package org.wildfly.security.util;

import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.text.Normalizer;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.util.Alphabet;

/* loaded from: input_file:org/wildfly/security/util/PasswordBasedEncryptionUtil.class */
public final class PasswordBasedEncryptionUtil {
    private static final char PAD = '_';
    private static final String REGEX = "^_{0,2}[0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./]*$";
    private static final String DEFAULT_PICKETBOX_ALGORITHM = "PBEWithMD5AndDES";
    private static final String DEFAULT_PICKETBOX_INITIAL_KEY_MATERIAL = "somearbitrarycrazystringthatdoesnotmatter";
    private static final String DEFAULT_PBE_ALGORITHM = "PBEWithHmacSHA1andAES_128";
    private final Cipher cipher;
    private final AlgorithmParameters algorithmParameters;
    private final Alphabet alphabet;
    private final boolean picketBoxCompatibility;
    private final boolean usePadding;

    /* loaded from: input_file:org/wildfly/security/util/PasswordBasedEncryptionUtil$Builder.class */
    public static class Builder {
        private String keyAlgorithm;
        private String transformation;
        private String parametersAlgorithm;
        private byte[] salt;
        private char[] password;
        private int cipherMode;
        private byte[] cipherSalt;
        private Provider provider;
        private IvParameterSpec ivSpec;
        private String encodedIV;
        private AlgorithmParameters algorithmParameters;
        private int iteration = -1;
        private int keyLength = 0;
        private int cipherIteration = -1;
        private Alphabet alphabet = Alphabet.Base64Alphabet.STANDARD;
        private boolean usePadding = false;
        private boolean picketBoxCompatibility = false;

        public Builder password(char[] cArr) {
            this.password = cArr;
            return this;
        }

        public Builder password(String str) {
            this.password = str.toCharArray();
            return this;
        }

        public Builder iv(byte[] bArr) {
            this.ivSpec = new IvParameterSpec(bArr);
            return this;
        }

        public Builder iv(String str) {
            this.encodedIV = str;
            return this;
        }

        public Builder transformation(String str) {
            this.transformation = str;
            return this;
        }

        public Builder parametersAlgorithm(String str) {
            this.parametersAlgorithm = str;
            return this;
        }

        public Builder salt(String str) {
            this.salt = str.getBytes(StandardCharsets.UTF_8);
            return this;
        }

        public Builder salt(byte[] bArr) {
            this.salt = bArr;
            return this;
        }

        public Builder picketBoxCompatibility() {
            this.picketBoxCompatibility = true;
            return this;
        }

        public Builder encodingPadded() {
            this.usePadding = true;
            return this;
        }

        public Builder iteration(int i) {
            this.iteration = i;
            return this;
        }

        public Builder keyAlgorithm(String str) {
            this.keyAlgorithm = str;
            return this;
        }

        public Builder keyLength(int i) {
            this.keyLength = i;
            return this;
        }

        public Builder cipherIteration(int i) {
            this.cipherIteration = i;
            return this;
        }

        public Builder cipherSalt(byte[] bArr) {
            this.cipherSalt = bArr;
            return this;
        }

        public Builder cipherSalt(String str) {
            this.cipherSalt = str.getBytes(StandardCharsets.UTF_8);
            return this;
        }

        public Builder provider(Provider provider) {
            this.provider = provider;
            return this;
        }

        public Builder provider(String str) {
            Assert.checkNotNullParam("providerName", str);
            this.provider = Security.getProvider(str);
            if (this.provider == null) {
                throw ElytronMessages.log.securityProviderDoesnExist(str);
            }
            return this;
        }

        public Builder alphabet(Alphabet alphabet) {
            this.alphabet = alphabet;
            return this;
        }

        public Builder encryptMode() {
            this.cipherMode = 1;
            return this;
        }

        public Builder decryptMode() {
            this.cipherMode = 2;
            return this;
        }

        public Builder algorithmParameters(AlgorithmParameters algorithmParameters) {
            if (this.algorithmParameters == null) {
                this.algorithmParameters = algorithmParameters;
            }
            return this;
        }

        private Cipher createAndInitCipher(SecretKey secretKey) throws GeneralSecurityException {
            Cipher cipher = this.provider == null ? Cipher.getInstance(this.transformation) : Cipher.getInstance(this.transformation, this.provider);
            if (this.cipherMode == 1) {
                cipher.init(this.cipherMode, secretKey, generateAlgorithmParameters(this.parametersAlgorithm, this.cipherIteration, this.cipherSalt, null, this.provider));
                this.algorithmParameters = cipher.getParameters();
            } else if (this.algorithmParameters != null) {
                cipher.init(this.cipherMode, secretKey, this.algorithmParameters);
            } else {
                cipher.init(this.cipherMode, secretKey, generateAlgorithmParameters(this.parametersAlgorithm, this.cipherIteration, this.cipherSalt, this.ivSpec, this.provider));
            }
            return cipher;
        }

