package com.sun.security.sasl.digest;

import com.ibm.security.pkcs5.PKCS5;
import com.sun.security.sasl.preview.SaslException;
import com.sun.security.sasl.util.SaslImpl;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.xerces.impl.xs.SchemaSymbols;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:efixes/PK23957_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/ext/ldapsec.jar:com/sun/security/sasl/digest/DigestUtils.class */
public class DigestUtils extends SaslImpl {
    protected static final boolean debug = false;
    private static final String CIPHER_PROPERTY = "com.sun.security.sasl.digest.cipher";
    private static final String NOCHAIN_PROPERTY = "com.sun.security.sasl.digest.nochain";
    private final byte[] EMPTY_BYTE_ARRAY;
    protected DigestSecurityCtx secCtx;
    protected byte[] H_A1;
    protected String encoding;
    protected String cipherSuite;
    protected String specifiedCipher;
    protected static final int DES3 = 0;
    protected static final int RC4 = 1;
    protected static final int DES = 2;
    protected static final int RC4_56 = 3;
    protected static final int RC4_40 = 4;
    private static final boolean nochain = noChaining();
    protected static final String[] CIPHER_TOKENS = {"3des", "rc4", "des", "rc4-56", "rc4-40"};
    private static final byte[] PARITY_BIT_MASK = {Byte.MIN_VALUE, 64, 32, 16, 8, 4, 2};
    private static final BigInteger MASK = new BigInteger("7f", 16);

    /* loaded from: input_file:efixes/PK23957_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/ext/ldapsec.jar:com/sun/security/sasl/digest/DigestUtils$DigestIntegrity.class */
    class DigestIntegrity implements DigestSecurityCtx {
        private static final String CLIENT_INT_MAGIC = "Digest session key to client-to-server signing key magic constant";
        private static final String SVR_INT_MAGIC = "Digest session key to server-to-client signing key magic constant";
        protected byte[] Kic;
        protected byte[] Kis;
        protected int cltSvrSeqNum = 0;
        protected int svrCltSeqNum = 0;
        protected final byte[] messageType = new byte[2];
        protected byte[] sequenceNum = new byte[4];
        private final DigestUtils this$0;

        /* JADX INFO: Access modifiers changed from: package-private */
        public DigestIntegrity(DigestUtils digestUtils) throws SaslException {
            this.this$0 = digestUtils;
            try {
                generateIntegrityKeyPair();
                SaslImpl.intToNetworkByteOrder(1, this.messageType, 0, 2);
            } catch (UnsupportedEncodingException e) {
                throw new SaslException("DIGEST-MD5: Error encoding strings into UTF-8", e);
            } catch (IOException e2) {
                throw new SaslException("DIGEST-MD5: Error accessing buffers required to create integrity key pairs", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new SaslException("DIGEST-MD5: Unsupported digest algorithm used to create integrity key pairs", e3);
            }
        }

        private void generateIntegrityKeyPair() throws UnsupportedEncodingException, IOException, NoSuchAlgorithmException {
            byte[] bytes = CLIENT_INT_MAGIC.getBytes(this.this$0.encoding);
            byte[] bytes2 = SVR_INT_MAGIC.getBytes(this.this$0.encoding);
            MessageDigest messageDigest = MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_MD5);
            byte[] bArr = new byte[this.this$0.H_A1.length + bytes.length];
            System.arraycopy(this.this$0.H_A1, 0, bArr, 0, this.this$0.H_A1.length);
            System.arraycopy(bytes, 0, bArr, this.this$0.H_A1.length, bytes.length);
            messageDigest.update(bArr);
            this.Kic = messageDigest.digest();
            System.arraycopy(bytes2, 0, bArr, this.this$0.H_A1.length, bytes2.length);
            messageDigest.update(bArr);
            this.Kis = messageDigest.digest();
        }

