package com.buildforge.services.common.security;

import com.buildforge.services.common.dbo.DataDBO;
import com.buildforge.services.common.dbo.MessageDBO;
import com.buildforge.services.common.dbo.UserDBO;
import com.buildforge.services.common.text.Hex;
import com.buildforge.services.common.text.TextUtils;
import com.buildforge.services.common.util.Base64;
import com.buildforge.services.common.util.UUIDGenerator;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URL;
import java.net.URLDecoder;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:lib/com.ibm.rational.buildforge.services.client.java_7.1.3.4110010.jar:com/buildforge/services/common/security/BfCrypt.class */
public class BfCrypt implements IPasswordEncryption {
    private static final String IMPLEMENTATION_NAME = "bfcrypt";
    private static final String PROPERTY_FILE_PROPERTY = "com.buildforge.password.encryption.file";
    private static final String KEY_ENCRYPTED_PROPERTY = "bf_pwcrypt_key";
    private static final String KEY_ENCRYPTION_PASSWORD_PROPERTY = "bf_pwcrypt_key_password";
    private static final String KEY_ENCRYPTION_PASSWORD_LOCATOR_JAVA_PROPERTY = "bf_pwcrypt_key_password_locator_java";
    private static final String KEY_ENCRYPTION_ALIAS_PROPERTY = "bf_pwcrypt_key_alias";
    private static final String CIPHER_ALGORITHM = "AES";
    private static final String CIPHER_MODE = "CBC";
    private static final String CIPHER_PADDING = "PKCS5Padding";
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA1";
    private static final String SECURE_RANDOM = "SHA1PRNG";
    private static final String CONFIG_FILE = "bfpwcrypt.conf";
    private static final String PASSWORD_CHANGE_DELIMETER = "::";
    private static final String KEY_HEADER = "#**** Password Encryption Configuration Properties ****";
    private static final String KEY_CREATION_HOST = "# Origination host";
    private static final String KEY_CREATION_DATE = "# Creation date";
    private static final int SYMMETRIC_KEY_LENGTH = 128;
    private static final int SALT_LENGTH = 10;
    private String propertyFile = null;
    private byte[] keyPassword = null;
    private String newPassword = null;
    private String keyAlias = null;
    private SecretKey secretKey = null;
    private Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    private SecureRandom random = SecureRandom.getInstance(SECURE_RANDOM);
    private HashMap<String, SecretKey> secretKeyMap = new HashMap<>();
    private List<Properties> propertiesList = new ArrayList();
    private IvParameterSpec ivParamSpec = null;
    private static final Logger log = Logger.getLogger(BfCrypt.class.getName());
    private static final Object updateKeyLock = new Object();

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public void initialize(Properties properties, URL url) {
        try {
            this.propertyFile = properties.getProperty(PROPERTY_FILE_PROPERTY);
            if (this.propertyFile == null || this.propertyFile.equals(UserDBO.UID_SYSTEM)) {
                this.propertyFile = System.getProperty(PROPERTY_FILE_PROPERTY);
            }
            if (this.propertyFile == null || this.propertyFile.equals(UserDBO.UID_SYSTEM)) {
                PasswordClientConfUtil.setDefaultPasswordEncryptionConfigLocation(url);
                this.propertyFile = System.getProperty(PROPERTY_FILE_PROPERTY);
            }
            if (this.propertyFile != null) {
                if (this.propertyFile.startsWith("file:")) {
                    this.propertyFile = new URL(this.propertyFile).getPath();
                    if (this.propertyFile.indexOf(":") != -1) {
                        while (true) {
                            if (!this.propertyFile.startsWith("/") && this.propertyFile.length() != 0) {
                                break;
                            } else {
                                this.propertyFile = this.propertyFile.substring(1);
                            }
                        }
                    }
                }
                this.propertyFile = URLDecoder.decode(this.propertyFile, DataDBO.UTF_8);
                loadPropertiesFile(this.propertyFile);
            }
        } catch (Exception e) {
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "PWCryptConfigInitError", new String[0]).translate());
            }
        }
    }

