package org.owasp.esapi.reference.crypto;

import ch.qos.logback.core.net.ssl.SSL;
import com.composum.sling.core.pckgmgr.util.PackageProgressTracker;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.EncoderConstants;
import org.owasp.esapi.Encryptor;
import org.owasp.esapi.Logger;
import org.owasp.esapi.codecs.Hex;
import org.owasp.esapi.crypto.CipherSpec;
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.CryptoHelper;
import org.owasp.esapi.crypto.KeyDerivationFunction;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.crypto.SecurityProviderLoader;
import org.owasp.esapi.errors.ConfigurationException;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.errors.IntegrityException;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/install/0/org.apache.sling.scripting.jsp.taglib-2.2.6.jar:org/owasp/esapi/reference/crypto/JavaEncryptor.class
 */
/* loaded from: input_file:resources/install/0/org.apache.sling.xss-2.0.0.jar:org/owasp/esapi/reference/crypto/JavaEncryptor.class */
public final class JavaEncryptor implements Encryptor {
    private static volatile Encryptor singletonInstance;
    private static boolean initialized;
    private static SecretKeySpec secretKeySpec;
    private static String encryptAlgorithm;
    private static String encoding;
    private static int encryptionKeyLength;
    private static PrivateKey privateKey;
    private static PublicKey publicKey;
    private static String signatureAlgorithm;
    private static String randomAlgorithm;
    private static int signatureKeyLength;
    private static String hashAlgorithm;
    private static int hashIterations;
    private static Logger logger;
    private static int encryptCounter;
    private static int decryptCounter;
    private static final int logEveryNthUse = 25;
    private static final String DECRYPTION_FAILED = "Decryption failed; see logs for details.";
    private static int N_SECS;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static Encryptor getInstance() throws EncryptionException {
        if (singletonInstance == null) {
            synchronized (JavaEncryptor.class) {
                if (singletonInstance == null) {
                    singletonInstance = new JavaEncryptor();
                }
            }
        }
        return singletonInstance;
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println("Generating a new secret master key");
        if (strArr.length == 1 && strArr[0].equalsIgnoreCase("-print")) {
            System.out.println("AVAILABLE ALGORITHMS");
            Provider[] providers = Security.getProviders();
            TreeMap treeMap = new TreeMap();
            for (int i = 0; i != providers.length; i++) {
                System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
                Iterator<Object> it = providers[i].keySet().iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    String property = providers[i].getProperty(str);
                    treeMap.put(str, property);
                    System.out.println("\t\t   " + str + " -> " + property);
                }
            }
            for (Map.Entry entry : treeMap.entrySet()) {
                System.out.println(PackageProgressTracker.PLAIN_TEXT_SHORT_ACTION_SPACE + ((String) entry.getKey()) + " -> " + ((String) entry.getValue()));
            }
        } else {
            System.out.println("\tuse '-print' to also show available crypto algorithms from all the security providers");
        }
        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
        SecureRandom secureRandom = SecureRandom.getInstance(randomAlgorithm);
        byte[] encoded = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength).getEncoded();
        byte[] bArr = new byte[20];
        secureRandom.nextBytes(bArr);
        String property2 = System.getProperty("line.separator", "\n");
        System.out.println(property2 + "Copy and paste these lines into your ESAPI.properties" + property2);
        System.out.println("#==============================================================");
        System.out.println("Encryptor.MasterKey=" + ESAPI.encoder().encodeForBase64(encoded, false));
        System.out.println("Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(bArr, false));
        System.out.println("#==============================================================" + property2);
    }

