package es.mityc.crypto.asymetric;

import es.mityc.crypto.ConstantsCrypto;
import es.mityc.crypto.CryptoManager;
import es.mityc.crypto.symetric.TripleDESManager;
import es.mityc.javasign.pkstore.IPKStoreManager;
import es.mityc.javasign.utils.Base64Coder;
import es.mityc.javasign.utils.Utils;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:es/mityc/crypto/asymetric/RSAManager.class */
public class RSAManager implements CryptoManager {
    private static final int keySize = 1024;
    public static final String RSA_OAEP_KEY = "RSA/None/OAEPWithSHA1AndMGF1Padding";
    public static final String RSA_NONE = "RSA/None/NoPadding";
    public static final String RSA_ECB_PKCS1 = "RSA/ECB/PKCS1Padding";
    public static final String RSA = "RSA";
    static Log logger = LogFactory.getLog(RSAManager.class);
    private static final byte[] salt = SecureRandom.getSeed(8);
    private Cipher rsaCipher = null;
    private SecureRandom random = null;
    private TripleDESManager simetricCipher = null;
    private String usedAlgorithm = RSA_OAEP_KEY;

    public RSAManager() {
        init();
    }

    @Override // es.mityc.crypto.CryptoManager
    public void feedSeed(byte[] bArr) {
        this.random.nextBytes(salt);
        if (bArr != null) {
            for (int i = 0; i < salt.length && i < bArr.length; i++) {
                salt[i] = (byte) (salt[i] & bArr[i]);
            }
        }
        this.random.setSeed(salt);
    }

    private void init() throws SecurityException {
        if (Security.getProvider("BC") == null) {
            Utils.addBCProvider();
        }
        try {
            this.rsaCipher = Cipher.getInstance(RSA_OAEP_KEY, "BC");
            this.random = new SecureRandom(salt);
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException("No se pudo instanciar el algoritmo RSA", e);
        } catch (NoSuchProviderException e2) {
            throw new SecurityException("No se encontró el proveedor de BouncyCastle", e2);
        } catch (NoSuchPaddingException e3) {
            throw new SecurityException("No se pudo inicializar el relleno", e3);
        }
    }

    public char[] protectRSA(String str, Key key) throws SecurityException {
        return protectRSA(str.getBytes(), key);
    }

    public char[] protectRSA(String str, Key key, Provider provider) throws SecurityException {
        return protectRSA(str.getBytes(), key, provider);
    }

    public char[] protectRSA(byte[] bArr, Key key) throws SecurityException {
        if (key == null || bArr == null) {
            throw new SecurityException("Faltan parámetros de entrada");
        }
        try {
            this.rsaCipher.init(1, key, this.random);
            return Base64Coder.encode(this.rsaCipher.doFinal(bArr));
        } catch (InvalidKeyException e) {
            throw new SecurityException(e);
        } catch (BadPaddingException e2) {
            throw new SecurityException(e2);
        } catch (IllegalBlockSizeException e3) {
            throw new SecurityException(e3);
        }
    }

    public char[] protectRSA(byte[] bArr, Key key, String str) throws SecurityException {
        return protectRSA(bArr, key, str, null);
    }

    public char[] protectRSA(byte[] bArr, Key key, String str, Provider provider) throws SecurityException {
        if (key == null || bArr == null) {
            throw new SecurityException("Faltan parámetros de entrada");
        }
        if (provider == null) {
            provider = Security.getProvider("BC");
        }
        try {
            try {
                this.usedAlgorithm = str;
                Cipher cipher = Cipher.getInstance(this.usedAlgorithm, provider.getName());
                if (logger.isDebugEnabled()) {
                    logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher.getProvider().getName());
                }
                cipher.init(1, key, this.random);
                char[] encode = Base64Coder.encode(cipher.doFinal(bArr));
                if (Security.getProvider("BC") != null) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Eliminando el proveedor BC");
                    }
                    Security.removeProvider("BC");
                }
                return encode;
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        } catch (Throwable th) {
            if (Security.getProvider("BC") != null) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Eliminando el proveedor BC");
                }
                Security.removeProvider("BC");
            }
            throw th;
        }
    }

