package org.apache.directory.server.kerberos.shared.crypto.encryption;

import com.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumEngine;
import org.apache.directory.shared.kerberos.components.EncryptedData;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;

/* loaded from: input_file:lib/apacheds-kerberos-codec-2.0.0-M15.jar:org/apache/directory/server/kerberos/shared/crypto/encryption/AesCtsSha1Encryption.class */
abstract class AesCtsSha1Encryption extends EncryptionEngine implements ChecksumEngine {
    private static final byte[] iv = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public int getConfounderLength() {
        return 16;
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public int getChecksumLength() {
        return 12;
    }

    protected abstract int getKeyLength();

    public byte[] calculateChecksum(byte[] bArr, byte[] bArr2, KeyUsage keyUsage) {
        byte[] processChecksum = processChecksum(bArr, deriveKey(bArr2, getUsageKc(keyUsage), 128, getKeyLength()));
        return removeTrailingBytes(processChecksum, 0, processChecksum.length - getChecksumLength());
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public byte[] calculateIntegrity(byte[] bArr, byte[] bArr2, KeyUsage keyUsage) {
        byte[] processChecksum = processChecksum(bArr, deriveKey(bArr2, getUsageKi(keyUsage), 128, getKeyLength()));
        return removeTrailingBytes(processChecksum, 0, processChecksum.length - getChecksumLength());
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public byte[] getDecryptedData(EncryptionKey encryptionKey, EncryptedData encryptedData, KeyUsage keyUsage) throws KerberosException {
        byte[] deriveKey = deriveKey(encryptionKey.getKeyValue(), getUsageKe(keyUsage), 128, getKeyLength());
        byte[] cipher = encryptedData.getCipher();
        byte[] bArr = new byte[getChecksumLength()];
        System.arraycopy(cipher, cipher.length - getChecksumLength(), bArr, 0, bArr.length);
        byte[] decrypt = decrypt(removeTrailingBytes(cipher, 0, getChecksumLength()), deriveKey);
        byte[] removeLeadingBytes = removeLeadingBytes(decrypt, getConfounderLength(), 0);
        if (Arrays.equals(bArr, calculateIntegrity(decrypt, encryptionKey.getKeyValue(), keyUsage))) {
            return removeLeadingBytes;
        }
        throw new KerberosException(ErrorType.KRB_AP_ERR_BAD_INTEGRITY);
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public EncryptedData getEncryptedData(EncryptionKey encryptionKey, byte[] bArr, KeyUsage keyUsage) {
        byte[] deriveKey = deriveKey(encryptionKey.getKeyValue(), getUsageKe(keyUsage), 128, getKeyLength());
        byte[] concatenateBytes = concatenateBytes(getRandomBytes(getConfounderLength()), bArr);
        return new EncryptedData(getEncryptionType(), encryptionKey.getKeyVersion(), concatenateBytes(encrypt(concatenateBytes, deriveKey), calculateIntegrity(concatenateBytes, encryptionKey.getKeyValue(), keyUsage)));
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        return processCipher(true, bArr, bArr2);
    }

    @Override // org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionEngine
    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        return processCipher(false, bArr, bArr2);
    }

    protected byte[] deriveKey(byte[] bArr, byte[] bArr2, int i, int i2) {
        return deriveRandom(bArr, bArr2, i, i2);
    }

    private byte[] processChecksum(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(secretKeySpec);
            return mac.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            return null;
        }
    }

    private byte[] processCipher(boolean z, byte[] bArr, byte[] bArr2) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CTS/NoPadding");
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
            if (z) {
                cipher.init(1, secretKeySpec, ivParameterSpec);
            } else {
                cipher.init(2, secretKeySpec, ivParameterSpec);
            }
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            e.printStackTrace();
            return null;
        }
    }
}
