package sun.security.krb5.internal.crypto.dk;

import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.internal.crypto.Confounder;
import sun.security.krb5.internal.crypto.KeyUsage;

/* loaded from: input_file:118668-06/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/rt.jar:sun/security/krb5/internal/crypto/dk/AesDkCrypto.class */
public class AesDkCrypto extends DkCrypto {
    private static final boolean debug = false;
    private static final int BLOCK_SIZE = 16;
    private static final int DEFAULT_ITERATION_COUNT = 4096;
    private static final byte[] ZERO_IV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    private static final int hashSize = 12;
    private int keyLength;

    public AesDkCrypto(int i) {
        this.keyLength = 0;
        this.keyLength = i;
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    protected int getKeySeedLength() {
        return this.keyLength;
    }

    public byte[] stringToKey(char[] cArr, String str) throws GeneralSecurityException {
        byte[] bArr = null;
        try {
            bArr = str.getBytes("UTF-8");
            byte[] stringToKey = stringToKey(cArr, bArr, null);
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return stringToKey;
        } catch (Exception e) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            return null;
        } catch (Throwable th) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th;
        }
    }

    private byte[] stringToKey(char[] cArr, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr2 == null || bArr2.length <= 0) {
            return dk(randomToKey(PBKDF2(cArr, bArr, 4096, getKeySeedLength())), KERBEROS_CONSTANT);
        }
        throw new RuntimeException("Invalid parameter to stringToKey");
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    protected byte[] randomToKey(byte[] bArr) {
        return bArr;
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    protected Cipher getCipher(byte[] bArr, byte[] bArr2, int i) throws GeneralSecurityException {
        if (bArr2 == null) {
            bArr2 = ZERO_IV;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
        cipher.init(i, secretKeySpec, new IvParameterSpec(bArr2, 0, bArr2.length));
        return cipher;
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public int getChecksumLength() {
        return 12;
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    protected byte[] getHmac(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HMAC");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(secretKeySpec);
        byte[] doFinal = mac.doFinal(bArr2);
        byte[] bArr3 = new byte[12];
        System.arraycopy(doFinal, 0, bArr3, 0, 12);
        return bArr3;
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public byte[] calculateChecksum(byte[] bArr, int i, byte[] bArr2, int i2, int i3) throws GeneralSecurityException {
        if (!KeyUsage.isValid(i)) {
            throw new GeneralSecurityException("Invalid key usage number: " + i);
        }
        byte[] dk = dk(bArr, new byte[]{(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255), -103});
        try {
            byte[] hmac = getHmac(dk, bArr2);
            if (hmac.length == getChecksumLength()) {
                return hmac;
            }
            if (hmac.length <= getChecksumLength()) {
                throw new GeneralSecurityException("checksum size too short: " + hmac.length + "; expecting : " + getChecksumLength());
            }
            byte[] bArr3 = new byte[getChecksumLength()];
            System.arraycopy(hmac, 0, bArr3, 0, bArr3.length);
            Arrays.fill(dk, 0, dk.length, (byte) 0);
            return bArr3;
        } finally {
            Arrays.fill(dk, 0, dk.length, (byte) 0);
        }
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public byte[] encrypt(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2, int i3) throws GeneralSecurityException, KrbCryptoException {
        if (KeyUsage.isValid(i)) {
            return encryptCTS(bArr, i, bArr2, bArr3, bArr4, i2, i3, true);
        }
        throw new GeneralSecurityException("Invalid key usage number: " + i);
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public byte[] encryptRaw(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, int i2, int i3) throws GeneralSecurityException, KrbCryptoException {
        if (KeyUsage.isValid(i)) {
            return encryptCTS(bArr, i, bArr2, null, bArr3, i2, i3, false);
        }
        throw new GeneralSecurityException("Invalid key usage number: " + i);
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public byte[] decrypt(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, int i2, int i3) throws GeneralSecurityException {
        if (KeyUsage.isValid(i)) {
            return decryptCTS(bArr, i, bArr2, bArr3, i2, i3, true);
        }
        throw new GeneralSecurityException("Invalid key usage number: " + i);
    }

