinkedHashSet(1);
            linkedHashSet2.add(new AttributeValue(CryptoManagerImpl.attrTransformation, cipherKeyEntry.getType()));
            ArrayList arrayList2 = new ArrayList(1);
            arrayList2.add(new Attribute(CryptoManagerImpl.attrTransformation, CryptoManagerImpl.attrTransformation.getNameOrOID(), linkedHashSet2));
            linkedHashMap3.put(CryptoManagerImpl.attrTransformation, arrayList2);
            LinkedHashSet linkedHashSet3 = new LinkedHashSet(1);
            linkedHashSet3.add(new AttributeValue(CryptoManagerImpl.attrInitVectorLength, String.valueOf(cipherKeyEntry.getIVLengthBits())));
            ArrayList arrayList3 = new ArrayList(1);
            arrayList3.add(new Attribute(CryptoManagerImpl.attrInitVectorLength, CryptoManagerImpl.attrInitVectorLength.getNameOrOID(), linkedHashSet3));
            linkedHashMap3.put(CryptoManagerImpl.attrInitVectorLength, arrayList3);
            LinkedHashSet linkedHashSet4 = new LinkedHashSet(1);
            linkedHashSet4.add(new AttributeValue(CryptoManagerImpl.attrKeyLength, String.valueOf(cipherKeyEntry.getKeyLengthBits())));
            ArrayList arrayList4 = new ArrayList(1);
            arrayList4.add(new Attribute(CryptoManagerImpl.attrKeyLength, CryptoManagerImpl.attrKeyLength.getNameOrOID(), linkedHashSet4));
            linkedHashMap3.put(CryptoManagerImpl.attrKeyLength, arrayList4);
            Map trustedCertificates = cryptoManagerImpl.getTrustedCertificates();
            byte[] instanceKeyCertificateFromLocalTruststore = CryptoManagerImpl.getInstanceKeyCertificateFromLocalTruststore();
            trustedCertificates.put(CryptoManagerImpl.getInstanceKeyID(instanceKeyCertificateFromLocalTruststore), instanceKeyCertificateFromLocalTruststore);
            LinkedHashSet linkedHashSet5 = new LinkedHashSet(trustedCertificates.size());
            for (Map.Entry entry : trustedCertificates.entrySet()) {
                linkedHashSet5.add(new AttributeValue(CryptoManagerImpl.attrSymmetricKey, cryptoManagerImpl.encodeSymmetricKeyAttribute((String) entry.getKey(), (byte[]) entry.getValue(), cipherKeyEntry.getSecretKey())));
                ArrayList arrayList5 = new ArrayList(1);
                arrayList5.add(new Attribute(CryptoManagerImpl.attrSymmetricKey, CryptoManagerImpl.attrSymmetricKey.getNameOrOID(), linkedHashSet5));
                linkedHashMap3.put(CryptoManagerImpl.attrSymmetricKey, arrayList5);
            }
            Entry entry2 = new Entry(concat, linkedHashMap, linkedHashMap3, linkedHashMap2);
            AddOperation processAdd = InternalClientConnection.getRootConnection().processAdd(entry2);
            if (processAdd.getResultCode() != ResultCode.SUCCESS) {
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_SYMMETRIC_KEY_ENTRY_ADD_FAILED.get(entry2.getDN().toString(), processAdd.getErrorMessage()));
            }
        }

        public static CipherKeyEntry importCipherKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, String str2, SecretKey secretKey, int i, int i2, boolean z) throws CryptoManagerException {
            Validator.ensureNotNull(str, str2, secretKey);
            Validator.ensureTrue(0 <= i2);
            KeyEntryID keyEntryID = new KeyEntryID(str);
            CipherKeyEntry keyEntry = getKeyEntry(cryptoManagerImpl, keyEntryID);
            if (null != keyEntry) {
                if (!keyEntry.getType().equals(str2) || keyEntry.getKeyLengthBits() != i || keyEntry.getIVLengthBits() != i2) {
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FIELD_MISMATCH.get(str));
                }
                if (z && !keyEntry.isCompromised()) {
                    keyEntry.setIsCompromised();
                }
                return keyEntry;
            }
            CipherKeyEntry cipherKeyEntry = new CipherKeyEntry(keyEntryID, str2, secretKey, i, i2, z);
            byte[] bArr = null;
            if (0 < i2) {
                bArr = new byte[i2 / 8];
                CryptoManagerImpl.pseudoRandom.nextBytes(bArr);
            }
            CryptoManagerImpl.getCipher(cipherKeyEntry, 2, bArr);
            cryptoManagerImpl.cipherKeyEntryCache.put(cipherKeyEntry.getKeyID(), cipherKeyEntry);
            return cipherKeyEntry;
        }

        public static CipherKeyEntry getKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, int i) {
            Validator.ensureNotNull(cryptoManagerImpl, str);
            Validator.ensureTrue(0 < i);
            CipherKeyEntry cipherKeyEntry = null;
            Iterator it = cryptoManagerImpl.cipherKeyEntryCache.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CipherKeyEntry cipherKeyEntry2 = (CipherKeyEntry) ((Map.Entry) it.next()).getValue();
                if (!cipherKeyEntry2.isCompromised() && cipherKeyEntry2.getType().equals(str) && cipherKeyEntry2.getKeyLengthBits() == i) {
                    cipherKeyEntry = cipherKeyEntry2;
                    break;
                }
            }
            return cipherKeyEntry;
        }

        public static CipherKeyEntry getKeyEntry(CryptoManagerImpl cryptoManagerImpl, KeyEntryID keyEntryID) {
            return (CipherKeyEntry) cryptoManagerImpl.cipherKeyEntryCache.get(keyEntryID);
        }

        private static String keyAlgorithmFromTransformation(String str) {
            int indexOf = str.indexOf(47);
            return 0 < indexOf ? str.substring(0, indexOf) : str;
        }

        private CipherKeyEntry(String str, int i) throws CryptoManagerException {
            super(keyAlgorithmFromTransformation(str), i);
            this.fIVLengthBits = -1;
            this.fType = str;
            this.fIVLengthBits = -1;
        }

        private CipherKeyEntry(KeyEntryID keyEntryID, String str, SecretKey secretKey, int i, int i2, boolean z) throws CryptoManagerException {
            super(keyEntryID, secretKey, i, z);
            this.fIVLengthBits = -1;
            this.fType = str;
            this.fIVLengthBits = i2;
        }

        public String getType() {
            return this.fType;
        }

        private void setIVLengthBits(int i) {
            Validator.ensureTrue(-1 == this.fIVLengthBits && 0 <= i);
            this.fIVLengthBits = i;
        }

        public int getIVLengthBits() {
            return this.fIVLengthBits;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/crypto/CryptoManagerImpl$KeyEntryID.class */
    public static class KeyEntryID {
        private final UUID fValue;