    private void storeDefaultPropertiesFile(String str, Properties properties) throws IOException {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Writing output file to: " + str);
        }
        File file = new File(str);
        if (!file.exists()) {
            this.propertiesList.add(properties);
            writeClientConf(convertPropertiesListToList(), str);
            return;
        }
        if (!file.exists() || !file.canRead() || !file.canWrite()) {
            if (log.isLoggable(Level.WARNING)) {
                log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "PWCryptKeyConfigWriteFailed", str).translate());
                return;
            }
            return;
        }
        List<String> readClientConf = readClientConf(str);
        if (readClientConf != null && properties != null && properties.size() > 0) {
            readClientConf.add(UserDBO.UID_SYSTEM);
            readClientConf.add(KEY_HEADER);
            for (Map.Entry entry : properties.entrySet()) {
                readClientConf.add(((String) entry.getKey()) + "=" + ((String) entry.getValue()));
            }
        }
        writeClientConf(readClientConf, str);
    }

    private void loadPropertiesFile(String str) throws IOException, GeneralSecurityException {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Loading properties file: " + str);
        }
        if (TextUtils.isEmpty(str)) {
            return;
        }
        boolean z = false;
        if (!new File(str).exists()) {
            try {
                createPropertiesFileWithDefaults(str, true);
                return;
            } catch (Exception e) {
                log.warning("Exception creating properties file '" + str + "': " + e);
                return;
            }
        }
        this.propertiesList.clear();
        List<String> readClientConf = readClientConf(str);
        if (readClientConf == null || readClientConf.isEmpty()) {
            return;
        }
        Properties properties = null;
        for (int i = 0; i < readClientConf.size(); i++) {
            String trim = readClientConf.get(i).trim();
            if (trim != null && trim.length() != 0) {
                if (trim.startsWith(KEY_HEADER)) {
                    if (properties != null) {
                        if (processProperties(properties)) {
                            z = true;
                        }
                        this.propertiesList.add(properties);
                    }
                    properties = new Properties();
                } else if (properties != null && trim.contains("=")) {
                    int indexOf = trim.indexOf("=");
                    properties.setProperty(trim.substring(0, indexOf).trim(), trim.substring(indexOf + 1).trim());
                }
            }
        }
        if (properties != null) {
            if (processProperties(properties)) {
                z = true;
            }
            this.propertiesList.add(properties);
        }
        if (z) {
            writeClientConf(convertPropertiesListToList(), str);
        }
    }

    private List<String> appendPropertiesToList(Properties properties, List<String> list) {
        if (properties == null || properties.isEmpty()) {
            return list;
        }
        list.add(KEY_HEADER);
        for (Map.Entry entry : properties.entrySet()) {
            list.add(((String) entry.getKey()) + "=" + ((String) entry.getValue()));
        }
        list.add(UserDBO.UID_SYSTEM);
        return list;
    }

    private List<String> convertPropertiesListToList() {
        ArrayList arrayList = new ArrayList(this.propertiesList.size());
        Iterator<Properties> it = this.propertiesList.iterator();
        while (it.hasNext()) {
            appendPropertiesToList(it.next(), arrayList);
        }
        return arrayList;
    }