    private JavaEncryptor() throws EncryptionException {
        byte[] masterSalt = ESAPI.securityConfiguration().getMasterSalt();
        byte[] masterKey = ESAPI.securityConfiguration().getMasterKey();
        if (!$assertionsDisabled && masterSalt == null) {
            throw new AssertionError("Can't obtain master salt, Encryptor.MasterSalt");
        }
        if (!$assertionsDisabled && masterSalt.length < 16) {
            throw new AssertionError("Encryptor.MasterSalt must be at least 16 bytes. Length is: " + masterSalt.length + " bytes.");
        }
        if (!$assertionsDisabled && masterKey == null) {
            throw new AssertionError("Can't obtain master key, Encryptor.MasterKey");
        }
        if (!$assertionsDisabled && masterKey.length < 7) {
            throw new AssertionError("Encryptor.MasterKey must be at least 7 bytes. Length is: " + masterKey.length + " bytes.");
        }
        synchronized (JavaEncryptor.class) {
            if (!initialized) {
                secretKeySpec = new SecretKeySpec(masterKey, encryptAlgorithm);
                try {
                    SecureRandom secureRandom = SecureRandom.getInstance(randomAlgorithm);
                    secureRandom.setSeed(hash(new String(masterKey, encoding), new String(masterSalt, encoding)).getBytes(encoding));
                    initKeyPair(secureRandom);
                    initialized = true;
                } catch (Exception e) {
                    throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
                }
            }
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public String hash(String str, String str2) throws EncryptionException {
        return hash(str, str2, hashIterations);
    }

    @Override // org.owasp.esapi.Encryptor
    public String hash(String str, String str2, int i) throws EncryptionException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(hashAlgorithm);
            messageDigest.reset();
            messageDigest.update(ESAPI.securityConfiguration().getMasterSalt());
            messageDigest.update(str2.getBytes(encoding));
            messageDigest.update(str.getBytes(encoding));
            byte[] digest = messageDigest.digest();
            for (int i2 = 0; i2 < i; i2++) {
                messageDigest.reset();
                digest = messageDigest.digest(digest);
            }
            return ESAPI.encoder().encodeForBase64(digest, false);
        } catch (UnsupportedEncodingException e) {
            throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e2);
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public CipherText encrypt(PlainText plainText) throws EncryptionException {
        return encrypt(secretKeySpec, plainText);
    }

