package com.ibm.wmqfte.utils;

import com.ibm.wmqfte.ras.FFDC;
import com.ibm.wmqfte.ras.RasDescriptor;
import com.ibm.wmqfte.ras.Trace;
import com.ibm.wmqfte.ras.TraceLevel;
import com.ibm.wmqfte.utils.FTEUtils;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/utils/CredentialsFileEncoder.class */
public class CredentialsFileEncoder {
    public static final String $sccsid = "@(#) MQMBID sn=p935-lrep-L240201 su=_sR_Nu8CMEe6a1qdb8O1Dfw pn=com.ibm.wmqfte.common/src/com/ibm/wmqfte/utils/CredentialsFileEncoder.java";
    private final String KEY_ALGORITHM = "DESede";
    private final String KEY_STRING = "8a1cdf9dd694a1ef16512f64439de93b8a1cdf9dd694a1ef";
    private Key _keyOld;
    private Key _keyNew;
    private Cipher _decoderOld;
    private Cipher _encoderOld;
    private Cipher _decoderNew;
    private Cipher _encoderNew;
    private boolean enCodeDecoderNewInitialized;
    private boolean enCodeDecoderOldInitialized;
    private final DecodeLock decodeLock;
    private String credentialsKeyFile;
    private String credentialsFile;
    private static final int PBK_ITERATIONS = 84756;
    private static final int PBK_KEY_LENGTH = 128;
    private static final String ALGORITHM_PBK = "PBKDF2WithHmacSHA1";
    private static final String TRANSFORM_PBK = "AES/CBC/PKCS5Padding";
    private int _algorithm;
    private char[] _credentialKeyData;
    private static final String MFT_EYE_CATCHER = "mqmftcred";
    private static final String MFT_CRED_SEPERATOR = "!";
    private static final int MFT_CRED_MAX_TOKENS_NEW_ALGORITM = 4;
    private static final int MFT_CRED_MAX_TOKENS_OLD_ALGORITM = 1;
    private static final int MFT_CRED_TOKEN_EYE_CATCHER_INDEX = 0;
    private static final int MFT_CRED_TOKEN_ALGORITHM_INDEX = 1;
    private static final int MFT_CRED_TOKEN_IV_INDEX = 2;
    private static final int MFT_HASH_LENGTH = 16;
    private static final String MFT_HASH_ALGORITHM_NAME = "MD5";
    private static final RasDescriptor rd = RasDescriptor.create((Class<?>) CredentialsFileEncoder.class, (String) null);
    private static final int MFT_CRED_TOKEN_CRED_INDEX = 3;
    private static final byte[] PBK_FIXED_SALT = {-4, -25, -58, 47, MFT_CRED_TOKEN_CRED_INDEX, 94, 89, 20, -113, -90, 117, 93, 44, 78, 73, -24, -33, -81, -74, -47, -81, -86, 122, 61};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.wmqfte.common.jar:com/ibm/wmqfte/utils/CredentialsFileEncoder$DecodeLock.class */
    public class DecodeLock extends ReentrantLock {
        private static final long serialVersionUID = 1;

        DecodeLock() {
            if (CredentialsFileEncoder.rd.isFlowOn()) {
                Trace.entry(CredentialsFileEncoder.rd, this, "<init>", new Object[0]);
                Trace.exit(CredentialsFileEncoder.rd, this, "<init>");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialsFileEncoder() throws CredentialsFileException, FTEUtils.IncorrectFormatException {
        this.KEY_ALGORITHM = "DESede";
        this.KEY_STRING = "8a1cdf9dd694a1ef16512f64439de93b8a1cdf9dd694a1ef";
        this.enCodeDecoderNewInitialized = false;
        this.enCodeDecoderOldInitialized = false;
        this.credentialsKeyFile = null;
        this.credentialsFile = null;
        this._algorithm = 0;
        this._credentialKeyData = null;
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "<init>", new Object[0]);
        }
        try {
            this.decodeLock = new DecodeLock();
            initOldEncoderDecoder();
            if (rd.isFlowOn()) {
                Trace.exit(rd, this, "<init>");
            }
        } catch (GeneralSecurityException e) {
            CredentialsFileException credentialsFileException = new CredentialsFileException("BFGPR0070_CREDENTIALS_FILE_ENCODER_INIT_ERROR", e);
            FFDC.capture(rd, "<init>", FFDC.PROBE_003, credentialsFileException, new Object[0]);
            if (rd.isFlowOn()) {
                Trace.throwing(rd, this, "<init>", credentialsFileException);
            }
            throw credentialsFileException;
        }
    }

