package com.sun.crypto.provider;

import java.io.IOException;
import java.io.InvalidClassException;
import java.io.ObjectInputFilter;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.AlgorithmParameters;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SealedObject;
import jdk.internal.access.SharedSecrets;

/* loaded from: input_file:META-INF/modules/java.base/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.class */
final class SealedObjectForKeyProtector extends SealedObject {
    static final long serialVersionUID = -3650226485480866989L;
    private static final String KEY_SERIAL_FILTER = "jceks.key.serialFilter";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/modules/java.base/classes/com/sun/crypto/provider/SealedObjectForKeyProtector$DeserializationChecker.class */
    public static class DeserializationChecker implements ObjectInputFilter {
        private static final ObjectInputFilter OWN_FILTER;
        private final int maxLength;

        private DeserializationChecker(int i) {
            this.maxLength = i;
        }

        @Override // java.io.ObjectInputFilter
        public ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo filterInfo) {
            ObjectInputFilter.Status checkInput;
            if (filterInfo.arrayLength() > this.maxLength) {
                return ObjectInputFilter.Status.REJECTED;
            }
            if (filterInfo.serialClass() == Object.class) {
                return ObjectInputFilter.Status.UNDECIDED;
            }
            if (OWN_FILTER != null && (checkInput = OWN_FILTER.checkInput(filterInfo)) != ObjectInputFilter.Status.UNDECIDED) {
                return checkInput;
            }
            ObjectInputFilter serialFilter = ObjectInputFilter.Config.getSerialFilter();
            return serialFilter != null ? serialFilter.checkInput(filterInfo) : ObjectInputFilter.Status.UNDECIDED;
        }

        static {
            String str = (String) AccessController.doPrivileged(() -> {
                String property = System.getProperty(SealedObjectForKeyProtector.KEY_SERIAL_FILTER);
                return property != null ? property : Security.getProperty(SealedObjectForKeyProtector.KEY_SERIAL_FILTER);
            });
            OWN_FILTER = str == null ? null : ObjectInputFilter.Config.createFilter(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SealedObjectForKeyProtector(Serializable serializable, Cipher cipher) throws IOException, IllegalBlockSizeException {
        super(serializable, cipher);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SealedObjectForKeyProtector(SealedObject sealedObject) {
        super(sealedObject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AlgorithmParameters getParameters() {
        AlgorithmParameters algorithmParameters = null;
        if (this.encodedParams != null) {
            try {
                algorithmParameters = AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
                algorithmParameters.init(this.encodedParams);
            } catch (IOException e) {
                throw new RuntimeException("Parameter failure: " + e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("SunJCE provider is not configured properly");
            }
        }
        return algorithmParameters;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Key getKey(Cipher cipher, int i) throws IOException, ClassNotFoundException, IllegalBlockSizeException, BadPaddingException {
        ObjectInputStream extObjectInputStream = SharedSecrets.getJavaxCryptoSealedObjectAccess().getExtObjectInputStream(this, cipher);
        try {
            AccessController.doPrivileged(() -> {
                extObjectInputStream.setObjectInputFilter(new DeserializationChecker(i));
                return null;
            });
            try {
                Key key = (Key) extObjectInputStream.readObject();
                if (extObjectInputStream != null) {
                    extObjectInputStream.close();
                }
                return key;
            } catch (InvalidClassException e) {
                if (e.getMessage().contains("REJECTED")) {
                    throw new IOException("Rejected by the jceks.key.serialFilter or jdk.serialFilter property", e);
                }
                throw e;
            }
        } catch (Throwable th) {
            if (extObjectInputStream != null) {
                try {
                    extObjectInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
