package iaik.xml.crypto.alg.cipher;

import iaik.security.cipher.DESKeyGenerator;
import iaik.security.md.SHA;
import iaik.security.random.SHA1Random;
import iaik.utils.CriticalObject;
import iaik.utils.CryptoUtils;
import iaik.utils.Util;
import iaik.xml.crypto.XSecProvider;
import iaik.xml.crypto.alg.NoSuchAlgorithmRuntimeException;
import java.io.ByteArrayOutputStream;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.xml.crypto.enc.EncryptionMethod;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/iaik_xsect-2.13.jar:iaik/xml/crypto/alg/cipher/DESedeKWProxyCipher.class */
public class DESedeKWProxyCipher extends CipherSpi {
    public static final byte[] CMS_KEY_WRAP_IV = {74, -35, -94, 44, 121, -24, 33, 5};
    public final int CKS_LENGTH = 8;
    protected ByteArrayOutputStream buffer_;
    protected Cipher cipher1_;
    protected Cipher cipher2_;
    protected SecureRandom secureRandom_;
    protected int opmode_;
    protected Key key_;

    public DESedeKWProxyCipher() throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        if (!XSecProvider.lateAlgorithmProxyInstantiation()) {
            getInstanceUncaught(null);
        }
        this.secureRandom_ = new SHA1Random();
        this.buffer_ = new ByteArrayOutputStream();
    }

    protected void getInstanceUncaught(XSecProvider.Purpose purpose) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException {
        Provider delegationProvider = XSecProvider.getDelegationProvider(new StringBuffer().append("Cipher.").append("DESede/CBC/NoPadding").toString(), purpose);
        if (delegationProvider != null) {
            try {
                this.cipher1_ = Cipher.getInstance("DESede/CBC/NoPadding", delegationProvider);
                this.cipher2_ = Cipher.getInstance("DESede/CBC/NoPadding", delegationProvider);
            } catch (NoSuchMethodError e) {
                this.cipher1_ = Cipher.getInstance("DESede/CBC/NoPadding", delegationProvider.getName());
                this.cipher2_ = Cipher.getInstance("DESede/CBC/NoPadding", delegationProvider.getName());
            }
        }
        if (this.cipher1_ == null) {
            this.cipher1_ = Cipher.getInstance("DESede/CBC/NoPadding");
        }
        if (this.cipher2_ == null) {
            this.cipher2_ = Cipher.getInstance("DESede/CBC/NoPadding");
        }
    }

    protected void getInstance(XSecProvider.Purpose purpose) {
        if (this.cipher1_ == null || this.cipher2_ == null) {
            try {
                getInstanceUncaught(purpose);
            } catch (NoSuchAlgorithmException e) {
                throw new NoSuchAlgorithmRuntimeException("No such algorithm.", e);
            } catch (NoSuchProviderException e2) {
                throw new NoSuchAlgorithmRuntimeException("Delegation provider not registered, any more.", e2);
            } catch (NoSuchPaddingException e3) {
                throw new NoSuchAlgorithmRuntimeException("No such padding.", e3);
            }
        }
    }