    public char[] protectRSA(byte[] bArr, Key key, Provider provider) throws SecurityException {
        Cipher cipher;
        if (key == null || bArr == null) {
            throw new SecurityException("Faltan parámetros de entrada");
        }
        this.usedAlgorithm = RSA_OAEP_KEY;
        try {
            try {
                try {
                    try {
                        if (provider != null) {
                            if (provider.getService("Cipher", this.usedAlgorithm) == null) {
                                logger.error("No se pudo encontrar el servicio Cipher.RSA en " + provider.getName());
                                this.usedAlgorithm = "RSA";
                                if (logger.isTraceEnabled() && provider.getServices() != null) {
                                    logger.trace("Servicios disponibles --> ");
                                    for (Object obj : provider.getServices().toArray()) {
                                        logger.trace("Algoritmo disponible: " + ((Provider.Service) obj).getAlgorithm());
                                    }
                                }
                            }
                            if (logger.isDebugEnabled()) {
                                logger.debug("Proveedor: " + provider.getInfo());
                                logger.debug("Algoritmo a emplear: " + this.usedAlgorithm);
                            }
                            cipher = Cipher.getInstance(this.usedAlgorithm, provider);
                        } else {
                            cipher = Cipher.getInstance(this.usedAlgorithm);
                        }
                        cipher.init(1, key, this.random);
                        char[] encode = Base64Coder.encode(cipher.doFinal(bArr));
                        if (provider != null && Security.getProvider(provider.getName()) != null) {
                            Security.removeProvider(provider.getName());
                        }
                        return encode;
                    } catch (NoSuchAlgorithmException e) {
                        try {
                            if (logger.isDebugEnabled()) {
                                logger.error(e);
                                logger.debug("NoSuchAlgorithmException. Reintento con configuración por defecto: ");
                            }
                            this.usedAlgorithm = RSA_ECB_PKCS1;
                            Cipher cipher2 = Cipher.getInstance(this.usedAlgorithm, "BC");
                            cipher2.init(1, key, this.random);
                            char[] encode2 = Base64Coder.encode(cipher2.doFinal(bArr));
                            if (provider != null && Security.getProvider(provider.getName()) != null) {
                                Security.removeProvider(provider.getName());
                            }
                            return encode2;
                        } catch (Exception e2) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("No se encontró el algoritmo", e2);
                            }
                            throw new SecurityException("No se detectó el algoritmo RSA", e);
                        }
                    }
                } catch (InvalidKeyException e3) {
                    try {
                        if (logger.isDebugEnabled()) {
                            logger.error(e3);
                            logger.debug("Reintento con configuración por defecto: ");
                        }
                        this.usedAlgorithm = RSA_ECB_PKCS1;
                        Cipher cipher3 = Cipher.getInstance(this.usedAlgorithm, "BC");
                        if (logger.isDebugEnabled()) {
                            logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher3.getProvider().getName());
                        }
                        cipher3.init(1, key, this.random);
                        char[] encode3 = Base64Coder.encode(cipher3.doFinal(bArr));
                        if (provider != null && Security.getProvider(provider.getName()) != null) {
                            Security.removeProvider(provider.getName());
                        }
                        return encode3;
                    } catch (Exception e4) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Error al encriptar", e4);
                        }
                        throw new SecurityException(e3);
                    }
                } catch (BadPaddingException e5) {
                    throw new SecurityException(e5);
                }
            } catch (IllegalBlockSizeException e6) {
                throw new SecurityException(e6);
            } catch (NoSuchPaddingException e7) {
                throw new SecurityException(e7);
            }
        } catch (Throwable th) {
            if (provider != null && Security.getProvider(provider.getName()) != null) {
                Security.removeProvider(provider.getName());
            }
            throw th;
        }
    }

    public byte[] recoverRSA(char[] cArr, Key key) throws SecurityException {
        if (key == null || cArr == null) {
            throw new SecurityException("Faltan parámetros de entrada");
        }
        try {
            this.rsaCipher.init(2, key);
            return this.rsaCipher.doFinal(Base64Coder.decode(cArr));
        } catch (IllegalArgumentException e) {
            throw new SecurityException("Clave incorrecta", e);
        } catch (InvalidKeyException e2) {
            throw new SecurityException(e2);
        } catch (BadPaddingException e3) {
            throw new SecurityException("Clave incorrecta", e3);
        } catch (IllegalBlockSizeException e4) {
            throw new SecurityException(e4);
        }
    }

    public byte[] recoverRSA(char[] cArr, IPKStoreManager iPKStoreManager, X509Certificate x509Certificate, String str) throws SecurityException {
        return recoverRSA(cArr, iPKStoreManager, x509Certificate, str, null);
    }

