package org.owasp.esapi.crypto;

import com.amazonaws.services.s3.internal.Constants;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.EnumSet;
import java.util.Iterator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.crypto.KeyDerivationFunction;
import org.owasp.esapi.errors.EncryptionException;

/* loaded from: input_file:BOOT-INF/lib/esapi-2.1.0.jar:org/owasp/esapi/crypto/CipherText.class */
public final class CipherText implements Serializable {
    public static final int cipherTextVersion = 20130830;
    private static final long serialVersionUID = 20130830;
    private static final Logger logger;
    private CipherSpec cipherSpec_;
    private byte[] raw_ciphertext_;
    private byte[] separate_mac_;
    private long encryption_timestamp_;
    private int kdfVersion_;
    private int kdfPrfSelection_;
    private final EnumSet<CipherTextFlags> allCtFlags;
    private final EnumSet<CipherTextFlags> fromCipherSpec;
    private EnumSet<CipherTextFlags> progress;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/esapi-2.1.0.jar:org/owasp/esapi/crypto/CipherText$CipherTextFlags.class */
    public enum CipherTextFlags {
        ALGNAME,
        CIPHERMODE,
        PADDING,
        KEYSIZE,
        BLOCKSIZE,
        CIPHERTEXT,
        INITVECTOR
    }

    public CipherText() {
        this.cipherSpec_ = null;
        this.raw_ciphertext_ = null;
        this.separate_mac_ = null;
        this.encryption_timestamp_ = 0L;
        this.kdfVersion_ = 20130830;
        this.kdfPrfSelection_ = KeyDerivationFunction.getDefaultPRFSelection();
        this.allCtFlags = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE, CipherTextFlags.CIPHERTEXT, CipherTextFlags.INITVECTOR);
        this.fromCipherSpec = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE);
        this.progress = EnumSet.noneOf(CipherTextFlags.class);
        this.cipherSpec_ = new CipherSpec();
        received(this.fromCipherSpec);
    }

    public CipherText(CipherSpec cipherSpec) {
        this.cipherSpec_ = null;
        this.raw_ciphertext_ = null;
        this.separate_mac_ = null;
        this.encryption_timestamp_ = 0L;
        this.kdfVersion_ = 20130830;
        this.kdfPrfSelection_ = KeyDerivationFunction.getDefaultPRFSelection();
        this.allCtFlags = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE, CipherTextFlags.CIPHERTEXT, CipherTextFlags.INITVECTOR);
        this.fromCipherSpec = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE);
        this.progress = EnumSet.noneOf(CipherTextFlags.class);
        this.cipherSpec_ = cipherSpec;
        received(this.fromCipherSpec);
        if (cipherSpec.getIV() != null) {
            received(CipherTextFlags.INITVECTOR);
        }
    }

    public CipherText(CipherSpec cipherSpec, byte[] bArr) throws EncryptionException {
        this.cipherSpec_ = null;
        this.raw_ciphertext_ = null;
        this.separate_mac_ = null;
        this.encryption_timestamp_ = 0L;
        this.kdfVersion_ = 20130830;
        this.kdfPrfSelection_ = KeyDerivationFunction.getDefaultPRFSelection();
        this.allCtFlags = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE, CipherTextFlags.CIPHERTEXT, CipherTextFlags.INITVECTOR);
        this.fromCipherSpec = EnumSet.of(CipherTextFlags.ALGNAME, CipherTextFlags.CIPHERMODE, CipherTextFlags.PADDING, CipherTextFlags.KEYSIZE, CipherTextFlags.BLOCKSIZE);
        this.progress = EnumSet.noneOf(CipherTextFlags.class);
        this.cipherSpec_ = cipherSpec;
        setCiphertext(bArr);
        received(this.fromCipherSpec);
        if (cipherSpec.getIV() != null) {
            received(CipherTextFlags.INITVECTOR);
        }
    }

    public static CipherText fromPortableSerializedBytes(byte[] bArr) throws EncryptionException {
        return new CipherTextSerializer(bArr).asCipherText();
    }

    public String getCipherTransformation() {
        return this.cipherSpec_.getCipherTransformation();
    }

    public String getCipherAlgorithm() {
        return this.cipherSpec_.getCipherAlgorithm();
    }

    public int getKeySize() {
        return this.cipherSpec_.getKeySize();
    }

    public int getBlockSize() {
        return this.cipherSpec_.getBlockSize();
    }

    public String getCipherMode() {
        return this.cipherSpec_.getCipherMode();
    }

    public String getPaddingScheme() {
        return this.cipherSpec_.getPaddingScheme();
    }