        @Override // com.sun.security.sasl.digest.DigestSecurityCtx
        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return this.this$0.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[i2 + 10 + 2 + 4];
            System.arraycopy(bArr, i, bArr2, 0, i2);
            incrementSeqNum(this.sequenceNum, 0, 4);
            System.arraycopy(getHMAC(this.Kic, this.sequenceNum, bArr, i, i2), 0, bArr2, i2, 10);
            System.arraycopy(this.messageType, 0, bArr2, i2 + 10, 2);
            System.arraycopy(this.sequenceNum, 0, bArr2, i2 + 12, 4);
            return bArr2;
        }

        @Override // com.sun.security.sasl.digest.DigestSecurityCtx
        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return this.this$0.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[10];
            byte[] bArr3 = new byte[i2 - 16];
            byte[] bArr4 = new byte[2];
            byte[] bArr5 = new byte[4];
            System.arraycopy(bArr, i, bArr3, 0, bArr3.length);
            System.arraycopy(bArr, i + bArr3.length, bArr2, 0, 10);
            System.arraycopy(bArr, i + bArr3.length + 10, bArr4, 0, 2);
            System.arraycopy(bArr, i + bArr3.length + 12, bArr5, 0, 4);
            if (!compareMACs(bArr2, getHMAC(this.Kis, bArr5, bArr3, 0, bArr3.length))) {
                return this.this$0.EMPTY_BYTE_ARRAY;
            }
            if (this.svrCltSeqNum != SaslImpl.networkByteOrderToInt(bArr5, 0, 4)) {
                throw new SaslException(new StringBuffer().append("DIGEST-MD5: Out of order sequencing of messages from server. Got: ").append(SaslImpl.networkByteOrderToInt(bArr5, 0, 4)).append(" Expected: ").append(this.svrCltSeqNum).toString());
            }
            if (!Arrays.equals(this.messageType, bArr4)) {
                throw new SaslException(new StringBuffer().append("DIGEST-MD5: invalid message type: ").append(SaslImpl.networkByteOrderToInt(bArr4, 0, 2)).toString());
            }
            this.svrCltSeqNum++;
            return bArr3;
        }

        protected byte[] getHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws SaslException {
            byte[] bArr4 = new byte[4 + i2];
            System.arraycopy(bArr2, 0, bArr4, 0, 4);
            System.arraycopy(bArr3, i, bArr4, 4, i2);
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacMD5");
                Mac mac = Mac.getInstance("HmacMD5");
                mac.init(secretKeySpec);
                mac.update(bArr4);
                byte[] doFinal = mac.doFinal();
                byte[] bArr5 = new byte[10];
                System.arraycopy(doFinal, 0, bArr5, 0, 10);
                return bArr5;
            } catch (InvalidKeyException e) {
                throw new SaslException("DIGEST-MD5: Invalid bytes used for key of HMAC-MD5 hash.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("DIGEST-MD5: Error creating instance of MD5 digest algorithm", e2);
            }
        }

        protected boolean compareMACs(byte[] bArr, byte[] bArr2) {
            return Arrays.equals(bArr, bArr2);
        }

        protected void incrementSeqNum(byte[] bArr, int i, int i2) {
            int i3 = this.cltSvrSeqNum;
            this.cltSvrSeqNum = i3 + 1;
            SaslImpl.intToNetworkByteOrder(i3, bArr, i, i2);
        }
    }

