package net.savignano.snotify.atlassian.common.util;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Random;
import java.util.jar.Manifest;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.savignano.snotify.atlassian.common.Constants;
import net.savignano.snotify.atlassian.common.security.SnotifyJce;
import net.savignano.thirdparty.org.bouncycastle.crypto.engines.AESEngine;
import net.savignano.thirdparty.org.bouncycastle.crypto.modes.CBCBlockCipher;
import net.savignano.thirdparty.org.bouncycastle.crypto.paddings.PKCS7Padding;
import net.savignano.thirdparty.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
import net.savignano.thirdparty.org.bouncycastle.crypto.params.KeyParameter;
import net.savignano.thirdparty.org.bouncycastle.crypto.params.ParametersWithIV;
import net.savignano.thirdparty.org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/savignano/snotify/atlassian/common/util/SecurityUtil.class */
public class SecurityUtil {
    private static final Logger log = LoggerFactory.getLogger(SecurityUtil.class);
    private static final String OBFUSCATION_STRING = "Obfuscate This!!";
    private static final int AES_NIVBITS = 128;
    private static Boolean integrityIntact;
    private static KeyStore trustStore;
    private static Manifest manifest;

    public static final boolean checkSnotifyIntegrity() {
        if (integrityIntact == null) {
            log.info("Checking integrity of S/Notify.");
            integrityIntact = Boolean.valueOf(SnotifyJce.selfIntegrityChecking());
            if (integrityIntact.booleanValue()) {
                log.info("Integrity of S/Notify is intact.");
            } else {
                log.error("Integrity of S/Notify has been compromised. Jar files have been modified.");
            }
        }
        return integrityIntact.booleanValue();
    }

    public static final Provider getProvider() {
        Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (provider == null) {
            log.debug("Initializing Bouncy Castle Provider.");
            provider = new BouncyCastleProvider();
            Security.addProvider(provider);
        }
        log.trace("Bouncy Castle Provider: " + provider);
        return provider;
    }

    public static final String getManifestValue(String str) {
        if (manifest == null && getManifest() == null) {
            return null;
        }
        return manifest.getMainAttributes().getValue(str);
    }

    public static final Manifest getManifest() {
        if (manifest != null) {
            return manifest;
        }
        String url = SecurityUtil.class.getResource(SecurityUtil.class.getSimpleName() + ".class").toString();
        log.debug("Resource for {}: {}", SecurityUtil.class, url);
        String str = null;
        if (url.startsWith("jar")) {
            str = url.substring(0, url.lastIndexOf("!") + 1) + "/META-INF/MANIFEST.MF";
        } else if (url.startsWith("bundle")) {
            str = url.substring(0, url.lastIndexOf("net")) + "META-INF/MANIFEST.MF";
        }
        log.debug("Loading MANIFEST.MF from: {}", str);
        if (str != null) {
            try {
                InputStream openStream = new URL(str).openStream();
                Throwable th = null;
                try {
                    try {
                        manifest = new Manifest(openStream);
                        if (openStream != null) {
                            if (0 != 0) {
                                try {
                                    openStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                openStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                log.error("Could not load S/Notify MANIFEST.MF from \"" + str + "\". Error message: " + e.getMessage(), e);
            }
        }
        return manifest;
    }

    public static final KeyStore getJavaTrustStore() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        if (trustStore != null) {
            return trustStore;
        }
        log.debug("Initializing trust store.");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                log.debug("X509TrustManager found.");
                X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                log.debug("Found {} certificates in trust store.", Integer.valueOf(acceptedIssuers.length));
                trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null, null);
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    String x500Principal = x509Certificate.getSubjectX500Principal().toString();
                    log.trace("Trusting: {}", x500Principal);
                    trustStore.setCertificateEntry(x500Principal, x509Certificate);
                }
            } else {
                log.trace("TrustManager: {}", trustManager.getClass());
            }
        }
        if (trustStore == null) {
            log.warn("TrustManagerFactory did not provide a trust store with X509Certificates. No trust store available.");
        } else {
            log.info("Trust store initialized with {} certificates.", Integer.valueOf(trustStore.size()));
        }
        return trustStore;
    }

    public static final void clearPassword(char[] cArr) {
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
    }

    public static final void clearKeyStore(KeyStore keyStore) throws KeyStoreException {
        if (keyStore != null) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                keyStore.deleteEntry(aliases.nextElement());
            }
        }
    }