        public KeyEntryID() {
            this.fValue = UUID.randomUUID();
        }

        public KeyEntryID(byte[] bArr) {
            Validator.ensureTrue(getByteValueLength() == bArr.length);
            long j = 0;
            long j2 = 0;
            for (int i = 0; i < 8; i++) {
                j = (j << 8) | (bArr[i] & 255);
                j2 = (j2 << 8) | (bArr[8 + i] & 255);
            }
            this.fValue = new UUID(j, j2);
        }

        public KeyEntryID(String str) throws CryptoManagerException {
            try {
                this.fValue = UUID.fromString(str);
            } catch (IllegalArgumentException e) {
                if (DebugLogger.debugEnabled()) {
                    CryptoManagerImpl.TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_INVALID_KEY_IDENTIFIER_SYNTAX.get(str, StaticUtils.getExceptionMessage(e)), e);
            }
        }

        public KeyEntryID(KeyEntryID keyEntryID) {
            this.fValue = new UUID(keyEntryID.fValue.getMostSignificantBits(), keyEntryID.fValue.getLeastSignificantBits());
        }

        public byte[] getByteValue() {
            byte[] bArr = new byte[16];
            long mostSignificantBits = this.fValue.getMostSignificantBits();
            long leastSignificantBits = this.fValue.getLeastSignificantBits();
            for (int i = 7; i >= 0; i--) {
                bArr[i] = (byte) mostSignificantBits;
                mostSignificantBits >>>= 8;
                bArr[8 + i] = (byte) leastSignificantBits;
                leastSignificantBits >>>= 8;
            }
            return bArr;
        }

        public String getStringValue() {
            return this.fValue.toString();
        }

        public static int getByteValueLength() {
            return 16;
        }

        public boolean equals(Object obj) {
            return (obj instanceof KeyEntryID) && this.fValue.equals(((KeyEntryID) obj).fValue);
        }

        public int hashCode() {
            return this.fValue.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/crypto/CryptoManagerImpl$MacKeyEntry.class */
    public static class MacKeyEntry extends SecretKeyEntry {
        private final String fType;

        public static MacKeyEntry generateKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, int i) throws CryptoManagerException {
            Validator.ensureNotNull(str);
            Map map = null == cryptoManagerImpl ? null : cryptoManagerImpl.macKeyEntryCache;
            MacKeyEntry macKeyEntry = new MacKeyEntry(str, i);
            CryptoManagerImpl.getMacEngine(macKeyEntry);
            if (null != map) {
                publishKeyEntry(cryptoManagerImpl, macKeyEntry);
                map.put(macKeyEntry.getKeyID(), macKeyEntry);
            }
            return macKeyEntry;
        }

        private static void publishKeyEntry(CryptoManagerImpl cryptoManagerImpl, MacKeyEntry macKeyEntry) throws CryptoManagerException {
            AttributeValue attributeValue = new AttributeValue(CryptoManagerImpl.attrKeyID, macKeyEntry.getKeyID().getStringValue());
            DN concat = CryptoManagerImpl.secretKeysDN.concat(RDN.create(CryptoManagerImpl.attrKeyID, attributeValue));
            LinkedHashMap linkedHashMap = new LinkedHashMap(2);
            linkedHashMap.put(DirectoryServer.getTopObjectClass(), "top");
            linkedHashMap.put(CryptoManagerImpl.ocMacKey, ConfigConstants.OC_CRYPTO_MAC_KEY);
            LinkedHashMap linkedHashMap2 = new LinkedHashMap(0);
            LinkedHashMap linkedHashMap3 = new LinkedHashMap();
            LinkedHashSet linkedHashSet = new LinkedHashSet(1);
            linkedHashSet.add(attributeValue);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(new Attribute(CryptoManagerImpl.attrKeyID, CryptoManagerImpl.attrKeyID.getNameOrOID(), linkedHashSet));
            linkedHashMap3.put(CryptoManagerImpl.attrKeyID, arrayList);
            LinkedHashSet linkedHashSet2 = new LinkedHashSet(1);
            linkedHashSet2.add(new AttributeValue(CryptoManagerImpl.attrMacAlgorithm, macKeyEntry.getType()));
            ArrayList arrayList2 = new ArrayList(1);
            arrayList2.add(new Attribute(CryptoManagerImpl.attrMacAlgorithm, CryptoManagerImpl.attrMacAlgorithm.getNameOrOID(), linkedHashSet2));
            linkedHashMap3.put(CryptoManagerImpl.attrMacAlgorithm, arrayList2);
            LinkedHashSet linkedHashSet3 = new LinkedHashSet(1);
            linkedHashSet3.add(new AttributeValue(CryptoManagerImpl.attrKeyLength, String.valueOf(macKeyEntry.getKeyLengthBits())));
            ArrayList arrayList3 = new ArrayList(1);
            arrayList3.add(new Attribute(CryptoManagerImpl.attrKeyLength, CryptoManagerImpl.attrKeyLength.getNameOrOID(), linkedHashSet3));
            linkedHashMap3.put(CryptoManagerImpl.attrKeyLength, arrayList3);
            Map trustedCertificates = cryptoManagerImpl.getTrustedCertificates();
            byte[] instanceKeyCertificateFromLocalTruststore = CryptoManagerImpl.getInstanceKeyCertificateFromLocalTruststore();
            trustedCertificates.put(CryptoManagerImpl.getInstanceKeyID(instanceKeyCertificateFromLocalTruststore), instanceKeyCertificateFromLocalTruststore);
            LinkedHashSet linkedHashSet4 = new LinkedHashSet(trustedCertificates.size());
            for (Map.Entry entry : trustedCertificates.entrySet()) {
                linkedHashSet4.add(new AttributeValue(CryptoManagerImpl.attrSymmetricKey, cryptoManagerImpl.encodeSymmetricKeyAttribute((String) entry.getKey(), (byte[]) entry.getValue(), macKeyEntry.getSecretKey())));
                ArrayList arrayList4 = new ArrayList(1);
                arrayList4.add(new Attribute(CryptoManagerImpl.attrSymmetricKey, CryptoManagerImpl.attrSymmetricKey.getNameOrOID(), linkedHashSet4));
                linkedHashMap3.put(CryptoManagerImpl.attrSymmetricKey, arrayList4);
            }
            Entry entry2 = new Entry(concat, linkedHashMap, linkedHashMap3, linkedHashMap2);
            AddOperation processAdd = InternalClientConnection.getRootConnection().processAdd(entry2);
            if (processAdd.getResultCode() != ResultCode.SUCCESS) {
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_SYMMETRIC_KEY_ENTRY_ADD_FAILED.get(entry2.getDN().toString(), processAdd.getErrorMessage()));
            }
        }