    @Override // org.owasp.esapi.Encryptor
    public CipherText encrypt(SecretKey secretKey, PlainText plainText) throws EncryptionException {
        byte[] decode;
        if (secretKey == null) {
            throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
        }
        if (plainText == null) {
            throw new IllegalArgumentException("PlainText may arg not be null");
        }
        byte[] asBytes = plainText.asBytes();
        boolean overwritePlainText = ESAPI.securityConfiguration().overwritePlainText();
        int length = secretKey.getEncoded().length * 8;
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                String cipherTransformation = ESAPI.securityConfiguration().getCipherTransformation();
                                String[] split = cipherTransformation.split("/");
                                if (!$assertionsDisabled && split.length != 3) {
                                    throw new AssertionError("Malformed cipher transformation: " + cipherTransformation);
                                }
                                String str = split[1];
                                if (!CryptoHelper.isAllowedCipherMode(str)) {
                                    throw new EncryptionException("Encryption failure: invalid cipher mode ( " + str + ") for encryption", "Encryption failure: Cipher transformation " + cipherTransformation + " specifies invalid cipher mode " + str);
                                }
                                Cipher cipher = Cipher.getInstance(cipherTransformation);
                                String algorithm = cipher.getAlgorithm();
                                int encryptionKeyLength2 = ESAPI.securityConfiguration().getEncryptionKeyLength();
                                if (length != encryptionKeyLength2) {
                                    logger.warning(Logger.SECURITY_FAILURE, "Encryption key length mismatch. ESAPI.EncryptionKeyLength is " + encryptionKeyLength2 + " bits, but length of actual encryption key is " + length + " bits.  Did you remember to regenerate your master key (if that is what you are using)???");
                                }
                                if (length < encryptionKeyLength2) {
                                    logger.warning(Logger.SECURITY_FAILURE, "Actual key size of " + length + " bits SMALLER THAN specified encryption key length (ESAPI.EncryptionKeyLength) of " + encryptionKeyLength2 + " bits with cipher algorithm " + algorithm);
                                }
                                if (length < 112) {
                                    logger.warning(Logger.SECURITY_FAILURE, "Potentially unsecure encryption. Key size of " + length + "bits not sufficiently long for " + algorithm + ". Should use appropriate algorithm with key size of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
                                }
                                String algorithm2 = secretKey.getAlgorithm();
                                if (!algorithm.startsWith(algorithm2 + "/") && !algorithm.equals(algorithm2)) {
                                    logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" + algorithm + ") and SecretKey algorithm (" + algorithm2 + "). Cipher will use algorithm " + algorithm);
                                }
                                CipherSpec cipherSpec = new CipherSpec(cipher, length);
                                boolean isCombinedCipherMode = CryptoHelper.isCombinedCipherMode(str);
                                SecretKey computeDerivedKey = isCombinedCipherMode ? secretKey : computeDerivedKey(20130830, getDefaultPRF(), secretKey, length, "encryption");
                                if (cipherSpec.requiresIV()) {
                                    String iVType = ESAPI.securityConfiguration().getIVType();
                                    if (iVType.equalsIgnoreCase("random")) {
                                        decode = ESAPI.randomizer().getRandomBytes(cipher.getBlockSize());
                                    } else {
                                        if (!iVType.equalsIgnoreCase("fixed")) {
                                            throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
                                        }
                                        decode = Hex.decode(ESAPI.securityConfiguration().getFixedIV());
                                    }
                                    IvParameterSpec ivParameterSpec = new IvParameterSpec(decode);
                                    cipherSpec.setIV(decode);
                                    cipher.init(1, computeDerivedKey, ivParameterSpec);
                                } else {
                                    cipher.init(1, computeDerivedKey);
                                }
                                logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
                                CipherText cipherText = new CipherText(cipherSpec, cipher.doFinal(asBytes));
                                if (!isCombinedCipherMode) {
                                    cipherText.computeAndStoreMAC(computeDerivedKey(20130830, getDefaultPRF(), secretKey, length, "authenticity"));
                                }
                                logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
                                if (1 != 0 && overwritePlainText) {
                                    plainText.overwrite();
                                }
                                return cipherText;
                            } catch (NoSuchAlgorithmException e) {
                                throw new EncryptionException("Encryption failure (unavailable cipher requested)", "Encryption problem: specified algorithm in cipher xform " + ((String) null) + " not available: " + e.getMessage(), e);
                            }
                        } catch (BadPaddingException e2) {
                            throw new EncryptionException("Encryption failure", "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e2.getMessage(), e2);
                        }
                    } catch (IllegalBlockSizeException e3) {
                        throw new EncryptionException("Encryption failure (no padding used; invalid input size)", "Encryption problem: Invalid input size without padding (" + ((String) null) + "). " + e3.getMessage(), e3);
                    }
                } catch (InvalidAlgorithmParameterException e4) {
                    throw new EncryptionException("Encryption failure (invalid IV)", "Encryption problem: Invalid IV spec: " + e4.getMessage(), e4);
                } catch (ConfigurationException e5) {
                    throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", e5);
                }
            } catch (InvalidKeyException e6) {
                throw new EncryptionException("Encryption failure: Invalid key exception.", "Requested key size: " + length + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " + e6.getMessage(), e6);
            } catch (NoSuchPaddingException e7) {
                throw new EncryptionException("Encryption failure (unavailable padding scheme requested)", "Encryption problem: specified padding scheme in cipher xform " + ((String) null) + " not available: " + e7.getMessage(), e7);
            }
        } catch (Throwable th) {
            if (0 != 0 && overwritePlainText) {
                plainText.overwrite();
            }
            throw th;
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public PlainText decrypt(CipherText cipherText) throws EncryptionException {
        return decrypt(secretKeySpec, cipherText);
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:34:0x01a0
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    @Override // org.owasp.esapi.Encryptor
    public org.owasp.esapi.crypto.PlainText decrypt(javax.crypto.SecretKey r8, org.owasp.esapi.crypto.CipherText r9) throws org.owasp.esapi.errors.EncryptionException, java.lang.IllegalArgumentException {
        /*
            Method dump skipped, instructions count: 423
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.reference.crypto.JavaEncryptor.decrypt(javax.crypto.SecretKey, org.owasp.esapi.crypto.CipherText):org.owasp.esapi.crypto.PlainText");
    }