    public static final String encode(String str) throws GeneralSecurityException {
        if (str == null) {
            return null;
        }
        return encode(str.toCharArray());
    }

    public static final String encode(char[] cArr) throws GeneralSecurityException {
        if (cArr == null) {
            return null;
        }
        ByteBuffer encode = Constants.UTF8_CHARSET.encode(CharBuffer.wrap(cArr));
        byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
        try {
            byte[] encode2 = encode(copyOfRange);
            Arrays.fill(encode.array(), (byte) 0);
            Arrays.fill(copyOfRange, (byte) 0);
            return new String(Base64.encodeBase64(encode2), Constants.UTF8_CHARSET);
        } catch (Throwable th) {
            Arrays.fill(encode.array(), (byte) 0);
            Arrays.fill(copyOfRange, (byte) 0);
            throw th;
        }
    }

    private static final byte[] encode(byte[] bArr) throws GeneralSecurityException {
        try {
            byte[] bArr2 = new byte[16];
            new Random().nextBytes(bArr2);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
            ParametersWithIV parametersWithIV = new ParametersWithIV(getAesKey(), bArr2);
            paddedBufferedBlockCipher.reset();
            paddedBufferedBlockCipher.init(true, parametersWithIV);
            byte[] bArr3 = new byte[paddedBufferedBlockCipher.getOutputSize(bArr.length)];
            int processBytes = paddedBufferedBlockCipher.processBytes(bArr, 0, bArr.length, bArr3, 0);
            if (processBytes + paddedBufferedBlockCipher.doFinal(bArr3, processBytes) != bArr3.length) {
                throw new IllegalStateException("Unexpected behaviour : getOutputSize value incorrect.");
            }
            byte[] bArr4 = new byte[bArr2.length + bArr3.length];
            System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
            System.arraycopy(bArr3, 0, bArr4, bArr2.length, bArr3.length);
            return bArr4;
        } catch (Exception e) {
            throw new GeneralSecurityException("Encryption failed.", e);
        }
    }

    public static final String decodeStringBase64Aes(String str) throws GeneralSecurityException {
        if (str == null) {
            return null;
        }
        return new String(decodeBase64Aes(str), Constants.UTF8_CHARSET);
    }

    public static final char[] decodeCharsBase64Aes(String str) throws GeneralSecurityException {
        if (str == null) {
            return null;
        }
        byte[] decodeBase64Aes = decodeBase64Aes(str);
        ByteBuffer wrap = ByteBuffer.wrap(decodeBase64Aes);
        CharBuffer decode = Constants.UTF8_CHARSET.decode(wrap);
        char[] copyOfRange = Arrays.copyOfRange(decode.array(), decode.position(), decode.limit());
        Arrays.fill(decodeBase64Aes, (byte) 0);
        Arrays.fill(wrap.array(), (byte) 0);
        Arrays.fill(decode.array(), (char) 0);
        return copyOfRange;
    }

    private static byte[] decodeBase64Aes(String str) throws GeneralSecurityException {
        try {
            byte[] decodeBase64 = Base64.decodeBase64(str.getBytes(Constants.UTF8_CHARSET));
            byte[] bArr = new byte[16];
            System.arraycopy(decodeBase64, 0, bArr, 0, 16);
            ParametersWithIV parametersWithIV = new ParametersWithIV(getAesKey(), bArr);
            PaddedBufferedBlockCipher paddedBufferedBlockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
            paddedBufferedBlockCipher.reset();
            paddedBufferedBlockCipher.init(false, parametersWithIV);
            byte[] bArr2 = new byte[paddedBufferedBlockCipher.getOutputSize(decodeBase64.length - 16)];
            int processBytes = paddedBufferedBlockCipher.processBytes(decodeBase64, 16, decodeBase64.length - 16, bArr2, 0);
            int doFinal = processBytes + paddedBufferedBlockCipher.doFinal(bArr2, processBytes);
            byte[] bArr3 = new byte[doFinal];
            System.arraycopy(bArr2, 0, bArr3, 0, doFinal);
            return bArr3;
        } catch (Exception e) {
            throw new GeneralSecurityException("Decoding failed. Error message: " + e.getMessage(), e);
        }
    }

    private static final KeyParameter getAesKey() {
        return new KeyParameter(OBFUSCATION_STRING.getBytes(Constants.UTF8_CHARSET));
    }
}