        public static MacKeyEntry importMacKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, String str2, SecretKey secretKey, int i, boolean z) throws CryptoManagerException {
            Validator.ensureNotNull(str, secretKey);
            KeyEntryID keyEntryID = new KeyEntryID(str);
            MacKeyEntry keyEntry = getKeyEntry(cryptoManagerImpl, keyEntryID);
            if (null == keyEntry) {
                MacKeyEntry macKeyEntry = new MacKeyEntry(keyEntryID, str2, secretKey, i, z);
                CryptoManagerImpl.getMacEngine(macKeyEntry);
                cryptoManagerImpl.macKeyEntryCache.put(macKeyEntry.getKeyID(), macKeyEntry);
                return macKeyEntry;
            }
            if (!keyEntry.getType().equals(str2) || keyEntry.getKeyLengthBits() != i) {
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FIELD_MISMATCH.get(str));
            }
            if (z && !keyEntry.isCompromised()) {
                keyEntry.setIsCompromised();
            }
            return keyEntry;
        }

        public static MacKeyEntry getKeyEntry(CryptoManagerImpl cryptoManagerImpl, String str, int i) {
            Validator.ensureNotNull(cryptoManagerImpl, str);
            Validator.ensureTrue(0 < i);
            MacKeyEntry macKeyEntry = null;
            Iterator it = cryptoManagerImpl.macKeyEntryCache.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                MacKeyEntry macKeyEntry2 = (MacKeyEntry) ((Map.Entry) it.next()).getValue();
                if (!macKeyEntry2.isCompromised() && macKeyEntry2.getType().equals(str) && macKeyEntry2.getKeyLengthBits() == i) {
                    macKeyEntry = macKeyEntry2;
                    break;
                }
            }
            return macKeyEntry;
        }

        public static MacKeyEntry getKeyEntry(CryptoManagerImpl cryptoManagerImpl, KeyEntryID keyEntryID) {
            return (MacKeyEntry) cryptoManagerImpl.macKeyEntryCache.get(keyEntryID);
        }

        private MacKeyEntry(String str, int i) throws CryptoManagerException {
            super(str, i);
            this.fType = str;
        }

        private MacKeyEntry(KeyEntryID keyEntryID, String str, SecretKey secretKey, int i, boolean z) {
            super(keyEntryID, secretKey, i, z);
            this.fType = str;
        }

        public String getType() {
            return this.fType;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opends/server/crypto/CryptoManagerImpl$SecretKeyEntry.class */
    public static class SecretKeyEntry {
        private final KeyEntryID fKeyID;
        private final SecretKey fSecretKey;
        private final int fKeyLengthBits;
        private boolean fIsCompromised;

        public SecretKeyEntry(String str, int i) throws CryptoManagerException {
            this.fIsCompromised = false;
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
                keyGenerator.init(i, CryptoManagerImpl.secureRandom);
                byte[] encoded = keyGenerator.generateKey().getEncoded();
                this.fKeyID = new KeyEntryID();
                this.fSecretKey = new SecretKeySpec(encoded, str);
                this.fKeyLengthBits = i;
                this.fIsCompromised = false;
            } catch (NoSuchAlgorithmException e) {
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_INVALID_SYMMETRIC_KEY_ALGORITHM.get(str, StaticUtils.getExceptionMessage(e)), e);
            }
        }

        public SecretKeyEntry(KeyEntryID keyEntryID, SecretKey secretKey, int i, boolean z) {
            this.fIsCompromised = false;
            this.fKeyID = new KeyEntryID(keyEntryID);
            this.fSecretKey = secretKey;
            this.fKeyLengthBits = i;
            this.fIsCompromised = z;
        }

        public KeyEntryID getKeyID() {
            return this.fKeyID;
        }

        public SecretKey getSecretKey() {
            return this.fSecretKey;
        }

        public void setIsCompromised() {
            this.fIsCompromised = true;
        }

        public int getKeyLengthBits() {
            return this.fKeyLengthBits;
        }

        public boolean isCompromised() {
            return this.fIsCompromised;
        }
    }

    public CryptoManagerImpl(CryptoManagerCfg cryptoManagerCfg) throws ConfigException, InitializationException {
        if (!schemaInitDone) {
            attrKeyID = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_ID);
            attrPublicKeyCertificate = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_PUBLIC_KEY_CERTIFICATE);
            attrTransformation = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME);
            attrMacAlgorithm = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_MAC_ALGORITHM_NAME);
            attrSymmetricKey = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
            attrInitVectorLength = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_INIT_VECTOR_LENGTH_BITS);
            attrKeyLength = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS);
            attrCompromisedTime = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME);
            ocCertRequest = DirectoryServer.getObjectClass(ConfigConstants.OC_SELF_SIGNED_CERT_REQUEST);
            ocInstanceKey = DirectoryServer.getObjectClass(ConfigConstants.OC_CRYPTO_INSTANCE_KEY);
            ocCipherKey = DirectoryServer.getObjectClass(ConfigConstants.OC_CRYPTO_CIPHER_KEY);
            ocMacKey = DirectoryServer.getObjectClass(ConfigConstants.OC_CRYPTO_MAC_KEY);
            try {
                localTruststoreDN = DN.decode(ConfigConstants.DN_TRUST_STORE_ROOT);
                DN decode = DN.decode(ADSContext.getAdministrationSuffixDN());
                instanceKeysDN = decode.concat(DN.decode("cn=instance keys"));
                secretKeysDN = decode.concat(DN.decode("cn=secret keys"));
                serversDN = decode.concat(DN.decode("cn=Servers"));
                schemaInitDone = true;
            } catch (DirectoryException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new InitializationException(e.getMessageObject());
            }
        }
        LinkedList linkedList = new LinkedList();
        if (!isConfigurationChangeAcceptable2(cryptoManagerCfg, (List<Message>) linkedList)) {
            throw new InitializationException(linkedList.get(0));
        }
        applyConfigurationChange(cryptoManagerCfg);
        this.sslCertNickname = cryptoManagerCfg.getSSLCertNickname();
        this.sslEncryption = cryptoManagerCfg.isSSLEncryption();
        this.sslProtocols = cryptoManagerCfg.getSSLProtocol();
        this.sslCipherSuites = cryptoManagerCfg.getSSLCipherSuite();
        cryptoManagerCfg.addChangeListener(this);
    }

