package org.mozilla.jss.tests;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.mozilla.jss.CertDatabaseException;
import org.mozilla.jss.CryptoManager;
import org.mozilla.jss.KeyDatabaseException;
import org.mozilla.jss.crypto.AlreadyInitializedException;
import org.mozilla.jss.crypto.SecretKeyFacade;
import org.mozilla.jss.crypto.TokenException;
import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.NativeErrcodes;

/* loaded from: input_file:org/mozilla/jss/tests/JCAKeyWrap.class */
public class JCAKeyWrap {
    protected static final String MOZ_PROVIDER_NAME = "Mozilla-JSS";
    protected boolean bFipsMode;
    protected byte[] plainText = "Firefox   rules!Firefox   rules!Firefox   rules!Firefox   rules!Firefox   rules!".getBytes();
    protected byte[] plainTextPad = "Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!Thunderbird rules!".getBytes();

    public static void main(String[] strArr) {
        if (strArr.length != 2) {
            usage();
            System.exit(1);
        }
        try {
            JCAKeyWrap jCAKeyWrap = new JCAKeyWrap(strArr[0], strArr[1]);
            String str = new String("IBMJCE");
            String str2 = new String("IBMJCE");
            if (Security.getProvider(str) == null) {
                str = new String("SunJCE");
                str2 = new String("SunRsaSign");
                if (Security.getProvider(str) == null) {
                    System.out.println("unable to find IBMJCE or SunJCE providers");
                    Provider[] providers = Security.getProviders();
                    for (int i = 0; i < providers.length; i++) {
                        System.out.println(new StringBuffer().append("Provider ").append(i).append(": ").append(providers[i].getName()).toString());
                    }
                    System.exit(1);
                }
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", MOZ_PROVIDER_NAME);
            keyPairGenerator.initialize(1024);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            KeyPairGenerator keyPairGenerator2 = KeyPairGenerator.getInstance("RSA", str2);
            keyPairGenerator2.initialize(1024);
            keyPairGenerator2.generateKeyPair();
            SecretKey generateKey = KeyGenerator.getInstance("DESede", MOZ_PROVIDER_NAME).generateKey();
            jCAKeyWrap.wrapSymetricKeyWithRSA(generateKey, generateKeyPair, MOZ_PROVIDER_NAME, MOZ_PROVIDER_NAME);
            if (!jCAKeyWrap.isBFipsMode()) {
                jCAKeyWrap.wrapSymetricKeyWithRSA(generateKey, generateKeyPair, MOZ_PROVIDER_NAME, str);
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", MOZ_PROVIDER_NAME);
            keyGenerator.init(128);
            SecretKey generateKey2 = keyGenerator.generateKey();
            KeyGenerator keyGenerator2 = KeyGenerator.getInstance("AES", MOZ_PROVIDER_NAME);
            for (int i2 : new int[]{128, NativeErrcodes.SEC_ERROR_UNKNOWN_ISSUER, NativeErrcodes.SEC_ERROR_IMPORTING_CERTIFICATES}) {
                keyGenerator2.init(i2);
                SecretKey generateKey3 = keyGenerator2.generateKey();
                keyGenerator2 = KeyGenerator.getInstance("AES", MOZ_PROVIDER_NAME);
                if (((SecretKeyFacade) generateKey3).key.getStrength() != 128 || jCAKeyWrap.isBFipsMode()) {
                    jCAKeyWrap.wrapSymetricKey(generateKey, "AES/CBC/PKCS5Padding", generateKey3);
                    jCAKeyWrap.wrapSymetricKey(generateKey2, "AES/CBC/PKCS5Padding", generateKey3);
                    jCAKeyWrap.wrapSymetricKeyWithRSA(generateKey3, generateKeyPair);
                } else {
                    jCAKeyWrap.wrapSymetricKey(generateKey, "AES/CBC/PKCS5Padding", generateKey3, MOZ_PROVIDER_NAME, str);
                    jCAKeyWrap.wrapSymetricKey(generateKey2, "AES/CBC/PKCS5Padding", generateKey3, MOZ_PROVIDER_NAME, str);
                    jCAKeyWrap.wrapSymetricKeyWithRSA(generateKey3, generateKeyPair, MOZ_PROVIDER_NAME, str);
                }
                generateKey2 = generateKey3;
            }
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(1);
        }
        System.exit(0);
    }

    public static void usage() {
        System.out.println("Usage: java org.mozilla.jss.tests.JCAKeyWrap <dbdir> <passwordFile>");
    }

    public JCAKeyWrap(String str, String str2) {
        this.bFipsMode = false;
        try {
            CryptoManager.initialize(str);
            CryptoManager cryptoManager = CryptoManager.getInstance();
            cryptoManager.getInternalKeyStorageToken().login(new FilePasswordCallback(str2));
            if (cryptoManager.FIPSEnabled()) {
                this.bFipsMode = true;
                System.out.println("in Fipsmode.");
            }
        } catch (IOException e) {
            e.printStackTrace();
            System.exit(1);
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            System.exit(1);
        } catch (CertDatabaseException e3) {
            e3.printStackTrace();
            System.exit(1);
        } catch (CryptoManager.NotInitializedException e4) {
            e4.printStackTrace();
            System.exit(1);
        } catch (KeyDatabaseException e5) {
            e5.printStackTrace();
            System.exit(1);
        } catch (AlreadyInitializedException e6) {
            e6.printStackTrace();
            System.exit(1);
        } catch (TokenException e7) {
            e7.printStackTrace();
            System.exit(1);
        } catch (IncorrectPasswordException e8) {
            e8.printStackTrace();
            System.exit(1);
        }
    }