    private boolean processProperties(Properties properties) throws GeneralSecurityException {
        String property;
        boolean z = false;
        String str = null;
        String property2 = properties.getProperty(KEY_ENCRYPTION_PASSWORD_LOCATOR_JAVA_PROPERTY);
        if (property2 != null) {
            try {
                str = ((IPasswordLocator) Class.forName(property2).newInstance()).getPassword(KEY_ENCRYPTION_PASSWORD_PROPERTY, CONFIG_FILE);
                if (str != null) {
                    int indexOf = str.indexOf(PASSWORD_CHANGE_DELIMETER);
                    if (indexOf > 0) {
                        this.keyPassword = str.substring(0, indexOf).getBytes();
                        this.newPassword = str.substring(indexOf + PASSWORD_CHANGE_DELIMETER.length());
                    } else {
                        this.keyPassword = str.getBytes();
                    }
                    z = true;
                }
            } catch (Exception e) {
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "PWCryptPasswordLocatorFailed", property2).translate(), (Throwable) e);
                }
            }
        }
        if (str == null && (property = properties.getProperty(KEY_ENCRYPTION_PASSWORD_PROPERTY)) != null && !property.equals(UserDBO.UID_SYSTEM)) {
            int indexOf2 = property.indexOf(PASSWORD_CHANGE_DELIMETER);
            if (indexOf2 > 0) {
                this.keyPassword = decode(property.substring(0, indexOf2));
                this.newPassword = property.substring(indexOf2 + PASSWORD_CHANGE_DELIMETER.length());
            } else {
                this.keyPassword = decode(property);
            }
        }
        String property3 = properties.getProperty(KEY_ENCRYPTION_ALIAS_PROPERTY);
        if (property3 != null && !property3.equals(UserDBO.UID_SYSTEM)) {
            this.keyAlias = property3;
        }
        byte[] decryptMasterKey = decryptMasterKey(this.keyPassword, properties.getProperty(KEY_ENCRYPTED_PROPERTY));
        this.secretKey = new SecretKeySpec(decryptMasterKey, 0, 16, CIPHER_ALGORITHM);
        this.ivParamSpec = getIV(this.secretKey);
        if (this.keyAlias != null && this.secretKey != null) {
            this.secretKeyMap.put(this.keyAlias, this.secretKey);
        }
        if (this.newPassword == null) {
            return false;
        }
        this.keyPassword = this.newPassword.getBytes();
        String encode = encode(this.keyPassword);
        if (!z) {
            properties.setProperty(KEY_ENCRYPTION_PASSWORD_PROPERTY, encode);
        }
        properties.setProperty(KEY_ENCRYPTED_PROPERTY, encryptMasterKey(this.keyPassword, decryptMasterKey));
        this.newPassword = null;
        return true;
    }

    private static List<String> readClientConf(String str) throws IOException {
        BufferedReader bufferedReader = null;
        try {
            try {
                ArrayList arrayList = new ArrayList();
                bufferedReader = new BufferedReader(new FileReader(new File(str)));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    arrayList.add(readLine);
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        log.warning("Error closing buffered reader: " + e);
                    }
                }
                return arrayList;
            } catch (IOException e2) {
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, new MessageDBO(MessageDBO.Severity.WARNING, "PWCryptKeyConfigReadFailed", str).translate(), (Throwable) e2);
                }
                throw e2;
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e3) {
                    log.warning("Error closing buffered reader: " + e3);
                }
            }
            throw th;
        }
    }

    private static void writeClientConf(List<String> list, String str) throws IOException {
        BufferedWriter bufferedWriter = null;
        FileWriter fileWriter = null;
        log.fine("Starting file write.");
        try {
            fileWriter = new FileWriter(new File(str));
            bufferedWriter = new BufferedWriter(fileWriter);
            for (String str2 : list) {
                bufferedWriter.write(str2, 0, str2.length());
                bufferedWriter.newLine();
            }
            log.fine("Completed file write.");
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e) {
                    log.fine("Error closing buffered writer: " + e);
                }
            }
            if (fileWriter != null) {
                try {
                    fileWriter.close();
                } catch (IOException e2) {
                    log.fine("Error closing file writer: " + e2);
                }
            }
        } catch (Throwable th) {
            log.fine("Completed file write.");
            if (bufferedWriter != null) {
                try {
                    bufferedWriter.close();
                } catch (IOException e3) {
                    log.fine("Error closing buffered writer: " + e3);
                }
            }
            if (fileWriter != null) {
                try {
                    fileWriter.close();
                } catch (IOException e4) {
                    log.fine("Error closing file writer: " + e4);
                }
            }
            throw th;
        }
    }

