package com.sun.identity.log.secure;

import com.sun.identity.log.spi.Debug;
import iaik.security.ssl.SecurityProvider;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.util.StringTokenizer;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.asn1.ANY;
import org.mozilla.jss.asn1.ASN1Value;
import org.mozilla.jss.asn1.BMPString;
import org.mozilla.jss.asn1.OCTET_STRING;
import org.mozilla.jss.asn1.SEQUENCE;
import org.mozilla.jss.asn1.SET;
import org.mozilla.jss.crypto.CryptoToken;
import org.mozilla.jss.crypto.KeyGenAlgorithm;
import org.mozilla.jss.crypto.KeyGenerator;
import org.mozilla.jss.crypto.PBEAlgorithm;
import org.mozilla.jss.crypto.PrivateKey;
import org.mozilla.jss.crypto.Signature;
import org.mozilla.jss.crypto.SignatureAlgorithm;
import org.mozilla.jss.crypto.SymmetricKey;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.pkcs12.AuthenticatedSafes;
import org.mozilla.jss.pkcs12.PFX;
import org.mozilla.jss.pkcs12.SafeBag;
import org.mozilla.jss.pkix.primitive.Attribute;
import org.mozilla.jss.util.Password;
import securecomputing.swec.EasspMessage;

/* loaded from: input_file:117585-13/SUNWamsdk/reloc/SUNWam/lib/am_logging.jar:com/sun/identity/log/secure/SecureLogHelper.class */
public class SecureLogHelper {
    private static int keyLength = 168;
    private static String currentKeyName = null;
    private static String loggerKey = "Logger";
    private static String verifier = "Verifier";
    private static String initialKey = "InitialKey";
    private static String currentKey = "CurrentKey";
    private static String currentSignature = "CurrentSignature";
    private byte[] currentLoggerKey = null;
    private byte[] currentVerifierKey = null;
    private byte[] currentVerifierSignature = null;
    private byte[] lastMac = null;
    private byte[] currentMAC = null;
    private byte[] lastLoggerKey = null;
    private String logFileName = null;
    private String verifierFileName = null;
    private CryptoToken mToken = null;
    private boolean loggerInitialized = false;
    private boolean verifierInitialized = false;
    private Password loggerPass = null;
    private Password verifierPass = null;
    private boolean LoggerLastLine = false;
    private boolean VerifierLastLine = false;

    public SecureLogHelper(CryptoManager.InitializationValues initializationValues) throws Exception {
        try {
            CryptoManager.getInstance();
        } catch (CryptoManager.NotInitializedException e) {
            if (Debug.warningEnabled()) {
                Debug.warning("SecureLogHelper :  CryptoManager.NotInitializedException : ", e);
            }
            CryptoManager.initialize(initializationValues);
        }
    }

    public synchronized void initializeSecureLogHelper(String str, String str2, Password password, String str3, Password password2) throws Exception {
        this.logFileName = str2;
        this.verifierFileName = str3;
        MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
        this.loggerPass = new Password(new String(messageDigest.digest(Password.charToByte(password.getCharCopy())), "UTF-8").toCharArray());
        messageDigest.reset();
        Password password3 = new Password(new String(messageDigest.digest(Password.charToByte(password2.getCharCopy())), "UTF-8").toCharArray());
        CryptoManager cryptoManager = CryptoManager.getInstance();
        if (str == null || str.equals("")) {
            this.mToken = cryptoManager.getInternalCryptoToken();
        } else {
            this.mToken = cryptoManager.getTokenByName(str);
        }
        this.loggerInitialized = isInitialized(str2, this.loggerPass);
        if (this.loggerInitialized) {
            if (Debug.messageEnabled()) {
                Debug.message(new StringBuffer().append(this.logFileName).append(" Logger Module is already ").append(" initialized").toString());
            }
            this.currentLoggerKey = readFromSecretStore(str2, currentKey, this.loggerPass);
            return;
        }
        KeyGenerator keyGenerator = this.mToken.getKeyGenerator(KeyGenAlgorithm.DES3);
        keyGenerator.initialize(keyLength);
        SymmetricKey generate = keyGenerator.generate();
        this.currentLoggerKey = generate.getKeyData();
        writeToSecretStore(generate.getKeyData(), str2, this.loggerPass, initialKey);
        this.loggerInitialized = true;
        writeToSecretStore(generate.getKeyData(), str2, this.loggerPass, currentKey);
        writeToSecretStore(generate.getKeyData(), this.verifierFileName, password3, initialKey);
    }

