package com.ibm.msg.client.commonservices.passwordprotection.algorithms;

import com.ibm.mq.ese.core.MessageProtectionConstants;
import com.ibm.msg.client.commonservices.passwordprotection.CryptoUtil;
import com.ibm.msg.client.commonservices.passwordprotection.EncodedPasswordAbstract;
import com.ibm.msg.client.commonservices.passwordprotection.MQAbstractPBE;
import com.ibm.msg.client.commonservices.passwordprotection.PBEException;
import com.ibm.msg.client.commonservices.passwordprotection.passwordencodings.EncodedPasswordV1;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;

/* loaded from: input_file:com/ibm/msg/client/commonservices/passwordprotection/algorithms/MQPBE1.class */
public class MQPBE1 extends MQAbstractPBE {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72 (c) Copyright IBM Corp. 2020,2022 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final int PBK_ITERATIONS = 84756;
    private static final int PBK_KEY_LENGTH = 128;
    private static final String ALGORITHM_PBK = "PBKDF2WithHmacSHA1";
    private static final String TRANSFORM_PBK = "AES/CBC/PKCS5Padding";
    public static final int MD5_HASH_LEN = 16;
    private int checkSum;
    private SecretKeySpec encryptionKey;
    private MessageDigest md5 = null;
    private boolean needsReInit = true;
    private int initialisedOpmode = -1;

    public MQPBE1(char[] cArr, byte[] bArr) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "MQPBE1(char[], byte[])", new Object[]{"********", "********"});
        }
        initAlgorithm(ALGORITHM_PBK, TRANSFORM_PBK);
        if (cArr == null) {
            PBEException pBEException = new PBEException("Initial Key Cannot be null", PBEException.PBERC.INVALIDINITIALKEY);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "MQPBE1(char[], byte[])", pBEException);
            }
            throw pBEException;
        }
        if (bArr == null) {
            PBEException pBEException2 = new PBEException("Fixed Salt Cannot be null", PBEException.PBERC.INVALIDFIXEDSALT);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "MQPBE1(char[], byte[])", pBEException2);
            }
            throw pBEException2;
        }
        initKey(cArr, bArr);
        if (Trace.isOn) {
            Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "MQPBE1(char[], byte[])");
        }
    }

    private void initKey(char[] cArr, byte[] bArr) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initKey(char[], byte[])", new Object[]{"********", "********"});
        }
        try {
            this.encryptionKey = new SecretKeySpec(this.keyFactory.generateSecret(new PBEKeySpec(cArr, bArr, PBK_ITERATIONS, 128)).getEncoded(), MessageProtectionConstants.ENCRYPTION_AES);
            this.needsReInit = true;
            this.checkSum = getCheckSum(cArr, bArr);
        } catch (Exception e) {
            PBEException pBEException = new PBEException(e.getMessage(), PBEException.PBERC.INITKEYFAILURE);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initKey(char[], byte[])", pBEException);
            }
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initKey(char[], byte[])");
        }
    }

    private void initPBE1Cipher(int i, byte[] bArr) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initPBE1Cipher(int, byte[])", new Object[]{Integer.valueOf(i), bArr});
        }
        if (this.needsReInit || i != this.initialisedOpmode || bArr == null || !(bArr == null || Arrays.equals(bArr, this.cipher.getIV()))) {
            try {
                this.cipher.init(i, this.encryptionKey, bArr == null ? null : new IvParameterSpec(bArr));
                this.needsReInit = false;
                this.initialisedOpmode = i;
            } catch (Exception e) {
                PBEException pBEException = new PBEException(e.getMessage(), PBEException.PBERC.INITCIPHERFAILURE);
                if (Trace.isOn) {
                    Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initPBE1Cipher(int, byte[])", pBEException);
                }
                throw pBEException;
            }
        } else if (Trace.isOn) {
            Trace.data("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initPBE1Cipher(int, byte[])", (Object) "Did nothing");
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "initPBE1Cipher(int, byte[])");
        }
    }

