package com.sun.crypto.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.SealedObject;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;

/* loaded from: input_file:com/sun/crypto/provider/KeyProtector.class */
final class KeyProtector {
    private static final String PBE_WITH_MD5_AND_DES3_CBC_OID = "1.3.6.1.4.1.42.2.19.1";
    private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
    private static final int MAX_ITERATION_COUNT = 5000000;
    private static final int ITERATION_COUNT = 200000;
    private static final int SALT_LEN = 20;
    private static final int DIGEST_LEN = 20;
    private char[] password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyProtector(char[] cArr) {
        if (cArr == null) {
            throw new IllegalArgumentException("password can't be null");
        }
        this.password = cArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] protect(PrivateKey privateKey) throws Exception {
        byte[] bArr = new byte[8];
        SunJCE.getRandom().nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, ITERATION_COUNT);
        PBEKeySpec pBEKeySpec = new PBEKeySpec(this.password);
        PBEKey pBEKey = new PBEKey(pBEKeySpec, "PBEWithMD5AndTripleDES");
        pBEKeySpec.clearPassword();
        PBEWithMD5AndTripleDESCipher pBEWithMD5AndTripleDESCipher = new PBEWithMD5AndTripleDESCipher();
        pBEWithMD5AndTripleDESCipher.engineInit(1, pBEKey, pBEParameterSpec, (SecureRandom) null);
        byte[] encoded = privateKey.getEncoded();
        byte[] engineDoFinal = pBEWithMD5AndTripleDESCipher.engineDoFinal(encoded, 0, encoded.length);
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
        algorithmParameters.init(pBEParameterSpec);
        return new EncryptedPrivateKeyInfo(new AlgorithmId(new ObjectIdentifier(PBE_WITH_MD5_AND_DES3_CBC_OID), algorithmParameters), engineDoFinal).getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key recover(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        byte[] engineDoFinal;
        try {
            String objectIdentifier = encryptedPrivateKeyInfo.getAlgorithm().getOID().toString();
            if (!objectIdentifier.equals(PBE_WITH_MD5_AND_DES3_CBC_OID) && !objectIdentifier.equals(KEY_PROTECTOR_OID)) {
                throw new UnrecoverableKeyException("Unsupported encryption algorithm");
            }
            if (objectIdentifier.equals(KEY_PROTECTOR_OID)) {
                engineDoFinal = recover(encryptedPrivateKeyInfo.getEncryptedData());
            } else {
                byte[] encodedParams = encryptedPrivateKeyInfo.getAlgorithm().getEncodedParams();
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("PBE");
                algorithmParameters.init(encodedParams);
                PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) algorithmParameters.getParameterSpec(PBEParameterSpec.class);
                if (pBEParameterSpec.getIterationCount() > MAX_ITERATION_COUNT) {
                    throw new IOException("PBE iteration count too large");
                }
                PBEKeySpec pBEKeySpec = new PBEKeySpec(this.password);
                PBEKey pBEKey = new PBEKey(pBEKeySpec, "PBEWithMD5AndTripleDES");
                pBEKeySpec.clearPassword();
                PBEWithMD5AndTripleDESCipher pBEWithMD5AndTripleDESCipher = new PBEWithMD5AndTripleDESCipher();
                pBEWithMD5AndTripleDESCipher.engineInit(2, pBEKey, pBEParameterSpec, (SecureRandom) null);
                engineDoFinal = pBEWithMD5AndTripleDESCipher.engineDoFinal(encryptedPrivateKeyInfo.getEncryptedData(), 0, encryptedPrivateKeyInfo.getEncryptedData().length);
            }
            return KeyFactory.getInstance(new AlgorithmId(new PrivateKeyInfo(engineDoFinal).getAlgorithm().getOID()).getName()).generatePrivate(new PKCS8EncodedKeySpec(engineDoFinal));
        } catch (IOException e) {
            throw new UnrecoverableKeyException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            throw new UnrecoverableKeyException(e3.getMessage());
        }
    }

    private byte[] recover(byte[] bArr) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA");
        byte[] bArr2 = new byte[20];
        System.arraycopy(bArr, 0, bArr2, 0, 20);
        int length = (bArr.length - 20) - 20;
