package com.ibm.rational.ccrc.cli.crypto;

import com.ibm.crypto.fips.provider.DESedeKey;
import com.ibm.crypto.provider.IBMJCE;
import com.ibm.rational.ccrc.cli.authentication.ServerRegistry;
import com.ibm.rational.ccrc.cli.authentication.ServerStatus;
import com.ibm.rational.ccrc.cli.common.Messages;
import com.ibm.rational.ccrc.cli.exception.CliException;
import com.ibm.rational.ccrc.cli.io.CliIO;
import com.ibm.rational.ccrc.cli.logging.Base;
import com.ibm.rational.ccrc.cli.util.CliPreference;
import com.ibm.rational.ccrc.cli.util.CliUtil;
import com.ibm.rational.clearcase.remote_core.ICredentials;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/ibm/rational/ccrc/cli/crypto/EncryptedCredsFileProviderImpl.class
 */
/* loaded from: input_file:rcleartool.jar:com/ibm/rational/ccrc/cli/crypto/EncryptedCredsFileProviderImpl.class */
public class EncryptedCredsFileProviderImpl implements CliCredentialsProvider {
    private static final String LOGIN_SEPARATOR = ";";
    private static final String INDEX_SEPARATOR = "_";
    private static final IBMJCE SECURITY_PROVIDER = new IBMJCE();
    private static final String ALGORITHM_VARIANT = "DESede/CBC/PKCS5Padding";
    private static final String ALGORITHM = "DESede";
    private static EncryptedCredsFileProviderImpl m_instance;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:com/ibm/rational/ccrc/cli/crypto/EncryptedCredsFileProviderImpl$EncryptedPair.class
     */
    /* loaded from: input_file:rcleartool.jar:com/ibm/rational/ccrc/cli/crypto/EncryptedCredsFileProviderImpl$EncryptedPair.class */
    public static class EncryptedPair {
        public byte[] params;
        public byte[] encrypted;

        public EncryptedPair(byte[] bArr, byte[] bArr2) {
            this.params = bArr;
            this.encrypted = bArr2;
        }
    }

    private EncryptedCredsFileProviderImpl() {
    }

    public static EncryptedCredsFileProviderImpl getInstance() {
        if (m_instance == null) {
            m_instance = new EncryptedCredsFileProviderImpl();
        }
        return m_instance;
    }

    @Override // com.ibm.rational.ccrc.cli.crypto.CliCredentialsProvider
    public boolean storeCredentials(String str, String str2, String str3) throws CliException {
        Base.T.entering();
        if (str == null || str2 == null || str3 == null) {
            throw new IllegalStateException("Must provide all arguments");
        }
        try {
            if (CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, str3) != null) {
                throw new CliException(Messages.getString("ERROR_CREDS_STORED_FOR_SERVER_SIMPLE", str3));
            }
            try {
                EncryptedPair encrypt = encrypt(getKey(), String.valueOf(str) + LOGIN_SEPARATOR + str2);
                if (encrypt == null) {
                    throw new CliException(Messages.getString("ERROR_UNABLE_TO_SAVE_CREDS", str3));
                }
                boolean z = CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, new StringBuilder(String.valueOf(CliSecureStorage.fillData(-1, encrypt.encrypted))).append("_").append(encodedKeyToString(encrypt.params)).toString(), str3) != null;
                Base.T.exiting();
                return z;
            } catch (IOException unused) {
                throw new CliException(Messages.getString("ERROR_UNABLE_TO_SAVE_CREDS", str3));
            }
        } catch (Throwable th) {
            Base.T.exiting();
            throw th;
        }
    }

    @Override // com.ibm.rational.ccrc.cli.crypto.CliCredentialsProvider
    public boolean hasCredentials(String str) throws CliException {
        return CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, str) != null;
    }

