package com.certicom.tls.provider;

import com.bea.sslplus.WeblogicHandler;
import com.certicom.locale.Resources;
import com.certicom.tls.ciphersuite.CryptoNames;
import com.certicom.tls.provider.cipher.ECCpresso_AESCBCNoPad;
import com.certicom.tls.provider.cipher.ECCpresso_RC4;
import com.certicom.tls.provider.cipher.ECCpresso_RSACipher;
import com.certicom.tls.provider.cipher.JSAFE_RSA;
import com.certicom.tls.provider.cipher.NullCipher;
import com.certicom.tls.provider.cipher.des.ECCpresso_DESCBCNoPad;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import weblogic.jce.WLCipher;

/* loaded from: input_file:com/certicom/tls/provider/Cipher.class */
public class Cipher implements CryptoNames {
    public static final int ENCRYPT_MODE = 1;
    public static final int DECRYPT_MODE = 2;
    private javax.crypto.Cipher jceCipher;
    private boolean dontUseIV = false;
    private int updateLimit = 0;

    private byte[] updateWithFragmentLimit(byte[] bArr, int i, int i2, boolean z) throws IllegalStateException {
        if (this.updateLimit <= 0) {
            throw new IllegalStateException("updateLimit <= 0");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int i3 = i2;
            int i4 = this.updateLimit;
            while (i3 > 0) {
                boolean z2 = i3 <= this.updateLimit;
                int i5 = z2 ? i3 : this.updateLimit;
                byteArrayOutputStream.write((z && z2) ? this.jceCipher.doFinal(bArr, i, i5) : this.jceCipher.update(bArr, i, i5));
                i3 -= i5;
                i += i5;
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_ERROR)) {
                WeblogicHandler.debug(WeblogicHandler.DEBUG_ERROR, "Failed to update with fragment limit", e);
            }
            throw new IllegalStateException(e.getMessage());
        }
    }

    public Provider getProvider() {
        if (this.jceCipher == null) {
            return null;
        }
        return WLCipher.getProvider(this.jceCipher);
    }

    private Cipher(javax.crypto.Cipher cipher) {
        this.jceCipher = cipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Cipher() {
    }

    public static final Cipher getInstance(String str) throws NoSuchAlgorithmException {
        if (str.equalsIgnoreCase(CryptoNames.NULL_CIPHER)) {
            return new NullCipher();
        }
        try {
            if (WeblogicHandler.useJCEProvider()) {
                String str2 = str;
                if (str.equals(CryptoNames.RSA_PKCS1)) {
                    str2 = "RSA";
                } else if (str.equals("DES") || str.equals("DESede") || str.equals("AES")) {
                    str2 = str + "/CBC/NoPadding";
                }
                javax.crypto.Cipher wLCipher = WLCipher.getInstance(str2);
                Provider provider = WLCipher.getProvider(wLCipher);
                String name = provider.getName();
                if (WeblogicHandler.isSupportedCipher(name)) {
                    Cipher cipher = new Cipher(wLCipher);
                    if (str.startsWith("DES") && name.startsWith("nCipherKM")) {
                        cipher.updateLimit = WeblogicHandler.getOverrideSSLFragmentSize();
                        if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                            WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Detected nCipherKM for DES support, limiting SSL fragment size to: " + cipher.updateLimit, (Exception) null);
                        }
                    } else if (str.equals(CryptoNames.RC4)) {
                        cipher.dontUseIV = true;
                    }
                    if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                        WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Using JCE Cipher: " + provider + " for algorithm " + str2, (Exception) null);
                    }
                    return cipher;
                }
                if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
                    WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Ignoring not supported JCE Cipher: " + provider + " for algorithm " + str2, (Exception) null);
                }
            }
        } catch (Throwable th) {
            WeblogicHandler.debugEaten(th);
        }
        if (WeblogicHandler.isDebugEnabled(WeblogicHandler.DEBUG_INFO)) {
            WeblogicHandler.debug(WeblogicHandler.DEBUG_INFO, "Will use default Cipher for algorithm " + str, (Exception) null);
        }
        try {
        } catch (Throwable th2) {
            WeblogicHandler.debugEaten(th2);
        }
        if (str.equalsIgnoreCase(CryptoNames.NULL_CIPHER)) {
            return new NullCipher();
        }
        if (str.equalsIgnoreCase(CryptoNames.RC4)) {
            return new ECCpresso_RC4();
        }
        if (str.equalsIgnoreCase("DES")) {
            return new ECCpresso_DESCBCNoPad("DES");
        }
        if (str.equalsIgnoreCase("AES")) {
            return new ECCpresso_AESCBCNoPad();
        }
        if (str.equalsIgnoreCase("DESede")) {
            return new ECCpresso_DESCBCNoPad("TDES");
        }
        if (str.equals(CryptoNames.RSA_PKCS1) || str.equals(CryptoNames.RSA_RAW)) {
            try {
                return new JSAFE_RSA(str);
            } catch (Throwable th3) {
                WeblogicHandler.debugEaten(th3);
                try {
                    return new ECCpresso_RSACipher(str);
                } catch (Throwable th4) {
                    WeblogicHandler.debugEaten(th4);
                }
            }
        }
        throw new NoSuchAlgorithmException(str + Resources.getMessage("84"));
    }

