package org.jasypt.encryption.pbe;

import java.security.InvalidKeyException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.jasypt.commons.CommonUtils;
import org.jasypt.encryption.pbe.config.PBECleanablePasswordConfig;
import org.jasypt.encryption.pbe.config.PBEConfig;
import org.jasypt.exceptions.AlreadyInitializedException;
import org.jasypt.exceptions.EncryptionInitializationException;
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
import org.jasypt.iv.IvGenerator;
import org.jasypt.iv.NoIvGenerator;
import org.jasypt.normalization.Normalizer;
import org.jasypt.salt.FixedSaltGenerator;
import org.jasypt.salt.RandomSaltGenerator;
import org.jasypt.salt.SaltGenerator;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/jasypt-1.9.3.jar:org/jasypt/encryption/pbe/StandardPBEByteEncryptor.class
 */
/* loaded from: input_file:WEB-INF/lib/alfresco-share-encryption-14.70.jar:org/jasypt/encryption/pbe/StandardPBEByteEncryptor.class */
public final class StandardPBEByteEncryptor implements PBEByteCleanablePasswordEncryptor {
    public static final String DEFAULT_ALGORITHM = "PBEWithMD5AndDES";
    public static final int DEFAULT_KEY_OBTENTION_ITERATIONS = 1000;
    public static final int DEFAULT_SALT_SIZE_BYTES = 8;
    public static final int DEFAULT_IV_SIZE_BYTES = 16;
    private String algorithm = DEFAULT_ALGORITHM;
    private String providerName = null;
    private Provider provider = null;
    private char[] password = null;
    private int keyObtentionIterations = 1000;
    private SaltGenerator saltGenerator = null;
    private int saltSizeBytes = 8;
    private IvGenerator ivGenerator = null;
    private int ivSizeBytes = 16;
    private PBEConfig config = null;
    private boolean algorithmSet = false;
    private boolean passwordSet = false;
    private boolean iterationsSet = false;
    private boolean saltGeneratorSet = false;
    private boolean ivGeneratorSet = false;
    private boolean providerNameSet = false;
    private boolean providerSet = false;
    private boolean initialized = false;
    private SecretKey key = null;
    private Cipher encryptCipher = null;
    private Cipher decryptCipher = null;
    private boolean optimizingDueFixedSalt = false;
    private byte[] fixedSaltInUse = null;

    public synchronized void setConfig(PBEConfig pBEConfig) {
        CommonUtils.validateNotNull(pBEConfig, "Config cannot be set null");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.config = pBEConfig;
    }

    public synchronized void setAlgorithm(String str) {
        CommonUtils.validateNotEmpty(str, "Algorithm cannot be set empty");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.algorithm = str;
        this.algorithmSet = true;
    }

    @Override // org.jasypt.encryption.pbe.PasswordBased
    public synchronized void setPassword(String str) {
        CommonUtils.validateNotEmpty(str, "Password cannot be set empty");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        if (this.password != null) {
            cleanPassword(this.password);
        }
        this.password = str.toCharArray();
        this.passwordSet = true;
    }

    @Override // org.jasypt.encryption.pbe.CleanablePasswordBased
    public synchronized void setPasswordCharArray(char[] cArr) {
        CommonUtils.validateNotNull(cArr, "Password cannot be set null");
        CommonUtils.validateIsTrue(cArr.length > 0, "Password cannot be set empty");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        if (this.password != null) {
            cleanPassword(this.password);
        }
        this.password = new char[cArr.length];
        System.arraycopy(cArr, 0, this.password, 0, cArr.length);
        this.passwordSet = true;
    }

    public synchronized void setKeyObtentionIterations(int i) {
        CommonUtils.validateIsTrue(i > 0, "Number of iterations for key obtention must be greater than zero");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.keyObtentionIterations = i;
        this.iterationsSet = true;
    }

    public synchronized void setSaltGenerator(SaltGenerator saltGenerator) {
        CommonUtils.validateNotNull(saltGenerator, "Salt generator cannot be set null");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.saltGenerator = saltGenerator;
        this.saltGeneratorSet = true;
    }

    public synchronized void setIvGenerator(IvGenerator ivGenerator) {
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.ivGenerator = ivGenerator;
        this.ivGeneratorSet = true;
    }

    public synchronized void setProviderName(String str) {
        CommonUtils.validateNotNull(str, "Provider name cannot be set null");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.providerName = str;
        this.providerNameSet = true;
    }

