package com.documentum.fc.client.impl.crypto;

import com.documentum.com.DfClientX;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.client.impl.audittrail.common.AuditTrailConstants;
import com.documentum.fc.client.impl.session.ISession;
import com.documentum.fc.common.DfCriticalException;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfPreferences;
import com.documentum.fc.common.DfUtil;
import com.documentum.fc.common.DfcMessages;
import com.documentum.fc.common.IDfLoginInfo;
import com.documentum.fc.common.impl.preferences.IPreferencesObserver;
import com.documentum.fc.common.impl.preferences.TypedPreferences;
import com.documentum.fc.impl.security.action.GetPropertyAction;
import com.documentum.fc.impl.util.DfSimpleEncoderDecoder;
import com.documentum.fc.impl.util.StringUtil;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/documentum/fc/client/impl/crypto/CryptoUtils.class */
public class CryptoUtils {
    private static final String TRANSFORMATION = "DESede/CBC/PKCS5Padding";
    private static final String KEY_TYPE = "DESede";
    private static final int TRIPLE_DES_KEY_LENGTH = 24;
    private static final int ITERATION_COUNT = 1024;
    private static final String ENCRYPTED_PASSWORD_PREFIX = "DM_ENCR_PASS=";
    private static final String ENCRYPTED_TEXT_PREFIX = "DM_ENCR_TEXT=";
    private static final String PASSWORD_PREFIX = "DM_EP_AEK=";
    private static final String TEXT_PREFIX_AEK = "DM_ET_AEK=";
    private static final String TEXT_PREFIX_PASS = "DM_ET_PASS=";
    private static final String TIME_SUFFIX = "=DM_ENCR_TIME|";
    private static final String CHARSET_NAME = "UTF8";
    private static CryptoUtils s_cryptoUtils;
    private static String s_cryptoRepository;
    private SecretKey m_aek;
    private String m_aekLocation;
    private static final char[] ENCODED_PASSPHRASE = {'Z', 'G', '1', 'f', 'd', 'H', 'l', 'w', 'Z', 'T', 'p', 'w', 'N', 'm', 'x', 'v', 'M', '2', 'x', '5', 'M', 'W', '9', 'q', 'N', 'W', '5', 'l', 'J', 'j', 'p', 'k', 'b', 'W', 'l', 'f', 'b', '2', 'J', 'q', 'Z', 'W', 'N', '0', 'X', '3', 'R', '5', 'c', 'G', 'U', 'A'};
    private static final byte[] AEK_IV = {23, 125, 101, -74, 112, -7, -30, -18};
    private static final byte[] CRYPTO_IV = {118, 16, 91, 96, 27, -16, 84, -58};
    private static final byte[] CRYPTO_SALT = CRYPTO_IV;

    /* loaded from: input_file:com/documentum/fc/client/impl/crypto/CryptoUtils$CryptoDocbaseObserver.class */
    private static final class CryptoDocbaseObserver implements IPreferencesObserver {
        CryptoDocbaseObserver() {
            DfPreferences.getInstance().addObserver(this);
            update(DfPreferences.getInstance(), null);
        }

        @Override // com.documentum.fc.common.impl.preferences.IPreferencesObserver
        public void update(TypedPreferences typedPreferences, String str) {
            String unused = CryptoUtils.s_cryptoRepository = ((DfPreferences) typedPreferences).getCryptoRepository();
        }
    }

    public static synchronized CryptoUtils getInstance() {
        if (s_cryptoUtils == null) {
            s_cryptoUtils = new CryptoUtils();
        }
        return s_cryptoUtils;
    }

    public synchronized void initCrypto(String str) throws DfException {
        initCryptoEx(str, null);
    }

    public synchronized void initCryptoEx(String str, String str2) throws DfException {
        if (this.m_aek != null) {
            if (!str.equalsIgnoreCase(this.m_aekLocation)) {
                throw new DfException(DfcMessages.DM_CRYPTO_E_KEYSTORE_ALREADY_INITIALIZED_WITH_DIFFERENT_LOCATION, new Object[]{this.m_aekLocation});
            }
            throw new DfException(DfcMessages.DM_CRYPTO_W_KEYSTORE_ALREADY_INITIALIZED, new Object[]{this.m_aekLocation});
        }
        AEKFile aEKFile = new AEKFile(str);
        this.m_aekLocation = aEKFile.getAEKLocation();
        byte[] encryptedAEK = aEKFile.getEncryptedAEK();
        byte[] salt = aEKFile.getSalt();
        byte[] decrypt = decrypt(encryptedAEK, createSecretKey(passphraseToKey((str2 == null || str2.length() == 0) ? getDefaultPassphrase() : str2.getBytes(), salt, aEKFile.getIterationCount(), 24)), AEK_IV);
        byte[] bArr = new byte[salt.length];
        System.arraycopy(decrypt, 0, bArr, 0, salt.length);
        if (!Arrays.equals(bArr, salt)) {
            throw new DfException(DfcMessages.DM_CRYPTO_F_KEYSTORE_INIT, new Object[]{str});
        }
        int length = decrypt.length - salt.length;
        byte[] bArr2 = new byte[length];
        System.arraycopy(decrypt, salt.length, bArr2, 0, length);
        this.m_aek = createSecretKey(bArr2);
    }

