package org.apache.cxf.rt.security.crypto;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.CompressionUtils;
import org.apache.cxf.helpers.IOUtils;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-402.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-security-3.1.5.redhat-630402.jar:org/apache/cxf/rt/security/crypto/CryptoUtils.class */
public final class CryptoUtils {
    private CryptoUtils() {
    }

    public static void installBouncyCastleProvider() throws Exception {
        if (Security.getProvider("org.bouncycastle.jce.provider.BouncyCastleProvider") == null) {
            Security.addProvider((Provider) ClassLoaderUtils.loadClass("org.bouncycastle.jce.provider.BouncyCastleProvider", CryptoUtils.class).newInstance());
        }
    }

    public static void removeBouncyCastleProvider() {
        Security.removeProvider("org.bouncycastle.jce.provider.BouncyCastleProvider");
    }

    public static String encodeSecretKey(SecretKey secretKey) throws SecurityException {
        return encodeBytes(secretKey.getEncoded());
    }

    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey) throws SecurityException {
        return encryptSecretKey(secretKey, publicKey, new KeyProperties(publicKey.getAlgorithm()));
    }

    public static String encryptSecretKey(SecretKey secretKey, PublicKey publicKey, KeyProperties keyProperties) throws SecurityException {
        return encodeBytes(wrapSecretKey(secretKey, publicKey, keyProperties));
    }

    public static byte[] generateSecureRandomBytes(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static RSAPublicKey getRSAPublicKey(String str, String str2) {
        try {
            return getRSAPublicKey(decodeSequence(str), decodeSequence(str2));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPublicKey getRSAPublicKey(byte[] bArr, byte[] bArr2) {
        try {
            return getRSAPublicKey(KeyFactory.getInstance("RSA"), bArr, bArr2);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPublicKey getRSAPublicKey(KeyFactory keyFactory, byte[] bArr, byte[] bArr2) {
        try {
            return (RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(toBigInteger(bArr), toBigInteger(bArr2)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPrivateKey getRSAPrivateKey(String str, String str2) {
        try {
            return getRSAPrivateKey(decodeSequence(str), decodeSequence(str2));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPrivateKey getRSAPrivateKey(byte[] bArr, byte[] bArr2) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(toBigInteger(bArr), toBigInteger(bArr2)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPrivateKey getRSAPrivateKey(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        try {
            return getRSAPrivateKey(decodeSequence(str), decodeSequence(str2), decodeSequence(str3), decodeSequence(str4), decodeSequence(str5), decodeSequence(str6), decodeSequence(str7), decodeSequence(str8));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static RSAPrivateKey getRSAPrivateKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7, byte[] bArr8) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(toBigInteger(bArr), toBigInteger(bArr2), toBigInteger(bArr3), toBigInteger(bArr4), toBigInteger(bArr5), toBigInteger(bArr6), toBigInteger(bArr7), toBigInteger(bArr8)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static ECPrivateKey getECPrivateKey(String str, String str2) {
        try {
            return getECPrivateKey(str, decodeSequence(str2));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static ECPrivateKey getECPrivateKey(String str, byte[] bArr) {
        try {
            return (ECPrivateKey) KeyFactory.getInstance("EC").generatePrivate(new ECPrivateKeySpec(toBigInteger(bArr), getECParameterSpec(str, true)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static ECParameterSpec getECParameterSpec(String str, boolean z) throws Exception {
        KeyPair generateECKeyPair = generateECKeyPair(str);
        return z ? ((ECPublicKey) generateECKeyPair.getPublic()).getParams() : ((ECPrivateKey) generateECKeyPair.getPrivate()).getParams();
    }

    public static KeyPair generateECKeyPair(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec("sec" + str.toLowerCase().replace("-", "") + "r1"));
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static ECPublicKey getECPublicKey(String str, String str2, String str3) {
        try {
            return getECPublicKey(str, decodeSequence(str2), decodeSequence(str3));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static ECPublicKey getECPublicKey(String str, byte[] bArr, byte[] bArr2) {
        try {
            return (ECPublicKey) KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(toBigInteger(bArr), toBigInteger(bArr2)), getECParameterSpec(str, false)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static BigInteger toBigInteger(byte[] bArr) {
        return bArr[0] == Byte.MIN_VALUE ? new BigInteger(bArr) : new BigInteger(1, bArr);
    }

