package com.ibm.ws.crypto.util;

import com.ibm.websphere.crypto.PasswordUtil;
import com.ibm.websphere.crypto.UnsupportedCryptoAlgorithmException;
import com.ibm.ws.common.encoder.Base64Coder;
import com.ibm.ws.crypto.util.custom.CustomManifest;
import com.ibm.ws.crypto.util.custom.CustomUtils;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.crypto.CustomPasswordEncryption;
import com.ibm.wsspi.security.crypto.EncryptedInfo;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(service = {PasswordCipherUtil.class}, name = "com.ibm.ws.crypto.util.PasswordCipherUtil", configurationPolicy = ConfigurationPolicy.IGNORE, immediate = true, property = {"service.vendor=IBM"})
/* loaded from: input_file:lib/com.ibm.ws.crypto.passwordutil.jar:com/ibm/ws/crypto/util/PasswordCipherUtil.class */
public class PasswordCipherUtil {
    private static final String CUSTOM_COLON = "custom:";
    private static final byte XOR_MASK = 95;
    private static final String HW_PROVIDER = "IBMJCECCA";
    private static final Class<?> CLASS_NAME = PasswordCipherUtil.class;
    private static final Logger logger = Logger.getLogger(CLASS_NAME.getCanonicalName(), MessageUtils.RB);
    private static final String XOR = "xor";
    private static final String AES = "aes";
    private static final String HASH = "hash";
    private static final String[] SUPPORTED_CRYPTO_ALGORITHMS_DEFAULT = {XOR, AES, HASH};
    private static final String CUSTOM = "custom";
    private static final String[] SUPPORTED_CRYPTO_ALGORITHMS_CUSTOM = {XOR, AES, HASH, CUSTOM};
    private static String[] SUPPORTED_CRYPTO_ALGORITHMS = SUPPORTED_CRYPTO_ALGORITHMS_DEFAULT;
    private static String[] SUPPORTED_HASH_ALGORITHMS = {HASH};
    static final String KEY_ENCRYPTION_SERVICE = "customPasswordEncryption";
    private static AtomicServiceReference<CustomPasswordEncryption> customPasswordEncryption = new AtomicServiceReference<>(KEY_ENCRYPTION_SERVICE);
    private static CustomPasswordEncryption cpeImpl = null;
    private static List<CustomManifest> cms = null;

    protected static void initialize() throws IOException, ClassNotFoundException, IllegalAccessException, InstantiationException {
        if (CustomUtils.isCommandLine()) {
            cms = CustomUtils.findCustomEncryption(CustomUtils.CUSTOM_ENCRYPTION_DIR);
            if (cms == null || cms.size() != 1) {
                return;
            }
            cpeImpl = (CustomPasswordEncryption) Class.forName(cms.get(0).getImplClass()).newInstance();
            SUPPORTED_CRYPTO_ALGORITHMS = SUPPORTED_CRYPTO_ALGORITHMS_CUSTOM;
        }
    }

    public static String listCustom() throws UnsupportedConfigurationException {
        String str = null;
        if (cms != null && !cms.isEmpty()) {
            if (cms.size() != 1) {
                throw new UnsupportedConfigurationException(composeMultipleCustomErrorMessage(cms));
            }
            str = CustomUtils.toJSON(cms);
        }
        return str;
    }

    protected void initializeCustomEncryption() {
        if (customPasswordEncryption.getService() == null) {
            SUPPORTED_CRYPTO_ALGORITHMS = SUPPORTED_CRYPTO_ALGORITHMS_DEFAULT;
        } else {
            logger.log(Level.INFO, "PASSWORDUTIL_CUSTOM_SERVICE_STARTED", customPasswordEncryption.getService().getClass().getName());
            SUPPORTED_CRYPTO_ALGORITHMS = SUPPORTED_CRYPTO_ALGORITHMS_CUSTOM;
        }
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("activate : customPasswordEncryption : " + customPasswordEncryption);
        }
        customPasswordEncryption.activate(componentContext);
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("deactivate : customPasswordEncryption : " + customPasswordEncryption);
        }
        customPasswordEncryption.deactivate(componentContext);
    }