    public byte[] getIV() {
        if (isCollected(CipherTextFlags.INITVECTOR)) {
            return this.cipherSpec_.getIV();
        }
        logger.error(Logger.SECURITY_FAILURE, "IV not set yet; unable to retrieve; returning null");
        return null;
    }

    public boolean requiresIV() {
        return this.cipherSpec_.requiresIV();
    }

    public byte[] getRawCipherText() {
        if (!isCollected(CipherTextFlags.CIPHERTEXT)) {
            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext not set yet; unable to retrieve; returning null");
            return null;
        }
        byte[] bArr = new byte[this.raw_ciphertext_.length];
        System.arraycopy(this.raw_ciphertext_, 0, bArr, 0, this.raw_ciphertext_.length);
        return bArr;
    }

    public int getRawCipherTextByteLength() {
        if (this.raw_ciphertext_ != null) {
            return this.raw_ciphertext_.length;
        }
        return 0;
    }

    public String getBase64EncodedRawCipherText() {
        return ESAPI.encoder().encodeForBase64(getRawCipherText(), false);
    }

    public String getEncodedIVCipherText() {
        if (!isCollected(CipherTextFlags.INITVECTOR) || !isCollected(CipherTextFlags.CIPHERTEXT)) {
            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext and/or IV not set yet; unable to retrieve; returning null");
            return null;
        }
        byte[] iv = getIV();
        byte[] rawCipherText = getRawCipherText();
        byte[] bArr = new byte[iv.length + rawCipherText.length];
        System.arraycopy(iv, 0, bArr, 0, iv.length);
        System.arraycopy(rawCipherText, 0, bArr, iv.length, rawCipherText.length);
        return ESAPI.encoder().encodeForBase64(bArr, false);
    }

    public void computeAndStoreMAC(SecretKey secretKey) {
        if (!$assertionsDisabled && macComputed()) {
            throw new AssertionError("Programming error: Can't store message integrity code while encrypting; computeAndStoreMAC() called multiple times.");
        }
        if (!$assertionsDisabled && !collectedAll()) {
            throw new AssertionError("Have not collected all required information to compute and store MAC.");
        }
        byte[] computeMAC = computeMAC(secretKey);
        if (computeMAC != null) {
            storeSeparateMAC(computeMAC);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void storeSeparateMAC(byte[] bArr) {
        if (macComputed()) {
            return;
        }
        this.separate_mac_ = new byte[bArr.length];
        CryptoHelper.copyByteArray(bArr, this.separate_mac_);
        if (!$assertionsDisabled && !macComputed()) {
            throw new AssertionError();
        }
    }

    public boolean validateMAC(SecretKey secretKey) {
        boolean useMACforCipherText = ESAPI.securityConfiguration().useMACforCipherText();
        if (!useMACforCipherText || !macComputed()) {
            if (!useMACforCipherText) {
                return true;
            }
            logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
            return false;
        }
        byte[] computeMAC = computeMAC(secretKey);
        if ($assertionsDisabled || computeMAC.length == this.separate_mac_.length) {
            return CryptoHelper.arrayCompare(computeMAC, this.separate_mac_);
        }
        throw new AssertionError("MACs are of differnt lengths. Should both be the same.");
    }

    public byte[] asPortableSerializedByteArray() throws EncryptionException {
        if (!collectedAll()) {
            throw new EncryptionException("Can't serialize incomplete ciphertext info", "Can't serialize this CipherText object yet as not all mandatory information has been collected");
        }
        if (!ESAPI.securityConfiguration().useMACforCipherText() || macComputed()) {
            return new CipherTextSerializer(this).asSerializedByteArray();
        }
        throw new EncryptionException("Can't serialize ciphertext info: Data integrity issue.", "Programming error: MAC is required for this cipher mode (" + getCipherMode() + "), but MAC has not yet been computed and stored. Call the method computeAndStoreMAC(SecretKey) first before attempting serialization.");
    }

    public void setCiphertext(byte[] bArr) throws EncryptionException {
        if (macComputed()) {
            logger.error(Logger.SECURITY_FAILURE, "Programming error: Attempt to set ciphertext after MAC already computed.");
            throw new EncryptionException("MAC already set; cannot store new raw ciphertext", "Programming error: Attempt to set ciphertext after MAC already computed.");
        }
        if (bArr == null || bArr.length == 0) {
            throw new EncryptionException("Encryption faled; no ciphertext", "Ciphertext may not be null or 0 length!");
        }
        if (isCollected(CipherTextFlags.CIPHERTEXT)) {
            logger.warning(Logger.SECURITY_FAILURE, "Raw ciphertext was already set; resetting.");
        }
        this.raw_ciphertext_ = new byte[bArr.length];
        CryptoHelper.copyByteArray(bArr, this.raw_ciphertext_);
        received(CipherTextFlags.CIPHERTEXT);
        setEncryptionTimestamp();
    }

