package com.unboundid.util;

import com.microsoft.identity.client.claims.WWWAuthenticateHeader;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Integer;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import fv.p;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.logging.Level;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.MOSTLY_THREADSAFE)
@NotMutable
/* loaded from: classes5.dex */
public final class PassphraseEncryptedStreamHeader implements Serializable {
    public static final int ENCODING_VERSION_1 = 1;
    public static final byte[] MAGIC_BYTES = {80, 85, 76, 83, 80, 69, 83, 72};
    public static final byte TYPE_CIPHER_INITIALIZATION_VECTOR = -122;
    public static final byte TYPE_CIPHER_TRANSFORMATION = -123;
    public static final byte TYPE_ENCODING_VERSION = Byte.MIN_VALUE;
    public static final byte TYPE_KEY_FACTORY_ALGORITHM = -127;
    public static final byte TYPE_KEY_FACTORY_ITERATION_COUNT = -126;
    public static final byte TYPE_KEY_FACTORY_KEY_LENGTH_BITS = -124;
    public static final byte TYPE_KEY_FACTORY_SALT = -125;
    public static final byte TYPE_KEY_IDENTIFIER = -121;
    public static final byte TYPE_MAC_ALGORITHM = -120;
    public static final byte TYPE_MAC_VALUE = -119;
    private static final long serialVersionUID = 6756983626170064762L;
    private final byte[] cipherInitializationVector;
    private final String cipherTransformation;
    private final byte[] encodedHeader;
    private final String keyFactoryAlgorithm;
    private final int keyFactoryIterationCount;
    private final int keyFactoryKeyLengthBits;
    private final byte[] keyFactorySalt;
    private final String keyIdentifier;
    private final String macAlgorithm;
    private final byte[] macValue;
    private final SecretKey secretKey;

    private PassphraseEncryptedStreamHeader(String str, int i11, byte[] bArr, int i12, String str2, byte[] bArr2, String str3, SecretKey secretKey, String str4, byte[] bArr3, byte[] bArr4) {
        this.keyFactoryAlgorithm = str;
        this.keyFactoryIterationCount = i11;
        this.keyFactorySalt = Arrays.copyOf(bArr, bArr.length);
        this.keyFactoryKeyLengthBits = i12;
        this.cipherTransformation = str2;
        this.cipherInitializationVector = Arrays.copyOf(bArr2, bArr2.length);
        this.keyIdentifier = str3;
        this.secretKey = secretKey;
        this.macAlgorithm = str4;
        this.macValue = bArr3;
        this.encodedHeader = bArr4;
    }

    public PassphraseEncryptedStreamHeader(char[] cArr, String str, int i11, byte[] bArr, int i12, String str2, byte[] bArr2, String str3, String str4) throws GeneralSecurityException {
        this.keyFactoryAlgorithm = str;
        this.keyFactoryIterationCount = i11;
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        this.keyFactorySalt = copyOf;
        this.keyFactoryKeyLengthBits = i12;
        this.cipherTransformation = str2;
        byte[] copyOf2 = Arrays.copyOf(bArr2, bArr2.length);
        this.cipherInitializationVector = copyOf2;
        this.keyIdentifier = str3;
        this.macAlgorithm = str4;
        SecretKey generateKeyReliably = generateKeyReliably(str, str2, cArr, bArr, i11, i12);
        this.secretKey = generateKeyReliably;
        ObjectPair<byte[], byte[]> encode = encode(str, i11, copyOf, i12, str2, copyOf2, str3, generateKeyReliably, str4);
        this.encodedHeader = encode.getFirst();
        this.macValue = encode.getSecond();
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public static PassphraseEncryptedStreamHeader decode(byte[] bArr, char[] cArr) throws LDAPException, InvalidKeyException, GeneralSecurityException {
        if (bArr.length <= MAGIC_BYTES.length) {
            throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_TOO_SHORT.a());
        }
        int i11 = 0;
        while (true) {
            byte[] bArr2 = MAGIC_BYTES;
            if (i11 >= bArr2.length) {
                try {
                    int length = bArr.length - bArr2.length;
                    byte[] bArr3 = new byte[length];
                    System.arraycopy(bArr, bArr2.length, bArr3, 0, length);
                    return decodeHeaderSequence(bArr, ASN1Sequence.decodeAsSequence(bArr3), cArr);
                } catch (Exception e11) {
                    Debug.debugException(e11);
                    throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_ASN1_DECODE_ERROR.b(StaticUtils.getExceptionMessage(e11)), e11);
                }
            }
            if (bArr[i11] != bArr2[i11]) {
                throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_DECODE_MAGIC_MISMATCH.a());
            }
            i11++;
        }
    }