    private void initOldEncoderDecoder() throws FTEUtils.IncorrectFormatException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        if (this.enCodeDecoderOldInitialized) {
            return;
        }
        this._keyOld = new SecretKeySpec(FTEUtils.toByteArray("8a1cdf9dd694a1ef16512f64439de93b8a1cdf9dd694a1ef"), "DESede");
        this._encoderOld = Cipher.getInstance("DESede");
        this._encoderOld.init(1, this._keyOld);
        this._decoderOld = Cipher.getInstance("DESede");
        this._decoderOld.init(2, this._keyOld);
        this._algorithm = 0;
        this.enCodeDecoderOldInitialized = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialsFileEncoder(char[] cArr, int i, int i2) throws CredentialsFileException, FTEUtils.IncorrectFormatException {
        this.KEY_ALGORITHM = "DESede";
        this.KEY_STRING = "8a1cdf9dd694a1ef16512f64439de93b8a1cdf9dd694a1ef";
        this.enCodeDecoderNewInitialized = false;
        this.enCodeDecoderOldInitialized = false;
        this.credentialsKeyFile = null;
        this.credentialsFile = null;
        this._algorithm = 0;
        this._credentialKeyData = null;
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "<init>", Integer.valueOf(i));
        }
        try {
            this.decodeLock = new DecodeLock();
            if (cArr != null) {
                this._credentialKeyData = Arrays.copyOf(cArr, cArr.length);
            }
            initializeNewProtectionMode(i2);
            if (rd.isFlowOn()) {
                Trace.exit(rd, this, "<init>");
            }
        } catch (GeneralSecurityException e) {
            CredentialsFileException credentialsFileException = new CredentialsFileException("BFGPR0070_CREDENTIALS_FILE_ENCODER_INIT_ERROR", e);
            FFDC.capture(rd, "<init>", FFDC.PROBE_004, credentialsFileException, new Object[0]);
            if (rd.isFlowOn()) {
                Trace.throwing(rd, this, "<init>", credentialsFileException);
            }
            throw credentialsFileException;
        }
    }

    private void initializeNewProtectionMode(int i) throws CredentialsFileException, FTEUtils.IncorrectFormatException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "initializeNewProtectionMode", Integer.valueOf(i));
        }
        if (!this.enCodeDecoderNewInitialized) {
            this._keyNew = new SecretKeySpec(SecretKeyFactory.getInstance(ALGORITHM_PBK).generateSecret(new PBEKeySpec(this._credentialKeyData != null ? this._credentialKeyData : "8a1cdf9dd694a1ef16512f64439de93b8a1cdf9dd694a1ef".toCharArray(), PBK_FIXED_SALT, PBK_ITERATIONS, 128)).getEncoded(), "AES");
            this._algorithm = i;
            this._decoderNew = Cipher.getInstance(TRANSFORM_PBK);
            this._encoderNew = Cipher.getInstance(TRANSFORM_PBK);
            this.enCodeDecoderNewInitialized = true;
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "initializeNewProtectionMode");
        }
    }

    public String encode(String str) throws CredentialsFileException {
        byte[] bytes;
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "encode", new Object[0]);
        }
        String str2 = null;
        if (str != null) {
            try {
                if (this._algorithm > 0) {
                    this._encoderNew.init(1, this._keyNew, (AlgorithmParameterSpec) null);
                    if (this._algorithm == 2) {
                        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                        messageDigest.update(str.getBytes());
                        byte[] digest = messageDigest.digest();
                        bytes = new byte[digest.length + str.getBytes().length];
                        System.arraycopy(digest, 0, bytes, 0, digest.length);
                        System.arraycopy(str.getBytes(), 0, bytes, digest.length, str.getBytes().length);
                    } else {
                        bytes = str.getBytes();
                    }
                    str2 = "mqmftcred!" + this._algorithm + MFT_CRED_SEPERATOR + getIVBase64() + MFT_CRED_SEPERATOR + Base64.getEncoder().encodeToString(this._encoderNew.doFinal(bytes));
                } else {
                    this._encoderOld.init(1, this._keyOld, (AlgorithmParameterSpec) null);
                    str2 = FTEUtils.toHexString(this._encoderOld.doFinal(str.getBytes()));
                }
            } catch (GeneralSecurityException e) {
                CredentialsFileException credentialsFileException = new CredentialsFileException("BFGPR0071_CREDENTIALS_FILE_ENCODE_ERROR", e);
                if (rd.isFlowOn()) {
                    Trace.throwing(rd, this, "encode", credentialsFileException);
                    Trace.exit(rd, this, "encode");
                }
                throw credentialsFileException;
            }
        }
        if (rd.isFlowOn()) {
            Trace.exit(rd, this, "encode");
        }
        return str2;
    }