    private Properties createPropertiesFileWithDefaults(String str, boolean z) throws GeneralSecurityException, IOException {
        Properties properties = new Properties();
        log.fine("Starting to create key properties.");
        byte[] seed = SecureRandom.getSeed(24);
        properties.setProperty(KEY_ENCRYPTION_PASSWORD_PROPERTY, encode(seed));
        try {
            this.keyAlias = UUIDGenerator.getInstance().generateHexString();
        } catch (Exception e) {
            this.keyAlias = Long.toString(System.currentTimeMillis());
        }
        log.fine("Creating the master key.");
        byte[] createMasterKey = createMasterKey();
        if (z) {
            this.secretKey = new SecretKeySpec(createMasterKey, 0, 16, CIPHER_ALGORITHM);
            this.secretKeyMap.put(this.keyAlias, this.secretKey);
            this.ivParamSpec = getIV(this.secretKey);
        }
        log.fine("Setting properties.");
        properties.setProperty(KEY_ENCRYPTED_PROPERTY, encryptMasterKey(seed, createMasterKey));
        properties.setProperty(KEY_ENCRYPTION_ALIAS_PROPERTY, this.keyAlias);
        properties.setProperty(KEY_CREATION_HOST, InetAddress.getLocalHost().getCanonicalHostName());
        properties.setProperty(KEY_CREATION_DATE, new Date(System.currentTimeMillis()).toString());
        if (str != null) {
            if (log.isLoggable(Level.FINE)) {
                log.fine("Creating properties file: " + str);
            }
            storeDefaultPropertiesFile(str, properties);
        }
        return properties;
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public String getName() {
        return IMPLEMENTATION_NAME;
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public EncryptedInfo encrypt(byte[] bArr) throws PasswordEncryptException {
        EncryptedInfo encryptedInfo;
        synchronized (updateKeyLock) {
            try {
                byte[] bArr2 = new byte[SALT_LENGTH];
                this.random.nextBytes(bArr2);
                byte[] bArr3 = new byte[bArr.length + bArr2.length];
                System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
                System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
                this.cipher.init(1, this.secretKey, this.ivParamSpec, this.random);
                encryptedInfo = new EncryptedInfo(this.cipher.doFinal(bArr3), this.keyAlias);
            } catch (Exception e) {
                log.log(Level.WARNING, "Error encrypting password", (Throwable) e);
                throw new PasswordEncryptException();
            }
        }
        return encryptedInfo;
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public byte[] decrypt(EncryptedInfo encryptedInfo) throws PasswordDecryptException {
        byte[] removePadding;
        try {
            String keyInfo = encryptedInfo.getKeyInfo();
            if (this.keyAlias.equals(keyInfo)) {
                synchronized (updateKeyLock) {
                    this.cipher.init(2, this.secretKey, this.ivParamSpec, this.random);
                    byte[] doFinal = this.cipher.doFinal(encryptedInfo.getEncryptedBytes());
                    byte[] bArr = new byte[doFinal.length - SALT_LENGTH];
                    System.arraycopy(doFinal, SALT_LENGTH, bArr, 0, doFinal.length - SALT_LENGTH);
                    removePadding = removePadding(bArr);
                }
                return removePadding;
            }
            SecretKey secretKey = this.secretKeyMap.get(keyInfo);
            if (secretKey == null) {
                throw new PasswordDecryptException("Could not find alias \"" + keyInfo + "\" in password encryption config file.");
            }
            this.cipher.init(2, secretKey, getIV(secretKey), this.random);
            byte[] doFinal2 = this.cipher.doFinal(encryptedInfo.getEncryptedBytes());
            byte[] bArr2 = new byte[doFinal2.length - SALT_LENGTH];
            System.arraycopy(doFinal2, SALT_LENGTH, bArr2, 0, doFinal2.length - SALT_LENGTH);
            return removePadding(bArr2);
        } catch (Exception e) {
            log.log(Level.WARNING, "Error decrypting password", (Throwable) e);
            throw new PasswordDecryptException();
        }
    }

    private byte[] removePadding(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        char c = (char) bArr[bArr.length - 1];
        if (c > 16 || c > bArr.length) {
            return bArr;
        }
        byte[] bArr2 = new byte[bArr.length - c];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private IvParameterSpec getIV(SecretKey secretKey) {
        byte[] bArr = new byte[16];
        System.arraycopy(secretKey.getEncoded(), 0, bArr, 0, 16);
        return new IvParameterSpec(bArr);
    }