    @Reference(service = CustomPasswordEncryption.class, policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY, name = KEY_ENCRYPTION_SERVICE)
    protected void setCustomPasswordEncryption(ServiceReference<CustomPasswordEncryption> serviceReference) {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("setCustomPasswordEncryption : customPasswordEncryption : " + customPasswordEncryption);
        }
        customPasswordEncryption.setReference(serviceReference);
        initializeCustomEncryption();
    }

    protected void unsetCustomPasswordEncryption(ServiceReference<CustomPasswordEncryption> serviceReference) {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("unsetCustomPasswordEncryption : customPasswordEncryption : " + customPasswordEncryption);
        }
        if (customPasswordEncryption.getService() != null) {
            logger.log(Level.INFO, "PASSWORDUTIL_CUSTOM_SERVICE_STOPPED", customPasswordEncryption.getService().getClass().getName());
        }
        customPasswordEncryption.unsetReference(serviceReference);
        initializeCustomEncryption();
    }

    public static byte[] decipher(byte[] bArr, String str) throws InvalidPasswordCipherException, UnsupportedCryptoAlgorithmException {
        byte[] decrypt;
        if (str == null) {
            logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "decipher", "PASSWORDUTIL_UNKNOWN_ALGORITHM", new Object[]{"null", formatSupportedCryptoAlgorithms()});
            throw new UnsupportedCryptoAlgorithmException();
        }
        if (AES.equalsIgnoreCase(str)) {
            decrypt = aesDecipher(bArr, null);
        } else if (XOR.equalsIgnoreCase(str)) {
            decrypt = xor(bArr);
        } else {
            if (HASH.equalsIgnoreCase(str)) {
                throw new InvalidPasswordCipherException(MessageUtils.getMessage("PASSWORDUTIL_ERROR_UNSUPPORTED_OPERATION", str));
            }
            if (!CUSTOM.equalsIgnoreCase(str) && !str.startsWith(CUSTOM_COLON)) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "decipher", "PASSWORDUTIL_UNKNOWN_ALGORITHM", new Object[]{str, formatSupportedCryptoAlgorithms()});
                throw new UnsupportedCryptoAlgorithmException();
            }
            CustomPasswordEncryption customImpl = getCustomImpl();
            if (customImpl == null) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "decipher", "PASSWORDUTIL_CUSTOM_SERVICE_DOES_NOT_EXIST");
                throw new UnsupportedCryptoAlgorithmException();
            }
            int indexOf = str.indexOf(58);
            String str2 = null;
            if (indexOf != -1) {
                str2 = str.substring(indexOf + 1);
            }
            try {
                decrypt = customImpl.decrypt(new EncryptedInfo(bArr, str2));
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Successfully decrypted password using custom encryption plug point.");
                }
            } catch (Exception e) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "decipher", "PASSWORDUTIL_CUSTOM_DECRYPTION_ERROR", (Throwable) e);
                throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException(e.getMessage()).initCause(e));
            }
        }
        if (decrypt == null) {
            throw new InvalidPasswordCipherException("The output is null.");
        }
        return decrypt;
    }

    private static byte[] aesDecipher(byte[] bArr, byte[] bArr2) throws UnsupportedCryptoAlgorithmException, InvalidPasswordCipherException {
        if (bArr[0] != 0) {
            throw new InvalidPasswordCipherException();
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, AESKeyManager.getKey(null), AESKeyManager.getIV(null));
            byte[] doFinal = cipher.doFinal(bArr, 1, bArr.length - 1);
            if (doFinal != null) {
                bArr2 = new byte[(doFinal.length - doFinal[0]) - 1];
                System.arraycopy(doFinal, doFinal[0] + 1, bArr2, 0, bArr2.length);
            }
            return bArr2;
        } catch (InvalidAlgorithmParameterException e) {
            throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException().initCause(e));
        } catch (InvalidKeyException e2) {
            throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException().initCause(e2));
        } catch (NoSuchAlgorithmException e3) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e3));
        } catch (BadPaddingException e4) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e4));
        } catch (IllegalBlockSizeException e5) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e5));
        } catch (NoSuchPaddingException e6) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e6));
        }
    }

    public static byte[] encipher(byte[] bArr, String str) throws InvalidPasswordCipherException, UnsupportedCryptoAlgorithmException {
        return encipher_internal(bArr, str, (String) null).getEncryptedBytes();
    }

    public static EncryptedInfo encipher_internal(byte[] bArr, String str, String str2) throws InvalidPasswordCipherException, UnsupportedCryptoAlgorithmException {
        HashMap hashMap = new HashMap();
        if (str2 != null) {
            hashMap.put(PasswordUtil.PROPERTY_CRYPTO_KEY, str2);
        }
        return encipher_internal(bArr, str, hashMap);
    }