    private static PassphraseEncryptedStreamHeader decodeHeaderSequence(byte[] bArr, ASN1Sequence aSN1Sequence, char[] cArr) throws LDAPException, InvalidKeyException, GeneralSecurityException {
        byte[] bArr2;
        SecretKey secretKey;
        try {
            ASN1Element[] elements = aSN1Sequence.elements();
            ASN1Integer decodeAsInteger = ASN1Integer.decodeAsInteger(elements[0]);
            if (decodeAsInteger.intValue() != 1) {
                throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_UNSUPPORTED_VERSION.b(Integer.valueOf(decodeAsInteger.intValue())));
            }
            String stringValue = ASN1OctetString.decodeAsOctetString(elements[1]).stringValue();
            int intValue = ASN1Integer.decodeAsInteger(elements[2]).intValue();
            byte[] value = ASN1OctetString.decodeAsOctetString(elements[3]).getValue();
            int intValue2 = ASN1Integer.decodeAsInteger(elements[4]).intValue();
            String stringValue2 = ASN1OctetString.decodeAsOctetString(elements[5]).stringValue();
            byte[] value2 = ASN1OctetString.decodeAsOctetString(elements[6]).getValue();
            int i11 = -1;
            byte[] bArr3 = null;
            String str = null;
            String str2 = null;
            for (int i12 = 7; i12 < elements.length; i12++) {
                switch (elements[i12].getType()) {
                    case -121:
                        str = ASN1OctetString.decodeAsOctetString(elements[i12]).stringValue();
                        break;
                    case -120:
                        str2 = ASN1OctetString.decodeAsOctetString(elements[i12]).stringValue();
                        break;
                    case -119:
                        bArr3 = ASN1OctetString.decodeAsOctetString(elements[i12]).getValue();
                        i11 = i12;
                        break;
                    default:
                        throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_UNRECOGNIZED_ELEMENT_TYPE.b(StaticUtils.toHex(elements[i12].getType())));
                }
            }
            if (cArr == null) {
                secretKey = null;
                bArr2 = bArr3;
            } else {
                bArr2 = bArr3;
                SecretKey generateKeyReliably = generateKeyReliably(stringValue, stringValue2, cArr, value, intValue, intValue2);
                ByteStringBuffer byteStringBuffer = new ByteStringBuffer();
                for (int i13 = 0; i13 < elements.length; i13++) {
                    if (i13 != i11) {
                        byteStringBuffer.append(elements[i13].encode());
                    }
                }
                Mac mac = Mac.getInstance(str2);
                mac.init(generateKeyReliably);
                if (!Arrays.equals(mac.doFinal(byteStringBuffer.toByteArray()), bArr2)) {
                    throw new InvalidKeyException(p.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_BAD_PW.a());
                }
                secretKey = generateKeyReliably;
            }
            return new PassphraseEncryptedStreamHeader(stringValue, intValue, value, intValue2, stringValue2, value2, str, secretKey, str2, bArr2, bArr);
        } catch (LDAPException e11) {
            e = e11;
            Debug.debugException(e);
            throw e;
        } catch (GeneralSecurityException e12) {
            e = e12;
            Debug.debugException(e);
            throw e;
        } catch (Exception e13) {
            Debug.debugException(e13);
            throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_HEADER_SEQUENCE_DECODE_ERROR.b(StaticUtils.getExceptionMessage(e13)), e13);
        }
    }

