package org.bouncycastle.jcajce.provider;

import java.io.IOException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.bouncycastle.asn1.ASN1Encoding;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PBKDF2Params;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.crypto.Algorithm;
import org.bouncycastle.crypto.CryptoServicesRegistrar;
import org.bouncycastle.crypto.DigestAlgorithm;
import org.bouncycastle.crypto.PasswordBasedDeriver;
import org.bouncycastle.crypto.PasswordConverter;
import org.bouncycastle.crypto.fips.FipsAlgorithm;
import org.bouncycastle.crypto.fips.FipsDigestAlgorithm;
import org.bouncycastle.crypto.fips.FipsPBKD;
import org.bouncycastle.crypto.fips.FipsSHS;
import org.bouncycastle.crypto.general.PBKD;
import org.bouncycastle.crypto.general.SecureHash;
import org.bouncycastle.jcajce.PBKDF2Key;
import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
import org.bouncycastle.jcajce.spec.PBKDF2ParameterSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:payload/TIB_bwpluginconfidentiality_6.1.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_confidentiality_runtime_feature_6.1.0.001.zip:source/plugins/com.tibco.bw.confidentiality.runtime_6.1.0.001.jar:lib/bc-fips-1.0.2.jar:org/bouncycastle/jcajce/provider/ProvPBEPBKDF2.class */
public class ProvPBEPBKDF2 extends AlgorithmProvider {
    private static final String PREFIX = ProvPBEPBKDF2.class.getName();

    /* loaded from: input_file:payload/TIB_bwpluginconfidentiality_6.1.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_confidentiality_runtime_feature_6.1.0.001.zip:source/plugins/com.tibco.bw.confidentiality.runtime_6.1.0.001.jar:lib/bc-fips-1.0.2.jar:org/bouncycastle/jcajce/provider/ProvPBEPBKDF2$AlgParams.class */
    public static class AlgParams extends BaseAlgorithmParameters {
        PBKDF2Params params;

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public byte[] localGetEncoded() throws IOException {
            return this.params.getEncoded(ASN1Encoding.DER);
        }

        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class cls) throws InvalidParameterSpecException {
            if (cls == PBEParameterSpec.class) {
                return new PBEParameterSpec(this.params.getSalt(), this.params.getIterationCount().intValue());
            }
            if (cls != PBKDF2ParameterSpec.class && cls != AlgorithmParameterSpec.class) {
                throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + cls.getName());
            }
            int intValue = this.params.getKeyLength() != null ? this.params.getKeyLength().intValue() * 8 : 0;
            return this.params.isDefaultPrf() ? new PBKDF2ParameterSpec(this.params.getSalt(), this.params.getIterationCount().intValue(), intValue) : new PBKDF2ParameterSpec(this.params.getSalt(), this.params.getIterationCount().intValue(), intValue, this.params.getPrf());
        }

        @Override // java.security.AlgorithmParametersSpi
        protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidParameterSpecException {
            if (!(algorithmParameterSpec instanceof PBEParameterSpec)) {
                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
            }
            if (algorithmParameterSpec instanceof PBKDF2ParameterSpec) {
                PBKDF2ParameterSpec pBKDF2ParameterSpec = (PBKDF2ParameterSpec) algorithmParameterSpec;
                this.params = new PBKDF2Params(pBKDF2ParameterSpec.getSalt(), pBKDF2ParameterSpec.getIterationCount(), pBKDF2ParameterSpec.getKeySize() / 8, pBKDF2ParameterSpec.getPrf());
            } else {
                PBEParameterSpec pBEParameterSpec = (PBEParameterSpec) algorithmParameterSpec;
                this.params = new PBKDF2Params(pBEParameterSpec.getSalt(), pBEParameterSpec.getIterationCount());
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.bouncycastle.jcajce.provider.BaseAlgorithmParameters
        public void localInit(byte[] bArr) throws IOException {
            this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(bArr));
        }

        @Override // java.security.AlgorithmParametersSpi
        protected String engineToString() {
            return "PBKDF2 Parameters";
        }
    }