    public synchronized void setProvider(Provider provider) {
        CommonUtils.validateNotNull(provider, "Provider cannot be set null");
        if (isInitialized()) {
            throw new AlreadyInitializedException();
        }
        this.provider = provider;
        this.providerSet = true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized StandardPBEByteEncryptor[] cloneAndInitializeEncryptor(int i) {
        if (isInitialized()) {
            throw new EncryptionInitializationException("Cannot clone encryptor if it has been already initialized");
        }
        resolveConfigurationPassword();
        char[] cArr = new char[this.password.length];
        System.arraycopy(this.password, 0, cArr, 0, this.password.length);
        initialize();
        StandardPBEByteEncryptor[] standardPBEByteEncryptorArr = new StandardPBEByteEncryptor[i];
        standardPBEByteEncryptorArr[0] = this;
        for (int i2 = 1; i2 < i; i2++) {
            StandardPBEByteEncryptor standardPBEByteEncryptor = new StandardPBEByteEncryptor();
            standardPBEByteEncryptor.setPasswordCharArray(cArr);
            if (CommonUtils.isNotEmpty(this.algorithm)) {
                standardPBEByteEncryptor.setAlgorithm(this.algorithm);
            }
            standardPBEByteEncryptor.setKeyObtentionIterations(this.keyObtentionIterations);
            if (this.provider != null) {
                standardPBEByteEncryptor.setProvider(this.provider);
            }
            if (this.providerName != null) {
                standardPBEByteEncryptor.setProviderName(this.providerName);
            }
            if (this.saltGenerator != null) {
                standardPBEByteEncryptor.setSaltGenerator(this.saltGenerator);
            }
            if (this.ivGenerator != null) {
                standardPBEByteEncryptor.setIvGenerator(this.ivGenerator);
            }
            standardPBEByteEncryptorArr[i2] = standardPBEByteEncryptor;
        }
        cleanPassword(cArr);
        return standardPBEByteEncryptorArr;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public synchronized void initialize() {
        if (this.initialized) {
            return;
        }
        if (this.config != null) {
            resolveConfigurationPassword();
            String algorithm = this.config.getAlgorithm();
            if (algorithm != null) {
                CommonUtils.validateNotEmpty(algorithm, "Algorithm cannot be set empty");
            }
            Integer keyObtentionIterations = this.config.getKeyObtentionIterations();
            if (keyObtentionIterations != null) {
                CommonUtils.validateIsTrue(keyObtentionIterations.intValue() > 0, "Number of iterations for key obtention must be greater than zero");
            }
            SaltGenerator saltGenerator = this.config.getSaltGenerator();
            IvGenerator ivGenerator = this.config.getIvGenerator();
            String providerName = this.config.getProviderName();
            if (providerName != null) {
                CommonUtils.validateNotEmpty(providerName, "Provider name cannot be empty");
            }
            Provider provider = this.config.getProvider();
            this.algorithm = (this.algorithmSet || algorithm == null) ? this.algorithm : algorithm;
            this.keyObtentionIterations = (this.iterationsSet || keyObtentionIterations == null) ? this.keyObtentionIterations : keyObtentionIterations.intValue();
            this.saltGenerator = (this.saltGeneratorSet || saltGenerator == null) ? this.saltGenerator : saltGenerator;
            this.ivGenerator = (this.ivGeneratorSet || ivGenerator == null) ? this.ivGenerator : ivGenerator;
            this.providerName = (this.providerNameSet || providerName == null) ? this.providerName : providerName;
            this.provider = (this.providerSet || provider == null) ? this.provider : provider;
        }
        if (this.saltGenerator == null) {
            this.saltGenerator = new RandomSaltGenerator();
        }
        if (this.ivGenerator == null) {
            this.ivGenerator = new NoIvGenerator();
        }
        try {
            if (this.password == null) {
                throw new EncryptionInitializationException("Password not set for Password Based Encryptor");
            }
            char[] normalizeToNfc = Normalizer.normalizeToNfc(this.password);
            PBEKeySpec pBEKeySpec = new PBEKeySpec(normalizeToNfc);
            cleanPassword(this.password);
            cleanPassword(normalizeToNfc);
            if (this.provider != null) {
                this.key = SecretKeyFactory.getInstance(this.algorithm, this.provider).generateSecret(pBEKeySpec);
                this.encryptCipher = Cipher.getInstance(this.algorithm, this.provider);
                this.decryptCipher = Cipher.getInstance(this.algorithm, this.provider);
            } else if (this.providerName != null) {
                this.key = SecretKeyFactory.getInstance(this.algorithm, this.providerName).generateSecret(pBEKeySpec);
                this.encryptCipher = Cipher.getInstance(this.algorithm, this.providerName);
                this.decryptCipher = Cipher.getInstance(this.algorithm, this.providerName);
            } else {
                this.key = SecretKeyFactory.getInstance(this.algorithm).generateSecret(pBEKeySpec);
                this.encryptCipher = Cipher.getInstance(this.algorithm);
                this.decryptCipher = Cipher.getInstance(this.algorithm);
            }
            int blockSize = this.encryptCipher.getBlockSize();
            if (blockSize > 0) {
                this.saltSizeBytes = blockSize;
                this.ivSizeBytes = blockSize;
            }
            this.optimizingDueFixedSalt = (this.saltGenerator instanceof FixedSaltGenerator) && (this.ivGenerator instanceof NoIvGenerator);
            if (this.optimizingDueFixedSalt) {
                this.fixedSaltInUse = this.saltGenerator.generateSalt(this.saltSizeBytes);
                PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(this.fixedSaltInUse, this.keyObtentionIterations);
                try {
                    this.encryptCipher.init(1, this.key, pBEParameterSpec);
                    this.decryptCipher.init(2, this.key, pBEParameterSpec);
                } catch (Exception e) {
                    throw new EncryptionOperationNotPossibleException();
                }
            }
            this.initialized = true;
        } catch (EncryptionInitializationException e2) {
            throw e2;
        } catch (Throwable th) {
            throw new EncryptionInitializationException(th);
        }
    }

