package org.jasig.cas.extension.clearpass;

import com.google.common.io.ByteSource;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.validation.constraints.NotNull;
import org.jasig.cas.util.CompressionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/cas-server-extension-clearpass-4.1.7.jar:org/jasig/cas/extension/clearpass/EncryptedMapDecorator.class */
public final class EncryptedMapDecorator implements Map<String, String> {
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String SECRET_KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final String DEFAULT_HASH_ALGORITHM = "SHA-512";
    private static final String DEFAULT_ENCRYPTION_ALGORITHM = "AES";
    private static final int INTEGER_LEN = 4;
    private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
    private static final int DEFAULT_SALT_SIZE = 8;
    private static final int DEFAULT_SECRET_KEY_SIZE = 32;
    private static final int BYTE_BUFFER_CAPACITY_SIZE = 4;
    private static final int HEX_RIGHT_SHIFT_COEFFICIENT = 4;
    private static final int HEX_HIGH_BITS_BITWISE_FLAG = 15;
    private final Logger logger;

    @NotNull
    private final Map<String, String> decoratedMap;

    @NotNull
    private final MessageDigest messageDigest;

    @NotNull
    private final ByteSource salt;

    @NotNull
    private final Key key;

    @NotNull
    private int ivSize;

    @NotNull
    private final String secretKeyAlgorithm;
    private boolean cloneNotSupported;

    public EncryptedMapDecorator(Map<String, String> map) throws Exception {
        this(map, getRandomSalt(8), getRandomSalt(32));
    }

    public EncryptedMapDecorator(Map<String, String> map, String str, String str2) throws Exception {
        this(map, "SHA-512", str, "AES", str2);
    }

    public EncryptedMapDecorator(Map<String, String> map, String str, String str2, String str3, String str4) throws Exception {
        this(map, str, str2.getBytes(Charset.defaultCharset()), str3, getSecretKey(str3, str4, str2));
    }

    public EncryptedMapDecorator(Map<String, String> map, String str, byte[] bArr, String str2, Key key) {
        this.logger = LoggerFactory.getLogger(getClass());
        try {
            this.decoratedMap = map;
            this.key = key;
            this.salt = ByteSource.wrap(bArr);
            this.secretKeyAlgorithm = str2;
            this.messageDigest = MessageDigest.getInstance(str);
            this.ivSize = getIvSize();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static String getRandomSalt(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return getFormattedText(bArr);
    }

    @Override // java.util.Map
    public int size() {
        return this.decoratedMap.size();
    }

    @Override // java.util.Map
    public boolean isEmpty() {
        return this.decoratedMap.isEmpty();
    }

    @Override // java.util.Map
    public boolean containsKey(Object obj) {
        return this.decoratedMap.containsKey(constructHashedKey(obj.toString()));
    }

    @Override // java.util.Map
    public boolean containsValue(Object obj) {
        if (!(obj instanceof String)) {
            return false;
        }
        return this.decoratedMap.containsValue(encrypt((String) obj));
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.Map
    public String get(Object obj) {
        String constructHashedKey = constructHashedKey(obj == null ? null : obj.toString());
        return decrypt(this.decoratedMap.get(constructHashedKey), constructHashedKey);
    }

    @Override // java.util.Map
    public String put(String str, String str2) {
        String constructHashedKey = constructHashedKey(str);
        return decrypt(this.decoratedMap.put(constructHashedKey, encrypt(str2, constructHashedKey)), constructHashedKey);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.Map
    public String remove(Object obj) {
        String constructHashedKey = constructHashedKey(obj.toString());
        return decrypt(this.decoratedMap.remove(constructHashedKey), constructHashedKey);
    }

    @Override // java.util.Map
    public void putAll(Map<? extends String, ? extends String> map) {
        for (Map.Entry<? extends String, ? extends String> entry : map.entrySet()) {
            put(entry.getKey(), entry.getValue());
        }
    }

    @Override // java.util.Map
    public void clear() {
        this.decoratedMap.clear();
    }

    @Override // java.util.Map
    public Set<String> keySet() {
        throw new UnsupportedOperationException();
    }

    @Override // java.util.Map
    public Collection<String> values() {
        throw new UnsupportedOperationException();
    }

