package net.jalg.jiron;

import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import net.jalg.jiron.util.Base64;

/* loaded from: input_file:net/jalg/jiron/Jiron.class */
public class Jiron {
    private static final String KEYGEN_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final String DELIM = "*";
    private static final String DELIM_SPLIT_REGEX = "\\*";
    private static final String MAC_FORMAT_VERSION = "1";
    private static final String MAC_PREFIX = "Fe26.1";
    public static Options DEFAULT_ENCRYPTION_OPTIONS = new Options(256, Algorithm.AES_256_CBC, 1);
    public static Options DEFAULT_INTEGRITY_OPTIONS = new Options(256, Algorithm.SHA_256, 1);

    /* loaded from: input_file:net/jalg/jiron/Jiron$Algorithm.class */
    public enum Algorithm {
        AES_128_CBC("aes-128-cbc", "AES/CBC/PKCS5PADDING", 128, 128),
        AES_256_CBC("aes-256-cbc", "AES/CBC/PKCS5PADDING", 256, 128),
        SHA_256("sha256", "HmacSHA256", 256, 0);

        private final String name;
        protected final String transformation;
        protected final int keyBits;
        protected final int ivBits;

        Algorithm(String str, String str2, int i, int i2) {
            this.name = str;
            this.transformation = str2;
            this.keyBits = i;
            this.ivBits = i2;
        }

        public String getName() {
            return this.name;
        }
    }

    /* loaded from: input_file:net/jalg/jiron/Jiron$Options.class */
    public static class Options {
        public final int saltBits;
        public final Algorithm algorithm;
        public final int iterations;

        public Options(int i, Algorithm algorithm, int i2) {
            this.saltBits = i;
            this.algorithm = algorithm;
            this.iterations = i2;
        }
    }

    public static String seal(String str, String str2, Options options, Options options2) throws JironException {
        return seal(str, null, str2, options, options2);
    }

    public static String seal(String str, String str2, String str3, Options options, Options options2) throws JironException {
        char[] cArr = new char[str3.length()];
        str3.getChars(0, str3.length(), cArr, 0);
        String generateSalt = generateSalt(options.saltBits);
        byte[] bytes = generateSalt.getBytes(StandardCharsets.UTF_8);
        byte[] generateIv = generateIv(options.algorithm.ivBits);
        String encodeBase64URLSafeString = Base64.encodeBase64URLSafeString(encrypt(str.getBytes(StandardCharsets.UTF_8), options.algorithm, generateKey(cArr, bytes, options.algorithm, options.iterations), generateIv));
        String encodeBase64URLSafeString2 = Base64.encodeBase64URLSafeString(generateIv);
        StringBuilder sb = new StringBuilder(MAC_PREFIX);
        sb.append(DELIM).append(str2 != null ? str2 : "");
        sb.append(DELIM).append(generateSalt);
        sb.append(DELIM).append(encodeBase64URLSafeString2);
        sb.append(DELIM).append(encodeBase64URLSafeString);
        String sb2 = sb.toString();
        String generateSalt2 = generateSalt(options2.saltBits);
        String encodeBase64URLSafeString3 = Base64.encodeBase64URLSafeString(hmac(cArr, sb2, generateSalt2.getBytes(StandardCharsets.UTF_8), options2.algorithm, options2.iterations));
        StringBuilder sb3 = new StringBuilder(sb2);
        sb3.append(DELIM).append(generateSalt2).append(DELIM).append(encodeBase64URLSafeString3);
        return sb3.toString();
    }

    public static String unseal(String str, String str2, Options options, Options options2) throws JironException, JironIntegrityException {
        return unseal(str, null, str2, options, options2);
    }

    public static String unseal(String str, Map<String, String> map, Options options, Options options2) throws JironException, JironIntegrityException {
        return unseal(str, map, null, options, options2);
    }

    private static String unseal(String str, Map<String, String> map, String str2, Options options, Options options2) throws JironException, JironIntegrityException {
        String str3;
        String[] split = str.split(DELIM_SPLIT_REGEX);
        if (split.length != 7) {
            throw new JironIntegrityException(str, "Unable to parse iron token, number of fields retrieved from split: " + split.length + ", token: " + str);
        }
        String str4 = split[0];
        String str5 = split[1];
        String str6 = split[2];
        String str7 = split[3];
        String str8 = split[4];
        String str9 = split[5];
        String str10 = split[6];
        if (str5.length() == 0 && (str2 == null || str2.length() == 0)) {
            throw new JironException("Password is required for tokens that contain no password ID");
        }
        if (str5.length() > 0 && map != null && (str3 = map.get(str5)) != null) {
            str2 = str3;
        }
        if (str2 == null || str2.length() == 0) {
            throw new JironException("Neither password provided nor password found in table");
        }
        char[] cArr = new char[str2.length()];
        str2.getChars(0, str2.length(), cArr, 0);
        String str11 = str4 + DELIM + str5 + DELIM + str6 + DELIM + str7 + DELIM + str8;
        if (!str4.equals(MAC_PREFIX)) {
            throw new JironIntegrityException(str, "Sealed token uses prefix " + str4 + " but this version of iron requires " + MAC_PREFIX);
        }
        if (!fixedTimeEqual(Base64.encodeBase64URLSafeString(hmac(cArr, str11, str9.getBytes(StandardCharsets.UTF_8), options2.algorithm, options2.iterations)), str10)) {
            throw new JironIntegrityException(str, "Invalid HMAC");
        }
        return new String(decrypt(Base64.decodeBase64(str8), options.algorithm, generateKey(cArr, str6.getBytes(StandardCharsets.UTF_8), options.algorithm, options.iterations), Base64.decodeBase64(str7)), StandardCharsets.UTF_8);
    }

