package com.sun.faces.renderkit;

import com.sun.faces.util.FacesLogger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.faces.FacesException;
import javax.faces.context.FacesContext;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.http.HttpSession;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:MICRO-INF/runtime/javax.faces.jar:com/sun/faces/renderkit/ByteArrayGuard.class */
public final class ByteArrayGuard {
    private static final Logger LOGGER = FacesLogger.RENDERKIT.getLogger();
    private static final int MAC_LENGTH = 32;
    private static final int KEY_LENGTH = 128;
    private static final int IV_LENGTH = 16;
    private static final String KEY_ALGORITHM = "AES";
    private static final String CIPHER_CODE = "AES/CBC/PKCS5Padding";
    private static final String MAC_CODE = "HmacSHA256";
    private static final String SK_SESSION_KEY = "com.sun.faces.SK";
    private SecretKey sk;

    public ByteArrayGuard() {
        try {
            setupKeyAndMac();
        } catch (Exception e) {
            if (LOGGER.isLoggable(Level.SEVERE)) {
                LOGGER.log(Level.SEVERE, "Unexpected exception initializing encryption.  No encryption will be performed.", (Throwable) e);
            }
            System.err.println("ERROR: Initializing Ciphers");
        }
    }

    public byte[] encrypt(FacesContext facesContext, byte[] bArr) {
        try {
            byte[] bArr2 = new byte[16];
            new SecureRandom().nextBytes(bArr2);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            Cipher cipher = Cipher.getInstance(CIPHER_CODE);
            SecretKey secretKey = getSecretKey(facesContext);
            cipher.init(1, secretKey, ivParameterSpec);
            Mac mac = Mac.getInstance(MAC_CODE);
            mac.init(secretKey);
            mac.update(bArr2);
            byte[] doFinal = cipher.doFinal(bArr);
            return concatBytes(concatBytes(mac.doFinal(doFinal), bArr2), doFinal);
        } catch (IllegalStateException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            if (!LOGGER.isLoggable(Level.SEVERE)) {
                return null;
            }
            LOGGER.log(Level.SEVERE, "Unexpected exception initializing encryption.  No encryption will be performed.", e);
            return null;
        }
    }

    public byte[] decrypt(FacesContext facesContext, byte[] bArr) {
        try {
            byte[] bArr2 = new byte[32];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            byte[] bArr3 = new byte[16];
            System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
            byte[] bArr4 = new byte[(bArr.length - bArr2.length) - bArr3.length];
            System.arraycopy(bArr, bArr2.length + bArr3.length, bArr4, 0, bArr4.length);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            SecretKey secretKey = getSecretKey(facesContext);
            Cipher cipher = Cipher.getInstance(CIPHER_CODE);
            cipher.init(2, secretKey, ivParameterSpec);
            Mac mac = Mac.getInstance(MAC_CODE);
            mac.init(secretKey);
            mac.update(bArr3);
            mac.update(bArr4);
            if (areArrayEqualsConstantTime(bArr2, mac.doFinal())) {
                return cipher.doFinal(bArr4);
            }
            System.err.println("ERROR: MAC did not verify!");
            return null;
        } catch (IllegalStateException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            System.err.println("ERROR: Decrypting:" + e.getCause());
            return null;
        }
    }

    private boolean areArrayEqualsConstantTime(byte[] bArr, byte[] bArr2) {
        boolean z = true;
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != bArr2[i]) {
                z = false;
            }
        }
        return z;
    }

    private void setupKeyAndMac() {
        try {
            this.sk = new SecretKeySpec(DatatypeConverter.parseBase64Binary((String) new InitialContext().lookup("java:comp/env/jsf/ClientSideSecretKey")), "AES");
        } catch (NamingException e) {
            if (LOGGER.isLoggable(Level.FINEST)) {
                LOGGER.log(Level.FINEST, "Unable to find the encoded key.", e);
            }
        }
        if (this.sk == null) {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(128);
                this.sk = keyGenerator.generateKey();
            } catch (Exception e2) {
                throw new FacesException(e2);
            }
        }
    }

    private static byte[] concatBytes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        try {
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
            return bArr3;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }

    private SecretKey getSecretKey(FacesContext facesContext) {
        SecretKey secretKey = this.sk;
        Object session = facesContext.getExternalContext().getSession(false);
        if (null != session && (session instanceof HttpSession)) {
            HttpSession httpSession = (HttpSession) session;
            secretKey = (SecretKey) httpSession.getAttribute(SK_SESSION_KEY);
            if (null == secretKey) {
                httpSession.setAttribute(SK_SESSION_KEY, this.sk);
                secretKey = this.sk;
            }
        }
        return secretKey;
    }
}