    public boolean isBFipsMode() {
        return this.bFipsMode;
    }

    public String testCipher(String str) throws Exception {
        String[] strArr = {"DESede/ECB/NoPadding", "DESede/CBC/PKCS5Padding", "DESede/CBC/NoPadding"};
        String[] strArr2 = {"AES/ECB/NoPadding", "AES/CBC/NoPadding", "AES/CBC/PKCS5Padding"};
        SecureRandom secureRandom = SecureRandom.getInstance("pkcs11prng", MOZ_PROVIDER_NAME);
        if (str.equalsIgnoreCase("AES")) {
            return strArr2[secureRandom.nextInt(strArr2.length)];
        }
        if (str.equalsIgnoreCase("DESede")) {
            return strArr[secureRandom.nextInt(strArr.length)];
        }
        throw new Exception(new StringBuffer().append("no support for ").append(str).toString());
    }

    public void wrapSymetricKeyWithRSA(Key key, KeyPair keyPair) throws Exception {
        wrapSymetricKeyWithRSA(key, keyPair, MOZ_PROVIDER_NAME, MOZ_PROVIDER_NAME);
    }

    public void wrapSymetricKeyWithRSA(Key key, KeyPair keyPair, String str, String str2) throws Exception {
        try {
            String str3 = new String(key.getAlgorithm());
            System.out.print(new StringBuffer().append("Wrap ").append(str3).append(" ").append(((SecretKeyFacade) key).key.getStrength()).append(" with RSA. ").toString());
            Cipher cipher = Cipher.getInstance("RSA", str);
            cipher.init(3, keyPair.getPublic());
            byte[] wrap = cipher.wrap(key);
            Cipher cipher2 = Cipher.getInstance("RSA", str);
            cipher2.init(4, keyPair.getPrivate());
            testKeys(key, (SecretKey) cipher2.unwrap(wrap, str3, 3), str, str2);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            System.exit(1);
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
            System.exit(1);
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            System.exit(1);
        } catch (BadPaddingException e4) {
            e4.printStackTrace();
            System.exit(1);
        } catch (IllegalBlockSizeException e5) {
            e5.printStackTrace();
            System.exit(1);
        } catch (NoSuchPaddingException e6) {
            e6.printStackTrace();
            System.exit(1);
        }
    }

    public void wrapSymetricKey(Key key, String str, Key key2) throws Exception {
        wrapSymetricKey(key, str, key2, MOZ_PROVIDER_NAME, MOZ_PROVIDER_NAME);
    }

    static boolean keysEqual(Key key, Key key2) {
        return key.equals(key2) || Arrays.equals(key.getEncoded(), key2.getEncoded());
    }

    protected void testKeys(Key key, Key key2, String str, String str2) throws Exception {
        if (this.bFipsMode) {
            if (((SecretKeyFacade) key).key.getStrength() != ((SecretKeyFacade) key2).key.getStrength()) {
                throw new Exception("unwrapped key strength does not match orginal");
            }
        } else if (!keysEqual(key, key2)) {
            throw new Exception("unwrapped key does not match original");
        }
        String testCipher = testCipher(key.getAlgorithm());
        System.out.println(new StringBuffer().append("Test ").append(testCipher).append(" encrypt with ").append(str).append(" decrypt ").append(str2).toString());
        byte[] bArr = this.plainText;
        if (testCipher.endsWith("PKCS5Padding")) {
            bArr = this.plainTextPad;
        }
        Cipher cipher = Cipher.getInstance(testCipher, str);
        cipher.init(1, key);
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr2 = null;
        AlgorithmParameters parameters = cipher.getParameters();
        if (parameters != null) {
            bArr2 = parameters.getEncoded();
        }
        Cipher cipher2 = Cipher.getInstance(testCipher, str2);
        if (bArr2 == null) {
            cipher2.init(2, key2);
        } else {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(key2.getAlgorithm());
            algorithmParameters.init(bArr2);
            cipher2.init(2, key2, algorithmParameters);
        }
        byte[] bArr3 = new byte[bArr.length];
        int update = cipher2.update(doFinal, 0, doFinal.length, bArr3, 0);
        int doFinal2 = update + cipher2.doFinal(bArr3, update);
        if (!Arrays.equals(bArr, bArr3)) {
            throw new Exception("key do not match. unable to encrypt/decrypt.");
        }
    }

    public void wrapSymetricKey(Key key, String str, Key key2, String str2, String str3) throws Exception {
        try {
            System.out.print(new StringBuffer().append("Wrap ").append(key.getAlgorithm()).append(" ").append(((SecretKeyFacade) key).key.getStrength()).append(" with ").append(key2.getAlgorithm()).append(" ").append(((SecretKeyFacade) key2).key.getStrength()).append(" symmetric key. ").toString());
            Cipher cipher = Cipher.getInstance(str, str2);
            cipher.init(3, key2);
            byte[] wrap = cipher.wrap(key);
            byte[] bArr = null;
            AlgorithmParameters parameters = cipher.getParameters();
            if (parameters != null) {
                bArr = parameters.getEncoded();
            }
            Cipher cipher2 = Cipher.getInstance(str, str2);
            if (bArr == null) {
                cipher2.init(4, key2);
            } else {
                AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(key2.getAlgorithm());
                algorithmParameters.init(bArr);
                cipher2.init(4, key2, algorithmParameters);
            }
            testKeys(key, (SecretKey) cipher2.unwrap(wrap, key.getAlgorithm(), 3), str2, str3);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            System.exit(1);
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
            System.exit(1);
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            System.exit(1);
        } catch (BadPaddingException e4) {
            e4.printStackTrace();
            System.exit(1);
        } catch (IllegalBlockSizeException e5) {
            e5.printStackTrace();
            System.exit(1);
        } catch (NoSuchPaddingException e6) {
            e6.printStackTrace();
            System.exit(1);
        }
    }
}