    public void setIVandCiphertext(byte[] bArr, byte[] bArr2) throws EncryptionException {
        if (isCollected(CipherTextFlags.INITVECTOR)) {
            logger.warning(Logger.SECURITY_FAILURE, "IV was already set; resetting.");
        }
        if (isCollected(CipherTextFlags.CIPHERTEXT)) {
            logger.warning(Logger.SECURITY_FAILURE, "Raw ciphertext was already set; resetting.");
        }
        if (macComputed()) {
            logger.error(Logger.SECURITY_FAILURE, "MAC already computed from previously set IV and raw ciphertext; may not be reset -- object is immutable.");
            throw new EncryptionException("Validation of decryption failed.", "MAC already computed from previously set IV and raw ciphertext; may not be reset -- object is immutable.");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new EncryptionException("Encryption faled; no ciphertext", "Ciphertext may not be null or 0 length!");
        }
        if (bArr == null || bArr.length == 0) {
            if (requiresIV()) {
                throw new EncryptionException("Encryption failed -- mandatory IV missing", "Cipher mode " + getCipherMode() + " has null or empty IV");
            }
        } else if (bArr.length != getBlockSize()) {
            throw new EncryptionException("Encryption failed -- bad parameters passed to encrypt", "IV length does not match cipher block size of " + getBlockSize());
        }
        this.cipherSpec_.setIV(bArr);
        received(CipherTextFlags.INITVECTOR);
        setCiphertext(bArr2);
    }

    public int getKDFVersion() {
        return this.kdfVersion_;
    }

    public void setKDFVersion(int i) {
        CryptoHelper.isValidKDFVersion(i, false, true);
        this.kdfVersion_ = i;
    }

    public KeyDerivationFunction.PRF_ALGORITHMS getKDF_PRF() {
        return KeyDerivationFunction.convertIntToPRF(this.kdfPrfSelection_);
    }

    int kdfPRFAsInt() {
        return this.kdfPrfSelection_;
    }

    public void setKDF_PRF(int i) {
        if (!$assertionsDisabled && (i < 0 || i > 15)) {
            throw new AssertionError("kdfPrf == " + i + " must be between 0 and 15.");
        }
        this.kdfPrfSelection_ = i;
    }

    public long getEncryptionTimestamp() {
        return this.encryption_timestamp_;
    }

    private void setEncryptionTimestamp() {
        if (this.encryption_timestamp_ != 0) {
            logger.warning(Logger.EVENT_FAILURE, "Attempt to reset non-zero CipherText encryption timestamp to current time!");
        }
        this.encryption_timestamp_ = System.currentTimeMillis();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEncryptionTimestamp(long j) {
        if (!$assertionsDisabled && j <= 0) {
            throw new AssertionError("Timestamp must be greater than zero.");
        }
        if (this.encryption_timestamp_ == 0) {
            logger.warning(Logger.EVENT_FAILURE, "Attempt to reset non-zero CipherText encryption timestamp to " + new Date(j) + "!");
        }
        this.encryption_timestamp_ = j;
    }

    public static long getSerialVersionUID() {
        return serialVersionUID;
    }

    public byte[] getSeparateMAC() {
        if (this.separate_mac_ == null) {
            return null;
        }
        byte[] bArr = new byte[this.separate_mac_.length];
        System.arraycopy(this.separate_mac_, 0, bArr, 0, this.separate_mac_.length);
        return bArr;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("CipherText: ");
        String date = getEncryptionTimestamp() == 0 ? "No timestamp available" : new Date(getEncryptionTimestamp()).toString();
        int rawCipherTextByteLength = getRawCipherTextByteLength();
        String str = rawCipherTextByteLength > 0 ? "present (" + rawCipherTextByteLength + " bytes)" : "absent";
        String str2 = this.separate_mac_ != null ? "present" : "absent";
        sb.append("Creation time: ").append(date);
        sb.append(", raw ciphertext is ").append(str);
        sb.append(", MAC is ").append(str2).append("; ");
        sb.append(this.cipherSpec_.toString());
        return sb.toString();
    }