    public static EncryptedInfo encipher_internal(byte[] bArr, String str, Map<String, String> map) throws InvalidPasswordCipherException, UnsupportedCryptoAlgorithmException {
        EncryptedInfo encryptedInfo = null;
        if (AES.equalsIgnoreCase(str)) {
            String str2 = null;
            if (map != null) {
                str2 = map.get(PasswordUtil.PROPERTY_CRYPTO_KEY);
            }
            encryptedInfo = aesEncipher(bArr, str2, null, null);
        } else if (XOR.equalsIgnoreCase(str)) {
            byte[] xor = xor(bArr);
            if (xor != null) {
                encryptedInfo = new EncryptedInfo(xor, ExtensionConstants.CORE_EXTENSION);
            }
        } else if (HASH.equalsIgnoreCase(str)) {
            try {
                encryptedInfo = generateHash(new String(bArr, StandardCharsets.UTF_8).toCharArray(), map);
            } catch (Exception e) {
                throw new InvalidPasswordCipherException();
            }
        } else {
            if (str == null || !str.equalsIgnoreCase(CUSTOM)) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "encipher", "PASSWORDUTIL_UNKNOWN_ALGORITHM", new Object[]{str, formatSupportedCryptoAlgorithms()});
                throw new UnsupportedCryptoAlgorithmException();
            }
            CustomPasswordEncryption customImpl = getCustomImpl();
            if (customImpl == null) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "encipher", "PASSWORDUTIL_CUSTOM_SERVICE_DOES_NOT_EXIST");
                throw new UnsupportedCryptoAlgorithmException();
            }
            try {
                encryptedInfo = customImpl.encrypt(bArr);
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("Successfully encrypted password using custom encryption plug point.");
                }
            } catch (Exception e2) {
                logger.logp(Level.SEVERE, PasswordCipherUtil.class.getName(), "encipher", "PASSWORDUTIL_CUSTOM_ENCRYPTION_ERROR", (Throwable) e2);
                throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException(e2.getMessage()).initCause(e2));
            }
        }
        if (encryptedInfo == null) {
            throw new InvalidPasswordCipherException("The output is null.");
        }
        return encryptedInfo;
    }

    private static EncryptedInfo generateHash(char[] cArr, Map<String, String> map) throws InvalidPasswordCipherException {
        String str;
        String str2;
        EncryptedInfo encryptedInfo = null;
        String str3 = null;
        String str4 = null;
        int i = -1;
        int i2 = -1;
        byte[] bArr = null;
        boolean z = false;
        if (map != null) {
            String str5 = map.get(PasswordUtil.PROPERTY_HASH_ENCODED);
            if (str5 != null && PasswordUtil.isHashed(str5)) {
                try {
                    HashedData hashedData = new HashedData(Base64Coder.base64Decode(PasswordUtil.removeCryptoAlgorithmTag(str5).getBytes(StandardCharsets.UTF_8)));
                    str3 = hashedData.getAlgorithm();
                    i = hashedData.getIteration();
                    i2 = hashedData.getOutputLength();
                    bArr = hashedData.getSalt();
                    z = true;
                } catch (Exception e) {
                    throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException(e.getMessage()).initCause(e));
                }
            }
            if (str3 == null) {
                str3 = map.get(PasswordUtil.PROPERTY_HASH_ALGORITHM);
            }
            if (!z) {
                str4 = map.get(PasswordUtil.PROPERTY_HASH_SALT);
                bArr = PasswordHashGenerator.generateSalt(str4);
                z = true;
            }
            if (i < 0 && (str2 = map.get(PasswordUtil.PROPERTY_HASH_ITERATION)) != null) {
                i = Integer.parseInt(str2);
            }
            if (i2 < 0 && (str = map.get(PasswordUtil.PROPERTY_HASH_LENGTH)) != null) {
                i2 = Integer.parseInt(str);
            }
        }
        if (str3 == null) {
            str3 = PasswordHashGenerator.getDefaultAlgorithm();
        }
        if (!z) {
            bArr = PasswordHashGenerator.generateSalt(str4);
        }
        if (i < 0) {
            i = PasswordHashGenerator.getDefaultIteration();
        }
        if (i2 < 0) {
            i2 = PasswordHashGenerator.getDefaultOutputLength();
        }
        try {
            byte[] bytes = new HashedData(cArr, str3, bArr, i, i2, (byte[]) null).toBytes();
            if (bytes != null) {
                encryptedInfo = new EncryptedInfo(bytes, ExtensionConstants.CORE_EXTENSION);
            }
            return encryptedInfo;
        } catch (InvalidPasswordCipherException e2) {
            throw e2;
        } catch (Exception e3) {
            throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException(e3.getMessage()).initCause(e3));
        }
    }