        private static AlgorithmParameters generateAlgorithmParameters(String str, int i, byte[] bArr, IvParameterSpec ivParameterSpec, Provider provider) throws GeneralSecurityException {
            AlgorithmParameters algorithmParameters = provider == null ? AlgorithmParameters.getInstance(str) : AlgorithmParameters.getInstance(str, provider);
            algorithmParameters.init(ivParameterSpec != null ? new PBEParameterSpec(bArr, i, ivParameterSpec) : new PBEParameterSpec(bArr, i));
            return algorithmParameters;
        }

        private SecretKey deriveSecretKey() throws GeneralSecurityException {
            try {
                return new SecretKeySpec((this.provider != null ? SecretKeyFactory.getInstance(this.keyAlgorithm, this.provider) : SecretKeyFactory.getInstance(this.keyAlgorithm)).generateSecret(this.keyLength == 0 ? new PBEKeySpec(this.password, this.salt, this.iteration) : new PBEKeySpec(this.password, this.salt, this.iteration, this.keyLength)).getEncoded(), this.transformation);
            } catch (NoSuchAlgorithmException e) {
                throw ElytronMessages.log.noSuchKeyAlgorithm(this.keyAlgorithm, e);
            }
        }

        public PasswordBasedEncryptionUtil build() throws GeneralSecurityException {
            if (this.picketBoxCompatibility) {
                this.alphabet = Alphabet.PICKETBOX_COMPATIBILITY;
                this.usePadding = false;
                this.keyAlgorithm = PasswordBasedEncryptionUtil.DEFAULT_PICKETBOX_ALGORITHM;
                this.password = PasswordBasedEncryptionUtil.DEFAULT_PICKETBOX_INITIAL_KEY_MATERIAL.toCharArray();
            }
            if (this.iteration <= -1) {
                throw ElytronMessages.log.iterationCountNotSpecified();
            }
            if (this.salt == null) {
                throw ElytronMessages.log.saltNotSpecified();
            }
            if (this.password == null || this.password.length == 0) {
                throw ElytronMessages.log.initialKeyNotSpecified();
            }
            if (this.keyAlgorithm == null) {
                this.keyAlgorithm = PasswordBasedEncryptionUtil.DEFAULT_PBE_ALGORITHM;
            }
            if (this.transformation == null) {
                this.transformation = this.keyAlgorithm;
            }
            if (this.parametersAlgorithm == null) {
                this.parametersAlgorithm = this.keyAlgorithm;
            }
            if (this.cipherSalt == null) {
                this.cipherSalt = this.salt;
            }
            if (this.cipherIteration == -1) {
                this.cipherIteration = this.iteration;
            }
            if (this.ivSpec == null && this.encodedIV != null) {
                this.ivSpec = new IvParameterSpec((PasswordBasedEncryptionUtil.isBase64(this.alphabet) ? CodePointIterator.ofString(this.encodedIV).base64Decode(PasswordBasedEncryptionUtil.getAlphabet64(this.alphabet)) : CodePointIterator.ofString(this.encodedIV).base32Decode(PasswordBasedEncryptionUtil.getAlphabet32(this.alphabet))).drain());
            }
            return new PasswordBasedEncryptionUtil(createAndInitCipher(deriveSecretKey()), this.algorithmParameters, this.alphabet, this.usePadding, this.picketBoxCompatibility);
        }
    }

    PasswordBasedEncryptionUtil(Cipher cipher, AlgorithmParameters algorithmParameters, Alphabet alphabet, boolean z, boolean z2) {
        this.cipher = cipher;
        this.alphabet = alphabet;
        this.algorithmParameters = algorithmParameters;
        this.usePadding = z;
        this.picketBoxCompatibility = z2;
    }

    PasswordBasedEncryptionUtil(Cipher cipher, AlgorithmParameters algorithmParameters, Alphabet alphabet) {
        this(cipher, algorithmParameters, alphabet, false, false);
    }

    public String encryptAndEncode(char[] cArr) throws GeneralSecurityException {
        return encodeUsingAlphabet(encrypt(charArrayEncode(cArr)));
    }

    public char[] decodeAndDecrypt(String str) throws GeneralSecurityException {
        return byteArrayDecode(decrypt(decodeUsingAlphabet(str)));
    }

    public AlgorithmParameters getAlgorithmParameters() {
        return this.algorithmParameters;
    }

    public String getEncodedIV() {
        if (this.algorithmParameters == null) {
            return null;
        }
        try {
            AlgorithmParameterSpec parameterSpec = ((PBEParameterSpec) this.algorithmParameters.getParameterSpec(PBEParameterSpec.class)).getParameterSpec();
            if (parameterSpec instanceof IvParameterSpec) {
                return encodeUsingAlphabet(((IvParameterSpec) parameterSpec).getIV());
            }
            return null;
        } catch (InvalidParameterSpecException e) {
            return null;
        }
    }

