package org.owasp.esapi;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.fileupload.FileUploadBase;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.interfaces.IEncryptor;
import org.owasp.esapi.interfaces.ILogger;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/Encryptor.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Encryptor.class */
public class Encryptor implements IEncryptor {
    private KeyStore keystore;
    private Cipher encrypter;
    private Cipher decrypter;
    PrivateKey privateKey;
    PublicKey publicKey;
    private static final Logger logger = Logger.getLogger("ESAPI", "Encryptor");
    private static Encryptor instance = new Encryptor();

    private Encryptor() {
        this.keystore = null;
        this.privateKey = null;
        this.publicKey = null;
        byte[] masterSalt = SecurityConfiguration.getInstance().getMasterSalt();
        char[] masterPassword = SecurityConfiguration.getInstance().getMasterPassword();
        FileInputStream fileInputStream = null;
        try {
            try {
                this.keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                fileInputStream = new FileInputStream(SecurityConfiguration.getInstance().getKeystore());
                this.keystore.load(fileInputStream, masterPassword);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        logger.logCritical(ILogger.SECURITY, "Error closing keystore", e);
                    }
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        logger.logCritical(ILogger.SECURITY, "Error closing keystore", e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            logger.logCritical(ILogger.SECURITY, "Invalid keystore", e3);
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    logger.logCritical(ILogger.SECURITY, "Error closing keystore", e4);
                }
            }
        }
        try {
            String encryptionAlgorithm = SecurityConfiguration.getInstance().getEncryptionAlgorithm();
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(masterSalt, 20);
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(new PBEKeySpec(masterPassword));
            this.encrypter = Cipher.getInstance(encryptionAlgorithm);
            this.decrypter = Cipher.getInstance(encryptionAlgorithm);
            this.encrypter.init(1, generateSecret, pBEParameterSpec);
            this.decrypter.init(2, generateSecret, pBEParameterSpec);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
            SecureRandom secureRandom = SecureRandom.getInstance(SecurityConfiguration.getInstance().getRandomAlgorithm());
            secureRandom.setSeed(masterSalt);
            keyPairGenerator.initialize(FileUploadBase.MAX_HEADER_SIZE, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.privateKey = generateKeyPair.getPrivate();
            this.publicKey = generateKeyPair.getPublic();
        } catch (Exception e5) {
            new EncryptionException("Encryption failure", "Error creating Encryptor", e5);
        }
    }

    public static Encryptor getInstance() {
        return instance;
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public String hash(String str, String str2) {
        String hashAlgorithm = SecurityConfiguration.getInstance().getHashAlgorithm();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(hashAlgorithm);
            messageDigest.reset();
            messageDigest.update(SecurityConfiguration.getInstance().getMasterSalt());
            messageDigest.update(str2.getBytes());
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            for (int i = 0; i < 1024; i++) {
                messageDigest.reset();
                digest = messageDigest.digest(digest);
            }
            return Encoder.getInstance().encodeForBase64(digest, false);
        } catch (NoSuchAlgorithmException e) {
            logger.logCritical(ILogger.SECURITY, "Can't find hash algorithm " + hashAlgorithm, e);
            return null;
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public String encrypt(String str) throws EncryptionException {
        try {
            return Encoder.getInstance().encodeForBase64(this.encrypter.doFinal(str.getBytes(SecurityConfiguration.getInstance().getCharacterEncoding())), true);
        } catch (Exception e) {
            throw new EncryptionException("Decryption failure", "Decryption problem: " + e.getMessage(), e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public String decrypt(String str) throws EncryptionException {
        try {
            return new String(this.decrypter.doFinal(Encoder.getInstance().decodeFromBase64(str)), SecurityConfiguration.getInstance().getCharacterEncoding());
        } catch (Exception e) {
            throw new EncryptionException("Decryption failed", "Decryption problem: " + e.getMessage(), e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public String sign(String str) throws EncryptionException {
        try {
            Signature signature = Signature.getInstance("SHAwithDSA");
            signature.initSign(this.privateKey);
            signature.update(str.getBytes());
            return Encoder.getInstance().encodeForBase64(signature.sign(), true);
        } catch (Exception e) {
            throw new EncryptionException("Signature failure", "Can't find signature algorithm SHAwithDSA", e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public boolean verifySignature(String str, String str2) throws EncryptionException {
        String digitalSignatureAlgorithm = SecurityConfiguration.getInstance().getDigitalSignatureAlgorithm();
        try {
            byte[] decodeFromBase64 = Encoder.getInstance().decodeFromBase64(str);
            Signature signature = Signature.getInstance(digitalSignatureAlgorithm);
            signature.initVerify(this.publicKey);
            signature.update(str2.getBytes());
            return signature.verify(decodeFromBase64);
        } catch (Exception e) {
            throw new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public String seal(String str, long j) throws EncryptionException {
        return encrypt(String.valueOf(j) + ":" + str);
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public void verifySeal(String str, String str2) throws EncryptionException {
        try {
            String decrypt = decrypt(str);
            int indexOf = decrypt.indexOf(":");
            if (indexOf == -1) {
                throw new EncryptionException("Invalid seal", "Seal did not contain properly formatted separator");
            }
            if (new Date().getTime() > Long.parseLong(decrypt.substring(0, indexOf))) {
                throw new EncryptionException("Invalid seal", "Seal expiration date has expired");
            }
            if (!decrypt.substring(indexOf + 1).equals(str2)) {
                throw new EncryptionException("Invalid seal", "Seal data does not match");
            }
        } catch (EncryptionException e) {
            throw new EncryptionException("Invalid seal", "Seal did not decrypt properly", e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncryptor
    public long getTimeStamp() {
        return new Date().getTime();
    }

    public static void main(String[] strArr) throws Exception {
        byte[] masterSalt = SecurityConfiguration.getInstance().getMasterSalt();
        char[] masterPassword = SecurityConfiguration.getInstance().getMasterPassword();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
        SecureRandom secureRandom = SecureRandom.getInstance(SecurityConfiguration.getInstance().getRandomAlgorithm());
        secureRandom.setSeed(masterSalt);
        keyPairGenerator.initialize(FileUploadBase.MAX_HEADER_SIZE, secureRandom);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        generateKeyPair.getPrivate();
        generateKeyPair.getPublic();
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                fileInputStream = new FileInputStream(SecurityConfiguration.getInstance().getKeystore());
                keyStore.load(fileInputStream, masterPassword);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        logger.logCritical(ILogger.SECURITY, "Error closing keystore", e);
                    }
                }
            } catch (Exception e2) {
                logger.logCritical(ILogger.SECURITY, "Invalid keystore", e2);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        logger.logCritical(ILogger.SECURITY, "Error closing keystore", e3);
                    }
                }
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                    logger.logCritical(ILogger.SECURITY, "Error closing keystore", e4);
                }
            }
            throw th;
        }
    }
}
