package oracle.security.crypto.core;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import oracle.security.crypto.asn1.ASN1ObjectID;
import oracle.security.crypto.provider.JCEUtil;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.crypto.util.Utils;
import org.apache.catalina.realm.SecretKeyCredentialHandler;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/osdt_core-19.3.0.0.jar:oracle/security/crypto/core/b.class */
public final class b extends PBE {
    private boolean d;
    private int e;
    private SecretKeyFactory f;
    private AlgorithmParameterSpec g;
    private javax.crypto.Cipher h;

    @Override // oracle.security.crypto.core.PBE
    public void initialize(AlgorithmIdentifier algorithmIdentifier) throws AlgorithmIdentifierException {
        if (algorithmIdentifier instanceof PBEAlgorithmIdentifier) {
            this.a = (PBEAlgorithmIdentifier) algorithmIdentifier;
        } else {
            try {
                this.a = new PBEAlgorithmIdentifier(Utils.toStream(algorithmIdentifier));
            } catch (IOException e) {
                throw new AlgorithmIdentifierException(e);
            }
        }
        try {
            if (this.a.getOID().equals(PBEAlgorithmIdentifier.id_PBES2)) {
                this.d = true;
                b();
            } else {
                this.d = false;
                a();
            }
        } catch (GeneralSecurityException e2) {
            throw new AlgorithmIdentifierException(e2);
        }
    }

    @Override // oracle.security.crypto.core.PBE
    public void initialize(int i, byte[] bArr, int i2) throws AlgorithmIdentifierException {
        initialize(new PBEAlgorithmIdentifier(new ASN1ObjectID(PBEAlgorithmIdentifier.pkcs5, i), bArr, i2));
    }

    @Override // oracle.security.crypto.core.PBE
    public void initialize(int i) throws AlgorithmIdentifierException {
        initialize(new PBEAlgorithmIdentifier(new ASN1ObjectID(PBEAlgorithmIdentifier.pkcs5, i)));
    }

    @Override // oracle.security.crypto.core.PBE
    public byte[] encryptPrivateKey(String str, PrivateKey privateKey) throws CipherException {
        if (privateKey instanceof PrivateKeyPKCS8) {
            throw new CipherException("Cannot encrypt encrypted key");
        }
        return encrypt(str, c.a(privateKey));
    }

    @Override // oracle.security.crypto.core.PBE
    public PrivateKey decryptPrivateKey(String str, byte[] bArr) throws CipherException, IOException {
        byte[] decrypt = decrypt(str, bArr);
        PrivateKey inputPrivateKey = CryptoUtils.inputPrivateKey(new UnsyncByteArrayInputStream(decrypt));
        Utils.setArray(decrypt, (byte) 0);
        return inputPrivateKey;
    }

    @Override // oracle.security.crypto.core.PBE
    public byte[] encryptSymmetricKey(String str, SymmetricKey symmetricKey) throws CipherException {
        return encrypt(str, symmetricKey.e());
    }

    @Override // oracle.security.crypto.core.PBE
    public SymmetricKey decryptSymmetricKey(String str, byte[] bArr) throws CipherException {
        byte[] decrypt = decrypt(str, bArr);
        SymmetricKey symmetricKey = new SymmetricKey(decrypt);
        Utils.setArray(decrypt, (byte) 0);
        return symmetricKey;
    }