    public int getBlockSize() {
        return this.jceCipher.getBlockSize();
    }

    public int getOutputSize(int i) {
        return this.jceCipher.getOutputSize(i);
    }

    public void init(int i, Key key, byte[] bArr) {
        try {
            if (i == 1) {
                javax.crypto.Cipher cipher = this.jceCipher;
            } else {
                javax.crypto.Cipher cipher2 = this.jceCipher;
            }
            byte[] bArr2 = (byte[]) key.getEncoded().clone();
            if (this.jceCipher.getAlgorithm().startsWith("DES")) {
                for (int i2 = 0; i2 < bArr2.length; i2++) {
                    int i3 = (bArr2[i2] & 255) >> 1;
                    int i4 = 0;
                    for (int i5 = 0; i5 < 7; i5++) {
                        if (i3 % 2 == 1) {
                            i4++;
                        }
                        i3 >>= 1;
                    }
                    if (i4 % 2 == 0) {
                        int i6 = i2;
                        bArr2[i6] = (byte) (bArr2[i6] | 1);
                    } else {
                        int i7 = i2;
                        bArr2[i7] = (byte) (bArr2[i7] & 254);
                    }
                }
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, key.getAlgorithm());
            if (bArr == null || this.dontUseIV) {
                this.jceCipher.init(i, secretKeySpec);
            } else {
                this.jceCipher.init(i, secretKeySpec, new IvParameterSpec(bArr));
            }
        } catch (Exception e) {
            e.printStackTrace();
            WeblogicHandler.debugEaten(e);
        }
    }

    public byte[] update(byte[] bArr) throws IllegalStateException {
        byte[] update = (this.updateLimit <= 0 || bArr.length <= this.updateLimit) ? this.jceCipher.update(bArr) : updateWithFragmentLimit(bArr, 0, bArr.length, false);
        return update == null ? new byte[0] : update;
    }

    public byte[] update(byte[] bArr, int i, int i2) throws IllegalStateException {
        byte[] update = (this.updateLimit <= 0 || i2 <= this.updateLimit) ? this.jceCipher.update(bArr, i, i2) : updateWithFragmentLimit(bArr, i, i2, false);
        return update == null ? new byte[0] : update;
    }

    public void init(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        this.jceCipher.init(i, key, secureRandom);
    }

    public byte[] doFinal(byte[] bArr, int i, int i2) throws IllegalStateException {
        try {
            return (this.updateLimit <= 0 || i2 <= this.updateLimit) ? this.jceCipher.doFinal(bArr, i, i2) : updateWithFragmentLimit(bArr, i, i2, true);
        } catch (Exception e) {
            WeblogicHandler.debugEaten(e);
            throw new IllegalStateException(e.getMessage());
        }
    }
}