    private synchronized void resolveConfigurationPassword() {
        if (this.initialized || this.config == null || this.passwordSet) {
            return;
        }
        char[] cArr = null;
        if (this.config instanceof PBECleanablePasswordConfig) {
            cArr = ((PBECleanablePasswordConfig) this.config).getPasswordCharArray();
        } else {
            String password = this.config.getPassword();
            if (password != null) {
                cArr = password.toCharArray();
            }
        }
        if (cArr != null) {
            CommonUtils.validateIsTrue(cArr.length > 0, "Password cannot be set empty");
        }
        if (cArr != null) {
            this.password = new char[cArr.length];
            System.arraycopy(cArr, 0, this.password, 0, cArr.length);
            this.passwordSet = true;
            cleanPassword(cArr);
        }
        if (this.config instanceof PBECleanablePasswordConfig) {
            ((PBECleanablePasswordConfig) this.config).cleanPassword();
        }
    }

    private static void cleanPassword(char[] cArr) {
        if (cArr != null) {
            synchronized (cArr) {
                int length = cArr.length;
                for (int i = 0; i < length; i++) {
                    cArr[i] = 0;
                }
            }
        }
    }

    @Override // org.jasypt.encryption.ByteEncryptor
    public byte[] encrypt(byte[] bArr) throws EncryptionOperationNotPossibleException {
        byte[] generateSalt;
        byte[] doFinal;
        if (bArr == null) {
            return null;
        }
        if (!isInitialized()) {
            initialize();
        }
        try {
            byte[] bArr2 = null;
            if (this.optimizingDueFixedSalt) {
                generateSalt = this.fixedSaltInUse;
                synchronized (this.encryptCipher) {
                    doFinal = this.encryptCipher.doFinal(bArr);
                }
            } else {
                generateSalt = this.saltGenerator.generateSalt(this.saltSizeBytes);
                bArr2 = this.ivGenerator.generateIv(this.ivSizeBytes);
                PBEParameterSpec buildPBEParameterSpec = buildPBEParameterSpec(generateSalt, bArr2);
                synchronized (this.encryptCipher) {
                    this.encryptCipher.init(1, this.key, buildPBEParameterSpec);
                    doFinal = this.encryptCipher.doFinal(bArr);
                }
            }
            if (this.ivGenerator.includePlainIvInEncryptionResults()) {
                doFinal = CommonUtils.appendArrays(bArr2, doFinal);
            }
            if (this.saltGenerator.includePlainSaltInEncryptionResults()) {
                doFinal = CommonUtils.appendArrays(generateSalt, doFinal);
            }
            return doFinal;
        } catch (InvalidKeyException e) {
            handleInvalidKeyException(e);
            throw new EncryptionOperationNotPossibleException();
        } catch (Exception e2) {
            throw new EncryptionOperationNotPossibleException();
        }
    }