    @Override // com.ibm.rational.ccrc.cli.crypto.CliCredentialsProvider
    public ICredentials getCredentials(String str) throws CliException {
        Base.T.entering();
        try {
            String value = CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, str);
            if (value == null) {
                Base.T.exiting();
                return null;
            }
            String[] split = value.split("_");
            if (split.length != 2) {
                Base.L.W("User key was corrupted, had to clear the CC_USER_KEY");
                CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "");
                throw new CliException(String.valueOf(Messages.getString("ERROR_CORRUPTED_STORAGE")) + CliUtil.NEW_LINE + Messages.getString("CLEARED_CREDENTIALS", str));
            }
            try {
                byte[] data = CliSecureStorage.getData(Integer.valueOf(split[0]).intValue());
                if (data == null) {
                    Base.L.W("Secure storage index not found, had to clear the CC_USER_KEY");
                    CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "", str);
                    throw new CliException(String.valueOf(Messages.getString("ERROR_CORRUPTED_STORAGE")) + CliUtil.NEW_LINE + Messages.getString("CLEARED_CREDENTIALS", str));
                }
                String str2 = null;
                try {
                    str2 = decrypt(getKey(), new EncryptedPair(encodedStringToKey(split[1]), data));
                    if (str2 == null) {
                        Base.L.W("User key was corrupted, had to clear the CC_USER_KEY");
                        CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "");
                    }
                    int indexOf = str2.indexOf(LOGIN_SEPARATOR);
                    final String substring = str2.substring(0, indexOf);
                    final String substring2 = str2.substring(indexOf + 1);
                    ICredentials iCredentials = new ICredentials() { // from class: com.ibm.rational.ccrc.cli.crypto.EncryptedCredsFileProviderImpl.1
                        public String getLoginUserId() {
                            return substring;
                        }

                        public String getLoginPassword() {
                            return substring2;
                        }

                        public String getLoginDomain() {
                            return "";
                        }
                    };
                    Base.T.exiting();
                    return iCredentials;
                } catch (Throwable th) {
                    if (str2 == null) {
                        Base.L.W("User key was corrupted, had to clear the CC_USER_KEY");
                        CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "");
                    }
                    throw th;
                }
            } catch (IOException unused) {
                cleanupFromStorageError();
                Base.T.exiting();
                return null;
            }
        } catch (Throwable th2) {
            Base.T.exiting();
            throw th2;
        }
    }

    @Override // com.ibm.rational.ccrc.cli.crypto.CliCredentialsProvider
    public boolean clearCredentials(String str) {
        Base.T.entering();
        try {
            String value = CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, str);
            if (value == null) {
                Base.L.I("Tried to clear credentials for server " + str + " but no credentials are stored for this server");
                Base.T.exiting();
                return false;
            }
            int intValue = Integer.valueOf(value.split("_")[0]).intValue();
            try {
                try {
                    CliSecureStorage.remove(intValue);
                    CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "", str);
                    Iterator<ServerStatus> it = ServerRegistry.getKnownServerList().iterator();
                    while (it.hasNext()) {
                        String serverUrl = it.next().getServerUrl();
                        String value2 = CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, serverUrl);
                        if (value2 != null) {
                            String[] split = value2.split("_");
                            int intValue2 = Integer.valueOf(split[0]).intValue();
                            if (intValue2 > intValue) {
                                CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, String.valueOf(intValue2 - 1) + "_" + split[1], serverUrl);
                            }
                        }
                    }
                    Base.T.exiting();
                    return true;
                } catch (Throwable th) {
                    CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "", str);
                    throw th;
                }
            } catch (IOException e) {
                Base.L.S("Failed to remove credentials");
                Base.L.S(e);
                CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "", str);
                Base.T.exiting();
                return false;
            }
        } catch (Throwable th2) {
            Base.T.exiting();
            throw th2;
        }
    }