    /* loaded from: input_file:efixes/PK23957_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/ext/ldapsec.jar:com/sun/security/sasl/digest/DigestUtils$DigestPrivacy.class */
    final class DigestPrivacy extends DigestIntegrity implements DigestSecurityCtx {
        private static final String CLIENT_CONF_MAGIC = "Digest H(A1) to client-to-server sealing key magic constant";
        private static final String SVR_CONF_MAGIC = "Digest H(A1) to server-to-client sealing key magic constant";
        private IvParameterSpec IVcc;
        private IvParameterSpec IVcs;
        private int seqNum;
        private Cipher cipherCc;
        private Cipher cipherCs;
        private SecretKey keyCc;
        private SecretKey keyCs;
        private final DigestUtils this$0;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public DigestPrivacy(DigestUtils digestUtils) throws SaslException {
            super(digestUtils);
            this.this$0 = digestUtils;
            try {
                generatePrivacyKeyPair();
                this.cipherCc.init(1, this.keyCc, this.IVcc);
                this.cipherCs.init(2, this.keyCs, this.IVcs);
            } catch (UnsupportedEncodingException e) {
                throw new SaslException("DIGEST-MD5: Error encoding string value into UTF-8", e);
            } catch (IOException e2) {
                throw new SaslException("DIGEST-MD5: Error accessing buffers required to generate cipher keys", e2);
            } catch (InvalidAlgorithmParameterException e3) {
                throw new SaslException("DIGEST-MD5: Invalid cipher algorithem parameter used to create cipher instance", e3);
            } catch (InvalidKeyException e4) {
                throw new SaslException("DIGEST-MD5: Invalid byte array used to create cipher keys", e4);
            } catch (NoSuchAlgorithmException e5) {
                throw new SaslException("DIGEST-MD5: Error creating instance of required cipher", e5);
            }
        }

        private void generatePrivacyKeyPair() throws IOException, NoSuchAlgorithmException, UnsupportedEncodingException, SaslException {
            String str;
            String str2;
            byte[] bytes = CLIENT_CONF_MAGIC.getBytes(this.this$0.encoding);
            byte[] bytes2 = SVR_CONF_MAGIC.getBytes(this.this$0.encoding);
            MessageDigest messageDigest = MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_MD5);
            int i = this.this$0.cipherSuite.equals(DigestUtils.CIPHER_TOKENS[4]) ? 5 : this.this$0.cipherSuite.equals(DigestUtils.CIPHER_TOKENS[3]) ? 7 : 16;
            byte[] bArr = new byte[i + bytes.length];
            System.arraycopy(this.this$0.H_A1, 0, bArr, 0, i);
            System.arraycopy(bytes, 0, bArr, i, bytes.length);
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            System.arraycopy(bytes2, 0, bArr, i, bytes2.length);
            messageDigest.update(bArr);
            byte[] digest2 = messageDigest.digest();
            if (this.this$0.cipherSuite.indexOf(DigestUtils.CIPHER_TOKENS[1]) > -1) {
                try {
                    this.cipherCc = Cipher.getInstance("RC4");
                    this.cipherCs = Cipher.getInstance("RC4");
                    this.keyCc = new SecretKeySpec(digest, "RC4");
                    this.keyCs = new SecretKeySpec(digest2, "RC4");
                    return;
                } catch (NoSuchPaddingException e) {
                    throw new SaslException("DIGEST-MD5: Incorrect padding used for RC4 cipher", e);
                }
            }
            if (this.this$0.cipherSuite.equals(DigestUtils.CIPHER_TOKENS[2]) || this.this$0.cipherSuite.equals(DigestUtils.CIPHER_TOKENS[0])) {
                try {
                    if (this.this$0.cipherSuite.equals(DigestUtils.CIPHER_TOKENS[2])) {
                        str = "DES/CBC/NoPadding";
                        str2 = "des";
                    } else {
                        str = "DESede/CBC/NoPadding";
                        str2 = "desede";
                    }
                    this.cipherCc = Cipher.getInstance(str);
                    this.cipherCs = Cipher.getInstance(str);
                    this.keyCc = DigestUtils.makeDesKeys(digest, str2);
                    this.keyCs = DigestUtils.makeDesKeys(digest2, str2);
                    this.IVcc = new IvParameterSpec(digest, 8, 8);
                    this.IVcs = new IvParameterSpec(digest2, 8, 8);
                } catch (InvalidKeyException e2) {
                    throw new SaslException("DIGEST-MD5: Invalid data used to initialize keys", e2);
                } catch (InvalidKeySpecException e3) {
                    throw new SaslException("DIGEST-MD5: Unsupported key specification used.", e3);
                } catch (NoSuchPaddingException e4) {
                    throw new SaslException("DIGEST-MD5: Unsupported padding used for chosen cipher", e4);
                }
            }
        }