    public synchronized byte[] generateLogEntryMAC(String str) throws Exception {
        this.lastMac = this.currentMAC;
        readFromSecretStore(this.logFileName, initialKey, this.loggerPass);
        byte[] readFromSecretStore = readFromSecretStore(this.logFileName, currentKey, this.loggerPass);
        if (this.currentLoggerKey != null && !new String(this.currentLoggerKey).equals(new String(readFromSecretStore))) {
            throw new Exception("Possible Intrusion or  Misconfiguration");
        }
        this.currentLoggerKey = readFromSecretStore;
        this.currentMAC = getDigest(str, this.currentLoggerKey);
        MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
        messageDigest.update(this.currentLoggerKey);
        this.currentLoggerKey = messageDigest.digest();
        writeToSecretStore(this.currentLoggerKey, this.logFileName, this.loggerPass, currentKey);
        return this.currentMAC;
    }

    public byte[] signMAC(byte[] bArr) throws Exception {
        try {
            CryptoManager cryptoManager = CryptoManager.getInstance();
            PrivateKey privateKey = null;
            X509Certificate x509Certificate = null;
            try {
                x509Certificate = cryptoManager.findCertByNickname(loggerKey);
            } catch (Exception e) {
                Debug.error("SecureLogHelper.signMAC() :  Exception : ", e);
            }
            try {
                privateKey = cryptoManager.findPrivKeyByCert(x509Certificate);
            } catch (Exception e2) {
                Debug.error("SecureLogHelper.signMAC() :  Exception : ", e2);
            }
            Signature signatureContext = this.mToken.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA1Digest);
            signatureContext.initSign(privateKey);
            signatureContext.update(bArr);
            byte[] sign = signatureContext.sign();
            writeToSecretStore(sign, this.logFileName, this.loggerPass, currentSignature);
            return sign;
        } catch (Exception e3) {
            Debug.error("SecureLogHelper.signMAC() :  Exception : ", e3);
            throw new Exception(e3.getMessage());
        }
    }

    public byte[] getLastMAC() {
        return this.currentMAC;
    }

    public byte[] getLastSignatureBytes() throws Exception {
        return readFromSecretStore(this.logFileName, currentSignature, this.loggerPass);
    }

    public String getPKCS12LogFileName() {
        return this.logFileName;
    }

    public String getPKCS12VerifierFileName() {
        return this.verifierFileName;
    }

    public synchronized void initializeVerifier(String str, Password password, Password password2) throws Exception {
        this.verifierFileName = str;
        if (this.mToken == null || this.mToken.equals("")) {
            this.mToken = CryptoManager.getInstance().getInternalCryptoToken();
        }
        MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
        Password password3 = new Password(new String(messageDigest.digest(Password.charToByte(password.getCharCopy())), "UTF-8").toCharArray());
        messageDigest.reset();
        this.verifierPass = new Password(new String(messageDigest.digest(Password.charToByte(password2.getCharCopy())), "UTF-8").toCharArray());
        if (password != null) {
            this.verifierInitialized = isInitialized(str, this.verifierPass);
        } else {
            this.verifierInitialized = true;
        }
        if (this.verifierInitialized) {
            this.currentVerifierKey = readFromSecretStore(this.verifierFileName, currentKey, this.verifierPass);
        } else {
            this.currentVerifierKey = readFromSecretStore(this.verifierFileName, initialKey, password3);
            Password password4 = (Password) this.verifierPass.clone();
            writeToSecretStore(this.currentVerifierKey, this.verifierFileName, this.verifierPass, initialKey);
            this.verifierInitialized = true;
            writeToSecretStore(this.currentVerifierKey, this.verifierFileName, password4, currentKey);
        }
        readFromSecretStore(str, initialKey, this.verifierPass);
    }

    public synchronized void reinitializeVerifier(String str, Password password) throws Exception {
        Password password2 = new Password(new String(MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA).digest(Password.charToByte(password.getCharCopy())), "UTF-8").toCharArray());
        this.verifierInitialized = isInitialized(str, password2);
        if (!this.verifierInitialized) {
            throw new Exception(new StringBuffer().append(this.logFileName).append(" Verifier is not initialized").toString());
        }
        this.currentVerifierKey = readFromSecretStore(this.verifierFileName, initialKey, password2);
        writeToSecretStore(this.currentVerifierKey, this.verifierFileName, (Password) password2.clone(), currentKey);
    }

    public void setLastLineforLogger(boolean z) {
        this.LoggerLastLine = z;
        if (this.lastLoggerKey == null) {
            this.lastLoggerKey = new byte[this.currentLoggerKey.length];
        }
        System.arraycopy(this.currentLoggerKey, 0, this.lastLoggerKey, 0, this.currentLoggerKey.length);
    }

    public void setLastLineforVerifier(boolean z) {
        this.VerifierLastLine = z;
    }