    private static ObjectPair<byte[], byte[]> encode(String str, int i11, byte[] bArr, int i12, String str2, byte[] bArr2, String str3, SecretKey secretKey, String str4) throws GeneralSecurityException {
        ArrayList arrayList = new ArrayList(10);
        arrayList.add(new ASN1Integer(Byte.MIN_VALUE, 1));
        arrayList.add(new ASN1OctetString((byte) -127, str));
        arrayList.add(new ASN1Integer((byte) -126, i11));
        arrayList.add(new ASN1OctetString((byte) -125, bArr));
        arrayList.add(new ASN1Integer((byte) -124, i12));
        arrayList.add(new ASN1OctetString((byte) -123, str2));
        arrayList.add(new ASN1OctetString(TYPE_CIPHER_INITIALIZATION_VECTOR, bArr2));
        if (str3 != null) {
            arrayList.add(new ASN1OctetString((byte) -121, str3));
        }
        arrayList.add(new ASN1OctetString(TYPE_MAC_ALGORITHM, str4));
        ByteStringBuffer byteStringBuffer = new ByteStringBuffer();
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            byteStringBuffer.append(((ASN1Element) it2.next()).encode());
        }
        Mac mac = Mac.getInstance(str4);
        mac.init(secretKey);
        byte[] doFinal = mac.doFinal(byteStringBuffer.toByteArray());
        arrayList.add(new ASN1OctetString(TYPE_MAC_VALUE, doFinal));
        byte[] encode = new ASN1Sequence(arrayList).encode();
        byte[] bArr3 = MAGIC_BYTES;
        byte[] bArr4 = new byte[bArr3.length + encode.length];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        System.arraycopy(encode, 0, bArr4, bArr3.length, encode.length);
        return new ObjectPair<>(bArr4, doFinal);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private static SecretKey generateKeyReliably(String str, String str2, char[] cArr, byte[] bArr, int i11, int i12) throws GeneralSecurityException {
        byte[] bArr2 = null;
        int i13 = 0;
        byte[] bArr3 = null;
        while (i13 < 10) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(SecretKeyFactory.getInstance(str).generateSecret(new PBEKeySpec(cArr, bArr, i11, i12)).getEncoded(), str2.substring(0, str2.indexOf(47)));
            byte[] encoded = secretKeySpec.getEncoded();
            if (Arrays.equals(encoded, bArr2) && Arrays.equals(encoded, bArr3)) {
                if (i13 > 2) {
                    Debug.debug(Level.WARNING, DebugType.OTHER, "The secret key was generated inconsistently initially, but after " + i13 + " iterations, we were able to generate a consistent value.");
                }
                return secretKeySpec;
            }
            i13++;
            bArr3 = bArr2;
            bArr2 = encoded;
        }
        Debug.debug(Level.SEVERE, DebugType.OTHER, "Even after 10 iterations, the secret key could not be reliably generated.");
        throw new InvalidKeyException(p.ERR_PW_ENCRYPTED_STREAM_HEADER_CANNOT_GENERATE_KEY.a());
    }