    private byte[] decodeUsingAlphabet(String str) {
        if (this.picketBoxCompatibility) {
            return picketBoxBase64Decode(str);
        }
        return (isBase64(this.alphabet) ? CodePointIterator.ofString(str).base64Decode(getAlphabet64(this.alphabet), this.usePadding) : CodePointIterator.ofString(str).base32Decode(getAlphabet32(this.alphabet))).drain();
    }

    private String encodeUsingAlphabet(byte[] bArr) {
        if (this.picketBoxCompatibility) {
            return picketBoxBased64Encode(bArr);
        }
        return (isBase64(this.alphabet) ? ByteIterator.ofBytes(bArr).base64Encode(getAlphabet64(this.alphabet), this.usePadding) : ByteIterator.ofBytes(bArr).base32Encode(getAlphabet32(this.alphabet))).drainToString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isBase64(Alphabet alphabet) {
        return alphabet instanceof Alphabet.Base64Alphabet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Alphabet.Base64Alphabet getAlphabet64(Alphabet alphabet) {
        return (Alphabet.Base64Alphabet) alphabet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Alphabet.Base32Alphabet getAlphabet32(Alphabet alphabet) {
        return (Alphabet.Base32Alphabet) alphabet;
    }

    private byte[] encrypt(byte[] bArr) throws GeneralSecurityException {
        return this.cipher.doFinal(bArr);
    }

    private byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
        return this.cipher.doFinal(bArr);
    }

    private static char[] byteArrayDecode(byte[] bArr) {
        return new String(bArr, StandardCharsets.UTF_8).toCharArray();
    }

    private static byte[] charArrayEncode(char[] cArr) {
        return Normalizer.normalize(new String(cArr), Normalizer.Form.NFKC).getBytes(StandardCharsets.UTF_8);
    }

    private static byte[] picketBoxBase64Decode(String str) {
        if (str.length() == 0) {
            return new byte[0];
        }
        while (str.length() % 4 != 0) {
            str = '_' + str;
        }
        if (!str.matches(REGEX)) {
            throw ElytronMessages.log.wrongBase64InPBCompatibleMode(str);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((str.length() * 3) / 4);
        int i = 0;
        int length = str.length();
        while (i < length) {
            int i2 = i;
            int i3 = i + 1;
            int decode = Alphabet.PICKETBOX_COMPATIBILITY.decode(str.charAt(i2));
            int i4 = i3 + 1;
            int decode2 = Alphabet.PICKETBOX_COMPATIBILITY.decode(str.charAt(i3));
            int i5 = i4 + 1;
            int decode3 = Alphabet.PICKETBOX_COMPATIBILITY.decode(str.charAt(i4));
            i = i5 + 1;
            int decode4 = Alphabet.PICKETBOX_COMPATIBILITY.decode(str.charAt(i5));
            if (decode > -1) {
                byteArrayOutputStream.write(((decode2 & 48) >>> 4) | (decode << 2));
            }
            if (decode2 > -1) {
                byteArrayOutputStream.write(((decode3 & 60) >>> 2) | ((decode2 & 15) << 4));
            }
            byteArrayOutputStream.write(((decode3 & 3) << 6) | decode4);
        }
        return byteArrayOutputStream.toByteArray();
    }

    private String picketBoxBased64Encode(byte[] bArr) {
        int length = bArr.length;
        int i = length % 3;
        byte b = 0;
        StringBuffer stringBuffer = new StringBuffer();
        int i2 = 0;
        switch (i) {
            case 2:
                i2 = 0 + 1;
                b = bArr[0];
                stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(((0 & 3) << 4) | ((b & 240) >>> 4)));
            case 1:
                int i3 = i2;
                int i4 = i2 + 1;
                byte b2 = bArr[i3];
                stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(((b & 15) << 2) | ((b2 & 192) >>> 6)));
                stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(b2 & 63));
                break;
        }
        while (i < length) {
            int i5 = i;
            int i6 = i + 1;
            byte b3 = bArr[i5];
            int i7 = i6 + 1;
            byte b4 = bArr[i6];
            i = i7 + 1;
            byte b5 = bArr[i7];
            stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode((b3 & 252) >>> 2));
            stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(((b3 & 3) << 4) | ((b4 & 240) >>> 4)));
            stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(((b4 & 15) << 2) | ((b5 & 192) >>> 6)));
            stringBuffer.appendCodePoint(Alphabet.PICKETBOX_COMPATIBILITY.encode(b5 & 63));
        }
        return stringBuffer.toString();
    }
}
