package org.owasp.esapi.crypto;

import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.crypto.KeyDerivationFunction;
import org.owasp.esapi.errors.EncryptionException;

/* loaded from: input_file:WEB-INF/lib/esapi-2.2.0.0.jar:org/owasp/esapi/crypto/CryptoHelper.class */
public class CryptoHelper {
    private static final Logger logger = ESAPI.getLogger("CryptoHelper");

    public static SecretKey generateSecretKey(String str, int i) throws EncryptionException {
        if (str == null || str.equals("")) {
            throw new IllegalArgumentException("Algorithm must not be null or empty.");
        }
        if (i <= 0) {
            throw new IllegalArgumentException("Key size must be positive.");
        }
        String str2 = str.split("/")[0];
        try {
            if (str2.toUpperCase().startsWith("PBEWITH")) {
                str2 = "PBE";
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str2);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (InvalidParameterException e) {
            throw new EncryptionException("Failed to generate random secret key - invalid key size specified.", "Invalid key size. Failed to generate secret key for " + str + " with size of " + i + " bits.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new EncryptionException("Failed to generate random secret key", "Invalid algorithm. Failed to generate secret key for " + str + " with size of " + i + " bits.", e2);
        }
    }

    @Deprecated
    public static SecretKey computeDerivedKey(SecretKey secretKey, int i, String str) throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException {
        if (secretKey == null) {
            throw new IllegalArgumentException("Key derivation key cannot be null.");
        }
        if (i < 56) {
            throw new IllegalArgumentException("Key has size of " + i + ", which is less than minimum of 56-bits.");
        }
        if (i % 8 != 0) {
            throw new IllegalArgumentException("Key size (" + i + ") must be a even multiple of 8-bits.");
        }
        if (str == null) {
            throw new IllegalArgumentException("'purpose' may not be null.");
        }
        if (str.equals("encryption") || str.equals("authenticity")) {
            return new KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1).computeDerivedKey(secretKey, i, str);
        }
        throw new IllegalArgumentException("Purpose must be \"encryption\" or \"authenticity\".");
    }

    public static boolean isCombinedCipherMode(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Cipher mode may not be null");
        }
        if (str.equals("")) {
            throw new IllegalArgumentException("Cipher mode may not be empty string");
        }
        return ESAPI.securityConfiguration().getCombinedCipherModes().contains(str);
    }

    public static boolean isAllowedCipherMode(String str) {
        if (isCombinedCipherMode(str)) {
            return true;
        }
        return ESAPI.securityConfiguration().getAdditionalAllowedCipherModes().contains(str);
    }

    public static boolean isMACRequired(CipherText cipherText) {
        return !isCombinedCipherMode(cipherText.getCipherMode()) && ESAPI.securityConfiguration().useMACforCipherText();
    }

    public static boolean isCipherTextMACvalid(SecretKey secretKey, CipherText cipherText) {
        if (!isMACRequired(cipherText)) {
            return true;
        }
        try {
            return cipherText.validateMAC(computeDerivedKey(secretKey, cipherText.getKeySize(), "authenticity"));
        } catch (Exception e) {
            logger.warning(Logger.SECURITY_FAILURE, "Unable to validate MAC for ciphertext " + cipherText, e);
            return false;
        }
    }

    public static void overwrite(byte[] bArr, byte b) {
        Arrays.fill(bArr, b);
    }

    public static void overwrite(byte[] bArr) {
        overwrite(bArr, (byte) 42);
    }

    public static void copyByteArray(byte[] bArr, byte[] bArr2, int i) {
        System.arraycopy(bArr, 0, bArr2, 0, i);
    }

    public static void copyByteArray(byte[] bArr, byte[] bArr2) {
        copyByteArray(bArr, bArr2, bArr.length);
    }

    @Deprecated
    public static boolean arrayCompare(byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(bArr, bArr2);
    }

    public static boolean isValidKDFVersion(int i, boolean z, boolean z2) throws IllegalArgumentException {
        boolean z3 = true;
        if (i < 20110203 || i > 99991231) {
            z3 = false;
        } else if (z) {
            z3 = i <= 20130830;
        }
        if (z3) {
            return z3;
        }
        logger.warning(Logger.SECURITY_FAILURE, "Possible data tampering. Encountered invalid KDF version #. " + (z2 ? "Throwing IllegalArgumentException" : ""));
        if (z2) {
            throw new IllegalArgumentException("Version (" + i + ") invalid. Must be date in format of YYYYMMDD between " + KeyDerivationFunction.originalVersion + "and 99991231.");
        }
        return false;
    }

    private CryptoHelper() {
    }
}