    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    public static PassphraseEncryptedStreamHeader readFrom(InputStream inputStream, char[] cArr) throws IOException, LDAPException, InvalidKeyException, GeneralSecurityException {
        int i11 = 0;
        while (true) {
            byte[] bArr = MAGIC_BYTES;
            if (i11 >= bArr.length) {
                try {
                    ASN1Element readFrom = ASN1Element.readFrom(inputStream);
                    if (readFrom == null) {
                        throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_END_OF_STREAM_AFTER_MAGIC.a());
                    }
                    byte[] encode = readFrom.encode();
                    byte[] bArr2 = new byte[bArr.length + encode.length];
                    System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                    System.arraycopy(encode, 0, bArr2, bArr.length, encode.length);
                    return decodeHeaderSequence(bArr2, ASN1Sequence.decodeAsSequence(readFrom), cArr);
                } catch (LDAPException e11) {
                    e = e11;
                    Debug.debugException(e);
                    throw e;
                } catch (IOException e12) {
                    e = e12;
                    Debug.debugException(e);
                    throw e;
                } catch (GeneralSecurityException e13) {
                    e = e13;
                    Debug.debugException(e);
                    throw e;
                } catch (Exception e14) {
                    Debug.debugException(e14);
                    throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_ASN1_DECODE_ERROR.b(StaticUtils.getExceptionMessage(e14)), e14);
                }
            }
            int read = inputStream.read();
            if (read < 0) {
                throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_END_OF_STREAM_IN_MAGIC.a());
            }
            if (read != bArr[i11]) {
                throw new LDAPException(ResultCode.DECODING_ERROR, p.ERR_PW_ENCRYPTED_STREAM_HEADER_READ_MAGIC_MISMATCH.a());
            }
            i11++;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public Cipher createCipher(int i11) throws InvalidKeyException, GeneralSecurityException {
        if (this.secretKey == null) {
            throw new InvalidKeyException(p.ERR_PW_ENCRYPTED_HEADER_NO_KEY_AVAILABLE.a());
        }
        Cipher cipher = Cipher.getInstance(this.cipherTransformation);
        cipher.init(i11, this.secretKey, new IvParameterSpec(this.cipherInitializationVector));
        return cipher;
    }

    public byte[] getCipherInitializationVector() {
        byte[] bArr = this.cipherInitializationVector;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public String getCipherTransformation() {
        return this.cipherTransformation;
    }

    public byte[] getEncodedHeader() {
        byte[] bArr = this.encodedHeader;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public String getKeyFactoryAlgorithm() {
        return this.keyFactoryAlgorithm;
    }

    public int getKeyFactoryIterationCount() {
        return this.keyFactoryIterationCount;
    }

    public int getKeyFactoryKeyLengthBits() {
        return this.keyFactoryKeyLengthBits;
    }

    public byte[] getKeyFactorySalt() {
        byte[] bArr = this.keyFactorySalt;
        return Arrays.copyOf(bArr, bArr.length);
    }

    public String getKeyIdentifier() {
        return this.keyIdentifier;
    }

    public String getMACAlgorithm() {
        return this.macAlgorithm;
    }

    public boolean isSecretKeyAvailable() {
        return this.secretKey != null;
    }

    public String toString() {
        StringBuilder sb2 = new StringBuilder();
        toString(sb2);
        return sb2.toString();
    }

    public void toString(StringBuilder sb2) {
        sb2.append("PassphraseEncryptedStreamHeader(keyFactoryAlgorithm='");
        sb2.append(this.keyFactoryAlgorithm);
        sb2.append("', keyFactoryIterationCount=");
        sb2.append(this.keyFactoryIterationCount);
        sb2.append(", keyFactorySaltLengthBytes=");
        sb2.append(this.keyFactorySalt.length);
        sb2.append(", keyFactoryKeyLengthBits=");
        sb2.append(this.keyFactoryKeyLengthBits);
        sb2.append(", cipherTransformation'=");
        sb2.append(this.cipherTransformation);
        sb2.append("', cipherInitializationVectorLengthBytes=");
        sb2.append(this.cipherInitializationVector.length);
        sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
        if (this.keyIdentifier != null) {
            sb2.append(", keyIdentifier='");
            sb2.append(this.keyIdentifier);
            sb2.append(WWWAuthenticateHeader.SINGLE_QUOTE);
        }
        sb2.append(", macAlgorithm='");
        sb2.append(this.macAlgorithm);
        sb2.append("', macValueLengthBytes=");
        sb2.append(this.macValue.length);
        sb2.append(", secretKeyAvailable=");
        sb2.append(isSecretKeyAvailable());
        sb2.append(", encodedHeaderLengthBytes=");
        sb2.append(this.encodedHeader.length);
        sb2.append(')');
    }

    public void writeTo(OutputStream outputStream) throws IOException {
        outputStream.write(this.encodedHeader);
    }
}