    public byte[] recoverRSA(char[] cArr, IPKStoreManager iPKStoreManager, X509Certificate x509Certificate, String str, Provider provider) throws SecurityException {
        Cipher cipher;
        if (iPKStoreManager == null || cArr == null || x509Certificate == null) {
            throw new SecurityException("Faltan parámetros de entrada");
        }
        if (provider == null) {
            provider = Security.getProvider("BC");
        }
        PrivateKey privateKey = null;
        if (provider != null) {
            try {
                if (Security.getProvider(provider.getName()) == null) {
                    Security.addProvider(provider);
                    if (logger.isDebugEnabled()) {
                        if (Security.getProvider(provider.getName()) == null) {
                            logger.debug("No se ha insertado el proveedor");
                        } else {
                            logger.debug("Proveedor insertado correctamente");
                        }
                    }
                }
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Se produjo un error al desencriptar: " + e.getMessage(), e);
                }
                try {
                    try {
                        this.usedAlgorithm = RSA_OAEP_KEY;
                        Cipher cipher2 = Cipher.getInstance(this.usedAlgorithm);
                        if (logger.isDebugEnabled()) {
                            logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher2.getProvider().getName());
                        }
                        byte[] decryptText = decryptText(cArr, provider, privateKey, cipher2);
                        if (provider != null && Security.getProvider(provider.getName()) != null) {
                            Security.removeProvider(provider.getName());
                        }
                        return decryptText;
                    } catch (Exception e2) {
                        logger.debug("Error RSA para el descifrado según: " + this.usedAlgorithm, e2);
                        try {
                            this.usedAlgorithm = RSA_ECB_PKCS1;
                            Cipher cipher3 = Cipher.getInstance(this.usedAlgorithm, provider);
                            if (logger.isDebugEnabled()) {
                                logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher3.getProvider().getName());
                            }
                            byte[] decryptText2 = decryptText(cArr, provider, privateKey, cipher3);
                            if (provider != null && Security.getProvider(provider.getName()) != null) {
                                Security.removeProvider(provider.getName());
                            }
                            return decryptText2;
                        } catch (Exception e3) {
                            logger.debug("Error RSA para el descifrado según: " + this.usedAlgorithm + " con el proveedor " + provider, e3);
                            try {
                                this.usedAlgorithm = "RSA";
                                Cipher cipher4 = Cipher.getInstance(this.usedAlgorithm, provider);
                                if (logger.isDebugEnabled()) {
                                    logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher4.getProvider().getName());
                                }
                                byte[] decryptText3 = decryptText(cArr, provider, privateKey, cipher4);
                                if (provider != null && Security.getProvider(provider.getName()) != null) {
                                    Security.removeProvider(provider.getName());
                                }
                                return decryptText3;
                            } catch (Exception e4) {
                                logger.debug("Error RSA para el descifrado según: " + this.usedAlgorithm + " con el proveedor " + provider, e4);
                                try {
                                    this.usedAlgorithm = RSA_ECB_PKCS1;
                                    Cipher cipher5 = Cipher.getInstance(this.usedAlgorithm);
                                    if (logger.isDebugEnabled()) {
                                        logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + cipher5.getProvider().getName());
                                    }
                                    byte[] decryptText4 = decryptText(cArr, provider, privateKey, cipher5);
                                    if (provider != null && Security.getProvider(provider.getName()) != null) {
                                        Security.removeProvider(provider.getName());
                                    }
                                    return decryptText4;
                                } catch (Exception e5) {
                                    logger.debug("No se pudo desencriptar", e5);
                                    throw new SecurityException("Error RSA - No se pudo desencriptar", e2);
                                }
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (provider != null && Security.getProvider(provider.getName()) != null) {
                        Security.removeProvider(provider.getName());
                    }
                    throw th;
                }
            }
        }
        privateKey = iPKStoreManager.getPrivateKey(x509Certificate);
        if (logger.isTraceEnabled()) {
            Provider[] providers = Security.getProviders();
            if (providers != null) {
                logger.trace("\n*** Proveedores disponibles --> ");
                for (Provider provider2 : providers) {
                    logger.trace(provider2.getName());
                }
            }
            if (provider != null && provider.getServices() != null) {
                logger.trace("\n*** Servicios disponibles en " + provider.getName() + " --> ");
                for (Object obj : provider.getServices().toArray()) {
                    logger.trace(((Provider.Service) obj).getAlgorithm());
                }
            }
            if (privateKey != null) {
                logger.trace("Algoritmo de la clave privada --> " + privateKey.getAlgorithm());
                logger.trace("Formato de la clave privada --> " + privateKey.getFormat());
            }
        }
        if (str != null) {
            this.usedAlgorithm = str;
        } else {
            this.usedAlgorithm = RSA_OAEP_KEY;
        }
        if (provider != null) {
            cipher = Cipher.getInstance(this.usedAlgorithm, provider);
            if (logger.isDebugEnabled()) {
                logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con el proveedor " + provider);
            }
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Empleando el algoritmo " + this.usedAlgorithm + " con la lista de proveedores");
            }
            cipher = Cipher.getInstance(this.usedAlgorithm);
        }
        return decryptText(cArr, provider, privateKey, cipher);
    }

    private byte[] decryptText(char[] cArr, Provider provider, PrivateKey privateKey, Cipher cipher) throws InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException {
        byte[] doFinal;
        if (provider == null || provider.getName() == null || !provider.getName().contains("Mozilla-JSS")) {
            cipher.init(2, privateKey);
            doFinal = cipher.doFinal(Base64Coder.decode(cArr));
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Recuperando clave a través de Mozilla-JSS");
            }
            cipher.init(4, privateKey);
            doFinal = cipher.unwrap(Base64Coder.decode(cArr), ConstantsCrypto.TripleDES_ALGORITHM, 3).getEncoded();
        }
        return doFinal;
    }