    protected static byte[] hmac(char[] cArr, String str, byte[] bArr, Algorithm algorithm, int i) throws JironException {
        SecretKey generateKey = generateKey(cArr, bArr, algorithm, i);
        try {
            Mac mac = Mac.getInstance(algorithm.transformation);
            try {
                mac.init(generateKey);
                return mac.doFinal(str.getBytes(StandardCharsets.UTF_8));
            } catch (InvalidKeyException e) {
                throw new JironException("Key " + generateKey.toString() + " is not valid", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new JironException("Unknown algorithm " + algorithm.transformation, e2);
        }
    }

    protected static byte[] encrypt(byte[] bArr, Algorithm algorithm, SecretKey secretKey, byte[] bArr2) throws JironException {
        try {
            Cipher cipher = Cipher.getInstance(algorithm.transformation);
            try {
                cipher.init(1, secretKey, new IvParameterSpec(bArr2));
                try {
                    return cipher.doFinal(bArr);
                } catch (BadPaddingException e) {
                    throw new JironException("Bad padding when decrypting", e);
                } catch (IllegalBlockSizeException e2) {
                    throw new JironException("Illegal block size when decrypting", e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new JironException("Initialization vector passed to cipher initialization", e3);
            } catch (InvalidKeyException e4) {
                throw new JironException("Key " + secretKey.toString() + " is invalid", e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new JironException("Encryption algorithm " + algorithm.transformation + " not found", e5);
        } catch (NoSuchPaddingException e6) {
            throw new JironException("Cannot work with padding given by " + algorithm.transformation, e6);
        }
    }

    protected static byte[] decrypt(byte[] bArr, Algorithm algorithm, SecretKey secretKey, byte[] bArr2) throws JironException {
        try {
            Cipher cipher = Cipher.getInstance(algorithm.transformation);
            try {
                cipher.init(2, secretKey, new IvParameterSpec(bArr2));
                try {
                    return cipher.doFinal(bArr);
                } catch (BadPaddingException e) {
                    throw new JironException("Bad padding when decrypting", e);
                } catch (IllegalBlockSizeException e2) {
                    throw new JironException("Illegal block size when decrypting", e2);
                }
            } catch (InvalidAlgorithmParameterException e3) {
                throw new JironException("Initialization vector passed to cipher initialization seems to be invalid algorithm parameter", e3);
            } catch (InvalidKeyException e4) {
                throw new JironException("Key " + secretKey.toString() + " is invalid", e4);
            }
        } catch (NoSuchAlgorithmException e5) {
            throw new JironException("Encryption algorithm " + algorithm.transformation + " not found", e5);
        } catch (NoSuchPaddingException e6) {
            throw new JironException("Cannot work with padding given by " + algorithm.transformation, e6);
        }
    }

    protected static SecretKey generateKey(char[] cArr, byte[] bArr, Algorithm algorithm, int i) throws JironException {
        try {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(KEYGEN_ALGORITHM);
            PBEKeySpec pBEKeySpec = new PBEKeySpec(cArr, bArr, i, algorithm.keyBits);
            try {
                return new SecretKeySpec(secretKeyFactory.generateSecret(pBEKeySpec).getEncoded(), "AES");
            } catch (InvalidKeySpecException e) {
                throw new JironException("KeySpec is invalid " + pBEKeySpec.toString(), e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new JironException("Algorithm PBKDF2WithHmacSHA1 not found by SecretKeyFactory", e2);
        }
    }

    protected static byte[] generateIv(int i) {
        byte[] bArr = new byte[(int) Math.ceil(i / 8.0d)];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    protected static String generateSalt(int i) {
        byte[] bArr = new byte[(int) Math.ceil(i / 8.0d)];
        new SecureRandom().nextBytes(bArr);
        return bytesToHex(bArr);
    }

    protected static String bytesToHex(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        char[] cArr2 = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr2[i * 2] = cArr[i2 >>> 4];
            cArr2[(i * 2) + 1] = cArr[i2 & 15];
        }
        return new String(cArr2);
    }

    protected static boolean fixedTimeEqual(String str, String str2) {
        boolean z;
        boolean z2 = str.length() == str2.length();
        if (!z2) {
            str2 = str;
        }
        int length = str.length();
        for (int i = 0; i < length; i++) {
            if (str.charAt(i) == str2.charAt(i)) {
                z = z2;
            } else {
                if (z2) {
                }
                z = false;
            }
            z2 = z;
        }
        return z2;
    }
}
