package com.unboundid.ldap.sdk.unboundidds;

import com.unboundid.util.Base64;
import com.unboundid.util.ByteStringBuffer;
import com.unboundid.util.CryptoHelper;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadLocalSecureRandom;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.text.ParseException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-6.0.6.jar:com/unboundid/ldap/sdk/unboundidds/AES256EncodedPassword.class */
public final class AES256EncodedPassword implements Serializable {
    public static final byte ENCODING_VERSION_0_MASK = 0;
    public static final int ENCODING_VERSION_0 = 0;
    public static final int ENCODING_VERSION_0_GCM_TAG_LENGTH_BITS = 128;
    public static final int ENCODING_VERSION_0_GENERATED_KEY_LENGTH_BITS = 256;
    public static final int ENCODING_VERSION_0_IV_LENGTH_BYTES = 16;
    public static final int ENCODING_VERSION_0_KEY_FACTORY_ITERATION_COUNT = 32768;
    public static final int ENCODING_VERSION_0_KEY_FACTORY_SALT_LENGTH_BYTES = 16;
    public static final int ENCODING_VERSION_0_PADDING_MODULUS = 16;

    @NotNull
    public static final String ENCODING_VERSION_0_CIPHER_ALGORITHM = "AES";

    @NotNull
    public static final String ENCODING_VERSION_0_CIPHER_TRANSFORMATION = "AES/GCM/NoPadding";

    @NotNull
    public static final String ENCODING_VERSION_0_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA512";

    @NotNull
    public static final String PASSWORD_STORAGE_SCHEME_PREFIX = "{AES256}";
    private static final long serialVersionUID = 8663129897722695672L;

    @NotNull
    private final byte[] encodedRepresentation;

    @NotNull
    private final byte[] encryptedPaddedPassword;

    @NotNull
    private final byte[] encryptionSettingsDefinitionID;

    @NotNull
    private final byte[] initializationVector;

    @NotNull
    private final byte[] keyFactorySalt;
    private final int encodingVersion;
    private final int paddingBytes;

    private AES256EncodedPassword(@NotNull byte[] bArr, int i, int i2, @NotNull byte[] bArr2, @NotNull byte[] bArr3, @NotNull byte[] bArr4, @NotNull byte[] bArr5) {
        this.encodedRepresentation = bArr;
        this.encodingVersion = i;
        this.paddingBytes = i2;
        this.keyFactorySalt = bArr2;
        this.initializationVector = bArr3;
        this.encryptionSettingsDefinitionID = bArr4;
        this.encryptedPaddedPassword = bArr5;
    }

    public int getEncodingVersion() {
        return this.encodingVersion;
    }

    public int getPaddingBytes() {
        return this.paddingBytes;
    }

    @NotNull
    public byte[] getKeyFactorySalt() {
        return this.keyFactorySalt;
    }

    @NotNull
    public byte[] getInitializationVector() {
        return this.initializationVector;
    }

    @NotNull
    public byte[] getEncryptionSettingsDefinitionIDBytes() {
        return this.encryptionSettingsDefinitionID;
    }

    @NotNull
    public String getEncryptionSettingsDefinitionIDString() {
        return StaticUtils.toUpperCase(StaticUtils.toHex(this.encryptionSettingsDefinitionID));
    }

    @NotNull
    public byte[] getEncodedRepresentation() {
        return this.encodedRepresentation;
    }

    @NotNull
    public String getStringRepresentation(boolean z) {
        String encode = Base64.encode(this.encodedRepresentation);
        return z ? PASSWORD_STORAGE_SCHEME_PREFIX + encode : encode;
    }

    @NotNull
    public static AES256EncodedPassword encode(@NotNull String str, @NotNull String str2, @NotNull String str3) throws GeneralSecurityException, ParseException {
        byte[] fromHex = StaticUtils.fromHex(str);
        char[] charArray = str2.toCharArray();
        byte[] bytes = StaticUtils.getBytes(str3);
        try {
            AES256EncodedPassword encode = encode(fromHex, charArray, bytes);
            Arrays.fill(charArray, (char) 0);
            Arrays.fill(bytes, (byte) 0);
            return encode;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            Arrays.fill(bytes, (byte) 0);
            throw th;
        }
    }