    @Override // oracle.security.crypto.core.PBE
    public byte[] encrypt(String str, byte[] bArr) throws CipherException {
        char[] charArray = str.toCharArray();
        try {
            byte[] a = a(1, charArray, bArr);
            Arrays.fill(charArray, (char) 0);
            return a;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    @Override // oracle.security.crypto.core.PBE
    public byte[] decrypt(String str, byte[] bArr) throws CipherException {
        char[] charArray = str.toCharArray();
        try {
            byte[] a = a(2, charArray, bArr);
            Arrays.fill(charArray, (char) 0);
            return a;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    private void a() throws GeneralSecurityException {
        String stringCompact = this.a.getOID().toStringCompact();
        this.f = JCEUtil.getSecretKeyFactoryInstance(stringCompact);
        this.g = new PBEParameterSpec(this.a.getSalt(), this.a.getIterationCount());
        this.h = JCEUtil.getCipherInstance(stringCompact);
    }

    private void b() throws GeneralSecurityException, AlgorithmIdentifierException {
        String str;
        AlgorithmIdentifier pseudorandomFunc = this.a.getPseudorandomFunc();
        AlgorithmIdentifier encryptionScheme = this.a.getEncryptionScheme();
        ASN1ObjectID oid = encryptionScheme.getOID();
        boolean isJsafeJCERegistered = JCEUtil.isJsafeJCERegistered();
        if (pseudorandomFunc.equals(AlgID.hmacWithSHA1)) {
            str = SecretKeyCredentialHandler.DEFAULT_ALGORITHM;
        } else if (pseudorandomFunc.equals(AlgID.hmacWithSHA224)) {
            str = isJsafeJCERegistered ? "PBKDF2WithSHA224" : "PBKDF2WithHmacSHA224";
        } else if (pseudorandomFunc.equals(AlgID.hmacWithSHA256)) {
            str = isJsafeJCERegistered ? "PBKDF2WithSHA256" : "PBKDF2WithHmacSHA256";
        } else if (pseudorandomFunc.equals(AlgID.hmacWithSHA384)) {
            str = isJsafeJCERegistered ? "PBKDF2WithSHA384" : "PBKDF2WithHmacSHA384";
        } else {
            if (!pseudorandomFunc.equals(AlgID.hmacWithSHA512)) {
                throw new AlgorithmIdentifierException("PBES2 KDF not supported: " + pseudorandomFunc);
            }
            str = isJsafeJCERegistered ? "PBKDF2WithSHA512" : "PBKDF2WithHmacSHA512";
        }
        if (oid.equals(AlgID.aes128_CBC.getOID())) {
            this.e = 128;
        } else if (oid.equals(AlgID.aes192_CBC.getOID())) {
            this.e = 192;
        } else {
            if (!oid.equals(AlgID.aes256_CBC.getOID())) {
                throw new AlgorithmIdentifierException("PBES2 Encryption Scheme not supported: " + encryptionScheme);
            }
            this.e = 256;
        }
        this.f = JCEUtil.getSecretKeyFactoryInstance(str);
        try {
            this.g = new IvParameterSpec(CryptoUtils.getIV(encryptionScheme));
            this.h = JCEUtil.getCipherInstance("AES/CBC/PKCS5Padding");
        } catch (AlgorithmIdentifierException e) {
            throw new AlgorithmIdentifierException("Invalid ES parameters", e);
        }
    }

    private byte[] a(int i, char[] cArr, byte[] bArr) throws CipherException {
        try {
            a(i, cArr);
            return this.h.doFinal(bArr);
        } catch (BadPaddingException e) {
            throw new CipherException("Invalid padding string (or incorrect password)", e);
        } catch (GeneralSecurityException e2) {
            throw new CipherException("JCE PBE failure", e2);
        }
    }

    private void a(int i, char[] cArr) throws GeneralSecurityException {
        if (this.d) {
            c(i, cArr);
        } else {
            b(i, cArr);
        }
    }

    private void b(int i, char[] cArr) throws GeneralSecurityException {
        this.h.init(i, this.f.generateSecret(new PBEKeySpec(cArr)), this.g);
    }

    private void c(int i, char[] cArr) throws GeneralSecurityException {
        this.h.init(i, new SecretKeySpec(this.f.generateSecret(new PBEKeySpec(cArr, this.a.getSalt(), this.a.getIterationCount(), this.e)).getEncoded(), "AES"), this.g);
    }
}
