package com.iplanet.services.util;

import com.iplanet.am.util.SystemProperties;
import com.iplanet.services.comm.https.JSSPasswordCallback;
import com.sun.identity.common.Constants;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.Security;
import java.util.Enumeration;
import java.util.Random;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.crypto.Cipher;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.EncryptionAlgorithm;
import org.mozilla.jss.crypto.IVParameterSpec;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.PBEAlgorithm;
import org.mozilla.jss.crypto.PBEKeyGenParams;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.provider.Provider;
import org.mozilla.jss.util.Password;

/* loaded from: input_file:120091-10/SUNWamsdk/reloc/SUNWam/lib/am_sdk.jar:com/iplanet/services/util/JSSEncryption.class */
public class JSSEncryption implements AMEncryption, ConfigurableKey {
    private static final byte VERSION = 1;
    private static CryptoToken mToken;
    private static final String DEFAULT_KEYGEN_ALG = "PBE_MD5_DES_CBC";
    private static final String[] KEYGEN_ALGS = {"PBE_SHA1_DES3_CBC", "PBE_MD2_DES_CBC", DEFAULT_KEYGEN_ALG, "PBE_SHA1_DES_CBC", "PBE_SHA1_RC2_128_CBC", "PBE_SHA1_RC2_40_CBC", "PBE_SHA1_RC4_128", "PBE_SHA1_RC4_40"};
    private static int NUM_KEYGEN_ALG = KEYGEN_ALGS.length;
    private static final String DEFAULT_ENCYPTION_ALG = "DES_CBC_PAD";
    private static final String[] ENCRYPTION_ALGS = {"DES3_CBC_PAD", "DES_CBC", DEFAULT_ENCYPTION_ALG, "DES_ECB", "DES3_CBC", "DES3_ECB", "RC2_CBC", "RC4"};
    private static int NUM_ENCRYPTION_ALG = ENCRYPTION_ALGS.length;
    private static com.iplanet.am.util.Debug debug = com.iplanet.am.util.Debug.getInstance("amJSS");
    private SymmetricKey[] sKeys = null;
    private IVParameterSpec[] ivParamSpecs = null;
    private Random random = new Random();

    private static CryptoToken findToken() throws CryptoManager.NotInitializedException {
        Enumeration tokensSupportingAlgorithm = CryptoManager.getInstance().getTokensSupportingAlgorithm(getEncryptionAlg(DEFAULT_ENCYPTION_ALG));
        while (tokensSupportingAlgorithm.hasMoreElements()) {
            CryptoToken cryptoToken = (CryptoToken) tokensSupportingAlgorithm.nextElement();
            boolean z = true;
            int i = 0;
            while (true) {
                if (i >= NUM_KEYGEN_ALG) {
                    break;
                }
                if (!cryptoToken.doesAlgorithm(getKeyGenAlg(KEYGEN_ALGS[i]))) {
                    z = false;
                    break;
                }
                i++;
            }
            if (z) {
                return cryptoToken;
            }
        }
        return null;
    }

    @Override // com.iplanet.services.util.ConfigurableKey
    public void setPassword(String str) throws Exception {
        initSymmetricKeysAndInitializationVectors(str);
    }

    private void initSymmetricKeysAndInitializationVectors(String str) {
        this.sKeys = new SymmetricKey[NUM_KEYGEN_ALG];
        this.ivParamSpecs = new IVParameterSpec[NUM_KEYGEN_ALG];
        byte[] bArr = {1, 1, 1, 1, 1, 1, 1, 1};
        Password password = new Password(str.toCharArray());
        for (int i = 0; i < NUM_KEYGEN_ALG; i++) {
            try {
                KeyGenerator keyGenerator = mToken.getKeyGenerator(getKeyGenAlg(KEYGEN_ALGS[i]));
                keyGenerator.initialize(new PBEKeyGenParams(password, bArr, 5));
                this.sKeys[i] = keyGenerator.generate();
                this.ivParamSpecs[i] = new IVParameterSpec(keyGenerator.generatePBE_IV());
            } catch (Exception e) {
                if (debug != null) {
                    debug.error("createing symKey ", e);
                }
            }
        }
        password.clear();
    }

    private SymmetricKey getSymmetricKey(int i) {
        if (i < 0 || i >= NUM_KEYGEN_ALG) {
            return null;
        }
        return this.sKeys[i];
    }

    private IVParameterSpec getIVParameterSpec(int i) {
        if (i < 0 || i >= NUM_KEYGEN_ALG) {
            return null;
        }
        return this.ivParamSpecs[i];
    }

    @Override // com.iplanet.services.util.AMEncryption
    public byte[] encrypt(byte[] bArr) {
        return encode(bArr);
    }

