package com.sun.faces.renderkit;

import com.sun.faces.RIConstants;
import com.sun.faces.util.Util;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.faces.FacesException;
import javax.naming.InitialContext;

/* loaded from: input_file:com/sun/faces/renderkit/ByteArrayGuard.class */
public final class ByteArrayGuard {
    private static final Logger logger = Util.getLogger("javax.enterprise.resource.webcontainer.jsf.renderkit");
    private static final int DEFAULT_IV_LENGTH = 8;
    private static final int DEFAULT_KEY_LENGTH = 24;
    private static final int DEFAULT_MAC_LENGTH = 20;
    private static ByteArrayGuard byteArrayGuard;
    private final Object decLock = new Object();
    private final Object encLock = new Object();
    private final int ivLength;
    private final int keyLength;
    private final int macLength;
    private Cipher decryptCipher;
    private Cipher encryptCipher;
    private SecretKeyFactory keygen;
    private SecureRandom prng;
    private byte[] PASSWORD_KEY;
    private byte[] iVector;

    private ByteArrayGuard(int i, int i2, int i3) {
        this.decryptCipher = null;
        this.encryptCipher = null;
        this.keygen = null;
        this.prng = null;
        this.PASSWORD_KEY = null;
        this.iVector = null;
        this.keyLength = i;
        this.macLength = i2;
        this.ivLength = i3;
        if (this.PASSWORD_KEY == null) {
            InitialContext initialContext = null;
            try {
                try {
                    initialContext = new InitialContext();
                    String str = (String) initialContext.lookup(RIConstants.CLIENT_STATE_ENC_PASSWORD_ENTRY_NAME);
                    if (str != null) {
                        if (logger.isLoggable(Level.FINE)) {
                            logger.log(Level.FINE, "Client state saving encryption enabled.");
                        }
                        this.PASSWORD_KEY = convertPasswordToKey(str.getBytes());
                        try {
                            this.prng = SecureRandom.getInstance("SHA1PRNG");
                            this.keygen = SecretKeyFactory.getInstance("DESede");
                            this.encryptCipher = getBlockCipherForEncryption(this.PASSWORD_KEY);
                            this.iVector = this.encryptCipher.getIV();
                            this.decryptCipher = getBlockCipherForDecryption(this.PASSWORD_KEY, this.iVector);
                        } catch (Exception e) {
                            if (logger.isLoggable(Level.SEVERE)) {
                                logger.log(Level.SEVERE, "Unexpected exception initializing encryption.  No encryption will be performed.", (Throwable) e);
                            }
                            this.PASSWORD_KEY = null;
                            this.keygen = null;
                            this.encryptCipher = null;
                            this.decryptCipher = null;
                            this.iVector = null;
                            this.prng = null;
                        }
                    }
                    if (initialContext != null) {
                        try {
                            initialContext.close();
                        } catch (Exception e2) {
                        }
                    }
                } catch (Throwable th) {
                    if (initialContext != null) {
                        try {
                            initialContext.close();
                        } catch (Exception e3) {
                        }
                    }
                    throw th;
                }
            } catch (Exception e4) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.log(Level.FINE, "Client state saving encryption disabled.", (Throwable) e4);
                }
                if (initialContext != null) {
                    try {
                        initialContext.close();
                    } catch (Exception e5) {
                    }
                }
            }
        }
    }

    public static synchronized ByteArrayGuard getInstance() {
        if (byteArrayGuard == null) {
            byteArrayGuard = new ByteArrayGuard(DEFAULT_KEY_LENGTH, DEFAULT_MAC_LENGTH, 8);
        }
        return byteArrayGuard;
    }

    public byte[] decrypt(byte[] bArr) {
        byte[] doFinal;
        if (this.PASSWORD_KEY == null) {
            return bArr;
        }
        try {
            byte[] bArr2 = new byte[this.macLength];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            byte[] bArr3 = new byte[this.ivLength];
            System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
            byte[] bArr4 = new byte[(bArr.length - bArr2.length) - bArr3.length];
            System.arraycopy(bArr, bArr2.length + bArr3.length, bArr4, 0, bArr4.length);
            Mac mac = getMac(this.PASSWORD_KEY);
            mac.update(bArr4);
            if (!Arrays.equals(bArr2, mac.doFinal())) {
                throw new IOException("Could not Decrypt Secure View State, passwords did not match.");
            }
            synchronized (this.decLock) {
                doFinal = this.decryptCipher.doFinal(bArr4);
            }
            return doFinal;
        } catch (Exception e) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.log(Level.SEVERE, e.getMessage(), e.getCause());
            }
            throw new FacesException(e);
        }
    }

    public byte[] encrypt(byte[] bArr) {
        byte[] doFinal;
        if (this.PASSWORD_KEY == null) {
            return bArr;
        }
        try {
            synchronized (this.encLock) {
                doFinal = this.encryptCipher.doFinal(bArr);
            }
            Mac mac = getMac(this.PASSWORD_KEY);
            mac.update(doFinal);
            return concatBytes(concatBytes(mac.doFinal(), this.iVector), doFinal);
        } catch (Exception e) {
            if (logger.isLoggable(Level.SEVERE)) {
                logger.log(Level.SEVERE, e.getMessage(), e.getCause());
            }
            throw new FacesException(e);
        }
    }

    private static byte[] concatBytes(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        try {
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
            return bArr3;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }

    private byte[] convertPasswordToKey(byte[] bArr) {
        try {
            byte[] digest = MessageDigest.getInstance("SHA").digest(bArr);
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(digest);
            byte[] bArr2 = new byte[this.keyLength];
            secureRandom.nextBytes(bArr2);
            return bArr2;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }

    private Cipher getBlockCipherForDecryption(byte[] bArr, byte[] bArr2) {
        try {
            SecretKey generateSecret = this.keygen.generateSecret(new DESedeKeySpec(bArr));
            Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
            cipher.init(2, generateSecret, new IvParameterSpec(bArr2), this.prng);
            return cipher;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }

    private Cipher getBlockCipherForEncryption(byte[] bArr) {
        try {
            SecretKey generateSecret = this.keygen.generateSecret(new DESedeKeySpec(bArr));
            Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
            byte[] bArr2 = new byte[this.ivLength];
            this.prng.nextBytes(bArr2);
            cipher.init(1, generateSecret, new IvParameterSpec(bArr2), this.prng);
            return cipher;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }

    private Mac getMac(byte[] bArr) {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(bArr, 0, this.macLength, "HmacSHA1"));
            return mac;
        } catch (Exception e) {
            throw new FacesException(e);
        }
    }
}
