package org.nuxeo.common.codec;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/nuxeo-common-9.2.jar:org/nuxeo/common/codec/Crypto.class */
public class Crypto {
    public static final String AES_ECB_PKCS5PADDING = "AES/ECB/PKCS5Padding";
    public static final String DEFAULT_ALGO = "AES/ECB/PKCS5Padding";
    private static final String SHA1 = "SHA-1";
    private final byte[] secretKey;
    private final Map<String, SecretKey> secretKeys;
    private boolean initialized;
    private final byte[] digest;
    protected static final Pattern CRYPTO_PATTERN = Pattern.compile("\\{\\$(?<algo>.*)\\$(?<value>.+)\\}");
    private static final Log log = LogFactory.getLog(Crypto.class);
    public static final String AES = "AES";
    public static final String DES = "DES";
    public static final String DES_ECB_PKCS5PADDING = "DES/ECB/PKCS5Padding";
    public static final String[] IMPLEMENTED_ALGOS = {AES, DES, "AES/ECB/PKCS5Padding", DES_ECB_PKCS5PADDING};
    public static final Crypto NO_OP = new NO_OP();

    /* loaded from: input_file:WEB-INF/lib/nuxeo-common-9.2.jar:org/nuxeo/common/codec/Crypto$NO_OP.class */
    private static final class NO_OP extends Crypto {
        private NO_OP() {
            super(new byte[0]);
        }

        @Override // org.nuxeo.common.codec.Crypto
        public String encrypt(String str, byte[] bArr) throws GeneralSecurityException {
            return null;
        }

        @Override // org.nuxeo.common.codec.Crypto
        public byte[] decrypt(String str) {
            return str.getBytes();
        }

        @Override // org.nuxeo.common.codec.Crypto
        public void clear() {
        }
    }

    public Crypto(byte[] bArr) {
        this.secretKeys = new HashMap();
        this.initialized = true;
        this.secretKey = bArr;
        this.digest = getSHA1DigestOrEmpty(bArr);
        if (this.digest.length == 0) {
            clear();
        }
    }

    public Crypto(Map<String, SecretKey> map) {
        this(map, Crypto.class.getName().toCharArray());
    }

    public Crypto(Map<String, SecretKey> map, char[] cArr) {
        this.secretKeys = new HashMap();
        this.initialized = true;
        this.secretKey = new byte[0];
        this.digest = getSHA1DigestOrEmpty(getBytes(cArr));
        this.secretKeys.putAll(map);
        if (this.digest.length == 0) {
            clear();
        }
    }

    public Crypto(String str, char[] cArr, String str2, char[] cArr2) throws GeneralSecurityException, IOException {
        this(getKeysFromKeyStore(str, cArr, str2, cArr2), cArr);
    }

    protected SecretKey getSecretKey(String str, byte[] bArr) throws NoSuchAlgorithmException {
        if (!this.initialized) {
            throw new RuntimeException("The Crypto object has been cleared.");
        }
        if ("AES/ECB/PKCS5Padding".equals(str)) {
            str = AES;
        } else if (DES_ECB_PKCS5PADDING.equals(str)) {
            str = DES;
        }
        if (!this.secretKeys.containsKey(str)) {
            if (this.secretKey.length == 0) {
                throw new NoSuchAlgorithmException("Unsupported algorithm: " + str);
            }
            if (AES.equals(str)) {
                this.secretKeys.put(AES, new SecretKeySpec(Arrays.copyOf(getSHA1Digest(bArr), 16), AES));
            } else {
                if (!DES.equals(str)) {
                    throw new NoSuchAlgorithmException("Unsupported algorithm: " + str);
                }
                this.secretKeys.put(DES, new SecretKeySpec(Arrays.copyOf(getSHA1Digest(bArr), 8), DES));
            }
        }
        return this.secretKeys.get(str);
    }

    public byte[] getSHA1Digest(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA-1").digest(bArr);
    }

    public byte[] getSHA1DigestOrEmpty(byte[] bArr) {
        byte[] bArr2 = new byte[0];
        try {
            bArr2 = getSHA1Digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            log.error(e);
        }
        return bArr2;
    }