    @Override // com.iplanet.services.util.AMEncryption
    public byte[] decrypt(byte[] bArr) {
        return decode(bArr);
    }

    private byte[] encode(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            EncryptionAlgorithm encryptionAlg = getEncryptionAlg(DEFAULT_ENCYPTION_ALG);
            byte[] bArr2 = {(byte) r0, (byte) getEncryptionByte(DEFAULT_ENCYPTION_ALG)};
            Cipher cipherContext = mToken.getCipherContext(encryptionAlg);
            int keyGenByte = getKeyGenByte(DEFAULT_KEYGEN_ALG);
            SymmetricKey symmetricKey = getSymmetricKey(keyGenByte);
            IVParameterSpec iVParameterSpec = getIVParameterSpec(keyGenByte);
            byte[] iv = iVParameterSpec.getIV();
            cipherContext.initEncrypt(symmetricKey, iVParameterSpec);
            return addPrefix(bArr2, iv, cipherContext.doFinal(bArr));
        } catch (Throwable th) {
            if (debug == null) {
                return null;
            }
            debug.error(new StringBuffer().append("in encode string ").append(th).toString());
            return null;
        }
    }

    private byte[] decode(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        try {
            if (bArr[0] != 1) {
                if (debug == null) {
                    return null;
                }
                debug.error(new StringBuffer().append("In decode string: unsupported version:").append((int) bArr[0]).toString());
                return null;
            }
            byte[] type = getType(bArr);
            byte[] raw = getRaw(bArr);
            if (type[1] < 0 && type[1] >= NUM_ENCRYPTION_ALG) {
                if (debug == null) {
                    return null;
                }
                debug.error(new StringBuffer().append("In decode string: unsupported encryption bit:").append((int) type[1]).toString());
                return null;
            }
            Cipher cipherContext = mToken.getCipherContext(getEncryptionAlg(ENCRYPTION_ALGS[type[1]]));
            if (type[0] < 0 && type[0] >= NUM_KEYGEN_ALG) {
                if (debug == null) {
                    return null;
                }
                debug.error(new StringBuffer().append("In decode string: unsupported keygen bit:").append((int) type[0]).toString());
                return null;
            }
            cipherContext.initDecrypt(getSymmetricKey(type[0]), getIVParameterSpec(type[0]));
            byte[] doFinal = cipherContext.doFinal(raw);
            if (doFinal != null) {
                return doFinal;
            }
            debug.error(new StringBuffer().append("Failed to decode ").append(bArr).toString());
            return null;
        } catch (Throwable th) {
            if (debug == null) {
                return null;
            }
            debug.error(new StringBuffer().append("in decoding string ").append(bArr).toString(), th);
            return null;
        }
    }

    private static byte[] addPrefix(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        byte[] bArr4 = new byte[bArr3.length + 11];
        bArr4[0] = 1;
        bArr4[1] = bArr[0];
        bArr4[2] = bArr[1];
        for (int i = 0; i < 8; i++) {
            bArr4[3 + i] = bArr2[i];
        }
        for (int i2 = 0; i2 < bArr3.length; i2++) {
            bArr4[11 + i2] = bArr3[i2];
        }
        return bArr4;
    }

    private static byte[] getType(byte[] bArr) {
        return new byte[]{bArr[1], bArr[2]};
    }

    private static byte[] getIV(byte[] bArr) {
        byte[] bArr2 = new byte[8];
        for (int i = 0; i < 8; i++) {
            bArr2[i] = bArr[i + 3];
        }
        return bArr2;
    }

    private static byte[] getRaw(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length - 11];
        for (int i = 11; i < bArr.length; i++) {
            bArr2[i - 11] = bArr[i];
        }
        return bArr2;
    }

    private static int getKeyGenByte(String str) {
        for (int i = 0; i < NUM_KEYGEN_ALG; i++) {
            if (str.equals(KEYGEN_ALGS[i])) {
                return i;
            }
        }
        if (debug == null) {
            return 0;
        }
        debug.error("keyGen algorithm is not valid.");
        return 0;
    }

    private static PBEAlgorithm getKeyGenAlg(String str) {
        if (str.equals("PBE_SHA1_DES3_CBC")) {
            return PBEAlgorithm.PBE_SHA1_DES3_CBC;
        }
        if (str.equals("PBE_MD2_DES_CBC")) {
            return PBEAlgorithm.PBE_MD2_DES_CBC;
        }
        if (str.equals(DEFAULT_KEYGEN_ALG)) {
            return PBEAlgorithm.PBE_MD5_DES_CBC;
        }
        if (str.equals("PBE_SHA1_DES_CBC")) {
            return PBEAlgorithm.PBE_SHA1_DES_CBC;
        }
        if (str.equals("PBE_SHA1_RC2_128_CBC")) {
            return PBEAlgorithm.PBE_SHA1_RC2_128_CBC;
        }
        if (str.equals("PBE_SHA1_RC2_40_CBC")) {
            return PBEAlgorithm.PBE_SHA1_RC2_40_CBC;
        }
        if (str.equals("PBE_SHA1_RC4_128")) {
            return PBEAlgorithm.PBE_SHA1_RC4_128;
        }
        if (str.equals("PBE_SHA1_RC4_40")) {
            return PBEAlgorithm.PBE_SHA1_RC4_40;
        }
        if (debug != null) {
            debug.message("keyGen algorithm is not valid.");
        }
        return PBEAlgorithm.PBE_SHA1_DES3_CBC;
    }