    public synchronized String encryptPassword(String str) throws DfException {
        if (str == null || str.length() == 0) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_NULL_PASSWORD);
        }
        if (str.startsWith(ENCRYPTED_PASSWORD_PREFIX)) {
            throw new DfException(DfcMessages.DM_CRYPTO_W_DATA_ALREADY_ENCRYPTED);
        }
        if (!StringUtil.isEmptyOrNull(s_cryptoRepository)) {
            return encryptPassword(str, s_cryptoRepository);
        }
        String normalizeData = normalizeData(str);
        if (normalizeData.length() == 0) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_ENCRYPTPASS_FAILED);
        }
        try {
            checkForAEK();
            try {
                return ENCRYPTED_PASSWORD_PREFIX + new String(DfSimpleEncoderDecoder.base64Encode(encrypt(appendNullByte(padData(normalizeData, PASSWORD_PREFIX).getBytes(CHARSET_NAME)), this.m_aek, CRYPTO_IV)));
            } catch (UnsupportedEncodingException e) {
                throw new DfCriticalException(e);
            }
        } catch (DfException e2) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_ENCRYPTPASS_FAILED, e2);
        }
    }

    public synchronized String decryptPassword(String str) throws DfException {
        if (str == null) {
            throw new NullPointerException("encryptedPassword");
        }
        if (!str.startsWith(ENCRYPTED_PASSWORD_PREFIX)) {
            return str;
        }
        checkAccess();
        String substring = str.substring(ENCRYPTED_PASSWORD_PREFIX.length());
        checkForAEK();
        try {
            return unpadData(new String(stripNullByte(decrypt(DfSimpleEncoderDecoder.base64Decode(substring.toCharArray()), this.m_aek, CRYPTO_IV)), CHARSET_NAME), PASSWORD_PREFIX);
        } catch (UnsupportedEncodingException e) {
            throw new DfCriticalException(e);
        }
    }

    public synchronized String encryptText(String str, String str2) throws DfException {
        SecretKey secretKey;
        byte[] bArr;
        String padData;
        if (str == null || str.length() == 0) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_NULL_TEXT);
        }
        if (str.startsWith(ENCRYPTED_TEXT_PREFIX)) {
            throw new DfException(DfcMessages.DM_CRYPTO_W_DATA_ALREADY_ENCRYPTED);
        }
        if (!StringUtil.isEmptyOrNull(s_cryptoRepository)) {
            return encryptText(str, str2, s_cryptoRepository);
        }
        String normalizeData = normalizeData(str);
        if (str2 == null || str2.length() == 0) {
            try {
                checkForAEK();
                secretKey = this.m_aek;
                bArr = CRYPTO_IV;
                padData = padData(normalizeData, TEXT_PREFIX_AEK);
            } catch (DfException e) {
                throw new DfException(DfcMessages.DM_CRYPTO_E_ENCRYPTTEXT_FAILED, e);
            }
        } else {
            try {
                secretKey = createSecretKey(passphraseToKey(str2.getBytes(CHARSET_NAME), CRYPTO_SALT, 1024, 24));
                bArr = AEK_IV;
                padData = padData(normalizeData, TEXT_PREFIX_PASS);
            } catch (UnsupportedEncodingException e2) {
                throw new DfCriticalException(e2);
            }
        }
        try {
            return ENCRYPTED_TEXT_PREFIX + new String(DfSimpleEncoderDecoder.base64Encode(encrypt(appendNullByte(padData.getBytes(CHARSET_NAME)), secretKey, bArr)));
        } catch (UnsupportedEncodingException e3) {
            throw new DfCriticalException(e3);
        }
    }