    public String getIVBase64() {
        return Base64.getEncoder().encodeToString(this._encoderNew.getIV());
    }

    public String decode(String str) throws CredentialsFileException, CredentialsSecurityException {
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "decode", "*****");
        }
        try {
            String decodeUnwrapped = decodeUnwrapped(str);
            if (rd.isFlowOn()) {
                Trace.exit(rd, this, "decode", "*****");
            }
            return decodeUnwrapped;
        } catch (FTEUtils.IncorrectFormatException e) {
            CredentialsFileException credentialsFileException = new CredentialsFileException("BFGPR0095_CREDENTIALS_INCORRECT_FORMAT", "*****");
            FFDC.capture(rd, "decode", FFDC.PROBE_001, e, new Object[0]);
            if (rd.isFlowOn()) {
                Trace.throwing(rd, "decode", credentialsFileException);
            }
            throw credentialsFileException;
        }
    }

    public String decodeUnwrapped(String str) throws CredentialsFileException, FTEUtils.IncorrectFormatException, CredentialsSecurityException {
        Cipher cipher;
        byte[] byteArray;
        if (rd.isFlowOn()) {
            Trace.entry(rd, this, "decodeUnwrapped", "*****");
        }
        String str2 = null;
        try {
            if (str != null) {
                try {
                    if (rd.isOn(TraceLevel.VERBOSE)) {
                        Trace.data(rd, TraceLevel.VERBOSE, this, "decodeUnwrapped", "Obtaining lock " + this.decodeLock);
                    }
                    this.decodeLock.lock();
                    if (rd.isOn(TraceLevel.VERBOSE)) {
                        Trace.data(rd, TraceLevel.VERBOSE, this, "decodeUnwrapped", "Lock " + this.decodeLock + " obtained");
                    }
                    String[] split = str.split(MFT_CRED_SEPERATOR);
                    int i = 0;
                    byte[] bArr = null;
                    String str3 = null;
                    if (rd.isOn(TraceLevel.MODERATE)) {
                        Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Number of tokens " + split.length);
                    }
                    if (split.length == 4) {
                        if (!split[0].equals(MFT_EYE_CATCHER)) {
                            CredentialsSecurityException credentialsSecurityException = new CredentialsSecurityException("BFGPR0150_INVALID_EYE_CATCHER", split[0]);
                            if (rd.isFlowOn()) {
                                Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException);
                            }
                            throw credentialsSecurityException;
                        }
                        if (rd.isOn(TraceLevel.MODERATE)) {
                            Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Eye catcher validated");
                        }
                        try {
                            i = Integer.parseInt(split[1]);
                            if (rd.isOn(TraceLevel.MODERATE)) {
                                Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Protection mode used " + i);
                            }
                            if (rd.isOn(TraceLevel.MODERATE)) {
                                Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Algorithm " + i + " validated");
                            }
                            if (i < 1) {
                                if (i == 0) {
                                    CredentialsSecurityException credentialsSecurityException2 = new CredentialsSecurityException("BFGPR0148_INVALID_CRED_FORMAT", Integer.toString(i));
                                    if (rd.isFlowOn()) {
                                        Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException2);
                                    }
                                    throw credentialsSecurityException2;
                                }
                                CredentialsSecurityException credentialsSecurityException3 = new CredentialsSecurityException("BFGPR0149_INVALID_ALGORITHM", Integer.toString(i));
                                if (rd.isFlowOn()) {
                                    Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException3);
                                }
                                throw credentialsSecurityException3;
                            }
                            try {
                                bArr = Base64.getDecoder().decode(split[2]);
                                str3 = split[MFT_CRED_TOKEN_CRED_INDEX];
                                if (rd.isOn(TraceLevel.MODERATE)) {
                                    Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Initial vector validated");
                                }
                                if (this.credentialsKeyFile != null) {
                                    KeyFileUtils.getInstance().logOrDisplayKeyFilePath(this.credentialsFile, this.credentialsKeyFile);
                                }
                                cipher = this._decoderNew;
                                if (rd.isOn(TraceLevel.MODERATE)) {
                                    Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Ready to decrypt credential with new protection mode");
                                }
                            } catch (IllegalArgumentException e) {
                                String localizedMessage = e.getLocalizedMessage();
                                if (localizedMessage == null) {
                                    localizedMessage = e.getMessage();
                                }
                                CredentialsSecurityException credentialsSecurityException4 = new CredentialsSecurityException("BFGPR0151_INVALID_INITIAL_VECTOR", localizedMessage);
                                if (rd.isFlowOn()) {
                                    Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Failed to decode initial vector");