    public boolean isIntrusionTrue() {
        return this.LoggerLastLine && this.VerifierLastLine && !new String(this.currentVerifierKey).equals(new String(this.lastLoggerKey));
    }

    public boolean verifyMAC(String str, byte[] bArr) throws Exception {
        try {
            byte[] readFromSecretStore = readFromSecretStore(this.verifierFileName, currentKey, this.verifierPass);
            if (this.currentVerifierKey != null && !new String(this.currentVerifierKey).equals(new String(readFromSecretStore))) {
                throw new Exception(new StringBuffer().append(this.verifierFileName).append(" Possible Intrusion or ").append(" Misconfiguration").toString());
            }
            this.currentVerifierKey = readFromSecretStore;
            if (!equalByteArrays(bArr, getDigest(str, this.currentVerifierKey))) {
                return false;
            }
            MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
            messageDigest.update(this.currentVerifierKey);
            this.currentVerifierKey = messageDigest.digest();
            writeToSecretStore(this.currentVerifierKey, this.verifierFileName, this.verifierPass, currentKey);
            return true;
        } catch (Exception e) {
            Debug.error("SecureLogHelper.verifyMAC() :  Exception : ", e);
            return false;
        }
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws Exception {
        try {
            PublicKey publicKey = CryptoManager.getInstance().findCertByNickname(loggerKey).getPublicKey();
            Signature signatureContext = this.mToken.getSignatureContext(SignatureAlgorithm.RSASignatureWithSHA1Digest);
            signatureContext.initVerify(publicKey);
            signatureContext.update(bArr2);
            return signatureContext.verify(bArr);
        } catch (Exception e) {
            Debug.error("SecureLogHelper.verifySignature() :  Exception : ", e);
            throw new Exception(e.getMessage());
        }
    }

    private byte[] createLocalKeyId(byte[] bArr) throws Exception {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (Exception e) {
            Debug.error("SecureLogHelper.createLocalKeyId() :  Exception : ", e);
            throw new Exception(new StringBuffer().append("Failed to create Key ID - ").append(e.toString()).toString());
        }
    }

    private SET createBagAttrs(String str, byte[] bArr) throws Exception {
        try {
            SET set = new SET();
            SEQUENCE sequence = new SEQUENCE();
            sequence.addElement(SafeBag.FRIENDLY_NAME);
            SET set2 = new SET();
            set2.addElement(new BMPString(str));
            sequence.addElement(set2);
            set.addElement(sequence);
            SEQUENCE sequence2 = new SEQUENCE();
            sequence2.addElement(SafeBag.LOCAL_KEY_ID);
            SET set3 = new SET();
            set3.addElement(new OCTET_STRING(bArr));
            sequence2.addElement(set3);
            set.addElement(sequence2);
            return set;
        } catch (Exception e) {
            Debug.error("SecureLogHelper.createBagAttrs() :  Exception : ", e);
            throw new Exception(new StringBuffer().append("Failed to create Key Bag - ").append(e.toString()).toString());
        }
    }

    private byte[] readFromSecretStore(String str, String str2, Password password) throws Exception {
        FileInputStream fileInputStream = new FileInputStream(str);
        PFX decode = new PFX.Template().decode(new BufferedInputStream(fileInputStream, EasspMessage.ATTR_FIXED));
        StringBuffer stringBuffer = new StringBuffer();
        if (!decode.verifyAuthSafes(password, stringBuffer)) {
            throw new Exception(new StringBuffer().append("AuthSafes failed to verify because: ").append(stringBuffer.toString()).toString());
        }
        AuthenticatedSafes authSafes = decode.getAuthSafes();
        SEQUENCE sequence = authSafes.getSequence();
        byte[] bArr = null;
        for (int i = 0; i < sequence.size(); i++) {
            SEQUENCE safeContentsAt = authSafes.getSafeContentsAt(password, i);
            ASN1Value aSN1Value = null;
            for (int i2 = 0; i2 < safeContentsAt.size(); i2++) {
                SafeBag elementAt = safeContentsAt.elementAt(i2);
                SET bagAttributes = elementAt.getBagAttributes();
                if (bagAttributes != null) {
                    int i3 = 0;
                    while (true) {
                        if (i3 >= bagAttributes.size()) {
                            break;
                        }
                        Attribute elementAt2 = bagAttributes.elementAt(i3);
                        if (elementAt2.getType().equals(SafeBag.FRIENDLY_NAME) && str2.equals(elementAt2.getValues().elementAt(0).decodeWith(BMPString.getTemplate()).toString())) {
                            aSN1Value = elementAt.getInterpretedBagContent();
                            break;
                        }
                        i3++;
                    }
                }
            }
            if (aSN1Value instanceof ANY) {
                bArr = ((ANY) aSN1Value).getContents();
            }
        }
        fileInputStream.close();
        return bArr;
    }