    public synchronized String decryptText(String str, String str2) throws DfException {
        SecretKey secretKey;
        byte[] bArr;
        String str3;
        if (str == null || str.length() == 0) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_NULL_TEXT);
        }
        if (!str.startsWith(ENCRYPTED_TEXT_PREFIX)) {
            return str;
        }
        if (!StringUtil.isEmptyOrNull(s_cryptoRepository)) {
            return decryptText(str, str2, s_cryptoRepository);
        }
        String substring = str.substring(ENCRYPTED_TEXT_PREFIX.length());
        if (str2 == null || str2.length() == 0) {
            try {
                checkForAEK();
                secretKey = this.m_aek;
                bArr = CRYPTO_IV;
                str3 = TEXT_PREFIX_AEK;
            } catch (DfException e) {
                throw new DfException(DfcMessages.DM_CRYPTO_E_DECRYPTTEXT_FAILED, e);
            }
        } else {
            try {
                secretKey = createSecretKey(passphraseToKey(str2.getBytes(CHARSET_NAME), CRYPTO_SALT, 1024, 24));
                bArr = AEK_IV;
                str3 = TEXT_PREFIX_PASS;
            } catch (UnsupportedEncodingException e2) {
                throw new DfCriticalException(e2);
            }
        }
        try {
            try {
                return unpadData(new String(stripNullByte(decrypt(DfSimpleEncoderDecoder.base64Decode(substring.toCharArray()), secretKey, bArr)), CHARSET_NAME), str3);
            } catch (UnsupportedEncodingException e3) {
                throw new DfCriticalException(e3);
            }
        } catch (Exception e4) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_DECRYPTTEXT_FAILED, e4);
        }
    }

    private ISession getTrustedSession(String str) throws DfException {
        DfClientX dfClientX = new DfClientX();
        IDfSessionManager newSessionManager = dfClientX.getLocalClient().newSessionManager();
        IDfLoginInfo loginInfo = dfClientX.getLoginInfo();
        loginInfo.setUser((String) AccessController.doPrivileged(new GetPropertyAction("user.name")));
        newSessionManager.setIdentity(str, loginInfo);
        return (ISession) newSessionManager.getSession(str);
    }

    public String encryptPassword(String str, String str2) throws DfException {
        if (StringUtil.isEmptyOrNull(str)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_PASSWORD);
        }
        if (StringUtil.isEmptyOrNull(str2)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_DOCBASE_NAME);
        }
        ISession trustedSession = getTrustedSession(str2);
        String encryptPassword = trustedSession.getDocbaseApi().encryptPassword(str);
        trustedSession.getSessionManager().release(trustedSession);
        return encryptPassword;
    }

    public String encryptText(String str, String str2, String str3) throws DfException {
        if (StringUtil.isEmptyOrNull(str)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_TEXT_TO_ENCRYPT);
        }
        if (StringUtil.isEmptyOrNull(str3)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_DOCBASE_NAME);
        }
        ISession trustedSession = getTrustedSession(str3);
        String encryptText = trustedSession.getDocbaseApi().encryptText(str);
        trustedSession.getSessionManager().release(trustedSession);
        return encryptText;
    }

    public String decryptText(String str, String str2, String str3) throws DfException {
        if (StringUtil.isEmptyOrNull(str)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_ENCRYPTED_TEXT);
        }
        if (StringUtil.isEmptyOrNull(str3)) {
            throw new IllegalArgumentException(DfcMessages.DFC_INVALID_DOCBASE_NAME);
        }
        ISession trustedSession = getTrustedSession(str3);
        String decryptText = trustedSession.getDocbaseApi().decryptText(str);
        trustedSession.getSessionManager().release(trustedSession);
        return DfUtil.unObfuscate(decryptText);
    }

    String normalizeData(String str) {
        String str2;
        String replaceFirst = str.replaceFirst("[ ]*", "");
        if (replaceFirst.length() == 0 || replaceFirst.equals("'") || replaceFirst.equals(AuditTrailConstants.SINGLE_QUOTES_STR)) {
            str2 = "";
        } else if (replaceFirst.startsWith("'")) {
            String substring = replaceFirst.substring(1);
            String replaceFirst2 = substring.replaceFirst("(?<!')'[^'].*$", "");
            if (replaceFirst2.equals(substring)) {
                replaceFirst2 = substring.replaceFirst("'$", "");
            }
            str2 = replaceFirst2.replaceAll(AuditTrailConstants.SINGLE_QUOTES_STR, "'");
        } else {
            str2 = replaceFirst.trim();
        }
        return str2;
    }

    private void checkForAEK() throws DfException {
        if (this.m_aek == null) {
            initCrypto(null);
        }
    }

    private String padData(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str2);
        stringBuffer.append(System.currentTimeMillis());
        stringBuffer.append(TIME_SUFFIX);
        stringBuffer.append(str);
        return stringBuffer.toString();
    }