    public static AlgorithmParameterSpec getContentEncryptionCipherSpec(int i, byte[] bArr) {
        if (i > 0) {
            return getGCMParameterSpec(i, bArr);
        }
        if (bArr.length > 0) {
            return new IvParameterSpec(bArr);
        }
        return null;
    }

    public static AlgorithmParameterSpec getGCMParameterSpec(int i, byte[] bArr) {
        return new GCMParameterSpec(i, bArr);
    }

    public static byte[] signData(byte[] bArr, PrivateKey privateKey, String str) {
        return signData(bArr, privateKey, str, null, null);
    }

    public static byte[] signData(byte[] bArr, PrivateKey privateKey, String str, SecureRandom secureRandom, AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            Signature signature = getSignature(privateKey, str, secureRandom, algorithmParameterSpec);
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static Signature getSignature(PrivateKey privateKey, String str, SecureRandom secureRandom, AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            Signature signature = Signature.getInstance(str);
            if (secureRandom == null) {
                signature.initSign(privateKey);
            } else {
                signature.initSign(privateKey, secureRandom);
            }
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            return signature;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str) {
        return verifySignature(bArr, bArr2, publicKey, str, null);
    }

    public static boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey, String str, AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            Signature signature = Signature.getInstance(str);
            signature.initVerify(publicKey);
            if (algorithmParameterSpec != null) {
                signature.setParameter(algorithmParameterSpec);
            }
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static SecretKey getSecretKey(String str) throws SecurityException {
        return getSecretKey(new KeyProperties(str));
    }

    public static SecretKey getSecretKey(String str, int i) throws SecurityException {
        return getSecretKey(new KeyProperties(str, i));
    }

    public static SecretKey getSecretKey(KeyProperties keyProperties) throws SecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(keyProperties.getKeyAlgo());
            AlgorithmParameterSpec algoSpec = keyProperties.getAlgoSpec();
            SecureRandom secureRandom = keyProperties.getSecureRandom();
            if (algoSpec == null) {
                int keySize = keyProperties.getKeySize();
                if (keySize == -1) {
                    keySize = 128;
                }
                if (secureRandom != null) {
                    keyGenerator.init(keySize, secureRandom);
                } else {
                    keyGenerator.init(keySize);
                }
            } else if (secureRandom != null) {
                keyGenerator.init(algoSpec, secureRandom);
            } else {
                keyGenerator.init(algoSpec);
            }
            return keyGenerator.generateKey();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static String decryptSequence(String str, String str2) throws SecurityException {
        return decryptSequence(str, str2, new KeyProperties("AES"));
    }

    public static String decryptSequence(String str, String str2, KeyProperties keyProperties) throws SecurityException {
        return decryptSequence(str, decodeSecretKey(str2, keyProperties.getKeyAlgo()), keyProperties);
    }

    public static String decryptSequence(String str, Key key) throws SecurityException {
        return decryptSequence(str, key, (KeyProperties) null);
    }

    public static String decryptSequence(String str, Key key, KeyProperties keyProperties) throws SecurityException {
        try {
            return new String(decryptBytes(decodeSequence(str), key, keyProperties), StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static String encryptSequence(String str, Key key) throws SecurityException {
        return encryptSequence(str, key, null);
    }

    public static String encryptSequence(String str, Key key, KeyProperties keyProperties) throws SecurityException {
        try {
            return encodeBytes(encryptBytes(str.getBytes(StandardCharsets.UTF_8), key, keyProperties));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static String encodeBytes(byte[] bArr) throws SecurityException {
        try {
            return Base64UrlUtility.encode(bArr);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static byte[] encryptBytes(byte[] bArr, Key key) throws SecurityException {
        return encryptBytes(bArr, key, null);
    }

    public static byte[] encryptBytes(byte[] bArr, Key key, KeyProperties keyProperties) throws SecurityException {
        return processBytes(bArr, key, keyProperties, 1);
    }

    public static byte[] decryptBytes(byte[] bArr, Key key) throws SecurityException {
        return decryptBytes(bArr, key, null);
    }

    public static byte[] decryptBytes(byte[] bArr, Key key, KeyProperties keyProperties) throws SecurityException {
        return processBytes(bArr, key, keyProperties, 2);
    }