    /* renamed from: isConfigurationChangeAcceptable, reason: avoid collision after fix types in other method */
    public boolean isConfigurationChangeAcceptable2(CryptoManagerCfg cryptoManagerCfg, List<Message> list) {
        boolean z = true;
        String digestAlgorithm = cryptoManagerCfg.getDigestAlgorithm();
        if (!digestAlgorithm.equals(this.preferredDigestAlgorithm)) {
            try {
                MessageDigest.getInstance(digestAlgorithm);
            } catch (Exception e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                list.add(CoreMessages.ERR_CRYPTOMGR_CANNOT_GET_REQUESTED_DIGEST.get(digestAlgorithm, StaticUtils.getExceptionMessage(e)));
                z = false;
            }
        }
        String cipherTransformation = cryptoManagerCfg.getCipherTransformation();
        Integer valueOf = Integer.valueOf(cryptoManagerCfg.getCipherKeyLength());
        if (!cipherTransformation.equals(this.preferredCipherTransformation) || valueOf.intValue() != this.preferredCipherTransformationKeyLengthBits) {
            if (3 != cipherTransformation.split("/", 0).length) {
                list.add(CoreMessages.ERR_CRYPTOMGR_FULL_CIPHER_TRANSFORMATION_REQUIRED.get(cipherTransformation));
                z = false;
            } else {
                try {
                    CipherKeyEntry.generateKeyEntry(null, cipherTransformation, valueOf.intValue());
                } catch (Exception e2) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                    }
                    list.add(CoreMessages.ERR_CRYPTOMGR_CANNOT_GET_REQUESTED_ENCRYPTION_CIPHER.get(cipherTransformation, StaticUtils.getExceptionMessage(e2)));
                    z = false;
                }
            }
        }
        String macAlgorithm = cryptoManagerCfg.getMacAlgorithm();
        Integer valueOf2 = Integer.valueOf(cryptoManagerCfg.getMacKeyLength());
        if (!macAlgorithm.equals(this.preferredMACAlgorithm) || valueOf2.intValue() != this.preferredMACAlgorithmKeyLengthBits) {
            try {
                MacKeyEntry.generateKeyEntry(null, macAlgorithm, valueOf2.intValue());
            } catch (Exception e3) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                }
                list.add(CoreMessages.ERR_CRYPTOMGR_CANNOT_GET_REQUESTED_MAC_ENGINE.get(macAlgorithm, StaticUtils.getExceptionMessage(e3)));
                z = false;
            }
        }
        String keyWrappingTransformation = cryptoManagerCfg.getKeyWrappingTransformation();
        if (!keyWrappingTransformation.equals(this.preferredKeyWrappingTransformation)) {
            if (3 != keyWrappingTransformation.split("/", 0).length) {
                list.add(CoreMessages.ERR_CRYPTOMGR_FULL_KEY_WRAPPING_TRANSFORMATION_REQUIRED.get(keyWrappingTransformation));
                z = false;
            } else {
                try {
                    byte[] decode = Base64.decode("MIIB2jCCAUMCBEb7wpYwDQYJKoZIhvcNAQEEBQAwNDEbMBkGA1UEChMST3BlbkRTIENlcnRpZmljYXRlMRUwEwYDVQQDEwwxMC4wLjI0OC4yNTEwHhcNMDcwOTI3MTQ0NzUwWhcNMjcwOTIyMTQ0NzUwWjA0MRswGQYDVQQKExJPcGVuRFMgQ2VydGlmaWNhdGUxFTATBgNVBAMTDDEwLjAuMjQ4LjI1MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnIm6ELyuNVbpaacBQ7fzHlHMmQO/CYJb2gPTdb9n1HLOBqh2lmLLHvt2SgBeN5TSa1PAHW8zJy9LDhpWKZvsUOIdQD8Ula/0d/jvMEByEj/hr00P6yqgLXk+EudPgOkFXHA+IfkkOSghMooWc/L8HnD1REdqeZuxp+ARNU+cc/ECAwEAATANBgkqhkiG9w0BAQQFAAOBgQBemyCUjucN34MZwvzbmFHT/leUu3/cpykbGM9HL2QUX7iKvv2LJVqexhj7CLoXxZPoNL+HHKW0vi5/7W5KwOZsPqKI2SdYV7nDqTZklm5ZP0gmIuNO6mTqBRtC2DlplX1Iq+BrQJAmteiPtwhdZD+EIghe51CaseImjlLlY2ZK8w==");
                    encodeSymmetricKeyAttribute(keyWrappingTransformation, getInstanceKeyID(decode), decode, MacKeyEntry.generateKeyEntry(null, macAlgorithm, valueOf2.intValue()).getSecretKey());
                } catch (Exception e4) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e4);
                    }
                    list.add(CoreMessages.ERR_CRYPTOMGR_CANNOT_GET_PREFERRED_KEY_WRAPPING_CIPHER.get(StaticUtils.getExceptionMessage(e4)));
                    z = false;
                }
            }
        }
        return z;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public ConfigChangeResult applyConfigurationChange(CryptoManagerCfg cryptoManagerCfg) {
        ResultCode resultCode = ResultCode.SUCCESS;
        ArrayList arrayList = new ArrayList();
        this.preferredDigestAlgorithm = cryptoManagerCfg.getDigestAlgorithm();
        this.preferredMACAlgorithm = cryptoManagerCfg.getMacAlgorithm();
        this.preferredMACAlgorithmKeyLengthBits = cryptoManagerCfg.getMacKeyLength();
        this.preferredCipherTransformation = cryptoManagerCfg.getCipherTransformation();
        this.preferredCipherTransformationKeyLengthBits = cryptoManagerCfg.getCipherKeyLength();
        this.preferredKeyWrappingTransformation = cryptoManagerCfg.getKeyWrappingTransformation();
        return new ConfigChangeResult(resultCode, false, arrayList);
    }

    private TrustStoreBackend getTrustStoreBackend() throws ConfigException {
        Backend backend = DirectoryServer.getBackend(ConfigConstants.ID_ADS_TRUST_STORE_BACKEND);
        if (backend == null) {
            throw new ConfigException(CoreMessages.ERR_CRYPTOMGR_ADS_TRUST_STORE_BACKEND_NOT_ENABLED.get(ConfigConstants.ID_ADS_TRUST_STORE_BACKEND));
        }
        if (backend instanceof TrustStoreBackend) {
            return (TrustStoreBackend) backend;
        }
        throw new ConfigException(CoreMessages.ERR_CRYPTOMGR_ADS_TRUST_STORE_BACKEND_WRONG_CLASS.get(ConfigConstants.ID_ADS_TRUST_STORE_BACKEND));
    }

