package org.orbeon.oxf.util;

import java.security.MessageDigest;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.pool.BasePoolableObjectFactory;
import org.orbeon.oxf.properties.Properties;
import org.orbeon.oxf.properties.PropertySet;
import scala.Function1;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.StringBuilder;
import scala.runtime.BoxedUnit;

/* compiled from: SecureUtils.scala */
/* loaded from: input_file:WEB-INF/lib/orbeon-core.jar:org/orbeon/oxf/util/SecureUtils$.class */
public final class SecureUtils$ {
    public static final SecureUtils$ MODULE$ = null;
    private final String XFormsPasswordProperty;
    private final String org$orbeon$oxf$util$SecureUtils$$PasswordProperty;
    private final String KeyLengthProperty;
    private final String HashAlgorithmProperty;
    private final String PreferredProviderProperty;
    private final char[] HexDigits;
    private final String KeyCipherAlgorithm;
    private final String org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation;
    private final int AESBlockSize;
    private final int AESIVSize;
    private SecureRandom secureRandom;
    private SecretKey org$orbeon$oxf$util$SecureUtils$$secretKey;
    private Option<Provider> org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt;
    private final SoftReferenceObjectPool<Cipher> pool;
    private int HexIdLength;
    private volatile byte bitmap$0;

    static {
        new SecureUtils$();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private SecureRandom secureRandom$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 1)) == 0) {
                this.secureRandom = new SecureRandom();
                this.bitmap$0 = (byte) (this.bitmap$0 | 1);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.secureRandom;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private SecretKey org$orbeon$oxf$util$SecureUtils$$secretKey$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 2)) == 0) {
                byte[] bArr = new byte[8];
                secureRandom().nextBytes(bArr);
                this.org$orbeon$oxf$util$SecureUtils$$secretKey = new SecretKeySpec(SecretKeyFactory.getInstance(KeyCipherAlgorithm()).generateSecret(new PBEKeySpec(getPassword().toCharArray(), bArr, 65536, getKeyLength())).getEncoded(), "AES");
                this.bitmap$0 = (byte) (this.bitmap$0 | 2);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.org$orbeon$oxf$util$SecureUtils$$secretKey;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private Option org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 4)) == 0) {
                this.org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt = getPreferredProvider().flatMap(new SecureUtils$$anonfun$org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt$1());
                this.bitmap$0 = (byte) (this.bitmap$0 | 4);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v7 */
    private int HexIdLength$lzycompute() {
        ?? r0 = this;
        synchronized (r0) {
            if (((byte) (this.bitmap$0 & 8)) == 0) {
                this.HexIdLength = new StringOps(Predef$.MODULE$.augmentString(randomHexId())).size();
                this.bitmap$0 = (byte) (this.bitmap$0 | 8);
            }
            BoxedUnit boxedUnit = BoxedUnit.UNIT;
            r0 = r0;
            return this.HexIdLength;
        }
    }

    private String XFormsPasswordProperty() {
        return this.XFormsPasswordProperty;
    }

    public String org$orbeon$oxf$util$SecureUtils$$PasswordProperty() {
        return this.org$orbeon$oxf$util$SecureUtils$$PasswordProperty;
    }

    private String KeyLengthProperty() {
        return this.KeyLengthProperty;
    }

    private String HashAlgorithmProperty() {
        return this.HashAlgorithmProperty;
    }

    private String PreferredProviderProperty() {
        return this.PreferredProviderProperty;
    }

    private String getPassword() {
        PropertySet propertySet = Properties.instance().getPropertySet();
        return (String) propertySet.getNonBlankString(XFormsPasswordProperty()).orElse(new SecureUtils$$anonfun$getPassword$1(propertySet)).getOrElse(new SecureUtils$$anonfun$getPassword$2());
    }

    private int getKeyLength() {
        return Properties.instance().getPropertySet().getInteger(KeyLengthProperty(), 128).intValue();
    }

    private String getHashAlgorithm() {
        return Properties.instance().getPropertySet().getString(HashAlgorithmProperty(), "SHA1");
    }

    private Option<String> getPreferredProvider() {
        return Properties.instance().getPropertySet().getNonBlankString(PreferredProviderProperty());
    }

    private char[] HexDigits() {
        return this.HexDigits;
    }

    private String KeyCipherAlgorithm() {
        return this.KeyCipherAlgorithm;
    }

    public String org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation() {
        return this.org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation;
    }

    public int AESBlockSize() {
        return this.AESBlockSize;
    }

    public int AESIVSize() {
        return this.AESIVSize;
    }

    private SecureRandom secureRandom() {
        return ((byte) (this.bitmap$0 & 1)) == 0 ? secureRandom$lzycompute() : this.secureRandom;
    }

    public SecretKey org$orbeon$oxf$util$SecureUtils$$secretKey() {
        return ((byte) (this.bitmap$0 & 2)) == 0 ? org$orbeon$oxf$util$SecureUtils$$secretKey$lzycompute() : this.org$orbeon$oxf$util$SecureUtils$$secretKey;
    }

    public Option<Provider> org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt() {
        return ((byte) (this.bitmap$0 & 4)) == 0 ? org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt$lzycompute() : this.org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt;
    }