        int i = length / 20;
        if (length % 20 != 0) {
            i++;
        }
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 20, bArr3, 0, length);
        byte[] bArr4 = new byte[bArr3.length];
        byte[] bArr5 = new byte[this.password.length * 2];
        int i2 = 0;
        for (int i3 = 0; i3 < this.password.length; i3++) {
            int i4 = i2;
            int i5 = i2 + 1;
            bArr5[i4] = (byte) (this.password[i3] >> '\b');
            i2 = i5 + 1;
            bArr5[i5] = (byte) this.password[i3];
        }
        int i6 = 0;
        int i7 = 0;
        byte[] bArr6 = bArr2;
        while (i6 < i) {
            messageDigest.update(bArr5);
            messageDigest.update(bArr6);
            bArr6 = messageDigest.digest();
            messageDigest.reset();
            if (i6 < i - 1) {
                System.arraycopy(bArr6, 0, bArr4, i7, bArr6.length);
            } else {
                System.arraycopy(bArr6, 0, bArr4, i7, bArr4.length - i7);
            }
            i6++;
            i7 += 20;
        }
        byte[] bArr7 = new byte[bArr3.length];
        for (int i8 = 0; i8 < bArr7.length; i8++) {
            bArr7[i8] = (byte) (bArr3[i8] ^ bArr4[i8]);
        }
        messageDigest.update(bArr5);
        Arrays.fill(bArr5, (byte) 0);
        messageDigest.update(bArr7);
        byte[] digest = messageDigest.digest();
        messageDigest.reset();
        for (int i9 = 0; i9 < digest.length; i9++) {
            if (digest[i9] != bArr[20 + length + i9]) {
                throw new UnrecoverableKeyException("Cannot recover key");
            }
        }
        return bArr7;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SealedObject seal(Key key) throws Exception {
        byte[] bArr = new byte[8];
        SunJCE.getRandom().nextBytes(bArr);
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, ITERATION_COUNT);
        PBEKeySpec pBEKeySpec = new PBEKeySpec(this.password);
        PBEKey pBEKey = new PBEKey(pBEKeySpec, "PBEWithMD5AndTripleDES");
        pBEKeySpec.clearPassword();
        CipherForKeyProtector cipherForKeyProtector = new CipherForKeyProtector(new PBEWithMD5AndTripleDESCipher(), SunJCE.getInstance(), "PBEWithMD5AndTripleDES");
        cipherForKeyProtector.init(1, pBEKey, pBEParameterSpec);
        return new SealedObjectForKeyProtector(key, cipherForKeyProtector);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key unseal(SealedObject sealedObject) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            PBEKeySpec pBEKeySpec = new PBEKeySpec(this.password);
            PBEKey pBEKey = new PBEKey(pBEKeySpec, "PBEWithMD5AndTripleDES");
            pBEKeySpec.clearPassword();
            SealedObjectForKeyProtector sealedObjectForKeyProtector = !(sealedObject instanceof SealedObjectForKeyProtector) ? new SealedObjectForKeyProtector(sealedObject) : (SealedObjectForKeyProtector) sealedObject;
            AlgorithmParameters parameters = sealedObjectForKeyProtector.getParameters();
            if (parameters == null) {
                throw new UnrecoverableKeyException("Cannot get algorithm parameters");
            }
            try {
                if (((PBEParameterSpec) parameters.getParameterSpec(PBEParameterSpec.class)).getIterationCount() > MAX_ITERATION_COUNT) {
                    throw new IOException("PBE iteration count too large");
                }
                CipherForKeyProtector cipherForKeyProtector = new CipherForKeyProtector(new PBEWithMD5AndTripleDESCipher(), SunJCE.getInstance(), "PBEWithMD5AndTripleDES");
                cipherForKeyProtector.init(2, pBEKey, parameters);
                return (Key) sealedObjectForKeyProtector.getObject(cipherForKeyProtector);
            } catch (InvalidParameterSpecException e) {
                throw new IOException("Invalid PBE algorithm parameters");
            }
        } catch (IOException e2) {
            throw new UnrecoverableKeyException(e2.getMessage());
        } catch (ClassNotFoundException e3) {
            throw new UnrecoverableKeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw e4;
        } catch (GeneralSecurityException e5) {
            throw new UnrecoverableKeyException(e5.getMessage());
        }
    }
}