    @Override // com.ibm.rational.ccrc.cli.crypto.CliCredentialsProvider
    public boolean clearAll(CliIO cliIO) {
        Base.T.entering();
        boolean z = true;
        try {
            try {
                CliSecureStorage.removeAll();
                Iterator<ServerStatus> it = ServerRegistry.getKnownServerList().iterator();
                while (it.hasNext()) {
                    String serverUrl = it.next().getServerUrl();
                    if (CliPreference.getValue(CliPreference.Pref.CC_USER_KEY, serverUrl) != null) {
                        CliPreference.setValue(CliPreference.Pref.CC_USER_KEY, "", serverUrl);
                        if (cliIO != null) {
                            cliIO.writeLine(Messages.getString("CLEARED_CREDENTIALS", serverUrl));
                        }
                    }
                }
            } catch (IOException e) {
                Base.T.F1(e.getMessage());
                z = false;
                Base.T.exiting();
            }
            return z;
        } finally {
            Base.T.exiting();
        }
    }

    private synchronized String decrypt(Key key, EncryptedPair encryptedPair) throws CliException {
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM_VARIANT, (Provider) SECURITY_PROVIDER);
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(ALGORITHM, (Provider) SECURITY_PROVIDER);
            algorithmParameters.init(encryptedPair.params);
            cipher.init(2, key, algorithmParameters);
            return new String(cipher.doFinal(encryptedPair.encrypted));
        } catch (Exception e) {
            Base.T.F1(e);
            Base.L.S(e);
            cleanupFromStorageError();
            return null;
        }
    }

    private synchronized EncryptedPair encrypt(Key key, String str) {
        try {
            Cipher cipher = Cipher.getInstance(ALGORITHM_VARIANT, (Provider) SECURITY_PROVIDER);
            cipher.init(1, key);
            return new EncryptedPair(cipher.getParameters().getEncoded(), cipher.doFinal(str.getBytes("UTF-8")));
        } catch (Exception e) {
            Base.T.F1(e);
            Base.L.S(e);
            return null;
        }
    }

    private synchronized Key generateKey() throws CliException {
        Base.T.entering();
        try {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM, (Provider) SECURITY_PROVIDER);
                keyGenerator.init(168);
                SecretKey generateKey = keyGenerator.generateKey();
                Base.T.exiting();
                return generateKey;
            } catch (NoSuchAlgorithmException e) {
                Base.L.S(e);
                throw new CliException("ERROR_ALGORITHM_NOT_FOUND");
            }
        } catch (Throwable th) {
            Base.T.exiting();
            throw th;
        }
    }

    private synchronized Key getKey() throws CliException {
        Base.T.entering();
        String value = CliPreference.getValue(CliPreference.Pref.STORAGE_KEY);
        if (value == null || value.isEmpty()) {
            Key generateKey = generateKey();
            CliPreference.setValue(CliPreference.Pref.STORAGE_KEY, encodedKeyToString(generateKey.getEncoded()));
            return generateKey;
        }
        try {
            try {
                DESedeKey dESedeKey = new DESedeKey(encodedStringToKey(value));
                Base.T.exiting();
                return dESedeKey;
            } catch (InvalidKeyException e) {
                Base.L.S(e);
                CliPreference.setValue(CliPreference.Pref.STORAGE_KEY, "");
                cleanupFromStorageError();
                Base.T.exiting();
                return null;
            }
        } finally {
            Base.T.exiting();
        }
    }

    private String encodedKeyToString(byte[] bArr) {
        Base.T.entering();
        StringBuilder sb = new StringBuilder();
        sb.append((int) bArr[0]);
        for (int i = 1; i < bArr.length; i++) {
            sb.append(",");
            sb.append((int) bArr[i]);
        }
        Base.T.exiting();
        return sb.toString();
    }

    private byte[] encodedStringToKey(String str) {
        Base.T.entering();
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            arrayList.add(Byte.valueOf(str2));
        }
        byte[] bArr = new byte[arrayList.size()];
        for (int i = 0; i < arrayList.size(); i++) {
            bArr[i] = ((Byte) arrayList.get(i)).byteValue();
        }
        Base.T.exiting();
        return bArr;
    }

    private void cleanupFromStorageError() throws CliException {
        Base.T.entering();
        clearAll(null);
        Base.T.exiting();
        throw new CliException(String.valueOf(Messages.getString("ERROR_CORRUPTED_STORAGE")) + CliUtil.NEW_LINE + Messages.getString("INFO_STORED_PASSWORDS_RESET"));
    }
}