    private void a(int i) {
        switch (i) {
            case 1:
            case 3:
                getInstance(XSecProvider.Purpose.CipherPurpose.ENCRYPT);
                return;
            case 2:
            case 4:
                getInstance(XSecProvider.Purpose.CipherPurpose.DECRYPT);
                return;
            default:
                return;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.cipher1_ == null || this.cipher2_ == null) {
            a(i);
        }
        this.opmode_ = i;
        this.key_ = key;
        if (algorithmParameters != null) {
            throw new InvalidAlgorithmParameterException(new StringBuffer().append("AlgorithmParameters '").append(algorithmParameters.getClass()).append("' not supported.").toString());
        }
        switch (i) {
            case 3:
                i = 1;
                break;
            case 4:
                i = 2;
                break;
        }
        if (i != 1) {
            this.cipher1_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
            return;
        }
        byte[] bArr = new byte[8];
        (secureRandom != null ? secureRandom : this.secureRandom_).nextBytes(bArr);
        this.cipher1_.init(i, key, new IvParameterSpec(bArr));
        this.cipher2_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.cipher1_ == null || this.cipher2_ == null) {
            a(i);
        }
        this.opmode_ = i;
        this.key_ = key;
        switch (i) {
            case 3:
                i = 1;
                break;
            case 4:
                i = 2;
                break;
        }
        if (i != 1) {
            if (algorithmParameterSpec != null) {
                throw new InvalidAlgorithmParameterException(new StringBuffer().append("AlgorithmParameters '").append(algorithmParameterSpec.getClass()).append("' not supported.").toString());
            }
            this.cipher1_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
            return;
        }
        if (algorithmParameterSpec == null) {
            byte[] bArr = new byte[8];
            (secureRandom != null ? secureRandom : this.secureRandom_).nextBytes(bArr);
            this.cipher1_.init(i, key, new IvParameterSpec(bArr));
        } else {
            if (!(algorithmParameterSpec instanceof IvParameterSpec)) {
                throw new InvalidAlgorithmParameterException(new StringBuffer().append("AlgorithmParameters '").append(algorithmParameterSpec.getClass()).append("' not supported.").toString());
            }
            this.cipher1_.init(i, key, algorithmParameterSpec);
        }
        this.cipher2_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        if (this.cipher1_ == null || this.cipher2_ == null) {
            a(i);
        }
        this.opmode_ = i;
        this.key_ = key;
        switch (i) {
            case 3:
                i = 1;
                break;
            case 4:
                i = 2;
                break;
        }
        try {
            if (i == 1) {
                byte[] bArr = new byte[8];
                (secureRandom != null ? secureRandom : this.secureRandom_).nextBytes(bArr);
                this.cipher1_.init(i, key, new IvParameterSpec(bArr));
                this.cipher2_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
            } else {
                this.cipher1_.init(i, key, new IvParameterSpec(CMS_KEY_WRAP_IV));
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new c(this, e.getMessage(), e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr == null || bArr.length % 8 != 0) {
            throw new InvalidKeyException("The wrapped key length must be a multiple of 8.");
        }
        try {
            byte[] engineDoFinal = engineDoFinal(bArr, 0, bArr.length);
            if ("DESede".equals(str) || EncryptionMethod.TRIPLEDES_CBC.equals(str)) {
                if (engineDoFinal.length != 24) {
                    throw new InvalidKeyException("Invalid TripleDESKey; wrong length.");
                }
                for (int i2 = 0; i2 < 3; i2++) {
                    if (!DESKeyGenerator.checkParity(engineDoFinal, i2 * 8, true)) {
                        throw new InvalidKeyException("TripleDESKey not (odd) parity adjusted.");
                    }
                }
            }
            return Util.decodeKey(i, str, engineDoFinal);
        } catch (BadPaddingException e) {
            throw new e(this, e.getMessage(), e);
        } catch (IllegalBlockSizeException e2) {
            throw new d(this, e2.getMessage(), e2);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        byte[] encoded = key.getEncoded();
        if (encoded == null || encoded.length == 0) {
            throw new InvalidKeyException("Failed to encode key.");
        }
        if (encoded.length % 8 != 0) {
            throw new InvalidKeyException("The key length must be a multiple of 8.");
        }
        byte[] a = ("DESede".equals(key.getAlgorithm()) || EncryptionMethod.TRIPLEDES_CBC.equals(key.getAlgorithm())) ? a(key) : encoded;
        try {
            return engineDoFinal(a, 0, a.length);
        } catch (BadPaddingException e) {
            throw new InvalidKeyException(e.getMessage());