                                    Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException4);
                                }
                                throw credentialsSecurityException4;
                            }
                        } catch (NumberFormatException e2) {
                            if (rd.isOn(TraceLevel.MODERATE)) {
                                Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", e2);
                            }
                            throw new CredentialsSecurityException("BFGPR0144_GENERAL_SECURITY_ERROR", e2.getLocalizedMessage());
                        }
                    } else {
                        if (split.length != 1) {
                            CredentialsSecurityException credentialsSecurityException5 = new CredentialsSecurityException("BFGPR0148_INVALID_CRED_FORMAT", Integer.toString(split.length));
                            if (rd.isFlowOn()) {
                                Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException5);
                            }
                            throw credentialsSecurityException5;
                        }
                        initOldEncoderDecoder();
                        cipher = this._decoderOld;
                        if (rd.isOn(TraceLevel.MODERATE)) {
                            Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Ready to decrypt credential with old protection mode");
                        }
                    }
                    if (i >= 1) {
                        try {
                            cipher.init(2, this._keyNew, new IvParameterSpec(bArr));
                            byteArray = Base64.getDecoder().decode(str3);
                        } catch (IllegalArgumentException e3) {
                            String localizedMessage2 = e3.getLocalizedMessage();
                            if (localizedMessage2 == null) {
                                localizedMessage2 = e3.getMessage();
                            }
                            CredentialsSecurityException credentialsSecurityException6 = new CredentialsSecurityException("BFGPR0151_INVALID_INITIAL_VECTOR", localizedMessage2);
                            if (rd.isFlowOn()) {
                                Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException6);
                            }
                            throw credentialsSecurityException6;
                        }
                    } else {
                        try {
                            if (rd.isOn(TraceLevel.MODERATE)) {
                                Trace.data(rd, TraceLevel.MODERATE, this, "decodeUnwrapped", "Decoding with deprecated method");
                            }
                            byteArray = FTEUtils.toByteArray(str);
                        } catch (FTEUtils.IncorrectFormatException e4) {
                            CredentialsSecurityException credentialsSecurityException7 = new CredentialsSecurityException("BFGPR0144_GENERAL_SECURITY_ERROR", e4.getLocalizedMessage());
                            if (rd.isFlowOn()) {
                                Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException7);
                            }
                            throw credentialsSecurityException7;
                        }
                    }
                    byte[] doFinal = cipher.doFinal(byteArray);
                    if (i == 2) {
                        byte[] bArr2 = new byte[16];
                        System.arraycopy(doFinal, 0, bArr2, 0, 16);
                        byte[] bArr3 = new byte[doFinal.length - 16];
                        System.arraycopy(doFinal, 16, bArr3, 0, doFinal.length - 16);
                        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                        messageDigest.update(bArr3);
                        if (!Arrays.equals(messageDigest.digest(), bArr2)) {
                            CredentialsSecurityException credentialsSecurityException8 = new CredentialsSecurityException("BFGPR0154_DECRYPTION_FAILED", "");
                            if (rd.isFlowOn()) {
                                Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException8);
                            }
                            throw credentialsSecurityException8;
                        }
                        str2 = new String(bArr3);
                    } else {
                        str2 = new String(doFinal);
                    }
                    this.decodeLock.unlock();
                    if (rd.isOn(TraceLevel.VERBOSE)) {
                        Trace.data(rd, TraceLevel.VERBOSE, this, "decodeUnwrapped", "Lock " + this.decodeLock + " released");
                    }
                } catch (IllegalArgumentException | GeneralSecurityException e5) {
                    String localizedMessage3 = e5.getLocalizedMessage();
                    if (localizedMessage3 == null) {
                        localizedMessage3 = e5.getMessage();
                    }
                    CredentialsSecurityException credentialsSecurityException9 = new CredentialsSecurityException("BFGPR0152_DECRYPT_FAILED", localizedMessage3, this.credentialsFile);
                    if (rd.isFlowOn()) {
                        Trace.throwing(rd, this, "decodeUnwrapped", credentialsSecurityException9);
                    }
                    throw credentialsSecurityException9;
                }
            }
            if (rd.isFlowOn()) {
                Trace.exit(rd, this, "decodeUnwrapped", "*****");
            }
            return str2;
        } catch (Throwable th) {
            this.decodeLock.unlock();
            if (rd.isOn(TraceLevel.VERBOSE)) {
                Trace.data(rd, TraceLevel.VERBOSE, this, "decodeUnwrapped", "Lock " + this.decodeLock + " released");
            }
            throw th;
        }
    }

    public int getAlgorithm() {
        return this._algorithm;
    }

    public void setCredentialsKeyFile(String str, String str2) {
        this.credentialsKeyFile = str2;
        this.credentialsFile = str;
    }
}
