package com.sun.xml.ws.security.impl;

import com.sun.xml.ws.security.opt.crypto.dsig.internal.HmacSHA1;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import eu.peppol.security.OxalisCipher;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.util.Random;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/sun/xml/ws/security/impl/PasswordDerivedKey.class */
public class PasswordDerivedKey {
    private byte[] salt = null;
    private final int keylength = 160;
    private byte[] sign = null;

    private byte[] generateRandomSaltof15Bytes() {
        byte[] bArr = new byte[15];
        new Random().nextBytes(bArr);
        return bArr;
    }

    private void generate16ByteSalt() {
        this.salt = new byte[16];
        this.salt[0] = 0;
        byte[] generateRandomSaltof15Bytes = generateRandomSaltof15Bytes();
        for (int i = 1; i < 16; i++) {
            this.salt[i] = generateRandomSaltof15Bytes[i - 1];
        }
    }

    public byte[] generate160BitKey(String str, int i, byte[] bArr) throws UnsupportedEncodingException {
        String encode = Base64.encode(bArr);
        byte[] bArr2 = new byte[20];
        byte[] bytes = str.getBytes();
        byte[] bytes2 = encode.getBytes();
        byte[] bArr3 = new byte[bytes2.length + bytes.length];
        System.arraycopy(bytes, 0, bArr3, 0, bytes.length);
        System.arraycopy(bytes2, 0, bArr3, bytes.length, bytes2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.reset();
            messageDigest.update(bArr3);
            byte[] digest = messageDigest.digest();
            for (int i2 = 2; i2 <= i; i2++) {
                messageDigest.reset();
                messageDigest.update(digest);
                digest = messageDigest.digest();
            }
            return digest;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public SecretKey generate16ByteKeyforEncryption(byte[] bArr) {
        byte[] bArr2 = new byte[16];
        for (int i = 0; i < 16; i++) {
            bArr2[i] = bArr[i];
        }
        AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = new AuthenticationTokenPolicy.UsernameTokenBinding();
        usernameTokenBinding.setSecretKey(bArr2);
        return usernameTokenBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc"));
    }

    public SecretKey generateDerivedKeyforEncryption(String str, String str2, int i) throws UnsupportedEncodingException {
        byte[] bArr = new byte[16];
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[20];
        if (this.salt == null) {
            this.salt = new byte[16];
            generate16ByteSalt();
        }
        bArr[0] = 2;
        for (int i2 = 1; i2 < 16; i2++) {
            bArr[i2] = this.salt[i2];
        }
        byte[] generate160BitKey = generate160BitKey(str, i, bArr);
        for (int i3 = 0; i3 < 16; i3++) {
            bArr2[i3] = generate160BitKey[i3];
        }
        if (testAlgorithm(str2)) {
            return new SecretKeySpec(bArr2, str2);
        }
        throw new RuntimeException("This Derived Key procedure doesnot support " + str2);
    }

    public byte[] generateMAC(byte[] bArr, String str, int i) throws InvalidKeyException, SignatureException, UnsupportedEncodingException {
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[20];
        if (this.salt == null) {
            this.salt = new byte[16];
            generate16ByteSalt();
        }
        bArr2[0] = 1;
        for (int i2 = 1; i2 < 16; i2++) {
            bArr2[i2] = this.salt[i2];
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(generate160BitKey(str, i, bArr2), OxalisCipher.SYMMETRIC_KEY_ALGORITHM);
        HmacSHA1 hmacSHA1 = new HmacSHA1();
        hmacSHA1.init(secretKeySpec, 160);
        hmacSHA1.update(bArr);
        return hmacSHA1.sign();
    }

    public byte[] get16ByteSalt() {
        generate16ByteSalt();
        return this.salt;
    }

    public SecretKey verifyEncryptionKey(String str, int i, byte[] bArr) throws UnsupportedEncodingException {
        byte[] bArr2 = new byte[20];
        bArr[0] = 2;
        byte[] generate160BitKey = generate160BitKey(str, i, bArr);
        byte[] bArr3 = new byte[16];
        for (int i2 = 0; i2 < 16; i2++) {
            bArr3[i2] = generate160BitKey[i2];
        }
        return new SecretKeySpec(bArr3, OxalisCipher.SYMMETRIC_KEY_ALGORITHM);
    }

    public boolean verifyMACSignature(byte[] bArr, byte[] bArr2, String str, int i, byte[] bArr3) throws UnsupportedEncodingException, InvalidKeyException, SignatureException {
        bArr3[0] = 1;
        SecretKeySpec secretKeySpec = new SecretKeySpec(generate160BitKey(str, i, bArr3), OxalisCipher.SYMMETRIC_KEY_ALGORITHM);
        HmacSHA1 hmacSHA1 = new HmacSHA1();
        hmacSHA1.init(secretKeySpec, 160);
        hmacSHA1.update(bArr2);
        return MessageDigest.isEqual(bArr, hmacSHA1.sign());
    }

    public boolean testAlgorithm(String str) {
        return str.equalsIgnoreCase(OxalisCipher.SYMMETRIC_KEY_ALGORITHM) || str.equalsIgnoreCase("Aes128") || str.startsWith("A") || str.startsWith("a");
    }
}