        } catch (IllegalBlockSizeException e2) {
            throw new InvalidKeyException(e2.getMessage());
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        if (engineDoFinal == null) {
            return 0;
        }
        if (engineDoFinal.length > bArr2.length - i3) {
            throw new ShortBufferException();
        }
        System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
        return engineDoFinal.length;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        byte[] byteArray;
        if (bArr == null || bArr.length % 8 != 0) {
            throw new IllegalBlockSizeException();
        }
        if (this.opmode_ != 1 && this.opmode_ != 3) {
            byte[] doFinal = this.cipher1_.doFinal(bArr);
            CryptoUtils.reverseArray(doFinal, 0, doFinal.length);
            byte[] bArr2 = new byte[8];
            byte[] bArr3 = new byte[doFinal.length - bArr2.length];
            System.arraycopy(doFinal, 0, bArr2, 0, bArr2.length);
            System.arraycopy(doFinal, bArr2.length, bArr3, 0, bArr3.length);
            try {
                this.cipher2_.init(2, this.key_, new IvParameterSpec(bArr2));
                byte[] doFinal2 = this.cipher2_.doFinal(bArr3);
                byte[] bArr4 = new byte[doFinal2.length - 8];
                System.arraycopy(doFinal2, 0, bArr4, 0, bArr4.length);
                a(bArr4, bArr3, 0, 8);
                if (!CryptoUtils.equalsBlock(bArr3, 0, doFinal2, bArr4.length, 8)) {
                    throw new BadPaddingException("Could not unwrap key: CMS checksum error!");
                }
                CriticalObject.destroy(bArr2);
                CriticalObject.destroy(bArr3);
                CriticalObject.destroy(doFinal2);
                return bArr4;
            } catch (InvalidAlgorithmParameterException e) {
                throw new RuntimeException(e.getMessage());
            } catch (InvalidKeyException e2) {
                throw new RuntimeException(e2.getMessage());
            }
        }
        if (this.buffer_.size() != 0) {
            this.buffer_.write(bArr, i, i2);
            byteArray = this.buffer_.toByteArray();
            this.buffer_.reset();
        } else if (i == 0 && i2 == bArr.length) {
            byteArray = bArr;
        } else {
            byteArray = new byte[i2];
            System.arraycopy(bArr, i, byteArray, 0, i2);
        }
        byte[] bArr5 = new byte[byteArray.length + 8];
        System.arraycopy(byteArray, 0, bArr5, 0, byteArray.length);
        a(byteArray, bArr5, byteArray.length, 8);
        byte[] doFinal3 = this.cipher1_.doFinal(bArr5);
        byte[] iv = this.cipher1_.getIV();
        byte[] bArr6 = new byte[doFinal3.length + iv.length];
        System.arraycopy(iv, 0, bArr6, 0, iv.length);
        System.arraycopy(doFinal3, 0, bArr6, iv.length, doFinal3.length);
        CryptoUtils.reverseArray(bArr6, 0, bArr6.length);
        byte[] doFinal4 = this.cipher2_.doFinal(bArr6);
        CriticalObject.destroy(byteArray);
        CriticalObject.destroy(bArr5);
        CriticalObject.destroy(doFinal3);
        return doFinal4;
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        throw new NoSuchAlgorithmException(new StringBuffer().append("Mode ").append(str).append(" not supported.").toString());
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        throw new NoSuchPaddingException(new StringBuffer().append("Padding ").append(str).append(" not supported.").toString());
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        return 0;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        if (this.cipher1_ == null || this.cipher2_ == null) {
            throw new IllegalStateException("Cipher not initialized");
        }
        return this.cipher1_.getIV();
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        this.buffer_.write(bArr, i, i2);
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        this.buffer_.write(bArr, i, i2);
        return 0;
    }

    private byte[] a(Key key) throws InvalidKeyException {
        byte[] encoded = key.getEncoded();
        if (!key.getFormat().equals("RAW")) {
            throw new InvalidKeyException("Content encryption key format must be RAW");
        }
        byte[] bArr = new byte[24];
        if (encoded.length == 16) {
            System.arraycopy(encoded, 0, bArr, 0, 16);
            System.arraycopy(encoded, 0, bArr, 16, 8);
        } else {
            if (encoded.length != 24) {
                throw new InvalidKeyException("Triple-DES content encryption key must be 16 or 24 bytes long!");
            }
            System.arraycopy(encoded, 0, bArr, 0, 24);
        }
        DESKeyGenerator.adjustParity(bArr, 0);
        DESKeyGenerator.adjustParity(bArr, 8);
        DESKeyGenerator.adjustParity(bArr, 16);
        return bArr;
    }

    private void a(byte[] bArr, byte[] bArr2, int i, int i2) {
        if (i2 < 0) {
            i2 = 8;
        }
        if (i2 > 20) {
            throw new IndexOutOfBoundsException("Only 20 bytes available from SHA-1!");
        }
        System.arraycopy(new SHA().digest(bArr), 0, bArr2, i, i2);
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        return 168;
    }
}