    @Override // java.util.Map
    public Set<Map.Entry<String, String>> entrySet() {
        throw new UnsupportedOperationException();
    }

    protected String constructHashedKey(String str) {
        if (str == null) {
            return null;
        }
        MessageDigest messageDigest = getMessageDigest();
        messageDigest.update(consumeByteSourceOrNull(this.salt));
        messageDigest.update(str.toLowerCase().getBytes(Charset.defaultCharset()));
        String formattedText = getFormattedText(messageDigest.digest());
        this.logger.debug("Generated hash of value [{}] for key [{}].", formattedText, str);
        return formattedText;
    }

    protected String decrypt(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            Cipher cipherObject = getCipherObject();
            byte[] decodeBase64ToByteArray = CompressionUtils.decodeBase64ToByteArray(str);
            int byte2int = byte2int(Arrays.copyOfRange(decodeBase64ToByteArray, 0, 4));
            byte[] copyOfRange = Arrays.copyOfRange(decodeBase64ToByteArray, 4, 4 + byte2int);
            byte[] copyOfRange2 = Arrays.copyOfRange(decodeBase64ToByteArray, 4 + byte2int, decodeBase64ToByteArray.length);
            cipherObject.init(2, this.key, new IvParameterSpec(copyOfRange));
            return new String(cipherObject.doFinal(copyOfRange2), Charset.defaultCharset());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] consumeByteSourceOrNull(ByteSource byteSource) {
        if (byteSource == null) {
            return null;
        }
        try {
            if (byteSource.isEmpty()) {
                return null;
            }
            return byteSource.read();
        } catch (IOException e) {
            this.logger.warn("Could not consume the byte array source", (Throwable) e);
            return null;
        }
    }

    private int getIvSize() throws NoSuchAlgorithmException, NoSuchPaddingException {
        return getCipherObject().getBlockSize();
    }

    private static byte[] generateIV(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    protected String encrypt(String str) {
        return encrypt(str, null);
    }

    protected String encrypt(String str, String str2) {
        if (str == null) {
            return null;
        }
        try {
            Cipher cipherObject = getCipherObject();
            byte[] generateIV = generateIV(this.ivSize);
            cipherObject.init(1, this.key, new IvParameterSpec(generateIV));
            byte[] doFinal = cipherObject.doFinal(str.getBytes(Charset.defaultCharset()));
            byte[] bArr = new byte[4 + this.ivSize + doFinal.length];
            System.arraycopy(int2byte(this.ivSize), 0, bArr, 0, 4);
            System.arraycopy(generateIV, 0, bArr, 4, this.ivSize);
            System.arraycopy(doFinal, 0, bArr, 4 + this.ivSize, doFinal.length);
            return CompressionUtils.encodeBase64(bArr);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected static byte[] int2byte(int i) throws UnsupportedEncodingException {
        return ByteBuffer.allocate(4).putInt(i).array();
    }

    protected static int byte2int(byte[] bArr) throws UnsupportedEncodingException {
        return ByteBuffer.wrap(bArr).getInt();
    }

    protected static String byte2char(byte[] bArr) throws UnsupportedEncodingException {
        return new String(bArr, "UTF-8");
    }

    protected static byte[] char2byte(String str) throws UnsupportedEncodingException {
        return str.getBytes("UTF-8");
    }

    protected MessageDigest getMessageDigest() {
        if (this.cloneNotSupported) {
            String algorithm = this.messageDigest.getAlgorithm();
            try {
                return MessageDigest.getInstance(algorithm);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException("MessageDigest algorithm '" + algorithm + "' was supported when " + getClass().getSimpleName() + " was created but is not now. This should not be possible.", e);
            }
        }
        try {
            return (MessageDigest) this.messageDigest.clone();
        } catch (CloneNotSupportedException e2) {
            this.cloneNotSupported = true;
            this.logger.warn(String.format("Could not clone MessageDigest using algorithm '%s'. MessageDigest.getInstance will be used from now on which will be much more expensive.", this.messageDigest.getAlgorithm()), (Throwable) e2);
            return getMessageDigest();
        }
    }

    private static String getFormattedText(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(HEX_DIGITS[(b >> 4) & 15]);
            sb.append(HEX_DIGITS[b & 15]);
        }
        return sb.toString();
    }

    private Cipher getCipherObject() throws NoSuchAlgorithmException, NoSuchPaddingException {
        return Cipher.getInstance(CIPHER_ALGORITHM);
    }

    private static Key getSecretKey(String str, String str2, String str3) throws Exception {
        return new SecretKeySpec(SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_ALGORITHM).generateSecret(new PBEKeySpec(str2.toCharArray(), char2byte(str3), 65536, 128)).getEncoded(), str);
    }

    public String getSecretKeyAlgorithm() {
        return this.secretKeyAlgorithm;
    }
}