    public static byte[] wrapSecretKey(byte[] bArr, String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return wrapSecretKey(new SecretKeySpec(bArr, convertJCECipherToSecretKeyName(str)), key, keyProperties);
    }

    public static byte[] wrapSecretKey(Key key, Key key2, KeyProperties keyProperties) throws SecurityException {
        try {
            return initCipher(key2, keyProperties, 3).wrap(key);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static SecretKey unwrapSecretKey(byte[] bArr, String str, Key key, String str2) throws SecurityException {
        return unwrapSecretKey(bArr, str, key, new KeyProperties(str2));
    }

    public static SecretKey unwrapSecretKey(byte[] bArr, String str, Key key, KeyProperties keyProperties) throws SecurityException {
        return (SecretKey) unwrapKey(bArr, str, key, keyProperties, 3);
    }

    public static Key unwrapKey(byte[] bArr, String str, Key key, KeyProperties keyProperties, int i) throws SecurityException {
        try {
            return initCipher(key, keyProperties, 4).unwrap(bArr, str, i);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static byte[] processBytes(byte[] bArr, Key key, KeyProperties keyProperties, int i) throws SecurityException {
        byte[] addToResult;
        boolean z = keyProperties != null && keyProperties.isCompressionSupported();
        if (z && i == 1) {
            bArr = CompressionUtils.deflate(bArr, false);
        }
        try {
            Cipher initCipher = initCipher(key, keyProperties, i);
            byte[] bArr2 = new byte[0];
            int blockSize = keyProperties != null ? keyProperties.getBlockSize() : -1;
            if ((key instanceof SecretKey) && blockSize == -1) {
                addToResult = initCipher.doFinal(bArr);
            } else {
                if (blockSize == -1) {
                    if (isJava8Release161OrLater(System.getProperty("java.version"))) {
                        blockSize = key instanceof PublicKey ? 117 : 256;
                    } else {
                        blockSize = key instanceof PublicKey ? 117 : 128;
                    }
                }
                boolean z2 = (keyProperties == null || keyProperties.getAdditionalData() == null) ? false : true;
                int i2 = 0;
                while (i2 + blockSize < bArr.length) {
                    bArr2 = addToResult(bArr2, !z2 ? initCipher.doFinal(bArr, i2, blockSize) : initCipher.update(bArr, i2, blockSize));
                    i2 += blockSize;
                }
                addToResult = i2 < bArr.length ? addToResult(bArr2, initCipher.doFinal(bArr, i2, bArr.length - i2)) : addToResult(bArr2, initCipher.doFinal());
            }
            if (z && i == 2) {
                addToResult = IOUtils.readBytesFromStream(CompressionUtils.inflate(addToResult, false));
            }
            return addToResult;
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static boolean isJava8Release161OrLater(String str) {
        return str.startsWith("1.8.0_") && Integer.parseInt(str.substring(6)) >= 161;
    }

    public static Cipher initCipher(Key key, KeyProperties keyProperties, int i) throws SecurityException {
        String keyAlgo;
        Cipher cipher;
        if (keyProperties != null) {
            try {
                if (keyProperties.getKeyAlgo() != null) {
                    keyAlgo = keyProperties.getKeyAlgo();
                    cipher = Cipher.getInstance(keyAlgo);
                    if (keyProperties != null || (keyProperties.getAlgoSpec() == null && keyProperties.getSecureRandom() == null)) {
                        cipher.init(i, key);
                    } else {
                        AlgorithmParameterSpec algoSpec = keyProperties.getAlgoSpec();
                        SecureRandom secureRandom = keyProperties.getSecureRandom();
                        if (algoSpec == null) {
                            cipher.init(i, key, secureRandom);
                        } else if (secureRandom == null) {
                            cipher.init(i, key, algoSpec);
                        } else {
                            cipher.init(i, key, algoSpec, secureRandom);
                        }
                    }
                    if (keyProperties != null && keyProperties.getAdditionalData() != null) {
                        cipher.updateAAD(keyProperties.getAdditionalData());
                    }
                    return cipher;
                }
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        }
        keyAlgo = key.getAlgorithm();
        cipher = Cipher.getInstance(keyAlgo);
        if (keyProperties != null) {
        }
        cipher.init(i, key);
        if (keyProperties != null) {
            cipher.updateAAD(keyProperties.getAdditionalData());
        }
        return cipher;
    }

