package org.owasp.esapi.crypto;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.EncryptionException;

/* loaded from: input_file:org/owasp/esapi/crypto/CryptoHelper.class */
public class CryptoHelper {
    private static final Logger logger;
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !CryptoHelper.class.desiredAssertionStatus();
        logger = ESAPI.getLogger("CryptoHelper");
    }

    public static SecretKey generateSecretKey(String str, int i) throws EncryptionException {
        if (!$assertionsDisabled && i <= 0) {
            throw new AssertionError();
        }
        String str2 = str.split("/")[0];
        try {
            if (str2.toUpperCase().startsWith("PBEWITH")) {
                str2 = "PBE";
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str2);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new EncryptionException("Failed to generate random secret key", "Failed to generate secret key for " + str + " with size of " + i + " bits.", e);
        }
    }

    public static SecretKey computeDerivedKey(SecretKey secretKey, int i, String str) throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException {
        if (!$assertionsDisabled && secretKey == null) {
            throw new AssertionError("Master key cannot be null.");
        }
        if (!$assertionsDisabled && i < 56) {
            throw new AssertionError("Master key has size of " + i + ", which is less than minimum of 56-bits.");
        }
        if (!$assertionsDisabled && i % 8 != 0) {
            throw new AssertionError("Key size (" + i + ") must be a even multiple of 8-bits.");
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !str.equals("encryption") && !str.equals("authenticity")) {
            throw new AssertionError("Purpose must be \"encryption\" or \"authenticity\".");
        }
        int calcKeySize = calcKeySize(i);
        byte[] bArr = new byte[calcKeySize];
        try {
            byte[] bytes = str.getBytes("UTF-8");
            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), "HmacSHA1");
            try {
                Mac mac = Mac.getInstance("HmacSHA1");
                mac.init(secretKeySpec);
                int i2 = 0;
                int i3 = 0;
                do {
                    byte[] doFinal = mac.doFinal(bytes);
                    int min = doFinal.length >= calcKeySize ? calcKeySize : Math.min(doFinal.length, calcKeySize - i2);
                    System.arraycopy(doFinal, 0, bArr, i3, min);
                    bytes = doFinal;
                    i2 += doFinal.length;
                    i3 += min;
                } while (i2 < calcKeySize);
                return new SecretKeySpec(bArr, secretKey.getAlgorithm());
            } catch (InvalidKeyException e) {
                logger.error(Logger.SECURITY_FAILURE, "Created HmacSHA1 Mac but SecretKey sk has alg " + secretKeySpec.getAlgorithm(), e);
                throw e;
            }
        } catch (UnsupportedEncodingException e2) {
            throw new EncryptionException("Encryption failure (internal encoding error: UTF-8)", "UTF-8 encoding is NOT supported as a standard byte encoding: " + e2.getMessage(), e2);
        }
    }

    public static boolean isCombinedCipherMode(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Cipher mode may not be null");
        }
        if ($assertionsDisabled || !str.equals("")) {
            return ESAPI.securityConfiguration().getCombinedCipherModes().contains(str);
        }
        throw new AssertionError("Cipher mode may not be empty string");
    }

    public static boolean isAllowedCipherMode(String str) {
        if (isCombinedCipherMode(str)) {
            return true;
        }
        return ESAPI.securityConfiguration().getAdditionalAllowedCipherModes().contains(str);
    }

    public static boolean isMACRequired(CipherText cipherText) {
        return !isCombinedCipherMode(cipherText.getCipherMode()) && ESAPI.securityConfiguration().useMACforCipherText();
    }

    public static boolean isCipherTextMACvalid(SecretKey secretKey, CipherText cipherText) {
        if (!isMACRequired(cipherText)) {
            return true;
        }
        try {
            return cipherText.validateMAC(computeDerivedKey(secretKey, cipherText.getKeySize(), "authenticity"));
        } catch (Exception e) {
            logger.warning(Logger.SECURITY_FAILURE, "Unable to validate MAC for ciphertext " + cipherText, e);
            return false;
        }
    }

    public static void overwrite(byte[] bArr, byte b) {
        Arrays.fill(bArr, b);
    }

    public static void overwrite(byte[] bArr) {
        overwrite(bArr, (byte) 42);
    }

    public static void copyByteArray(byte[] bArr, byte[] bArr2, int i) {
        System.arraycopy(bArr, 0, bArr2, 0, i);
    }

    public static void copyByteArray(byte[] bArr, byte[] bArr2) {
        copyByteArray(bArr, bArr2, bArr.length);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static boolean arrayCompare(byte[] bArr, byte[] bArr2) {
        if (bArr == bArr2) {
            return true;
        }
        if (bArr == null || bArr2 == null) {
            return bArr == bArr2;
        }
        if (bArr.length != bArr2.length) {
            return false;
        }
        Object[] objArr = false;
        for (int i = 0; i < bArr.length; i++) {
            objArr = (objArr == true ? 1 : 0) | (bArr[i] ^ bArr2[i]) ? 1 : 0;
        }
        return objArr == false;
    }

    private static int calcKeySize(int i) {
        if (!$assertionsDisabled && i <= 0) {
            throw new AssertionError("Key size must be > 0 bits.");
        }
        int i2 = i / 8;
        return i % 8 == 0 ? i2 : i2 + 1;
    }

    private CryptoHelper() {
    }
}