    private PlainText handleDecryption(SecretKey secretKey, CipherText cipherText) throws EncryptionException {
        int i = 0;
        try {
            Cipher cipher = Cipher.getInstance(cipherText.getCipherTransformation());
            i = secretKey.getEncoded().length * 8;
            SecretKey computeDerivedKey = CryptoHelper.isCombinedCipherMode(cipherText.getCipherMode()) ? secretKey : computeDerivedKey(cipherText.getKDFVersion(), cipherText.getKDF_PRF(), secretKey, i, "encryption");
            if (cipherText.requiresIV()) {
                cipher.init(2, computeDerivedKey, new IvParameterSpec(cipherText.getIV()));
            } else {
                cipher.init(2, computeDerivedKey);
            }
            return new PlainText(cipher.doFinal(cipherText.getRawCipherText()));
        } catch (InvalidAlgorithmParameterException e) {
            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
        } catch (InvalidKeyException e2) {
            throw new EncryptionException(DECRYPTION_FAILED, "Must install JCE Unlimited Strength Jurisdiction Policy Files from Sun", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new EncryptionException(DECRYPTION_FAILED, "Invalid algorithm for available JCE providers - " + cipherText.getCipherTransformation() + ": " + e3.getMessage(), e3);
        } catch (BadPaddingException e4) {
            try {
                if (cipherText.validateMAC(computeDerivedKey(cipherText.getKDFVersion(), cipherText.getKDF_PRF(), secretKey, i, "authenticity"))) {
                    throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e4.getMessage(), e4);
                }
                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: WARNING: Adversary may have tampered with CipherText object orCipherText object mangled in transit: " + e4.getMessage(), e4);
            } catch (Exception e5) {
                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem -- failed to compute derived key for authenticity: " + e5.getMessage(), e5);
            }
        } catch (IllegalBlockSizeException e6) {
            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e6.getMessage(), e6);
        } catch (NoSuchPaddingException e7) {
            throw new EncryptionException(DECRYPTION_FAILED, "Invalid padding scheme (" + cipherText.getPaddingScheme() + ") for cipher transformation " + cipherText.getCipherTransformation() + ": " + e7.getMessage(), e7);
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public String sign(String str) throws EncryptionException {
        try {
            Signature signature = Signature.getInstance(signatureAlgorithm);
            signature.initSign(privateKey);
            signature.update(str.getBytes(encoding));
            return ESAPI.encoder().encodeForBase64(signature.sign(), false);
        } catch (InvalidKeyException e) {
            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", e);
        } catch (Exception e2) {
            throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e2);
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public boolean verifySignature(String str, String str2) {
        try {
            byte[] decodeFromBase64 = ESAPI.encoder().decodeFromBase64(str);
            Signature signature = Signature.getInstance(signatureAlgorithm);
            signature.initVerify(publicKey);
            signature.update(str2.getBytes(encoding));
            return signature.verify(decodeFromBase64);
        } catch (Exception e) {
            new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public String seal(String str, long j) throws IntegrityException {
        if (str == null) {
            throw new IllegalArgumentException("Data to be sealed may not be null.");
        }
        String str2 = null;
        try {
            try {
                str2 = ESAPI.encoder().encodeForBase64(str.getBytes("UTF-8"), false);
            } catch (UnsupportedEncodingException e) {
            }
            String str3 = j + ":" + ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS) + ":" + str2;
            return ESAPI.encoder().encodeForBase64(encrypt(new PlainText(str3 + ":" + sign(str3))).asPortableSerializedByteArray(), false);
        } catch (EncryptionException e2) {
            throw new IntegrityException(e2.getUserMessage(), e2.getLogMessage(), e2);
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public String unseal(String str) throws EncryptionException {
        try {
            try {
                String[] split = decrypt(CipherText.fromPortableSerializedBytes(ESAPI.encoder().decodeFromBase64(str))).toString().split(":");
                if (split.length != 4) {
                    throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
                }
                String str2 = split[0];
                long time = new Date().getTime();
                long parseLong = Long.parseLong(str2);
                if (time > parseLong) {
                    throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(parseLong) + " has past.");
                }
                String str3 = split[1];
                String str4 = split[2];
                if (verifySignature(split[3], str2 + ":" + str3 + ":" + str4)) {
                    return new String(ESAPI.encoder().decodeFromBase64(str4), "UTF-8");
                }
                throw new EncryptionException("Invalid seal", "Seal integrity check failed");
            } catch (AssertionError e) {
                throw new EncryptionException("Invalid seal", "Seal passed garbarge data resulting in AssertionError: " + e);
            }
        } catch (EncryptionException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new EncryptionException("Invalid seal", "Invalid seal:" + e3.getMessage(), e3);
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public boolean verifySeal(String str) {
        try {
            unseal(str);
            return true;
        } catch (EncryptionException e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Encryptor
    public long getTimeStamp() {
        return new Date().getTime();
    }