    @NotNull
    public static AES256EncodedPassword encode(@NotNull byte[] bArr, @NotNull char[] cArr, @NotNull byte[] bArr2) throws GeneralSecurityException {
        SecureRandom secureRandom = ThreadLocalSecureRandom.get();
        byte[] bArr3 = new byte[16];
        secureRandom.nextBytes(bArr3);
        byte[] bArr4 = new byte[16];
        secureRandom.nextBytes(bArr4);
        return encode(bArr, cArr, bArr3, bArr4, bArr2);
    }

    @NotNull
    public static AES256EncodedPassword encode(@NotNull byte[] bArr, @NotNull char[] cArr, @NotNull byte[] bArr2, @NotNull byte[] bArr3, @NotNull byte[] bArr4) throws GeneralSecurityException {
        AES256EncodedPasswordSecretKey generate = AES256EncodedPasswordSecretKey.generate(bArr, cArr, bArr2);
        try {
            AES256EncodedPassword encode = encode(generate, bArr3, bArr4);
            generate.destroy();
            return encode;
        } catch (Throwable th) {
            generate.destroy();
            throw th;
        }
    }

    @NotNull
    public static AES256EncodedPassword encode(@NotNull AES256EncodedPasswordSecretKey aES256EncodedPasswordSecretKey, @NotNull byte[] bArr, @NotNull byte[] bArr2) throws GeneralSecurityException {
        int i;
        byte[] bArr3;
        Validator.ensureNotNull(aES256EncodedPasswordSecretKey, "AES256EncodedPassword.encode.secretKey must not be null.");
        Validator.ensureNotNull(bArr, "AES256EncodedPassword.encode.initializationVector must not be null.");
        if (bArr.length != 16) {
            Validator.violation("AES256EncodedPassword.encode.initializationVector must have a length of exactly 16 bytes.  The provided initialization vector had a length of " + bArr.length + " bytes.");
        }
        Validator.ensureNotNullOrEmpty(bArr2, "AES256EncodedPassword.encode.clearTextPassword must not be null or empty.");
        int length = bArr2.length % 16;
        if (length == 0) {
            bArr3 = bArr2;
            i = 0;
        } else {
            i = 16 - length;
            bArr3 = new byte[bArr2.length + i];
            Arrays.fill(bArr3, (byte) 0);
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        }
        Cipher cipher = CryptoHelper.getCipher(ENCODING_VERSION_0_CIPHER_TRANSFORMATION);
        cipher.init(1, aES256EncodedPasswordSecretKey.getSecretKey(), new GCMParameterSpec(128, bArr));
        byte[] doFinal = cipher.doFinal(bArr3);
        ByteStringBuffer byteStringBuffer = new ByteStringBuffer();
        byteStringBuffer.append((byte) (0 | (i & 15)));
        byte[] keyFactorySalt = aES256EncodedPasswordSecretKey.getKeyFactorySalt();
        byteStringBuffer.append(keyFactorySalt);
        byteStringBuffer.append(bArr);
        byte[] encryptionSettingsDefinitionID = aES256EncodedPasswordSecretKey.getEncryptionSettingsDefinitionID();
        byteStringBuffer.append((byte) (encryptionSettingsDefinitionID.length & 255));
        byteStringBuffer.append(encryptionSettingsDefinitionID);
        byteStringBuffer.append(doFinal);
        return new AES256EncodedPassword(byteStringBuffer.toByteArray(), 0, i, keyFactorySalt, bArr, encryptionSettingsDefinitionID, doFinal);
    }

    @NotNull
    public static AES256EncodedPassword decode(@NotNull String str) throws ParseException {
        int i;
        String str2;
        Validator.ensureNotNullOrEmpty(str, "AES256EncodedPassword.decode.encodedPassword must not be null or empty.");
        if (str.startsWith(PASSWORD_STORAGE_SCHEME_PREFIX)) {
            i = PASSWORD_STORAGE_SCHEME_PREFIX.length();
            str2 = str.substring(i);
        } else {
            i = 0;
            str2 = str;
        }
        try {
            return decode(Base64.decode(str2));
        } catch (ParseException e) {
            Debug.debugException(e);
            throw new ParseException(UnboundIDDSMessages.ERR_AES256_ENC_PW_DECODE_NOT_BASE64.get(StaticUtils.getExceptionMessage(e)), i);
        }
    }