    private static int getEncryptionByte(String str) {
        for (int i = 0; i < NUM_ENCRYPTION_ALG; i++) {
            if (str.equals(ENCRYPTION_ALGS[i])) {
                return i;
            }
        }
        if (debug == null) {
            return 0;
        }
        debug.error("Encryption algorithm is not valid.");
        return 0;
    }

    private static EncryptionAlgorithm getEncryptionAlg(String str) {
        if (str.equals("DES3_CBC_PAD")) {
            return EncryptionAlgorithm.DES3_CBC_PAD;
        }
        if (str.equals("DES3_CBC")) {
            return EncryptionAlgorithm.DES3_CBC;
        }
        if (str.equals("DES3_ECB")) {
            return EncryptionAlgorithm.DES3_ECB;
        }
        if (str.equals("DES_CBC")) {
            return EncryptionAlgorithm.DES_CBC;
        }
        if (str.equals(DEFAULT_ENCYPTION_ALG)) {
            return EncryptionAlgorithm.DES_CBC_PAD;
        }
        if (str.equals("DES_ECB")) {
            return EncryptionAlgorithm.DES_ECB;
        }
        if (str.equals("RC2_CBC")) {
            return EncryptionAlgorithm.RC2_CBC;
        }
        if (str.equals("RC4")) {
            return EncryptionAlgorithm.RC4;
        }
        if (debug != null) {
            debug.message("Encryption algorithm is not valid.");
        }
        return EncryptionAlgorithm.DES3_CBC_PAD;
    }

    static {
        String str;
        mToken = null;
        String property = System.getProperty("java.io.tmpdir");
        String stringBuffer = new StringBuffer().append(System.getProperty("user.name")).append("-").toString();
        String str2 = null;
        String str3 = SystemProperties.get(Constants.AM_ADMIN_CLI_CERTDB_DIR);
        if (str3 == null) {
            str3 = property;
        }
        String str4 = SystemProperties.get("com.sun.identity.authentication.ocspCheck");
        if (str4 != null && str4.trim().equals("")) {
            str4 = null;
        }
        boolean z = str4 != null && str4.equalsIgnoreCase("true");
        String str5 = SystemProperties.get(Constants.AUTHENTICATION_OCSP_RESPONDER_URL);
        if (str5 != null && str5.trim().equals("")) {
            str5 = null;
        }
        String str6 = SystemProperties.get(Constants.AUTHENTICATION_OCSP_RESPONDER_NICKNAME);
        if (str6 != null && str6.trim().equals("")) {
            str6 = null;
        }
        if (new File(str3).exists()) {
            str = SystemProperties.get(Constants.AM_ADMIN_CLI_CERTDB_PREFIX);
            if (str == null) {
                str = "";
            }
            String str7 = SystemProperties.get("com.iplanet.am.admin.cli.certdb.passfile");
            if (str7 != null) {
                try {
                    str2 = new BufferedReader(new InputStreamReader(new FileInputStream(str7))).readLine();
                } catch (Exception e) {
                }
            }
        } else {
            str3 = property;
            str = stringBuffer;
        }
        String str8 = str;
        try {
            mToken = findToken();
        } catch (CryptoManager.NotInitializedException e2) {
            try {
                if (debug.messageEnabled()) {
                    debug.message("Intilize CryptoManager in JSSEncryption.java");
                }
                CryptoManager.InitializationValues initializationValues = str.equals("") ? new CryptoManager.InitializationValues(str3) : new CryptoManager.InitializationValues(str3, str, str8, "secmod.db");
                initializationValues.removeSunProvider = false;
                boolean booleanValue = Boolean.valueOf(SystemProperties.get("com.sun.identity.jss.donotInstallAtHighestPriority", "false")).booleanValue();
                if (booleanValue) {
                    initializationValues.installJSSProvider = false;
                }
                if (debug.messageEnabled()) {
                    debug.message(new StringBuffer().append("ocspCheck value in JSSEncryption : ").append(z).toString());
                }
                initializationValues.ocspCheckingEnabled = z;
                if (z && str5 != null && str6 != null) {
                    initializationValues.ocspResponderCertNickname = str6;
                    initializationValues.ocspResponderURL = str5;
                }
                CryptoManager.initialize(initializationValues);
                if (booleanValue) {
                    Security.addProvider(new Provider());
                }
                if (str2 != null) {
                    CryptoManager.getInstance().setPasswordCallback(new JSSPasswordCallback(str2));
                }
                mToken = findToken();
            } catch (Exception e3) {
                if (debug != null) {
                    debug.error("Crypt: Initialize JSS ", e3);
                }
            }
        }
    }
}