    @Override // org.jasypt.encryption.ByteEncryptor
    public byte[] decrypt(byte[] bArr) throws EncryptionOperationNotPossibleException {
        byte[] bArr2;
        byte[] bArr3;
        byte[] generateIv;
        byte[] bArr4;
        byte[] doFinal;
        if (bArr == null) {
            return null;
        }
        if (!isInitialized()) {
            initialize();
        }
        if (this.saltGenerator.includePlainSaltInEncryptionResults() && this.ivGenerator.includePlainIvInEncryptionResults()) {
            if (bArr.length <= this.saltSizeBytes + this.ivSizeBytes) {
                throw new EncryptionOperationNotPossibleException();
            }
        } else if (this.saltGenerator.includePlainSaltInEncryptionResults()) {
            if (bArr.length <= this.saltSizeBytes) {
                throw new EncryptionOperationNotPossibleException();
            }
        } else if (this.ivGenerator.includePlainIvInEncryptionResults() && bArr.length <= this.ivSizeBytes) {
            throw new EncryptionOperationNotPossibleException();
        }
        try {
            if (this.saltGenerator.includePlainSaltInEncryptionResults()) {
                int length = this.saltSizeBytes < bArr.length ? this.saltSizeBytes : bArr.length;
                int length2 = this.saltSizeBytes < bArr.length ? this.saltSizeBytes : bArr.length;
                int length3 = this.saltSizeBytes < bArr.length ? bArr.length - this.saltSizeBytes : 0;
                bArr2 = new byte[length];
                bArr3 = new byte[length3];
                System.arraycopy(bArr, 0, bArr2, 0, length);
                System.arraycopy(bArr, length2, bArr3, 0, length3);
            } else if (this.optimizingDueFixedSalt) {
                bArr2 = this.fixedSaltInUse;
                bArr3 = bArr;
            } else {
                bArr2 = this.saltGenerator.generateSalt(this.saltSizeBytes);
                bArr3 = bArr;
            }
            if (this.ivGenerator.includePlainIvInEncryptionResults()) {
                int length4 = this.ivSizeBytes < bArr3.length ? this.ivSizeBytes : bArr3.length;
                int length5 = this.ivSizeBytes < bArr3.length ? this.ivSizeBytes : bArr3.length;
                int length6 = this.ivSizeBytes < bArr3.length ? bArr3.length - this.ivSizeBytes : 0;
                generateIv = new byte[length4];
                bArr4 = new byte[length6];
                System.arraycopy(bArr3, 0, generateIv, 0, length4);
                System.arraycopy(bArr3, length5, bArr4, 0, length6);
            } else {
                generateIv = this.ivGenerator.generateIv(this.ivSizeBytes);
                bArr4 = bArr3;
            }
            if (this.optimizingDueFixedSalt) {
                synchronized (this.decryptCipher) {
                    doFinal = this.decryptCipher.doFinal(bArr4);
                }
                return doFinal;
            }
            PBEParameterSpec buildPBEParameterSpec = buildPBEParameterSpec(bArr2, generateIv);
            synchronized (this.decryptCipher) {
                this.decryptCipher.init(2, this.key, buildPBEParameterSpec);
                doFinal = this.decryptCipher.doFinal(bArr4);
            }
            return doFinal;
        } catch (InvalidKeyException e) {
            handleInvalidKeyException(e);
            throw new EncryptionOperationNotPossibleException();
        } catch (Exception e2) {
            throw new EncryptionOperationNotPossibleException();
        }
    }

    private PBEParameterSpec buildPBEParameterSpec(byte[] bArr, byte[] bArr2) {
        PBEParameterSpec pBEParameterSpec;
        try {
            pBEParameterSpec = (PBEParameterSpec) PBEParameterSpec.class.getConstructor(byte[].class, Integer.TYPE, AlgorithmParameterSpec.class).newInstance(bArr, Integer.valueOf(this.keyObtentionIterations), new IvParameterSpec(bArr2));
        } catch (Exception e) {
            pBEParameterSpec = new PBEParameterSpec(bArr, this.keyObtentionIterations);
        }
        return pBEParameterSpec;
    }

    private void handleInvalidKeyException(InvalidKeyException invalidKeyException) {
        if (invalidKeyException.getMessage() != null && invalidKeyException.getMessage().toUpperCase().indexOf("KEY SIZE") != -1) {
            throw new EncryptionOperationNotPossibleException("Encryption raised an exception. A possible cause is you are using strong encryption algorithms and you have not installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files in this Java Virtual Machine");
        }
    }
}