    private static byte[] addToResult(byte[] bArr, byte[] bArr2) {
        if (bArr2 == null || bArr2.length == 0) {
            return bArr;
        }
        if (bArr.length == 0) {
            return bArr2;
        }
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    public static SecretKey decodeSecretKey(String str) throws SecurityException {
        return decodeSecretKey(str, "AES");
    }

    public static SecretKey decodeSecretKey(String str, String str2) throws SecurityException {
        return createSecretKeySpec(decodeSequence(str), str2);
    }

    public static SecretKey decryptSecretKey(String str, PrivateKey privateKey) {
        return decryptSecretKey(str, "AES", privateKey);
    }

    public static SecretKey decryptSecretKey(String str, String str2, PrivateKey privateKey) throws SecurityException {
        return decryptSecretKey(str, str2, new KeyProperties(privateKey.getAlgorithm()), privateKey);
    }

    public static SecretKey decryptSecretKey(String str, String str2, KeyProperties keyProperties, PrivateKey privateKey) throws SecurityException {
        return unwrapSecretKey(decodeSequence(str), str2, privateKey, keyProperties);
    }

    public static SecretKey createSecretKeySpec(String str, String str2) {
        return new SecretKeySpec(decodeSequence(str), str2);
    }

    public static SecretKey createSecretKeySpec(byte[] bArr, String str) {
        return new SecretKeySpec(bArr, convertJCECipherToSecretKeyName(str));
    }

    public static byte[] decodeSequence(String str) throws SecurityException {
        try {
            return Base64UrlUtility.decode(str);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    private static String convertJCECipherToSecretKeyName(String str) {
        if (str == null) {
            return null;
        }
        if (str.startsWith("AES")) {
            return "AES";
        }
        if (str.startsWith(JCAConstants.KEY_ALGO_DESEDE)) {
            return JCAConstants.KEY_ALGO_DESEDE;
        }
        if (str.startsWith("SEED")) {
            return "SEED";
        }
        if (str.startsWith("Camellia")) {
            return "Camellia";
        }
        return null;
    }

    public static Certificate loadCertificate(InputStream inputStream, char[] cArr, String str, String str2) {
        return loadCertificate(loadKeyStore(inputStream, cArr, str2), str);
    }

    public static Certificate loadCertificate(KeyStore keyStore, String str) {
        try {
            if (str == null) {
                throw new SecurityException("No keystore alias was defined");
            }
            if (keyStore.containsAlias(str)) {
                return keyStore.getCertificate(str);
            }
            throw new SecurityException("No alias exists in the keystore for: " + str);
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static String encodeCertificate(Certificate certificate) {
        try {
            return Base64Utility.encode(certificate.getEncoded());
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static Certificate decodeCertificate(String str) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64Utility.decode(str)));
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public static PublicKey loadPublicKey(InputStream inputStream, char[] cArr, String str, String str2) {
        return loadCertificate(inputStream, cArr, str, str2).getPublicKey();
    }

    public static PublicKey loadPublicKey(KeyStore keyStore, String str) {
        return loadCertificate(keyStore, str).getPublicKey();
    }

    public static KeyStore loadKeyStore(InputStream inputStream, char[] cArr, String str) {
        String defaultType;
        if (str == null) {
            try {
                defaultType = KeyStore.getDefaultType();
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        } else {
            defaultType = str;
        }
        KeyStore keyStore = KeyStore.getInstance(defaultType);
        keyStore.load(inputStream, cArr);
        return keyStore;
    }

    public static PrivateKey loadPrivateKey(InputStream inputStream, char[] cArr, char[] cArr2, String str, String str2) {
        return loadPrivateKey(loadKeyStore(inputStream, cArr, str2), cArr2, str);
    }

    public static PrivateKey loadPrivateKey(KeyStore keyStore, char[] cArr, String str) {
        try {
            if (str == null) {
                throw new SecurityException("No keystore alias was defined");
            }
            if (!keyStore.containsAlias(str)) {
                throw new SecurityException("No alias exists in the keystore for: " + str);
            }
            if (keyStore.isKeyEntry(str)) {
                return ((KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr))).getPrivateKey();
            }
            throw new SecurityException("The given alias " + str + " is not a private key in the keystore.");
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }
}
