package com.adobe.granite.crypto.internal.jsafe;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.internal.CryptoSupportImpl;
import com.rsa.jsafe.CryptoJ;
import com.rsa.jsafe.FIPS140Context;
import com.rsa.jsafe.JSAFE_MAC;
import com.rsa.jsafe.JSAFE_SecretKey;
import com.rsa.jsafe.JSAFE_SecureRandom;
import com.rsa.jsafe.JSAFE_SymmetricCipher;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/jSafeCryptoSupport.jar:com/adobe/granite/crypto/internal/jsafe/JSafeCryptoSupport.class */
public class JSafeCryptoSupport extends CryptoSupportImpl {
    private static final int SEED_SIZE_BYTES = 40;
    private static final int AES_KEY_SIZE_BITS = 128;
    private static String _obfuscartionPassword = "&)e(*k&(*HK:111pBMN}\\NrlKHJ.*&GRK..OscPA__Y#";
    private static byte[] _salt = {-28, 1, 34, 79, -1, -30, 62, 25};
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final FIPS140Context fipsContext;
    private JSAFE_SecureRandom randomNumberGenerator;
    private byte[] key;

    public JSafeCryptoSupport() throws Exception {
        String str;
        this.log.info("CryptoJ information:");
        this.log.debug("  CryptoJ Protection Domain: {}", CryptoJ.class.getProtectionDomain());
        this.log.info("  FIPS 140 cryptographic module name: {}", CryptoJ.getFIPS140ModuleName());
        this.log.info("  FIPS 140 compliant: {}", Boolean.valueOf(CryptoJ.isFIPS140Compliant()));
        this.log.info("  FIPS 140 security level: {}", CryptoJ.getFIPS140SecurityLevel());
        this.log.info("  FIPS 140 mode: {}", Boolean.valueOf(CryptoJ.isInFIPS140Mode()));
        this.log.info("  Role: {}", CryptoJ.getRole() == 11 ? "User" : "Crypto Officer");
        switch (CryptoJ.getState()) {
            case 0:
                str = "not initialized";
                break;
            case 1:
                str = "under self test";
                break;
            case 2:
                str = "operational";
                break;
            case 3:
                str = "failed";
                break;
            default:
                str = "unknown: " + CryptoJ.getState();
                break;
        }
        this.log.info("  State: {}", str);
        this.fipsContext = CryptoJ.getFIPS140Context();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public void init(byte[] bArr) throws Exception {
        dispose();
        this.key = deObfuscate(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public byte[] init() throws Exception {
        dispose();
        JSAFE_SecureRandom secureRandom = getSecureRandom();
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance("AES/CBC/PKCS5Padding", "Java", this.fipsContext);
        JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
        blankKey.generateInit(new int[]{128}, secureRandom);
        blankKey.generate();
        this.key = obfuscate(blankKey.getSecretKeyData("Clear"));
        blankKey.clearSensitiveData();
        jSAFE_SymmetricCipher.clearSensitiveData();
        secureRandom.clearSensitiveData();
        return obfuscate(this.key);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    public void dispose() {
        if (this.key != null) {
            clear(this.key);
            this.key = null;
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public void nextRandomBytes(byte[] bArr) throws CryptoException {
        if (bArr == null) {
            throw new NullPointerException("bytes");
        }
        try {
            getSecureRandom().nextBytes(bArr);
        } catch (Exception e) {
            throw new CryptoException("Failed generating " + bArr.length + " random bytes", e);
        }
    }

    @Override // com.adobe.granite.crypto.CryptoSupport
    public byte[] hmac_sha256(byte[] bArr, byte[] bArr2) throws CryptoException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("key");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("text");
        }
        int min = Math.min(512, bArr.length);
        JSAFE_MAC jsafe_mac = null;
        JSAFE_SecretKey jSAFE_SecretKey = null;
        try {
            try {
                jsafe_mac = JSAFE_MAC.getInstance("HMAC/SHA256", "Java", this.fipsContext);
                jSAFE_SecretKey = jsafe_mac.getBlankKey();
                jSAFE_SecretKey.setSecretKeyData("Clear", bArr, 0, min);
                jsafe_mac.macInit(jSAFE_SecretKey, getSecureRandom());
                jsafe_mac.macUpdate(bArr2, 0, bArr2.length);
                byte[] macFinal = jsafe_mac.macFinal();
                if (jSAFE_SecretKey != null) {
                    jSAFE_SecretKey.clearSensitiveData();
                }
                if (jsafe_mac != null) {
                    jsafe_mac.clearSensitiveData();
                }
                return macFinal;
            } catch (Exception e) {
                throw new CryptoException("Cannot generate hash", e);
            }
        } catch (Throwable th) {
            if (jSAFE_SecretKey != null) {
                jSAFE_SecretKey.clearSensitiveData();
            }
            if (jsafe_mac != null) {
                jsafe_mac.clearSensitiveData();
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getCipherText(byte[] bArr) throws Exception {
        byte[] createIV = createIV();
        JSAFE_SymmetricCipher cipher = getCipher(createIV, false);
        byte[] bArr2 = new byte[cipher.getOutputBufferSize(bArr.length)];
        int encryptUpdate = cipher.encryptUpdate(bArr, 0, bArr.length, bArr2, 0);
        int length = createIV.length + encryptUpdate + cipher.encryptFinal(bArr2, encryptUpdate);
        byte[] bArr3 = new byte[length];
        System.arraycopy(createIV, 0, bArr3, 0, createIV.length);
        System.arraycopy(bArr2, 0, bArr3, createIV.length, length - createIV.length);
        cipher.clearSensitiveData();
        Arrays.fill(createIV, (byte) 0);
        Arrays.fill(bArr2, (byte) 0);
        return bArr3;
    }