    @Override // org.owasp.esapi.Encryptor
    public long getRelativeTimeStamp(long j) {
        return new Date().getTime() + j;
    }

    private void logWarning(String str, String str2) {
        String str3;
        int i = 0;
        if (str.equals("encrypt")) {
            int i2 = encryptCounter;
            encryptCounter = i2 + 1;
            i = i2;
            str3 = "JavaEncryptor.encrypt(): [count=" + i + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END;
        } else if (str.equals("decrypt")) {
            int i3 = decryptCounter;
            decryptCounter = i3 + 1;
            i = i3;
            str3 = "JavaEncryptor.decrypt(): [count=" + i + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END;
        } else {
            str3 = "JavaEncryptor: Unknown method: ";
        }
        if (i % 25 == 0) {
            logger.warning(Logger.SECURITY_FAILURE, str3 + str2);
        }
    }

    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String str) {
        return KeyDerivationFunction.convertNameToPRF(str == null ? ESAPI.securityConfiguration().getKDFPseudoRandomFunction() : str);
    }

    private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
        return getPRF(ESAPI.securityConfiguration().getKDFPseudoRandomFunction());
    }

    private SecretKey computeDerivedKey(int i, KeyDerivationFunction.PRF_ALGORITHMS prf_algorithms, SecretKey secretKey, int i2, String str) throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException {
        if (!$assertionsDisabled && prf_algorithms == null) {
            throw new AssertionError("Pseudo Random Function for KDF cannot be null");
        }
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError("Key derivation key cannot be null.");
        }
        if (!$assertionsDisabled && i2 < 56) {
            throw new AssertionError("Key has size of " + i2 + ", which is less than minimum of 56-bits.");
        }
        if (!$assertionsDisabled && i2 % 8 != 0) {
            throw new AssertionError("Key size (" + i2 + ") must be a even multiple of 8-bits.");
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Purpose cannot be null. Should be 'encryption' or 'authenticity'.");
        }
        if (!$assertionsDisabled && !str.equals("encryption") && !str.equals("authenticity")) {
            throw new AssertionError("Purpose must be \"encryption\" or \"authenticity\".");
        }
        KeyDerivationFunction keyDerivationFunction = new KeyDerivationFunction(prf_algorithms);
        if (i != 0) {
            keyDerivationFunction.setVersion(i);
        }
        return keyDerivationFunction.computeDerivedKey(secretKey, i2, str);
    }

    private static void setupAlgorithms() {
        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
        hashIterations = ESAPI.securityConfiguration().getHashIterations();
        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
    }

    private static void initKeyPair(SecureRandom secureRandom) throws NoSuchAlgorithmException {
        String lowerCase = signatureAlgorithm.toLowerCase();
        if (lowerCase.endsWith("withdsa")) {
            lowerCase = "DSA";
        } else if (lowerCase.endsWith("withrsa")) {
            lowerCase = "RSA";
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(lowerCase);
        keyPairGenerator.initialize(signatureKeyLength, secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        privateKey = generateKeyPair.getPrivate();
        publicKey = generateKeyPair.getPublic();
    }

    static {
        $assertionsDisabled = !JavaEncryptor.class.desiredAssertionStatus();
        initialized = false;
        secretKeySpec = null;
        encryptAlgorithm = "AES";
        encoding = "UTF-8";
        encryptionKeyLength = 128;
        privateKey = null;
        publicKey = null;
        signatureAlgorithm = "SHA1withDSA";
        randomAlgorithm = SSL.DEFAULT_SECURE_RANDOM_ALGORITHM;
        signatureKeyLength = 1024;
        hashAlgorithm = MessageDigestAlgorithms.SHA_512;
        hashIterations = 1024;
        logger = ESAPI.getLogger("JavaEncryptor");
        encryptCounter = 0;
        decryptCounter = 0;
        N_SECS = 2;
        try {
            SecurityProviderLoader.loadESAPIPreferredJCEProvider();
            setupAlgorithms();
        } catch (NoSuchProviderException e) {
            logger.fatal(Logger.SECURITY_FAILURE, "JavaEncryptor failed to load preferred JCE provider.", e);
            throw new ExceptionInInitializerError(e);
        }
    }
}