    public String genNewRSAKeys(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(keySize, this.random);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            byte[] encoded = generateKeyPair.getPublic().getEncoded();
            byte[] encoded2 = generateKeyPair.getPrivate().getEncoded();
            int length = encoded.length + encoded2.length + 4;
            byte[] bArr = new byte[length];
            char[] charArray = String.valueOf(encoded.length).toCharArray();
            for (int i = 0; i < charArray.length; i++) {
                bArr[i] = (byte) charArray[i];
            }
            for (int i2 = 0; i2 < encoded.length; i2++) {
                bArr[i2 + 4] = encoded[i2];
            }
            for (int length2 = encoded.length + 4; length2 < length; length2++) {
                bArr[length2] = encoded2[length2 - (encoded.length + 4)];
            }
            if (this.simetricCipher == null) {
                this.simetricCipher = new TripleDESManager();
            }
            return new String(this.simetricCipher.protectTripleDES(bArr, str));
        } catch (NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        } catch (NoSuchProviderException e2) {
            throw new SecurityException(e2);
        }
    }

    public KeyPair unprotectKeyPair(String str, String str2) throws SecurityException {
        return unprotectKeyPair(str.toCharArray(), str2);
    }

    public KeyPair unprotectKeyPair(char[] cArr, String str) throws SecurityException {
        if (this.simetricCipher == null) {
            this.simetricCipher = new TripleDESManager();
        }
        byte[] recoverTripleDES = this.simetricCipher.recoverTripleDES(cArr, str);
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            try {
                int intValue = Integer.valueOf(String.valueOf((char) recoverTripleDES[i2])).intValue();
                if (intValue >= 0 && intValue <= 9) {
                    i = (i * 10) + intValue;
                }
            } catch (NumberFormatException e) {
            }
        }
        byte[] bArr = new byte[i];
        byte[] bArr2 = new byte[(recoverTripleDES.length - i) - 4];
        for (int i3 = 4; i3 < i + 4; i3++) {
            bArr[i3 - 4] = recoverTripleDES[i3];
        }
        for (int i4 = i + 4; i4 < recoverTripleDES.length; i4++) {
            bArr2[i4 - (i + 4)] = recoverTripleDES[i4];
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
            return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr)), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2)));
        } catch (NoSuchAlgorithmException e2) {
            throw new SecurityException(e2);
        } catch (NoSuchProviderException e3) {
            throw new SecurityException(e3);
        } catch (InvalidKeySpecException e4) {
            throw new SecurityException(e4);
        }
    }

    @Override // es.mityc.crypto.CryptoManager
    public String getUsedAlgorithmURI() {
        return this.usedAlgorithm == RSA_OAEP_KEY ? "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" : "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
    }

    public static void main(String[] strArr) {
        RSAManager rSAManager = new RSAManager();
        System.out.println("Se solicita el cálculo de un nuevo par de claves asimétricas de 1024 bits");
        Long valueOf = Long.valueOf(System.currentTimeMillis());
        KeyPair unprotectKeyPair = rSAManager.unprotectKeyPair(rSAManager.genNewRSAKeys("ecoestadisticassrepals"), "ecoestadisticassrepals");
        System.out.println("Claves obtenidas. Tiempo consumido (ms): " + Long.valueOf(System.currentTimeMillis() - valueOf.longValue()) + ". Comienzan las pruebas de encriptación...");
        System.out.println("Texto en claro: " + strArr[0]);
        char[] protectRSA = rSAManager.protectRSA(strArr[0], unprotectKeyPair.getPrivate());
        System.out.println("Texto encriptado RSA con privada: " + new String(protectRSA));
        String str = new String(rSAManager.recoverRSA(protectRSA, unprotectKeyPair.getPublic()));
        System.out.println("Texto desencriptado RSA con pública: " + str);
        Long valueOf2 = Long.valueOf(System.currentTimeMillis());
        String obfuscate = es.mityc.crypto.Utils.obfuscate(new String(rSAManager.protectRSA(str, unprotectKeyPair.getPublic())));
        System.out.println("Encriptado RSA con pública y ofuscado: " + obfuscate);
        System.out.println("Texto recuperado con privada: " + new String(rSAManager.recoverRSA(es.mityc.crypto.Utils.undoObfuscate(obfuscate.getBytes()).toCharArray(), unprotectKeyPair.getPrivate())) + "\nTiempo consumido (ms): " + Long.valueOf(System.currentTimeMillis() - valueOf2.longValue()));
    }
}
