package org.identityconnectors.ldap.sync.sunds;

import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.xml.security.c14n.Canonicalizer;
import org.identityconnectors.common.Assertions;
import org.identityconnectors.framework.common.exceptions.ConnectorException;

/* loaded from: input_file:lib/ldap-connector-1.1.0.em2.jar:org/identityconnectors/ldap/sync/sunds/PasswordDecryptor.class */
public class PasswordDecryptor {
    private static final String ENCRYPTION_ALGORITHM = "DESede/CBC/NoPadding";
    private static final int KEY_VERSION_MAGIC = 321721347;
    private static final int LENGTH_INDEX = 4;
    private final Cipher cipher;
    private final int blockSize;

    public PasswordDecryptor(byte[] bArr, byte[] bArr2) {
        Assertions.nullCheck(bArr, "desedeKey");
        Assertions.nullCheck(bArr2, "iv");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "DESede");
        try {
            this.cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            this.cipher.init(2, secretKeySpec, ivParameterSpec);
            this.blockSize = this.cipher.getBlockSize();
        } catch (InvalidAlgorithmParameterException e) {
            throw new ConnectorException(e);
        } catch (InvalidKeyException e2) {
            throw new ConnectorException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ConnectorException(e3);
        } catch (NoSuchPaddingException e4) {
            throw new ConnectorException(e4);
        }
    }

    public String decryptPassword(byte[] bArr) {
        byte[] bArr2;
        if (bArr.length % this.blockSize != 0) {
            bArr2 = new byte[((bArr.length / this.blockSize) + 1) * this.blockSize];
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            Arrays.fill(bArr2, bArr.length, bArr2.length, (byte) 0);
        } else {
            bArr2 = bArr;
        }
        try {
            try {
                return getDecryptedPassword(this.cipher.doFinal(bArr2));
            } catch (UnsupportedEncodingException e) {
                throw new ConnectorException(e);
            }
        } catch (IllegalStateException e2) {
            throw new ConnectorException(e2);
        } catch (BadPaddingException e3) {
            throw new ConnectorException(e3);
        } catch (IllegalBlockSizeException e4) {
            throw new ConnectorException(e4);
        }
    }

    private final String getDecryptedPassword(byte[] bArr) throws ConnectorException, UnsupportedEncodingException {
        if (bArr.length < 8) {
            throw new ConnectorException("Invalid decrypted password value: too short");
        }
        int intValueFromByteArray = getIntValueFromByteArray(bArr, 4);
        if (intValueFromByteArray < 0) {
            throw new ConnectorException("Weird decrypted password value: negative length");
        }
        if (intValueFromByteArray <= (bArr.length - 12) - this.blockSize || intValueFromByteArray > bArr.length - 12) {
            throw new ConnectorException("Invalid password length");
        }
        checkKeyVersionMagic(bArr, 8 + intValueFromByteArray);
        return new String(bArr, 8, intValueFromByteArray, Canonicalizer.ENCODING);
    }

    private final void checkKeyVersionMagic(byte[] bArr, int i) throws ConnectorException {
        if (i < 8 || i > bArr.length - 4) {
            throw new ConnectorException("Invalid start index for post password magic");
        }
        int intValueFromByteArray = getIntValueFromByteArray(bArr, 0);
        int intValueFromByteArray2 = getIntValueFromByteArray(bArr, i);
        if (intValueFromByteArray != KEY_VERSION_MAGIC || intValueFromByteArray2 != KEY_VERSION_MAGIC) {
            throw new ConnectorException("Key magic mismatch");
        }
    }

    private int getIntValueFromByteArray(byte[] bArr, int i) {
        return (getUnsignedByteValueAsInt(bArr[i]) << 24) + (getUnsignedByteValueAsInt(bArr[i + 1]) << 16) + (getUnsignedByteValueAsInt(bArr[i + 2]) << 8) + getUnsignedByteValueAsInt(bArr[i + 3]);
    }

    private int getUnsignedByteValueAsInt(byte b) {
        return b < 0 ? 256 + b : b;
    }
}