    static byte[] getInstanceKeyCertificateFromLocalTruststore() throws CryptoManagerException {
        DN concat = localTruststoreDN.concat(RDN.create(attrKeyID, new AttributeValue(attrKeyID, ConfigConstants.ADS_CERTIFICATE_ALIAS)));
        String str = "(objectclass=" + ocInstanceKey.getNameOrOID() + ")";
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet<>();
        linkedHashSet.add(attrPublicKeyCertificate.getNameOrOID() + ";binary");
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        byte[] bArr = null;
        loop0: for (int i = 0; i < 2; i++) {
            try {
                try {
                    Iterator<SearchResultEntry> it = rootConnection.processSearch(concat, SearchScope.BASE_OBJECT, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString(str), linkedHashSet).getSearchEntries().iterator();
                    while (it.hasNext()) {
                        bArr = (byte[]) it.next().getAttributeValue(attrPublicKeyCertificate, BinarySyntax.DECODER);
                    }
                    break loop0;
                } catch (DirectoryException e) {
                    if (0 != i || ResultCode.NO_SUCH_OBJECT != e.getResultCode()) {
                        throw e;
                    }
                    Entry entry = new Entry(concat, null, null, null);
                    entry.addObjectClass(DirectoryServer.getTopObjectClass());
                    entry.addObjectClass(ocCertRequest);
                    AddOperation processAdd = rootConnection.processAdd(entry.getDN(), entry.getObjectClasses(), entry.getUserAttributes(), entry.getOperationalAttributes());
                    if (ResultCode.SUCCESS != processAdd.getResultCode()) {
                        throw new DirectoryException(processAdd.getResultCode(), CoreMessages.ERR_CRYPTOMGR_FAILED_TO_INITIATE_INSTANCE_KEY_GENERATION.get(entry.getDN().toString()));
                    }
                }
            } catch (DirectoryException e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_FAILED_TO_RETRIEVE_INSTANCE_CERTIFICATE.get(concat.toString(), StaticUtils.getExceptionMessage(e2)), e2);
            }
        }
        return bArr;
    }

    String getInstanceKeyID() throws CryptoManagerException {
        return getInstanceKeyID(getInstanceKeyCertificateFromLocalTruststore());
    }

    public static String getInstanceKeyID(byte[] bArr) throws CryptoManagerException {
        try {
            return StaticUtils.bytesToHexNoSpace(MessageDigest.getInstance("MD5").digest(bArr));
        } catch (NoSuchAlgorithmException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_FAILED_TO_COMPUTE_INSTANCE_KEY_IDENTIFIER.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void publishInstanceKeyEntryInADS() throws CryptoManagerException {
        byte[] instanceKeyCertificateFromLocalTruststore = getInstanceKeyCertificateFromLocalTruststore();
        AttributeValue attributeValue = new AttributeValue(attrKeyID, getInstanceKeyID(instanceKeyCertificateFromLocalTruststore));
        DN concat = instanceKeysDN.concat(RDN.create(attrKeyID, attributeValue));
        String str = "(objectclass=" + ocInstanceKey.getNameOrOID() + ")";
        LinkedHashSet<String> linkedHashSet = new LinkedHashSet<>();
        linkedHashSet.add("dn");
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        try {
            if (0 == rootConnection.processSearch(concat, SearchScope.BASE_OBJECT, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString(str), linkedHashSet).getSearchEntries().size()) {
                Entry entry = new Entry(concat, null, null, null);
                entry.addObjectClass(DirectoryServer.getTopObjectClass());
                entry.addObjectClass(ocInstanceKey);
                LinkedHashSet linkedHashSet2 = new LinkedHashSet(1);
                linkedHashSet2.add(attributeValue);
                entry.addAttribute(new Attribute(attrKeyID, attrKeyID.getNameOrOID(), linkedHashSet2), new ArrayList(0));
                LinkedHashSet linkedHashSet3 = new LinkedHashSet(1);
                linkedHashSet3.add(new AttributeValue(attrPublicKeyCertificate, ByteStringFactory.create(instanceKeyCertificateFromLocalTruststore)));
                LinkedHashSet linkedHashSet4 = new LinkedHashSet(1);
                linkedHashSet4.add("binary");
                entry.addAttribute(new Attribute(attrPublicKeyCertificate, attrPublicKeyCertificate.getNameOrOID(), linkedHashSet4, linkedHashSet3), new ArrayList(0));
                AddOperation processAdd = rootConnection.processAdd(entry.getDN(), entry.getObjectClasses(), entry.getUserAttributes(), entry.getOperationalAttributes());
                if (ResultCode.SUCCESS != processAdd.getResultCode()) {
                    throw new DirectoryException(processAdd.getResultCode(), CoreMessages.ERR_CRYPTOMGR_FAILED_TO_ADD_INSTANCE_KEY_ENTRY_TO_ADS.get(entry.getDN().toString()));
                }
            }
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_FAILED_TO_PUBLISH_INSTANCE_KEY_ENTRY.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Map<String, byte[]> getTrustedCertificates() throws CryptoManagerException {
        HashMap hashMap = new HashMap();
        try {
            String str = "(&" + ("(objectclass=" + ocInstanceKey.getNameOrOID() + ")") + ("(!(" + attrCompromisedTime.getNameOrOID() + "=*))") + ")";
            LinkedHashSet<String> linkedHashSet = new LinkedHashSet<>();
            linkedHashSet.add(attrKeyID.getNameOrOID());
            linkedHashSet.add(attrPublicKeyCertificate.getNameOrOID() + ";binary");
            Iterator<SearchResultEntry> it = InternalClientConnection.getRootConnection().processSearch(instanceKeysDN, SearchScope.SINGLE_LEVEL, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString(str), linkedHashSet).getSearchEntries().iterator();
            while (it.hasNext()) {
                SearchResultEntry next = it.next();
                hashMap.put((String) next.getAttributeValue(attrKeyID, DirectoryStringSyntax.DECODER), (byte[]) next.getAttributeValue(attrPublicKeyCertificate, BinarySyntax.DECODER));
            }
            return hashMap;
        } catch (DirectoryException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_FAILED_TO_RETRIEVE_ADS_TRUSTSTORE_CERTS.get(instanceKeysDN.toString(), StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String encodeSymmetricKeyAttribute(String str, byte[] bArr, SecretKey secretKey) throws CryptoManagerException {
        return encodeSymmetricKeyAttribute(this.preferredKeyWrappingTransformation, str, bArr, secretKey);
    }