    private SoftReferenceObjectPool<Cipher> pool() {
        return this.pool;
    }

    private <T> T withCipher(Function1<Cipher, T> function1) {
        Cipher borrowObject = pool().borrowObject();
        try {
            return function1.mo87apply(borrowObject);
        } finally {
            pool().returnObject(borrowObject);
        }
    }

    public String encrypt(byte[] bArr) {
        return encryptIV(bArr, None$.MODULE$);
    }

    public String encryptIV(byte[] bArr, Option<byte[]> option) {
        return (String) withCipher(new SecureUtils$$anonfun$encryptIV$1(bArr, option));
    }

    public byte[] decrypt(String str) {
        return decryptIV(str, None$.MODULE$);
    }

    public byte[] decryptIV(String str, Option<byte[]> option) {
        return (byte[]) withCipher(new SecureUtils$$anonfun$decryptIV$1(str, option));
    }

    public String digestString(String str, String str2, String str3) {
        return digestBytes(str.getBytes("utf-8"), str2, str3);
    }

    public String digestString(String str, String str2) {
        return digestString(str, getHashAlgorithm(), str2);
    }

    public String digestBytes(byte[] bArr, String str) {
        return digestBytes(bArr, getHashAlgorithm(), str);
    }

    public String digestBytes(byte[] bArr, String str, String str2) {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(bArr);
        return withEncoding(messageDigest.digest(), str2);
    }

    public String hmacString(String str, String str2) {
        return hmacBytes(getPassword().getBytes("utf-8"), str.getBytes("utf-8"), getHashAlgorithm(), str2);
    }

    public String hmacString(String str, String str2, String str3, String str4) {
        return hmacBytes(str.getBytes("utf-8"), str2.getBytes("utf-8"), str3, str4);
    }

    public String hmacBytes(byte[] bArr, byte[] bArr2, String str, String str2) {
        String stringBuilder = new StringBuilder().append((Object) "Hmac").append((Object) str.toUpperCase().replace("-", "")).toString();
        Mac mac = Mac.getInstance(stringBuilder);
        mac.init(new SecretKeySpec(bArr, stringBuilder));
        return withEncoding(mac.doFinal(bArr2), str2).replace("\n", "");
    }

    private String withEncoding(byte[] bArr, String str) {
        String byteArrayToHex;
        if ("base64".equals(str)) {
            byteArrayToHex = Base64.encode(bArr, false);
        } else {
            if (!"hex".equals(str)) {
                throw new IllegalArgumentException(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Invalid digest encoding (must be one of `base64` or `hex`): `", "`"})).s(Predef$.MODULE$.genericWrapArray(new Object[]{str})));
            }
            byteArrayToHex = byteArrayToHex(bArr);
        }
        return byteArrayToHex;
    }

    public String byteArrayToHex(byte[] bArr) {
        StringBuilder stringBuilder = new StringBuilder(bArr.length * 2);
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                return stringBuilder.toString();
            }
            stringBuilder.append(HexDigits()[(bArr[i2] >> 4) & 15]);
            stringBuilder.append(HexDigits()[bArr[i2] & 15]);
            i = i2 + 1;
        }
    }

    public int HexIdLength() {
        return ((byte) (this.bitmap$0 & 8)) == 0 ? HexIdLength$lzycompute() : this.HexIdLength;
    }

    public String randomHexId() {
        byte[] bArr = new byte[16];
        secureRandom().nextBytes(bArr);
        return digestBytes(bArr, "hex");
    }

    public MessageDigest defaultMessageDigest() {
        return MessageDigest.getInstance(getHashAlgorithm());
    }

    private SecureUtils$() {
        MODULE$ = this;
        this.XFormsPasswordProperty = "oxf.xforms.password";
        this.org$orbeon$oxf$util$SecureUtils$$PasswordProperty = "oxf.crypto.password";
        this.KeyLengthProperty = "oxf.crypto.key-length";
        this.HashAlgorithmProperty = "oxf.crypto.hash-algorithm";
        this.PreferredProviderProperty = "oxf.crypto.preferred-provider";
        this.HexDigits = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        this.KeyCipherAlgorithm = "PBKDF2WithHmacSHA1";
        this.org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation = "AES/CBC/PKCS5Padding";
        this.AESBlockSize = 128;
        this.AESIVSize = AESBlockSize() / 8;
        this.pool = new SoftReferenceObjectPool<>(new BasePoolableObjectFactory<Cipher>() { // from class: org.orbeon.oxf.util.SecureUtils$$anon$1
            @Override // org.apache.commons.pool.BasePoolableObjectFactory, org.apache.commons.pool.PoolableObjectFactory
            public Cipher makeObject() {
                Cipher cipher;
                Option<Provider> org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt = SecureUtils$.MODULE$.org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt();
                if (org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt instanceof Some) {
                    cipher = Cipher.getInstance(SecureUtils$.MODULE$.org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation(), (Provider) ((Some) org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt).x());
                } else {
                    if (!None$.MODULE$.equals(org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt)) {
                        throw new MatchError(org$orbeon$oxf$util$SecureUtils$$preferredProviderOpt);
                    }
                    cipher = Cipher.getInstance(SecureUtils$.MODULE$.org$orbeon$oxf$util$SecureUtils$$EncryptionCipherTransformation());
                }
                return cipher;
            }
        });
    }
}