    private void writeToSecretStore(byte[] bArr, String str, Password password, String str2) throws Exception {
        byte[] readFromSecretStore;
        byte[] readFromSecretStore2;
        byte[] bArr2 = null;
        String str3 = null;
        if (str.equals(this.logFileName) && this.loggerInitialized) {
            if (str2.equals(currentSignature)) {
                bArr2 = readFromSecretStore(this.logFileName, currentKey, password);
                str3 = currentKey;
            } else if (str2.equals(currentKey)) {
                bArr2 = readFromSecretStore(this.logFileName, currentSignature, password);
                str3 = currentSignature;
            }
        }
        AuthenticatedSafes authenticatedSafes = new AuthenticatedSafes();
        if (bArr2 != null) {
            authenticatedSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, password, (byte[]) null, 1, AddToSecretStore(bArr2, str3));
        }
        if (str.equals(this.logFileName) && !str2.equals(initialKey) && this.loggerInitialized && (readFromSecretStore2 = readFromSecretStore(str, initialKey, password)) != null) {
            authenticatedSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, password, (byte[]) null, 1, AddToSecretStore(readFromSecretStore2, initialKey));
        }
        if (str.equals(this.verifierFileName) && !str2.equals(initialKey) && this.verifierInitialized && (readFromSecretStore = readFromSecretStore(str, initialKey, password)) != null) {
            authenticatedSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, password, (byte[]) null, 1, AddToSecretStore(readFromSecretStore, initialKey));
        }
        authenticatedSafes.addEncryptedSafeContents(PBEAlgorithm.PBE_SHA1_DES3_CBC, password, (byte[]) null, 1, AddToSecretStore(bArr, str2));
        PFX pfx = new PFX(authenticatedSafes);
        pfx.computeMacData(password, (byte[]) null, 5);
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        pfx.encode(fileOutputStream);
        fileOutputStream.close();
    }

    private byte[] getDigest(String str, byte[] bArr) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
        MessageDigest messageDigest2 = MessageDigest.getInstance(SecurityProvider.ALG_DIGEST_SHA);
        messageDigest2.update(str.getBytes());
        messageDigest2.update(bArr);
        messageDigest.update(bArr);
        messageDigest.update(messageDigest2.digest());
        return messageDigest.digest();
    }

    private SEQUENCE AddToSecretStore(byte[] bArr, String str) throws Exception {
        SEQUENCE sequence = new SEQUENCE();
        sequence.addElement(new SafeBag(SafeBag.SECRET_BAG, new OCTET_STRING(bArr), createBagAttrs(str, createLocalKeyId(bArr))));
        return sequence;
    }

    public String toHexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        int length = bArr.length;
        for (int i = 0; i < length; i++) {
            bytetohex((byte) (bArr[i] + 128), stringBuffer);
            if (i < length - 1) {
                stringBuffer.append(":");
            }
        }
        return stringBuffer.toString();
    }

    public void bytetohex(byte b, StringBuffer stringBuffer) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        stringBuffer.append(cArr[(b & 240) >> 4]);
        stringBuffer.append(cArr[b & 15]);
    }

    public static byte[] toByteArray(String str) {
        str.length();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ":");
        String[] strArr = new String[stringTokenizer.countTokens()];
        int i = 0;
        while (stringTokenizer.hasMoreTokens()) {
            strArr[i] = stringTokenizer.nextToken();
            i++;
        }
        byte[] bArr = new byte[strArr.length];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            bArr[i2] = (byte) (Integer.parseInt(strArr[i2], 16) - 128);
        }
        return bArr;
    }

    private boolean isInitialized(String str, Password password) {
        try {
            new FileInputStream(str);
            return readFromSecretStore(str, currentKey, password) != null;
        } catch (Exception e) {
            if (!Debug.messageEnabled()) {
                return false;
            }
            Debug.message(new StringBuffer().append("SecureLogHelper.isInitialized() : ").append(e.getMessage()).append(" : returning false").toString());
            return false;
        }
    }

    private boolean equalByteArrays(byte[] bArr, byte[] bArr2) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
        while (0 < byteArrayInputStream.available()) {
            if (byteArrayInputStream.read() != byteArrayInputStream2.read()) {
                byteArrayInputStream.close();
                byteArrayInputStream2.close();
                return false;
            }
        }
        byteArrayInputStream.close();
        byteArrayInputStream2.close();
        return true;
    }

    public static void setLoggerKeyName(String str) {
        loggerKey = str;
    }

    public static String getLoggerKeyName() {
        return loggerKey;
    }
}