    private String encodeSymmetricKeyAttribute(String str, String str2, byte[] bArr, SecretKey secretKey) throws CryptoManagerException {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(3, generateCertificate);
            return str2 + ToolConstants.LIST_TABLE_SEPARATOR + str + ToolConstants.LIST_TABLE_SEPARATOR + secretKey.getAlgorithm() + ToolConstants.LIST_TABLE_SEPARATOR + StaticUtils.bytesToHexNoSpace(cipher.wrap(secretKey));
        } catch (GeneralSecurityException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_FAILED_TO_ENCODE_SYMMETRIC_KEY_ATTRIBUTE.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    private SecretKey decodeSymmetricKeyAttribute(String str) throws CryptoManagerException {
        String[] split = str.split(ToolConstants.LIST_TABLE_SEPARATOR, 0);
        if (4 != split.length) {
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECODE_SYMMETRIC_KEY_ATTRIBUTE_FIELD_COUNT.get(str));
        }
        CharSequence charSequence = null;
        try {
            String str2 = split[0];
            String str3 = split[1];
            String str4 = split[2];
            charSequence = "wrapped key data";
            byte[] hexStringToByteArray = StaticUtils.hexStringToByteArray(split[3]);
            if (!str2.equals(getInstanceKeyID())) {
                return null;
            }
            try {
                PrivateKey privateKey = (PrivateKey) getTrustStoreBackend().getKey(ConfigConstants.ADS_CERTIFICATE_ALIAS);
                try {
                    Cipher cipher = Cipher.getInstance(str3);
                    cipher.init(4, privateKey);
                    return (SecretKey) cipher.unwrap(hexStringToByteArray, str4, 3);
                } catch (GeneralSecurityException e) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e);
                    }
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECODE_SYMMETRIC_KEY_ATTRIBUTE_DECIPHER.get(StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (IdentifiedException e2) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECODE_SYMMETRIC_KEY_ATTRIBUTE_NO_PRIVATE.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (ParseException e3) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e3);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECODE_SYMMETRIC_KEY_ATTRIBUTE_SYNTAX.get(str, charSequence, Integer.valueOf(e3.getErrorOffset())), e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String reencodeSymmetricKeyAttribute(String str, String str2) throws CryptoManagerException {
        SecretKey decodeSymmetricKeyAttribute = decodeSymmetricKeyAttribute(str);
        Map<String, byte[]> trustedCertificates = getTrustedCertificates();
        if (!trustedCertificates.containsKey(str2) || null == trustedCertificates.get(str2)) {
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_REWRAP_SYMMETRIC_KEY_ATTRIBUTE_NO_WRAPPER.get(str2));
        }
        return encodeSymmetricKeyAttribute(this.preferredKeyWrappingTransformation, str2, trustedCertificates.get(str2), decodeSymmetricKeyAttribute);
    }

    private String getSymmetricKey(List<String> list) {
        InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
        for (String str : list) {
            try {
                InternalSearchOperation processSearch = rootConnection.processSearch(serversDN, SearchScope.SUBORDINATE_SUBTREE, SearchFilter.createFilterFromString("(ds-cfg-key-id=" + str.split(ToolConstants.LIST_TABLE_SEPARATOR, 0)[0] + ")"));
                if (processSearch.getResultCode() == ResultCode.SUCCESS) {
                    Iterator<SearchResultEntry> it = processSearch.getSearchEntries().iterator();
                    while (it.hasNext()) {
                        SearchResultEntry next = it.next();
                        String str2 = (String) next.getAttributeValue(DirectoryServer.getAttributeType(ToolConstants.OPTION_LONG_HOST, true), DirectoryStringSyntax.DECODER);
                        Integer num = (Integer) next.getAttributeValue(DirectoryServer.getAttributeType("ldapport", true), IntegerSyntax.DECODER);
                        AtomicInteger atomicInteger = new AtomicInteger(1);
                        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
                        PrintStream printStream = new PrintStream(new OutputStream() { // from class: org.opends.server.crypto.CryptoManagerImpl.1
                            @Override // java.io.OutputStream
                            public void write(int i) {
                            }
                        });
                        LDAPConnection lDAPConnection = new LDAPConnection(str2, num.intValue(), lDAPConnectionOptions, printStream, printStream);
                        lDAPConnection.connectToHost(null, null, atomicInteger);
                        try {
                            LDAPReader lDAPReader = lDAPConnection.getLDAPReader();
                            lDAPConnection.getLDAPWriter().writeMessage(new LDAPMessage(atomicInteger.getAndIncrement(), new ExtendedRequestProtocolOp(ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, GetSymmetricKeyExtendedOperation.encodeRequestValue(str, getInstanceKeyID())), new ArrayList()));
                            ExtendedResponseProtocolOp extendedResponseProtocolOp = lDAPReader.readMessage().getExtendedResponseProtocolOp();
                            if (extendedResponseProtocolOp.getResultCode() == 0) {
                                return extendedResponseProtocolOp.getValue().stringValue();
                            }
                            lDAPConnection.close(atomicInteger);
                        } finally {
                            lDAPConnection.close(atomicInteger);
                        }
                    }
                }
            } catch (Exception e) {
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void importCipherKeyEntry(Entry entry) throws CryptoManagerException {
        if (entry.hasObjectClass(ocCipherKey)) {
            try {
                String str = (String) entry.getAttributeValue(attrKeyID, DirectoryStringSyntax.DECODER);
                int intValue = ((Integer) entry.getAttributeValue(attrInitVectorLength, IntegerSyntax.DECODER)).intValue();
                int intValue2 = ((Integer) entry.getAttributeValue(attrKeyLength, IntegerSyntax.DECODER)).intValue();
                String str2 = (String) entry.getAttributeValue(attrTransformation, DirectoryStringSyntax.DECODER);
                boolean z = ((String) entry.getAttributeValue(attrCompromisedTime, DirectoryStringSyntax.DECODER)) != null;
                ArrayList arrayList = new ArrayList();
                entry.getAttributeValues(attrSymmetricKey, DirectoryStringSyntax.DECODER, arrayList);
                SecretKey secretKey = null;
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    secretKey = decodeSymmetricKeyAttribute((String) it.next());
                    if (secretKey != null) {
                        break;
                    }
                }
                if (null != secretKey) {
                    CipherKeyEntry.importCipherKeyEntry(this, str, str2, secretKey, intValue2, intValue, z);
                    return;
                }
                String symmetricKey = getSymmetricKey(arrayList);
                if (symmetricKey == null) {
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_DECODE.get(entry.getDN().toString()));
                }
                CipherKeyEntry.importCipherKeyEntry(this, str, str2, decodeSymmetricKeyAttribute(symmetricKey), intValue2, intValue, z);
                InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(new Modification(ModificationType.ADD, new Attribute(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY, symmetricKey), false));
                if (rootConnection.processModify(entry.getDN(), arrayList2).getResultCode() != ResultCode.SUCCESS) {
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_ADD_KEY.get(entry.getDN().toString()));
                }
            } catch (DirectoryException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_OTHER.get(entry.getDN().toString(), e.getMessage()), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void importMacKeyEntry(Entry entry) throws CryptoManagerException {
        if (entry.hasObjectClass(ocMacKey)) {
            try {
                String str = (String) entry.getAttributeValue(attrKeyID, DirectoryStringSyntax.DECODER);
                int intValue = ((Integer) entry.getAttributeValue(attrKeyLength, IntegerSyntax.DECODER)).intValue();
                String str2 = (String) entry.getAttributeValue(attrMacAlgorithm, DirectoryStringSyntax.DECODER);
                boolean z = ((String) entry.getAttributeValue(attrCompromisedTime, DirectoryStringSyntax.DECODER)) != null;
                ArrayList arrayList = new ArrayList();
                entry.getAttributeValues(attrSymmetricKey, DirectoryStringSyntax.DECODER, arrayList);
                SecretKey secretKey = null;
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    secretKey = decodeSymmetricKeyAttribute((String) it.next());
                    if (secretKey != null) {
                        break;
                    }
                }
                if (secretKey == null) {
                    String symmetricKey = getSymmetricKey(arrayList);
                    if (symmetricKey == null) {
                        throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_DECODE.get(entry.getDN().toString()));
                    }
                    MacKeyEntry.importMacKeyEntry(this, str, str2, decodeSymmetricKeyAttribute(symmetricKey), intValue, z);
                    InternalClientConnection rootConnection = InternalClientConnection.getRootConnection();
                    ArrayList arrayList2 = new ArrayList(1);
                    arrayList2.add(new Modification(ModificationType.ADD, new Attribute(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY, symmetricKey), false));
                    if (rootConnection.processModify(entry.getDN(), arrayList2).getResultCode() != ResultCode.SUCCESS) {
                        throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_TO_ADD_KEY.get(entry.getDN().toString()));
                    }
                } else {
                    MacKeyEntry.importMacKeyEntry(this, str, str2, secretKey, intValue, z);
                }
            } catch (DirectoryException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_IMPORT_KEY_ENTRY_FAILED_OTHER.get(entry.getDN().toString(), e.getMessage()), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Cipher getCipher(CipherKeyEntry cipherKeyEntry, int i, byte[] bArr) throws CryptoManagerException {
        byte[] bArr2;
        Validator.ensureTrue(1 == i || 2 == i);
        Validator.ensureTrue(1 != i || null == bArr);
        Validator.ensureTrue(-1 != cipherKeyEntry.getIVLengthBits() || 1 == i);
        Validator.ensureTrue(null == bArr || bArr.length * 8 == cipherKeyEntry.getIVLengthBits());
        try {
            String type = cipherKeyEntry.getType();
            String[] split = type.split("/", 0);
            if (1 < split.length && CertificateManager.KEY_STORE_PATH_PKCS11.equals(split[1])) {
                if (!$assertionsDisabled && !ExtensionsConstants.STORAGE_SCHEME_NAME_RC4.equals(split[0]) && !"ARCFOUR".equals(split[0])) {
                    throw new AssertionError();
                }
                if (!$assertionsDisabled && !"NoPadding".equals(split[2])) {
                    throw new AssertionError();
                }
                type = split[0];
            }
            Cipher cipher = Cipher.getInstance(type);
            try {
                if (0 < cipherKeyEntry.getIVLengthBits()) {
                    if (1 == i && null == bArr) {
                        bArr2 = new byte[cipherKeyEntry.getIVLengthBits() / 8];
                        pseudoRandom.nextBytes(bArr2);
                    } else {
                        bArr2 = bArr;
                    }
                    cipher.init(i, cipherKeyEntry.getSecretKey(), new IvParameterSpec(bArr2));
                } else {
                    cipher.init(i, cipherKeyEntry.getSecretKey());
                }
                return cipher;
            } catch (GeneralSecurityException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_GET_CIPHER_CANNOT_INITIALIZE.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (GeneralSecurityException e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_GET_CIPHER_INVALID_CIPHER_TRANSFORMATION.get(cipherKeyEntry.getType(), StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Mac getMacEngine(MacKeyEntry macKeyEntry) throws CryptoManagerException {
        try {
            Mac mac = Mac.getInstance(macKeyEntry.getType());
            try {
                mac.init(macKeyEntry.getSecretKey());
                return mac;
            } catch (InvalidKeyException e) {
                if (DebugLogger.debugEnabled()) {
                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                }
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_GET_MAC_ENGINE_CANNOT_INITIALIZE.get(StaticUtils.getExceptionMessage(e)), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e2);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_GET_MAC_ENGINE_INVALID_MAC_ALGORITHM.get(macKeyEntry.getType(), StaticUtils.getExceptionMessage(e2)), e2);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public String getPreferredMessageDigestAlgorithm() {
        return this.preferredDigestAlgorithm;
    }