    private String unpadData(String str, String str2) throws DfException {
        if (!str.startsWith(str2)) {
            throw new DfException(DfcMessages.DM_CRYPTO_E_STRING_NOT_ENCRYPTED_USING_THIS_METHOD);
        }
        String substring = str.substring(str2.length());
        int indexOf = substring.indexOf(TIME_SUFFIX);
        if (indexOf != -1) {
            substring = substring.substring(indexOf + TIME_SUFFIX.length());
        }
        return substring;
    }

    private byte[] encrypt(byte[] bArr, SecretKey secretKey, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(1, secretKey, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new DfCriticalException("Unexpected problem with encryption", e);
        }
    }

    private byte[] decrypt(byte[] bArr, SecretKey secretKey, byte[] bArr2) throws DfException {
        try {
            Cipher cipher = Cipher.getInstance(TRANSFORMATION);
            cipher.init(2, secretKey, new IvParameterSpec(bArr2));
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw new DfException(DfcMessages.DM_CRYPTO_F_KEYSTORE_INIT, new Object[]{this.m_aekLocation}, e);
        }
    }

    private byte[] getDefaultPassphrase() {
        try {
            String[] split = new String(DfSimpleEncoderDecoder.base64Decode(ENCODED_PASSPHRASE), CHARSET_NAME).split(":");
            if (split.length != 3) {
                throw new DfCriticalException("Unexpected problem with crypto initialization");
            }
            String str = split[0];
            String str2 = split[1];
            String str3 = split[2];
            if (!str.equals("dm_type") || !str3.startsWith("dmi_object_type") || str2.length() < 1) {
                throw new DfCriticalException("Unexpected problem with crypto initialization");
            }
            try {
                return str2.getBytes(CHARSET_NAME);
            } catch (UnsupportedEncodingException e) {
                throw new DfCriticalException(e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new DfCriticalException(e2);
        }
    }

    private byte[] stripNullByte(byte[] bArr) {
        if (bArr == null) {
            throw new DfCriticalException("Unexpected problem with decryption");
        }
        int length = bArr.length;
        int i = bArr[length - 1] == 0 ? length - 1 : length;
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        return bArr2;
    }

    private byte[] appendNullByte(byte[] bArr) {
        if (bArr == null) {
            throw new DfCriticalException("Unexpected problem with encryption");
        }
        byte[] bArr2 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        return bArr2;
    }

    private SecretKey createSecretKey(byte[] bArr) {
        try {
            return SecretKeyFactory.getInstance(KEY_TYPE).generateSecret(new DESedeKeySpec(bArr));
        } catch (Exception e) {
            throw new DfCriticalException("Unexpected problem with key generation");
        }
    }

    private byte[] passphraseToKey(byte[] bArr, byte[] bArr2, int i, int i2) {
        int ceil = (int) Math.ceil(i2 / 20);
        int i3 = i2 - ((ceil - 1) * 20);
        byte[] bArr3 = new byte[i2];
        int i4 = 20;
        for (int i5 = 1; i5 <= ceil; i5++) {
            byte[] xorSum = xorSum(bArr, bArr2, i, i5);
            if (i5 == ceil) {
                i4 = i3;
            }
            System.arraycopy(xorSum, 0, bArr3, (i5 - 1) * 20, i4);
        }
        return bArr3;
    }

    private byte[] xorSum(byte[] bArr, byte[] bArr2, int i, int i2) {
        byte[] bArr3 = {0, 0, 0, new Integer(i2).byteValue()};
        byte[] bArr4 = new byte[bArr2.length + bArr3.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        System.arraycopy(bArr3, 0, bArr4, bArr2.length, bArr3.length);
        byte[] bArr5 = bArr4;
        byte[] bArr6 = null;
        int i3 = 0;
        while (i3 < i) {
            byte[] pseudoRandomFunction = pseudoRandomFunction(bArr, bArr5);
            bArr6 = i3 == 0 ? pseudoRandomFunction : xorByteArray(bArr6, pseudoRandomFunction);
            bArr5 = pseudoRandomFunction;
            i3++;
        }
        return bArr6;
    }

    private byte[] pseudoRandomFunction(byte[] bArr, byte[] bArr2) {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(bArr, "HmacSHA1"));
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new DfCriticalException("Unexpected problem with key generation");
        }
    }

    private byte[] xorByteArray(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    private void checkAccess() throws SecurityException {
        if (!new Exception().getStackTrace()[2].getClassName().startsWith("com.documentum.fc.client.")) {
            throw new SecurityException();
        }
    }

    static {
        new CryptoDocbaseObserver();
    }
}