    @Override // sun.security.krb5.internal.crypto.dk.DkCrypto
    public byte[] decryptRaw(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, int i2, int i3) throws GeneralSecurityException {
        if (KeyUsage.isValid(i)) {
            return decryptCTS(bArr, i, bArr2, bArr3, i2, i3, false);
        }
        throw new GeneralSecurityException("Invalid key usage number: " + i);
    }

    private byte[] encryptCTS(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, byte[] bArr4, int i2, int i3, boolean z) throws GeneralSecurityException, KrbCryptoException {
        byte[] bArr5;
        byte[] bArr6 = null;
        byte[] bArr7 = null;
        try {
            byte[] bArr8 = {(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255), -86};
            bArr6 = dk(bArr, bArr8);
            if (z) {
                byte[] bytes = Confounder.bytes(16);
                bArr5 = new byte[bytes.length + i3];
                System.arraycopy(bytes, 0, bArr5, 0, bytes.length);
                System.arraycopy(bArr4, i2, bArr5, bytes.length, i3);
            } else {
                bArr5 = new byte[i3];
                System.arraycopy(bArr4, i2, bArr5, 0, i3);
            }
            byte[] bArr9 = new byte[bArr5.length + 12];
            Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
            cipher.init(1, new SecretKeySpec(bArr6, "AES"), new IvParameterSpec(bArr2, 0, bArr2.length));
            cipher.doFinal(bArr5, 0, bArr5.length, bArr9);
            bArr8[4] = 85;
            bArr7 = dk(bArr, bArr8);
            byte[] hmac = getHmac(bArr7, bArr5);
            System.arraycopy(hmac, 0, bArr9, bArr5.length, hmac.length);
            if (bArr6 != null) {
                Arrays.fill(bArr6, 0, bArr6.length, (byte) 0);
            }
            if (bArr7 != null) {
                Arrays.fill(bArr7, 0, bArr7.length, (byte) 0);
            }
            return bArr9;
        } catch (Throwable th) {
            if (bArr6 != null) {
                Arrays.fill(bArr6, 0, bArr6.length, (byte) 0);
            }
            if (bArr7 != null) {
                Arrays.fill(bArr7, 0, bArr7.length, (byte) 0);
            }
            throw th;
        }
    }

    private byte[] decryptCTS(byte[] bArr, int i, byte[] bArr2, byte[] bArr3, int i2, int i3, boolean z) throws GeneralSecurityException {
        Object[] objArr = null;
        Object[] objArr2 = null;
        try {
            byte[] bArr4 = {(byte) ((i >> 24) & 255), (byte) ((i >> 16) & 255), (byte) ((i >> 8) & 255), (byte) (i & 255), -86};
            byte[] dk = dk(bArr, bArr4);
            Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
            cipher.init(2, new SecretKeySpec(dk, "AES"), new IvParameterSpec(bArr2, 0, bArr2.length));
            byte[] doFinal = cipher.doFinal(bArr3, i2, i3 - 12);
            bArr4[4] = 85;
            byte[] dk2 = dk(bArr, bArr4);
            byte[] hmac = getHmac(dk2, doFinal);
            int i4 = (i2 + i3) - 12;
            boolean z2 = false;
            if (hmac.length >= 12) {
                int i5 = 0;
                while (true) {
                    if (i5 >= 12) {
                        break;
                    }
                    if (hmac[i5] != bArr3[i4 + i5]) {
                        z2 = true;
                        System.err.println("Checksum failed !");
                        break;
                    }
                    i5++;
                }
            }
            if (z2) {
                throw new GeneralSecurityException("Checksum failed");
            }
            if (!z) {
                if (dk != null) {
                    Arrays.fill(dk, 0, dk.length, (byte) 0);
                }
                if (dk2 != null) {
                    Arrays.fill(dk2, 0, dk2.length, (byte) 0);
                }
                return doFinal;
            }
            byte[] bArr5 = new byte[doFinal.length - 16];
            System.arraycopy(doFinal, 16, bArr5, 0, bArr5.length);
            if (dk != null) {
                Arrays.fill(dk, 0, dk.length, (byte) 0);
            }
            if (dk2 != null) {
                Arrays.fill(dk2, 0, dk2.length, (byte) 0);
            }
            return bArr5;
        } catch (Throwable th) {
            if (0 != 0) {
                Arrays.fill((byte[]) null, 0, objArr.length, (byte) 0);
            }
            if (0 != 0) {
                Arrays.fill((byte[]) null, 0, objArr2.length, (byte) 0);
            }
            throw th;
        }
    }

    private static byte[] PBKDF2(char[] cArr, byte[] bArr, int i, int i2) throws GeneralSecurityException {
        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(cArr, bArr, i, i2)).getEncoded();
    }
}