    @NotNull
    public static AES256EncodedPassword decode(@NotNull byte[] bArr) throws ParseException {
        Validator.ensureNotNullOrEmpty(bArr, "AES256EncodedPassword.decode.encodedPassword must not be null or empty.");
        if (bArr.length < 36) {
            throw new ParseException(UnboundIDDSMessages.ERR_AES256_ENC_PW_DECODE_TOO_SHORT_INITIAL.get(Integer.valueOf(bArr.length)), 0);
        }
        byte b = bArr[0];
        int i = (b >> 4) & 15;
        if (i != 0) {
            throw new ParseException(UnboundIDDSMessages.ERR_AES256_ENC_PW_DECODE_UNSUPPORTED_ENCODING_VERSION.get(Integer.valueOf(i), 0), 0);
        }
        int i2 = b & 15;
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 1, bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[16];
        System.arraycopy(bArr, 1 + bArr2.length, bArr3, 0, bArr3.length);
        int length = 1 + bArr2.length + bArr3.length;
        int i3 = bArr[length] & 255;
        if (bArr.length < length + 2 + i3) {
            throw new ParseException(UnboundIDDSMessages.ERR_AES256_ENC_PW_DECODE_TOO_SHORT_FOR_ESD_ID.get(Integer.valueOf(bArr.length), Integer.valueOf(i3)), length);
        }
        byte[] bArr4 = new byte[i3];
        System.arraycopy(bArr, length + 1, bArr4, 0, i3);
        int i4 = length + 1 + i3;
        int length2 = bArr.length - i4;
        byte[] bArr5 = new byte[length2];
        System.arraycopy(bArr, i4, bArr5, 0, length2);
        return new AES256EncodedPassword(bArr, i, i2, bArr2, bArr3, bArr4, bArr5);
    }

    @NotNull
    public byte[] decrypt(@NotNull String str) throws GeneralSecurityException {
        char[] charArray = str.toCharArray();
        try {
            byte[] decrypt = decrypt(charArray);
            Arrays.fill(charArray, (char) 0);
            return decrypt;
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    @NotNull
    public byte[] decrypt(@NotNull char[] cArr) throws GeneralSecurityException {
        AES256EncodedPasswordSecretKey generate = AES256EncodedPasswordSecretKey.generate(this.encryptionSettingsDefinitionID, cArr, this.keyFactorySalt);
        try {
            byte[] decrypt = decrypt(generate);
            generate.destroy();
            return decrypt;
        } catch (Throwable th) {
            generate.destroy();
            throw th;
        }
    }

    @NotNull
    public byte[] decrypt(@NotNull AES256EncodedPasswordSecretKey aES256EncodedPasswordSecretKey) throws GeneralSecurityException {
        byte[] bArr;
        Validator.ensureNotNull(aES256EncodedPasswordSecretKey, "AES256EncodedPassword.decrypt.secretKey must not be null.");
        Cipher cipher = CryptoHelper.getCipher(ENCODING_VERSION_0_CIPHER_TRANSFORMATION);
        cipher.init(2, aES256EncodedPasswordSecretKey.getSecretKey(), new GCMParameterSpec(128, this.initializationVector));
        byte[] doFinal = cipher.doFinal(this.encryptedPaddedPassword);
        if (this.paddingBytes > 0) {
            try {
                bArr = new byte[doFinal.length - this.paddingBytes];
                for (int i = 0; i < doFinal.length; i++) {
                    if (i < bArr.length) {
                        bArr[i] = doFinal[i];
                    } else if (doFinal[i] != 0) {
                        throw new BadPaddingException(UnboundIDDSMessages.ERR_AES256_ENC_PW_DECRYPT_NONZERO_PADDING.get(Integer.valueOf(this.paddingBytes)));
                    }
                }
                System.arraycopy(doFinal, 0, bArr, 0, bArr.length);
                Arrays.fill(doFinal, (byte) 0);
            } catch (Throwable th) {
                Arrays.fill(doFinal, (byte) 0);
                throw th;
            }
        } else {
            bArr = doFinal;
        }
        return bArr;
    }

    @NotNull
    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(@NotNull StringBuilder sb) {
        sb.append("AES256EncodedPassword(stringRepresentation='");
        sb.append(getStringRepresentation(true));
        sb.append("', encodingVersion=");
        sb.append(this.encodingVersion);
        sb.append(", paddingBytes=");
        sb.append(this.paddingBytes);
        sb.append(", encryptionSettingsDefinitionIDHex='");
        StaticUtils.toHex(this.encryptionSettingsDefinitionID, sb);
        sb.append("', keyFactorySaltBytesHex='");
        StaticUtils.toHex(this.keyFactorySalt, sb);
        sb.append("', initializationVectorBytesHex='");
        StaticUtils.toHex(this.keyFactorySalt, sb);
        sb.append("')");
    }
}