    @Override // com.ibm.msg.client.commonservices.passwordprotection.MQAbstractPBE
    public synchronized EncodedPasswordV1 encode(int i, char[] cArr, byte[] bArr, String str) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "encode(int, char[], byte[], String)", new Object[]{Integer.valueOf(i), "********", bArr, str});
        }
        initPBE1Cipher(1, bArr);
        byte[] charArrayToByteArray = CryptoUtil.charArrayToByteArray(cArr);
        if (i == 2) {
            try {
                byte[] digest = getDigest(charArrayToByteArray);
                byte[] bArr2 = new byte[charArrayToByteArray.length + digest.length];
                System.arraycopy(digest, 0, bArr2, 0, digest.length);
                System.arraycopy(charArrayToByteArray, 0, bArr2, digest.length, charArrayToByteArray.length);
                charArrayToByteArray = bArr2;
            } catch (NoSuchAlgorithmException e) {
                PBEException pBEException = new PBEException("Unable to get algorithm for digest creation", PBEException.PBERC.ENCRYPTFAILURE);
                if (Trace.isOn) {
                    Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "encode(int, char[], byte[], String)", pBEException);
                }
                throw pBEException;
            }
        }
        try {
            EncodedPasswordV1 encodedPasswordV1 = new EncodedPasswordV1(i, this.cipher.getIV(), this.cipher.doFinal(charArrayToByteArray), str);
            Arrays.fill(charArrayToByteArray, (byte) 0);
            if (Trace.isOn) {
                Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "encode(int, char[], byte[], String)", encodedPasswordV1.isTraceable() ? encodedPasswordV1 : "********");
            }
            return encodedPasswordV1;
        } catch (Exception e2) {
            PBEException pBEException2 = new PBEException(e2.getMessage(), PBEException.PBERC.ENCRYPTFAILURE);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "encode(int, char[], byte[], String)", pBEException2);
            }
            throw pBEException2;
        }
    }

    @Override // com.ibm.msg.client.commonservices.passwordprotection.MQAbstractPBE, com.ibm.msg.client.commonservices.passwordprotection.MQPasswordCipher
    public synchronized char[] decode(EncodedPasswordAbstract encodedPasswordAbstract) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "decode(int, EncodedPasswordAbstract)", encodedPasswordAbstract.isTraceable() ? new Object[]{Integer.valueOf(encodedPasswordAbstract.getAlgorithm()), encodedPasswordAbstract} : new Object[]{Integer.valueOf(encodedPasswordAbstract.getAlgorithm()), "********"});
        }
        if (!(encodedPasswordAbstract instanceof EncodedPasswordV1)) {
            PBEException pBEException = new PBEException("Unrecognized password version", PBEException.PBERC.UNKNOWNPASSWORDENCODING);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "decode(int, EncodedPasswordAbstract)", pBEException);
            }
            throw pBEException;
        }
        EncodedPasswordV1 encodedPasswordV1 = (EncodedPasswordV1) encodedPasswordAbstract;
        initPBE1Cipher(2, encodedPasswordV1.getIV());
        try {
            byte[] doFinal = this.cipher.doFinal(encodedPasswordV1.getPassword());
            if (encodedPasswordAbstract.getAlgorithm() == 2) {
                if (doFinal.length < 16) {
                    throw new GeneralSecurityException("Cannot decrypt credential - ciphertext too short for protection mode.");
                }
                byte[] copyOfRange = Arrays.copyOfRange(doFinal, 16, doFinal.length);
                if (!Arrays.equals(getDigest(copyOfRange), Arrays.copyOfRange(doFinal, 0, 16))) {
                    throw new GeneralSecurityException("Cannot decrypt credential - digest mismatch.");
                }
                doFinal = copyOfRange;
            }
            char[] byteArrayToCharArray = CryptoUtil.byteArrayToCharArray(doFinal);
            Arrays.fill(doFinal, (byte) 0);
            if (Trace.isOn) {
                Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "decode(int, EncodedPasswordAbstract)", new Object[]{"********"});
            }
            return byteArrayToCharArray;
        } catch (Exception e) {
            PBEException pBEException2 = new PBEException(e.getMessage(), PBEException.PBERC.DECRYPTFAILURE);
            if (Trace.isOn) {
                Trace.throwing("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "decode(int, EncodedPasswordAbstract)", pBEException2);
            }
            throw pBEException2;
        }
    }