    private static EncryptedInfo aesEncipher(byte[] bArr, String str, EncryptedInfo encryptedInfo, byte[] bArr2) throws UnsupportedCryptoAlgorithmException, InvalidPasswordCipherException {
        byte[] generateSeed;
        SecureRandom secureRandom = new SecureRandom();
        if (secureRandom.getProvider().getName().equals(HW_PROVIDER)) {
            generateSeed = new byte[20];
            secureRandom.nextBytes(generateSeed);
        } else {
            generateSeed = secureRandom.generateSeed(20);
        }
        byte[] bArr3 = new byte[bArr.length + 21];
        bArr3[0] = 20;
        System.arraycopy(generateSeed, 0, bArr3, 1, 20);
        System.arraycopy(bArr, 0, bArr3, 21, bArr.length);
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, AESKeyManager.getKey(str), AESKeyManager.getIV(str));
            byte[] doFinal = cipher.doFinal(bArr3);
            if (doFinal != null) {
                byte[] bArr4 = new byte[doFinal.length + 1];
                bArr4[0] = 0;
                System.arraycopy(doFinal, 0, bArr4, 1, doFinal.length);
                encryptedInfo = new EncryptedInfo(bArr4, ExtensionConstants.CORE_EXTENSION);
            }
            return encryptedInfo;
        } catch (InvalidAlgorithmParameterException e) {
            throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException().initCause(e));
        } catch (InvalidKeyException e2) {
            throw ((InvalidPasswordCipherException) new InvalidPasswordCipherException().initCause(e2));
        } catch (NoSuchAlgorithmException e3) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e3));
        } catch (BadPaddingException e4) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e4));
        } catch (IllegalBlockSizeException e5) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e5));
        } catch (NoSuchPaddingException e6) {
            throw ((UnsupportedCryptoAlgorithmException) new UnsupportedCryptoAlgorithmException().initCause(e6));
        }
    }

    public static String[] getSupportedCryptoAlgorithms() {
        return (String[]) SUPPORTED_CRYPTO_ALGORITHMS.clone();
    }

    public static String getFailSafeCryptoAlgorithm() {
        return XOR;
    }

    public static String[] getSupportedHashAlgorithms() {
        return (String[]) SUPPORTED_HASH_ALGORITHMS.clone();
    }

    private static byte[] xor(byte[] bArr) {
        byte[] bArr2 = null;
        if (bArr != null) {
            bArr2 = new byte[bArr.length];
            for (int i = 0; i < bArr.length; i++) {
                bArr2[i] = (byte) (XOR_MASK ^ bArr[i]);
            }
        }
        return bArr2;
    }

    private static String formatSupportedCryptoAlgorithms() {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < SUPPORTED_CRYPTO_ALGORITHMS.length; i++) {
            if (i > 0) {
                stringBuffer.append(", ");
            }
            stringBuffer.append(SUPPORTED_CRYPTO_ALGORITHMS[i]);
        }
        return stringBuffer.toString();
    }

    private static CustomPasswordEncryption getCustomImpl() {
        CustomPasswordEncryption service = customPasswordEncryption.getService();
        if (service == null) {
            service = cpeImpl;
        }
        return service;
    }

    private static String composeMultipleCustomErrorMessage(List<CustomManifest> list) {
        StringBuffer stringBuffer = new StringBuffer(MessageUtils.getMessage("PASSWORDUTIL_DUPLICATE_CUSTOM_ENCRYPTION", new Object[0]));
        Iterator<CustomManifest> it = list.iterator();
        while (it.hasNext()) {
            stringBuffer.append("\n").append(it.next().getLocation());
        }
        return stringBuffer.toString();
    }

    static {
        try {
            initialize();
        } catch (Exception e) {
            throw new ExceptionInInitializerError(e);
        }
    }
}