    @Override // org.opends.server.types.CryptoManager
    public MessageDigest getPreferredMessageDigest() throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(this.preferredDigestAlgorithm);
    }

    @Override // org.opends.server.types.CryptoManager
    public MessageDigest getMessageDigest(String str) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(str);
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] digest(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(this.preferredDigestAlgorithm).digest(bArr);
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] digest(String str, byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(str).digest(bArr);
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] digest(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(this.preferredDigestAlgorithm);
        byte[] bArr = new byte[8192];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return messageDigest.digest();
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] digest(String str, InputStream inputStream) throws IOException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        byte[] bArr = new byte[8192];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return messageDigest.digest();
            }
            messageDigest.update(bArr, 0, read);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public String getMacEngineKeyEntryID() throws CryptoManagerException {
        return getMacEngineKeyEntryID(this.preferredMACAlgorithm, this.preferredMACAlgorithmKeyLengthBits);
    }

    @Override // org.opends.server.types.CryptoManager
    public String getMacEngineKeyEntryID(String str, int i) throws CryptoManagerException {
        Validator.ensureNotNull(str);
        MacKeyEntry keyEntry = MacKeyEntry.getKeyEntry(this, str, i);
        if (null == keyEntry) {
            keyEntry = MacKeyEntry.generateKeyEntry(this, str, i);
        }
        return keyEntry.getKeyID().getStringValue();
    }

    @Override // org.opends.server.types.CryptoManager
    public Mac getMacEngine(String str) throws CryptoManagerException {
        MacKeyEntry keyEntry = MacKeyEntry.getKeyEntry(this, new KeyEntryID(str));
        if (null == keyEntry) {
            return null;
        }
        return getMacEngine(keyEntry);
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] encrypt(byte[] bArr) throws GeneralSecurityException, CryptoManagerException {
        return encrypt(this.preferredCipherTransformation, this.preferredCipherTransformationKeyLengthBits, bArr);
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] encrypt(String str, int i, byte[] bArr) throws GeneralSecurityException, CryptoManagerException {
        Validator.ensureNotNull(str, bArr);
        CipherKeyEntry keyEntry = CipherKeyEntry.getKeyEntry(this, str, i);
        if (null == keyEntry) {
            keyEntry = CipherKeyEntry.generateKeyEntry(this, str, i);
        }
        Cipher cipher = getCipher(keyEntry, 1, null);
        byte[] byteValue = keyEntry.getKeyID().getByteValue();
        byte[] iv = cipher.getIV();
        int length = 1 + byteValue.length + (null == iv ? 0 : iv.length);
        int outputSize = cipher.getOutputSize(bArr.length);
        byte[] bArr2 = new byte[length + outputSize];
        int i2 = 0 + 1;
        bArr2[0] = 1;
        System.arraycopy(byteValue, 0, bArr2, i2, byteValue.length);
        int length2 = i2 + byteValue.length;
        if (null != iv) {
            System.arraycopy(iv, 0, bArr2, length2, iv.length);
            int length3 = length2 + iv.length;
        }
        System.arraycopy(cipher.doFinal(bArr), 0, bArr2, length, outputSize);
        return bArr2;
    }

    @Override // org.opends.server.types.CryptoManager
    public CipherOutputStream getCipherOutputStream(OutputStream outputStream) throws CryptoManagerException {
        return getCipherOutputStream(this.preferredCipherTransformation, this.preferredCipherTransformationKeyLengthBits, outputStream);
    }