    /* loaded from: input_file:payload/TIB_bwpluginconfidentiality_6.1.0_common.zip:assemblies/assembly_tibco_com_tibco_bw_confidentiality_runtime_feature_6.1.0.001.zip:source/plugins/com.tibco.bw.confidentiality.runtime_6.1.0.001.jar:lib/bc-fips-1.0.2.jar:org/bouncycastle/jcajce/provider/ProvPBEPBKDF2$BasePBKDF2.class */
    public static class BasePBKDF2 extends BaseKDFSecretKeyFactory {
        private final String algName;
        private final PasswordConverter passwordConverter;
        private final DigestAlgorithm defaultPrf;

        public BasePBKDF2(String str, PasswordConverter passwordConverter) {
            this(str, passwordConverter, FipsSHS.Algorithm.SHA1_HMAC);
        }

        public BasePBKDF2(String str, PasswordConverter passwordConverter, DigestAlgorithm digestAlgorithm) {
            this.algName = str;
            this.passwordConverter = passwordConverter;
            this.defaultPrf = digestAlgorithm;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // javax.crypto.SecretKeyFactorySpi
        public SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof PBEKeySpec)) {
                throw new InvalidKeySpecException("Invalid KeySpec: " + keySpec.getClass().getName());
            }
            PBEKeySpec pBEKeySpec = (PBEKeySpec) keySpec;
            if (pBEKeySpec.getSalt() == null) {
                return new PBKDF2Key(((PBEKeySpec) keySpec).getPassword(), this.passwordConverter);
            }
            if (pBEKeySpec.getKeyLength() <= 0) {
                throw new InvalidKeySpecException("Positive key length required: " + pBEKeySpec.getKeyLength());
            }
            DigestAlgorithm digestAlgorithm = this.defaultPrf;
            String str = this.algName;
            if ((pBEKeySpec instanceof PBKDF2KeySpec) && !((PBKDF2KeySpec) pBEKeySpec).isDefaultPrf()) {
                digestAlgorithm = ProvPBEPBKDF2.getPrfAlgorithm(((PBKDF2KeySpec) pBEKeySpec).getPrf().getAlgorithm());
                str = this.passwordConverter == PasswordConverter.UTF8 ? "PBKDF2withHmac" + ProvPBEPBKDF2.convertToJCA(digestAlgorithm) + "andUTF8" : "PBKDF2withHmac" + ProvPBEPBKDF2.convertToJCA(digestAlgorithm) + "and8BIT";
            }
            return new PBKDFPBEKey((digestAlgorithm instanceof FipsAlgorithm ? new FipsPBKD.DeriverFactory().createDeriver(FipsPBKD.PBKDF2.using((FipsDigestAlgorithm) digestAlgorithm, this.passwordConverter, pBEKeySpec.getPassword()).withSalt(pBEKeySpec.getSalt()).withIterationCount(pBEKeySpec.getIterationCount())) : new PBKD.DeriverFactory().createDeriver(PBKD.PBKDF2.using(digestAlgorithm, this.passwordConverter, pBEKeySpec.getPassword()).withSalt(pBEKeySpec.getSalt()).withIterationCount(pBEKeySpec.getIterationCount()))).deriveKey(PasswordBasedDeriver.KeyType.CIPHER, (pBEKeySpec.getKeyLength() + 7) / 8), str, pBEKeySpec);
        }
    }