    @Override // com.adobe.granite.crypto.internal.CryptoSupportImpl
    protected byte[] getPlainText(byte[] bArr) throws Exception {
        byte[] iv = getIV(bArr);
        JSAFE_SymmetricCipher cipher = getCipher(iv, true);
        byte[] bArr2 = new byte[bArr.length];
        int decryptUpdate = cipher.decryptUpdate(bArr, iv.length, bArr.length - iv.length, bArr2, 0);
        int decryptFinal = decryptUpdate + cipher.decryptFinal(bArr2, decryptUpdate);
        byte[] bArr3 = new byte[decryptFinal];
        System.arraycopy(bArr2, 0, bArr3, 0, decryptFinal);
        cipher.clearSensitiveData();
        Arrays.fill(bArr2, (byte) 0);
        return bArr3;
    }

    private JSAFE_SymmetricCipher getCipher(byte[] bArr, boolean z) throws Exception {
        byte[] bArr2 = this.key;
        if (this.key == null) {
            throw new IllegalStateException("Encryption key unavailable");
        }
        JSAFE_SymmetricCipher jSAFE_SymmetricCipher = JSAFE_SymmetricCipher.getInstance("AES/CBC/PKCS5Padding", "Java", this.fipsContext);
        if (bArr == null || bArr.length != jSAFE_SymmetricCipher.getBlockSize()) {
            throw new IllegalArgumentException("IV missing or wrong size; expecting " + jSAFE_SymmetricCipher.getBlockSize() + " byte IV");
        }
        jSAFE_SymmetricCipher.setIV(bArr, 0, bArr.length);
        JSAFE_SecretKey blankKey = jSAFE_SymmetricCipher.getBlankKey();
        blankKey.setSecretKeyData(bArr2, 0, bArr2.length);
        if (z) {
            jSAFE_SymmetricCipher.decryptInit(blankKey);
        } else {
            jSAFE_SymmetricCipher.encryptInit(blankKey);
        }
        blankKey.clearSensitiveData();
        return jSAFE_SymmetricCipher;
    }

    private static byte[] obfuscate(byte[] bArr) throws Exception {
        return getObfuscationCipher(1).doFinal(bArr);
    }

    private static byte[] deObfuscate(byte[] bArr) throws Exception {
        return getObfuscationCipher(2).doFinal(bArr);
    }

    private JSAFE_SecureRandom getSecureRandom() throws Exception {
        if (this.randomNumberGenerator == null) {
            byte[] bArr = null;
            try {
                JSAFE_SecureRandom jSAFE_SecureRandom = (JSAFE_SecureRandom) JSAFE_SecureRandom.getInstance("HWRandom/NoDigest", "Intel", this.fipsContext);
                bArr = jSAFE_SecureRandom.generateRandomBytes(SEED_SIZE_BYTES);
                jSAFE_SecureRandom.clearSensitiveData();
            } catch (Exception e) {
                this.log.debug("getSecureRandom: ignoring Intel random error: " + e, e);
            }
            JSAFE_SecureRandom jSAFE_SecureRandom2 = (JSAFE_SecureRandom) JSAFE_SecureRandom.getInstance("FIPS186Random", "Java", this.fipsContext);
            jSAFE_SecureRandom2.autoseed();
            if (bArr != null) {
                jSAFE_SecureRandom2.extraSeed(bArr);
            } else if (isIBM()) {
                jSAFE_SecureRandom2.extraSeed(SecureRandom.getInstance("IBMSecureRandom").generateSeed(SEED_SIZE_BYTES));
            }
            this.randomNumberGenerator = jSAFE_SecureRandom2;
        }
        return this.randomNumberGenerator;
    }

    private byte[] createIV() throws Exception {
        byte[] bArr = new byte[16];
        getSecureRandom().nextBytes(bArr);
        return bArr;
    }

    private byte[] getIV(byte[] bArr) {
        if (bArr.length <= 16) {
            throw new IllegalArgumentException("Ciphertext too short");
        }
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        return bArr2;
    }

    private static Cipher getObfuscationCipher(int i) throws Exception {
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(_salt, 20);
        SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(_obfuscartionPassword.toCharArray()));
        Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
        cipher.init(i, generateSecret, pBEParameterSpec);
        return cipher;
    }

    private static boolean isIBM() {
        Provider[] providers = Security.getProviders();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= providers.length) {
                break;
            }
            if (providers[i].getName().indexOf("IBM") >= 0) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }
}