    @Override // com.ibm.msg.client.commonservices.passwordprotection.MQAbstractPBE, com.ibm.msg.client.commonservices.passwordprotection.MQPasswordCipher
    public boolean verify(char[] cArr, EncodedPasswordAbstract encodedPasswordAbstract, String str) {
        boolean z;
        if (Trace.isOn) {
            Object[] objArr = new Object[3];
            objArr[0] = "********";
            objArr[1] = encodedPasswordAbstract.isTraceable() ? encodedPasswordAbstract : "********";
            objArr[2] = str;
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "verify(char[], EncodedPasswordAbstract, String)", objArr);
        }
        if (encodedPasswordAbstract instanceof EncodedPasswordV1) {
            try {
                z = encode(encodedPasswordAbstract.getAlgorithm(), cArr, ((EncodedPasswordV1) encodedPasswordAbstract).getIV(), str).equals(encodedPasswordAbstract);
            } catch (PBEException e) {
                Trace.data("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "verify(char[], EncodedPasswordAbstract, String)", (Object) ("Failed to encode password so cannot match: " + e.getMessage()));
                z = false;
            }
        } else {
            if (Trace.isOn) {
                Trace.data("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "verify(char[], EncodedPasswordAbstract, String)", (Object) "Given EncodedPasswordAbstract is not of type EncodedPasswordV1 so cannot match");
            }
            z = false;
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "verify(char[], EncodedPasswordAbstract, String)", Boolean.valueOf(z));
        }
        return z;
    }

    byte[] getDigest(byte[] bArr) throws NoSuchAlgorithmException {
        if (this.md5 == null) {
            this.md5 = MessageDigest.getInstance("MD5");
        }
        this.md5.update(bArr);
        return this.md5.digest();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [int] */
    /* JADX WARN: Type inference failed for: r0v19, types: [int] */
    int getCheckSum(char[] cArr, byte[] bArr) {
        char c = 0;
        for (char c2 : cArr) {
            c += c2;
        }
        for (byte b : bArr) {
            c += b;
        }
        return c;
    }

    @Override // com.ibm.msg.client.commonservices.passwordprotection.MQPasswordCipher
    public synchronized void reInitializeIfNecessary(char[] cArr, byte[] bArr) throws PBEException {
        if (Trace.isOn) {
            Trace.entry("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "ReInitializeIfNecessary(char[], byte[])", new Object[]{"********", "********"});
        }
        if (getCheckSum(cArr, bArr) != this.checkSum) {
            if (Trace.isOn) {
                Trace.data("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "ReInitializeIfNecessary(char[], byte[])", (Object) "Checksums did not match. Re-initializing keys.");
            }
            try {
                this.encryptionKey.destroy();
            } catch (DestroyFailedException e) {
                Trace.catchBlock("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "ReInitializeIfNecessary(char[], byte[])", e);
            }
            initKey(cArr, bArr);
        } else if (Trace.isOn) {
            Trace.data("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "ReInitializeIfNecessary(char[], byte[])", (Object) "Checksums matched so no need to re-initialize");
        }
        if (Trace.isOn) {
            Trace.exit("com.ibm.msg.client.commonservices.passwordprotection.algorithms.MQPBE1", "ReInitializeIfNecessary(char[], byte[])");
        }
    }
}