    public void initialize(HashMap<String, Object> hashMap) {
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public void createKeyFile(String str) throws GeneralSecurityException, IOException {
        log.fine("Starting create key file.");
        Properties createPropertiesFileWithDefaults = createPropertiesFileWithDefaults(null, false);
        ArrayList arrayList = new ArrayList();
        appendPropertiesToList(createPropertiesFileWithDefaults, arrayList);
        writeClientConf(arrayList, str);
        log.fine("Completed create key file.");
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public void generateKey() throws GeneralSecurityException, IOException {
        synchronized (updateKeyLock) {
            if (this.propertiesList == null || this.propertiesList.isEmpty()) {
                initialize(new Properties(), null);
            }
            if (!new File(this.propertyFile).canWrite()) {
                String translate = new MessageDBO(MessageDBO.Severity.WARNING, "PWCryptKeyConfigWriteFailed", this.propertyFile).translate();
                log.warning(translate);
                throw new IllegalArgumentException(translate);
            }
            Properties createPropertiesFileWithDefaults = createPropertiesFileWithDefaults(null, true);
            processProperties(createPropertiesFileWithDefaults);
            this.propertiesList.add(createPropertiesFileWithDefaults);
            writeClientConf(convertPropertiesListToList(), this.propertyFile);
        }
    }

    @Override // com.buildforge.services.common.security.IPasswordEncryption
    public void exportKeyFile(String str) throws GeneralSecurityException, IOException {
        if (this.propertiesList == null || this.propertiesList.isEmpty()) {
            createKeyFile(str);
            return;
        }
        Properties properties = this.propertiesList.get(this.propertiesList.size() - 1);
        ArrayList arrayList = new ArrayList();
        appendPropertiesToList(properties, arrayList);
        writeClientConf(arrayList, str);
    }

    private String encode(byte[] bArr) {
        try {
            return Base64.encode(bArr);
        } catch (Exception e) {
            log.warning("Base64 Encode failed: " + e);
            return null;
        }
    }

    private byte[] decode(String str) {
        try {
            return Base64.decode(str);
        } catch (Exception e) {
            log.warning("Base64 Decode failed: " + e);
            return null;
        }
    }

    private byte[] createMasterKey() throws NoSuchAlgorithmException {
        int i = 5;
        byte[] bArr = null;
        KeyGenerator keyGenerator = KeyGenerator.getInstance(CIPHER_ALGORITHM);
        keyGenerator.init(SYMMETRIC_KEY_LENGTH, this.random);
        loop0: while (true) {
            i--;
            if (i < 0) {
                break;
            }
            bArr = keyGenerator.generateKey().getEncoded();
            for (byte b : bArr) {
                if (b == 0) {
                    break;
                }
            }
            break loop0;
            log.fine("KEY has value of 0x00, creating another key.");
        }
        return bArr;
    }

    private String encryptMasterKey(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        log.fine("Starting encrypt master key.");
        SecretKeySpec secretKeySpec = new SecretKeySpec(MessageDigest.getInstance("SHA1").digest(bArr), 0, 16, CIPHER_ALGORITHM);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(1, secretKeySpec, new IvParameterSpec(secretKeySpec.getEncoded()), this.random);
        byte[] bArr3 = new byte[SALT_LENGTH];
        this.random.nextBytes(bArr3);
        byte[] bArr4 = new byte[bArr2.length + bArr3.length];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        System.arraycopy(bArr2, 0, bArr4, bArr3.length, bArr2.length);
        byte[] doFinal = cipher.doFinal(bArr4);
        log.fine("Completed encrypt master key.");
        return encode(doFinal);
    }

    private byte[] decryptMasterKey(byte[] bArr, String str) throws GeneralSecurityException {
        byte[] decode = decode(str);
        SecretKeySpec secretKeySpec = new SecretKeySpec(MessageDigest.getInstance("SHA1").digest(bArr), 0, 16, CIPHER_ALGORITHM);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, new IvParameterSpec(secretKeySpec.getEncoded()), this.random);
        byte[] doFinal = cipher.doFinal(decode);
        byte[] bArr2 = new byte[doFinal.length - SALT_LENGTH];
        System.arraycopy(doFinal, SALT_LENGTH, bArr2, 0, doFinal.length - SALT_LENGTH);
        if (log.isLoggable(Level.FINE)) {
            if (bArr2.length > 16) {
                log.fine("Key debug data: " + Hex.bytesToHexString(bArr2, 0, 16) + "...");
            } else {
                log.fine("Key debug data: " + Hex.bytesToHexString(bArr2));
            }
        }
        return bArr2;
    }
}