    public boolean equals(Object obj) {
        boolean z = false;
        if (this == obj) {
            return true;
        }
        if (obj == null) {
            return false;
        }
        if (obj instanceof CipherText) {
            CipherText cipherText = (CipherText) obj;
            if (!collectedAll() || !cipherText.collectedAll()) {
                logger.warning(Logger.EVENT_FAILURE, "CipherText.equals(): Cannot compare two CipherText objects that are not complete, and therefore immutable!");
                logger.info(Logger.EVENT_FAILURE, "This CipherText: " + collectedAll() + ";other CipherText: " + cipherText.collectedAll());
                logger.info(Logger.EVENT_FAILURE, "CipherText.equals(): Progress comparison: " + (this.progress == cipherText.progress ? "Same" : "Different"));
                logger.info(Logger.EVENT_FAILURE, "CipherText.equals(): Status this: " + this.progress + "; status other CipherText object: " + cipherText.progress);
                return false;
            }
            z = cipherText.canEqual(this) && this.cipherSpec_.equals(cipherText.cipherSpec_) && CryptoHelper.arrayCompare(this.raw_ciphertext_, cipherText.raw_ciphertext_) && CryptoHelper.arrayCompare(this.separate_mac_, cipherText.separate_mac_) && this.encryption_timestamp_ == cipherText.encryption_timestamp_;
        }
        return z;
    }

    public int hashCode() {
        String str;
        String str2;
        if (collectedAll()) {
            logger.warning(Logger.EVENT_FAILURE, "CipherText.hashCode(): Cannot compute hachCode() of incomplete CipherText object; object not immutable- returning 0.");
            return 0;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.cipherSpec_.hashCode());
        sb.append(this.encryption_timestamp_);
        try {
            str = new String(this.raw_ciphertext_, "UTF-8");
            str2 = new String(this.separate_mac_ != null ? this.separate_mac_ : new byte[0], "UTF-8");
        } catch (UnsupportedEncodingException e) {
            str = new String(this.raw_ciphertext_);
            str2 = new String(this.separate_mac_ != null ? this.separate_mac_ : new byte[0]);
        }
        sb.append(str);
        sb.append(str2);
        return sb.toString().hashCode();
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof CipherText;
    }

    private byte[] computeMAC(SecretKey secretKey) {
        if (!$assertionsDisabled && (this.raw_ciphertext_ == null || this.raw_ciphertext_.length == 0)) {
            throw new AssertionError("Raw ciphertext may not be null or empty.");
        }
        if (!$assertionsDisabled && (secretKey == null || secretKey.getEncoded().length == 0)) {
            throw new AssertionError("Authenticity secret key may not be null or zero length.");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), Constants.HMAC_SHA1_ALGORITHM);
            Mac mac = Mac.getInstance(Constants.HMAC_SHA1_ALGORITHM);
            mac.init(secretKeySpec);
            if (requiresIV()) {
                mac.update(getIV());
            }
            return mac.doFinal(getRawCipherText());
        } catch (InvalidKeyException e) {
            logger.error(Logger.SECURITY_FAILURE, "Cannot comput MAC; invalid 'key' for HmacSHA1.", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            logger.error(Logger.SECURITY_FAILURE, "Cannot compute MAC w/out HmacSHA1.", e2);
            return null;
        }
    }

    private boolean macComputed() {
        return this.separate_mac_ != null;
    }

    private boolean collectedAll() {
        return this.progress.containsAll(requiresIV() ? this.allCtFlags : EnumSet.complementOf(EnumSet.of(CipherTextFlags.INITVECTOR)));
    }

    private boolean isCollected(CipherTextFlags cipherTextFlags) {
        return this.progress.contains(cipherTextFlags);
    }

    private void received(CipherTextFlags cipherTextFlags) {
        this.progress.add(cipherTextFlags);
    }

    private void received(EnumSet<CipherTextFlags> enumSet) {
        Iterator it = enumSet.iterator();
        while (it.hasNext()) {
            received((CipherTextFlags) it.next());
        }
    }

    public int getKDFInfo() {
        int kDFVersion = getKDFVersion();
        if (!$assertionsDisabled && !CryptoHelper.isValidKDFVersion(kDFVersion, true, false)) {
            throw new AssertionError();
        }
        int kdfPRFAsInt = kdfPRFAsInt();
        if ($assertionsDisabled || (kdfPRFAsInt >= 0 && kdfPRFAsInt <= 15)) {
            return (kDFVersion & (-134217729)) | (kdfPRFAsInt << 28);
        }
        throw new AssertionError("MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + kdfPRFAsInt);
    }

    static {
        $assertionsDisabled = !CipherText.class.desiredAssertionStatus();
        logger = ESAPI.getLogger("CipherText");
    }
}