    @Override // org.bouncycastle.jcajce.provider.AlgorithmProvider
    public void configure(BouncyCastleFipsProvider bouncyCastleFipsProvider) {
        bouncyCastleFipsProvider.addAlgorithmImplementation("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.1
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new AlgParams();
            }
        });
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "PBKDF2", "PBKDF2WITHUTF8", "PBKDF2WITHASCII", "PBKDF2WITH8BIT");
        bouncyCastleFipsProvider.addAlias("AlgorithmParameters", "PBKDF2", PKCSObjectIdentifiers.id_PBKDF2);
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.2
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA1andUTF8", PasswordConverter.UTF8);
            }
        });
        bouncyCastleFipsProvider.addAlias("SecretKeyFactory", "PBKDF2", "PBKDF2WITHUTF8");
        bouncyCastleFipsProvider.addAlias("SecretKeyFactory", "PBKDF2", PKCSObjectIdentifiers.id_PBKDF2);
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACSHA1", PREFIX + "$PBKDF2withHMACSHA1andUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.3
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA1andUTF8", PasswordConverter.UTF8, FipsSHS.Algorithm.SHA1_HMAC);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withHMACSHA224andUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.4
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA224andUTF8", PasswordConverter.UTF8, FipsSHS.Algorithm.SHA224_HMAC);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withHMACSHA256andUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.5
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA256andUTF8", PasswordConverter.UTF8, FipsSHS.Algorithm.SHA256_HMAC);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withHMACSHA384andUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.6
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA384andUTF8", PasswordConverter.UTF8, FipsSHS.Algorithm.SHA384_HMAC);
            }
        });
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withHMACSHA512andUTF8", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.7
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA512andUTF8", PasswordConverter.UTF8, FipsSHS.Algorithm.SHA512_HMAC);
            }
        });
        if (!CryptoServicesRegistrar.isInApprovedOnlyMode()) {
            bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHHMACGOST3411", PREFIX + "$PBKDF2withHMACGOST3411andUTF8", new GuardedEngineCreator(new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.8
                @Override // org.bouncycastle.jcajce.provider.EngineCreator
                public Object createInstance(Object obj) {
                    return new BasePBKDF2("PBKDF2withHmacGOST3411andUTF8", PasswordConverter.UTF8, SecureHash.Algorithm.GOST3411_HMAC);
                }
            }));
        }
        bouncyCastleFipsProvider.addAlgorithmImplementation("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2withASCII", new EngineCreator() { // from class: org.bouncycastle.jcajce.provider.ProvPBEPBKDF2.9
            @Override // org.bouncycastle.jcajce.provider.EngineCreator
            public Object createInstance(Object obj) {
                return new BasePBKDF2("PBKDF2withHmacSHA1and8BIT", PasswordConverter.ASCII);
            }
        });
        bouncyCastleFipsProvider.addAlias("SecretKeyFactory", "PBKDF2WITHASCII", "PBKDF2WITH8BIT");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String convertToJCA(Algorithm algorithm) {
        String name = algorithm.getName();
        int indexOf = name.indexOf(47);
        int indexOf2 = name.indexOf(45);
        return indexOf2 > 0 ? name.substring(0, indexOf2) + name.substring(indexOf2 + 1, indexOf) : name.substring(0, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static DigestAlgorithm getPrfAlgorithm(ASN1ObjectIdentifier aSN1ObjectIdentifier) throws InvalidKeySpecException {
        if (aSN1ObjectIdentifier.equals(CryptoProObjectIdentifiers.gostR3411Hmac)) {
            return SecureHash.Algorithm.GOST3411_HMAC;
        }
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.id_hmacWithSHA1)) {
            return FipsSHS.Algorithm.SHA1_HMAC;
        }
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.id_hmacWithSHA224)) {
            return FipsSHS.Algorithm.SHA224_HMAC;
        }
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.id_hmacWithSHA256)) {
            return FipsSHS.Algorithm.SHA256_HMAC;
        }
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.id_hmacWithSHA384)) {
            return FipsSHS.Algorithm.SHA384_HMAC;
        }
        if (aSN1ObjectIdentifier.equals(PKCSObjectIdentifiers.id_hmacWithSHA512)) {
            return FipsSHS.Algorithm.SHA512_HMAC;
        }
        throw new InvalidKeySpecException("Invalid KeySpec: unknown PRF algorithm " + aSN1ObjectIdentifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getSecretKey(SecretKey secretKey, PBEParameterSpec pBEParameterSpec, PasswordBasedDeriver.KeyType keyType, int i) {
        return new FipsPBKD.DeriverFactory().createDeriver(FipsPBKD.PBKDF2.using(FipsSHS.Algorithm.SHA1_HMAC, secretKey.getEncoded()).withIterationCount(pBEParameterSpec.getIterationCount()).withSalt(pBEParameterSpec.getSalt())).deriveKey(keyType, (i + 7) / 8);
    }
}