    public String encrypt(byte[] bArr) throws GeneralSecurityException {
        return encrypt(null, bArr);
    }

    public String encrypt(String str, byte[] bArr) throws GeneralSecurityException {
        String encodeBase64String;
        if (StringUtils.isBlank(str)) {
            str = "AES/ECB/PKCS5Padding";
            encodeBase64String = "";
        } else {
            encodeBase64String = Base64.encodeBase64String(str.getBytes());
        }
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(1, getSecretKey(str, this.secretKey));
        return String.format("{$%s$%s}", encodeBase64String, Base64.encodeBase64String(cipher.doFinal(bArr)));
    }

    public byte[] decrypt(String str) {
        Matcher matcher = CRYPTO_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return str.getBytes();
        }
        try {
            String str2 = new String(Base64.decodeBase64(matcher.group("algo")));
            if (StringUtils.isBlank(str2)) {
                str2 = "AES/ECB/PKCS5Padding";
            }
            Cipher cipher = Cipher.getInstance(str2);
            cipher.init(2, getSecretKey(str2, this.secretKey));
            return cipher.doFinal(Base64.decodeBase64(matcher.group("value")));
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
            log.debug(e, e);
            return str.getBytes();
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            log.trace("Available algorithms: " + Security.getAlgorithms("Cipher"));
            log.trace("Available security providers: " + Arrays.asList(Security.getProviders()));
            log.debug(e2, e2);
            return str.getBytes();
        }
    }

    public void clear() {
        Arrays.fill(this.secretKey, (byte) 0);
        Arrays.fill(this.digest, (byte) 0);
        this.secretKeys.clear();
        this.initialized = false;
    }

    protected void finalize() throws Throwable {
        clear();
        super.finalize();
    }

    public boolean verifyKey(byte[] bArr) {
        boolean equals = Arrays.equals(getSHA1DigestOrEmpty(bArr), this.digest);
        if (!equals) {
            clear();
        }
        return equals;
    }

    public boolean verifyKey(char[] cArr) {
        return verifyKey(getBytes(cArr));
    }

    public static byte[] getBytes(char[] cArr) {
        ByteBuffer encode = Charset.defaultCharset().encode(CharBuffer.wrap(cArr));
        return Arrays.copyOfRange(encode.array(), 0, encode.limit());
    }

    public static char[] getChars(byte[] bArr) {
        CharBuffer decode = Charset.defaultCharset().decode(ByteBuffer.wrap(bArr));
        return Arrays.copyOfRange(decode.array(), 0, decode.limit());
    }

    public static boolean isEncrypted(String str) {
        return str != null && CRYPTO_PATTERN.matcher(str).matches();
    }

    public static Map<String, SecretKey> getKeysFromKeyStore(String str, char[] cArr, String str2, char[] cArr2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JCEKS");
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            try {
                keyStore.load(fileInputStream, cArr);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                HashMap hashMap = new HashMap();
                for (String str3 : IMPLEMENTED_ALGOS) {
                    if (keyStore.containsAlias(str2 + str3)) {
                        hashMap.put(str3, (SecretKey) keyStore.getKey(str2 + str3, cArr2));
                    }
                }
                if (hashMap.isEmpty()) {
                    throw new KeyStoreException(String.format("No alias \"%s<algo>\" found in %s", str2, str));
                }
                return hashMap;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (th != null) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static void setKeyInKeyStore(String str, char[] cArr, String str2, char[] cArr2, SecretKey secretKey) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JCEKS");
        if (new File(str).exists()) {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th4;
            }
        } else {
            log.info("Creating a new JCEKS keystore at " + str);
            keyStore.load(null);
        }
        keyStore.setEntry(str2, new KeyStore.SecretKeyEntry(secretKey), new KeyStore.PasswordProtection(cArr2));
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        Throwable th6 = null;
        try {
            try {
                keyStore.store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th7) {
                        th6.addSuppressed(th7);
                    }
                }
            } catch (Throwable th8) {
                th6 = th8;
                throw th8;
            }
        } catch (Throwable th9) {
            if (fileOutputStream != null) {
                if (th6 != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th10) {
                        th6.addSuppressed(th10);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th9;
        }
    }
}