        @Override // com.sun.security.sasl.digest.DigestUtils.DigestIntegrity, com.sun.security.sasl.digest.DigestSecurityCtx
        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            byte[] bArr2;
            if (i2 == 0) {
                return this.this$0.EMPTY_BYTE_ARRAY;
            }
            incrementSeqNum(this.sequenceNum, 0, 4);
            byte[] hmac = getHMAC(this.Kic, this.sequenceNum, bArr, i, i2);
            int blockSize = this.cipherCc.getBlockSize();
            if (blockSize > 1) {
                int i3 = blockSize - ((i2 + 10) % blockSize);
                bArr2 = new byte[i3];
                for (int i4 = 0; i4 < i3; i4++) {
                    bArr2[i4] = (byte) i3;
                }
            } else {
                bArr2 = this.this$0.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr3 = new byte[i2 + bArr2.length + 10];
            System.arraycopy(bArr, i, bArr3, 0, i2);
            System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
            System.arraycopy(hmac, 0, bArr3, i2 + bArr2.length, 10);
            try {
                byte[] doFinal = DigestUtils.nochain ? this.cipherCc.doFinal(bArr3) : this.cipherCc.update(bArr3);
                if (doFinal == null) {
                    throw new IllegalBlockSizeException(new StringBuffer().append("").append(bArr3.length).toString());
                }
                byte[] bArr4 = new byte[doFinal.length + 2 + 4];
                System.arraycopy(doFinal, 0, bArr4, 0, doFinal.length);
                System.arraycopy(this.messageType, 0, bArr4, doFinal.length, 2);
                System.arraycopy(this.sequenceNum, 0, bArr4, doFinal.length + 2, 4);
                return bArr4;
            } catch (BadPaddingException e) {
                throw new SaslException("DIGEST-MD5: Invalid padding used for block cipher", e);
            } catch (IllegalBlockSizeException e2) {
                throw new SaslException("DIGEST-MD5: Invalid block size for cipher", e2);
            }
        }

        @Override // com.sun.security.sasl.digest.DigestUtils.DigestIntegrity, com.sun.security.sasl.digest.DigestSecurityCtx
        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return this.this$0.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[i2 - 6];
            byte[] bArr3 = new byte[2];
            byte[] bArr4 = new byte[4];
            System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, 2);
            System.arraycopy(bArr, i + bArr2.length + 2, bArr4, 0, 4);
            try {
                byte[] doFinal = DigestUtils.nochain ? this.cipherCs.doFinal(bArr2) : this.cipherCs.update(bArr2);
                if (doFinal == null) {
                    throw new IllegalBlockSizeException(new StringBuffer().append("").append(bArr2.length).toString());
                }
                byte[] bArr5 = new byte[doFinal.length - 10];
                byte[] bArr6 = new byte[10];
                System.arraycopy(doFinal, 0, bArr5, 0, bArr5.length);
                System.arraycopy(doFinal, bArr5.length, bArr6, 0, 10);
                int length = bArr5.length;
                if (this.cipherCs.getBlockSize() > 1) {
                    length -= bArr5[bArr5.length - 1];
                    if (length < 0) {
                        return this.this$0.EMPTY_BYTE_ARRAY;
                    }
                }
                if (!compareMACs(bArr6, getHMAC(this.Kis, bArr4, bArr5, 0, length))) {
                    return this.this$0.EMPTY_BYTE_ARRAY;
                }
                if (this.svrCltSeqNum != SaslImpl.networkByteOrderToInt(bArr4, 0, 4)) {
                    throw new SaslException(new StringBuffer().append("DIGEST-MD5: Out of order sequencing of messages from server. Got: ").append(SaslImpl.networkByteOrderToInt(bArr4, 0, 4)).append(" Expected: ").append(this.svrCltSeqNum).toString());
                }
                if (!Arrays.equals(this.messageType, bArr3)) {
                    throw new SaslException(new StringBuffer().append("DIGEST-MD5: invalid message type: ").append(SaslImpl.networkByteOrderToInt(bArr3, 0, 2)).toString());
                }
                this.svrCltSeqNum++;
                if (length == bArr5.length) {
                    return bArr5;
                }
                byte[] bArr7 = new byte[length];
                System.arraycopy(bArr5, 0, bArr7, 0, length);
                return bArr7;
            } catch (BadPaddingException e) {
                throw new SaslException("DIGEST-MD5: Incorrect padding used with chosen cipher", e);
            } catch (IllegalBlockSizeException e2) {
                throw new SaslException("DIGEST-MD5: Illegal block sizes used with chosen cipher", e2);
            }
        }
    }