    @Override // org.opends.server.types.CryptoManager
    public CipherOutputStream getCipherOutputStream(String str, int i, OutputStream outputStream) throws CryptoManagerException {
        Validator.ensureNotNull(str, outputStream);
        CipherKeyEntry keyEntry = CipherKeyEntry.getKeyEntry(this, str, i);
        if (null == keyEntry) {
            keyEntry = CipherKeyEntry.generateKeyEntry(this, str, i);
        }
        Cipher cipher = getCipher(keyEntry, 1, null);
        byte[] byteValue = keyEntry.getKeyID().getByteValue();
        try {
            outputStream.write(1);
            outputStream.write(byteValue);
            if (null != cipher.getIV()) {
                outputStream.write(cipher.getIV());
            }
            return new CipherOutputStream(outputStream, cipher);
        } catch (IOException e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_GET_CIPHER_STREAM_PROLOGUE_WRITE_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public byte[] decrypt(byte[] bArr) throws GeneralSecurityException, CryptoManagerException {
        try {
            int i = 0 + 1;
            byte b = bArr[0];
            switch (b) {
                case 1:
                    try {
                        byte[] bArr2 = new byte[KeyEntryID.getByteValueLength()];
                        System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
                        int length = i + bArr2.length;
                        CipherKeyEntry keyEntry = CipherKeyEntry.getKeyEntry(this, new KeyEntryID(bArr2));
                        if (null == keyEntry) {
                            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_UNKNOWN_KEY_IDENTIFIER.get());
                        }
                        byte[] bArr3 = null;
                        if (0 < keyEntry.getIVLengthBits()) {
                            bArr3 = new byte[keyEntry.getIVLengthBits() / 8];
                            try {
                                System.arraycopy(bArr, length, bArr3, 0, bArr3.length);
                                length += bArr3.length;
                            } catch (Exception e) {
                                if (DebugLogger.debugEnabled()) {
                                    TRACER.debugCaught(DebugLogLevel.ERROR, e);
                                }
                                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_IV.get(), e);
                            }
                        }
                        return getCipher(keyEntry, 2, bArr3).doFinal(bArr, length, bArr.length - length);
                    } catch (Exception e2) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e2);
                        }
                        throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_KEY_IDENTIFIER.get(e2.getMessage()), e2);
                    }
                default:
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_UNKNOWN_PROLOGUE_VERSION.get(Integer.valueOf(b)));
            }
        } catch (Exception e3) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e3);
            }
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_PROLOGUE_VERSION.get(e3.getMessage()), e3);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public CipherInputStream getCipherInputStream(InputStream inputStream) throws CryptoManagerException {
        byte[] bArr = null;
        try {
            byte[] bArr2 = new byte[1];
            if (bArr2.length != inputStream.read(bArr2)) {
                throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_PROLOGUE_VERSION.get("stream underflow"));
            }
            byte b = bArr2[0];
            switch (b) {
                case 1:
                    byte[] bArr3 = new byte[KeyEntryID.getByteValueLength()];
                    if (bArr3.length != inputStream.read(bArr3)) {
                        throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_KEY_IDENTIFIER.get("stream underflow"));
                    }
                    CipherKeyEntry keyEntry = CipherKeyEntry.getKeyEntry(this, new KeyEntryID(bArr3));
                    if (null == keyEntry) {
                        throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_UNKNOWN_KEY_IDENTIFIER.get());
                    }
                    if (0 < keyEntry.getIVLengthBits()) {
                        bArr = new byte[keyEntry.getIVLengthBits() / 8];
                        if (bArr.length != inputStream.read(bArr)) {
                            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_FAILED_TO_READ_IV.get());
                        }
                    }
                    return new CipherInputStream(inputStream, getCipher(keyEntry, 2, bArr));
                default:
                    throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_UNKNOWN_PROLOGUE_VERSION.get(Integer.valueOf(b)));
            }
        } catch (IOException e) {
            throw new CryptoManagerException(CoreMessages.ERR_CRYPTOMGR_DECRYPT_CIPHER_INPUT_STREAM_ERROR.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public int compress(byte[] bArr, byte[] bArr2) {
        Deflater deflater = new Deflater();
        try {
            deflater.setInput(bArr);
            deflater.finish();
            int deflate = deflater.deflate(bArr2);
            if (deflater.finished()) {
                return deflate;
            }
            deflater.end();
            return -1;
        } finally {
            deflater.end();
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public int uncompress(byte[] bArr, byte[] bArr2) throws DataFormatException {
        Inflater inflater = new Inflater();
        try {
            inflater.setInput(bArr);
            int inflate = inflater.inflate(bArr2);
            if (inflater.finished()) {
                return inflate;
            }
            int i = inflate;
            while (!inflater.finished()) {
                i += inflater.inflate(bArr2);
            }
            int i2 = -i;
            inflater.end();
            return i2;
        } finally {
            inflater.end();
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public SSLContext getSslContext(String str) throws ConfigException {
        try {
            TrustStoreBackend trustStoreBackend = getTrustStoreBackend();
            KeyManager[] keyManagers = trustStoreBackend.getKeyManagers();
            TrustManager[] trustManagers = trustStoreBackend.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            if (str == null) {
                sSLContext.init(keyManagers, trustManagers, null);
            } else {
                sSLContext.init(SelectableCertificateKeyManager.wrap(keyManagers, str), trustManagers, null);
            }
            return sSLContext;
        } catch (Exception e) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e);
            }
            throw new ConfigException(CoreMessages.ERR_CRYPTOMGR_SSL_CONTEXT_CANNOT_INITIALIZE.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // org.opends.server.types.CryptoManager
    public String getSslCertNickname() {
        return this.sslCertNickname;
    }

    @Override // org.opends.server.types.CryptoManager
    public boolean isSslEncryption() {
        return this.sslEncryption;
    }

    @Override // org.opends.server.types.CryptoManager
    public SortedSet<String> getSslProtocols() {
        return this.sslProtocols;
    }

    @Override // org.opends.server.types.CryptoManager
    public SortedSet<String> getSslCipherSuites() {
        return this.sslCipherSuites;
    }

    @Override // org.opends.server.admin.server.ConfigurationChangeListener
    public /* bridge */ /* synthetic */ boolean isConfigurationChangeAcceptable(CryptoManagerCfg cryptoManagerCfg, List list) {
        return isConfigurationChangeAcceptable2(cryptoManagerCfg, (List<Message>) list);
    }

    static {
        $assertionsDisabled = !CryptoManagerImpl.class.desiredAssertionStatus();
        TRACER = DebugLogger.getTracer();
        schemaInitDone = false;
        secureRandom = new SecureRandom();
        pseudoRandom = new Random(secureRandom.nextLong());
    }
}