    private static final boolean noChaining() {
        return SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.security.sasl.digest.DigestUtils.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return System.getProperty(DigestUtils.NOCHAIN_PROPERTY);
                } catch (SecurityException e) {
                    return null;
                }
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestUtils(Map map) throws SaslException {
        super(map);
        this.EMPTY_BYTE_ARRAY = new byte[0];
        this.encoding = "8859_1";
        if (map != null) {
            this.specifiedCipher = (String) map.get(CIPHER_PROPERTY);
        }
    }

    public String getMechanismName() {
        return "DIGEST-MD5";
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.completed) {
            return this.secCtx.unwrap(bArr, i, i2);
        }
        throw new SaslException("Not completed");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.completed) {
            return this.secCtx.wrap(bArr, i, i2);
        }
        throw new SaslException("Not completed");
    }

    public void dispose() throws SaslException {
        if (this.secCtx != null) {
            this.secCtx = null;
        }
    }

    private static void setParityBit(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = 0;
            for (int i3 = 0; i3 < PARITY_BIT_MASK.length; i3++) {
                if ((bArr[i] & PARITY_BIT_MASK[i3]) == PARITY_BIT_MASK[i3]) {
                    i2++;
                }
            }
            if ((i2 & 1) == 1) {
                bArr[i] = (byte) (bArr[i] & (-2));
            } else {
                bArr[i] = (byte) (bArr[i] | 1);
            }
        }
    }

    private static byte[] addDesParity(byte[] bArr, int i, int i2) {
        if (i2 != 7) {
            throw new IllegalArgumentException(new StringBuffer().append("Invalid length of DES Key Value:").append(i2).toString());
        }
        byte[] bArr2 = new byte[7];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        byte[] bArr3 = new byte[8];
        BigInteger bigInteger = new BigInteger(bArr2);
        for (int length = bArr3.length - 1; length >= 0; length--) {
            bArr3[length] = bigInteger.and(MASK).toByteArray()[0];
            int i3 = length;
            bArr3[i3] = (byte) (bArr3[i3] << 1);
            bigInteger = bigInteger.shiftRight(7);
        }
        setParityBit(bArr3);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey makeDesKeys(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        KeySpec dESedeKeySpec;
        byte[] addDesParity = addDesParity(bArr, 0, 7);
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(str);
        if (str.equals("des")) {
            dESedeKeySpec = new DESKeySpec(addDesParity, 0);
        } else {
            if (!str.equals("desede")) {
                throw new IllegalArgumentException(new StringBuffer().append("Invalid DES strength:").append(str).toString());
            }
            byte[] addDesParity2 = addDesParity(bArr, 7, 7);
            byte[] bArr2 = new byte[(addDesParity.length * 2) + addDesParity2.length];
            System.arraycopy(addDesParity, 0, bArr2, 0, addDesParity.length);
            System.arraycopy(addDesParity2, 0, bArr2, addDesParity.length, addDesParity2.length);
            System.arraycopy(addDesParity, 0, bArr2, addDesParity.length + addDesParity2.length, addDesParity.length);
            dESedeKeySpec = new DESedeKeySpec(bArr2, 0);
        }
        return secretKeyFactory.generateSecret(dESedeKeySpec);
    }
}
