package coldfusion.util;

import coldfusion.archivedeploy.ArchiveDeployServiceImpl;
import coldfusion.cloud.VendorCredentialService;
import coldfusion.cloud.config.CloudConfigService;
import coldfusion.log.CFLogs;
import coldfusion.nosql.NoSQLServiceImpl;
import coldfusion.osgi.services.CronService;
import coldfusion.osgi.services.SamlService;
import coldfusion.runtime.ApplicationException;
import coldfusion.runtime.Encryptor;
import coldfusion.runtime.RuntimeServiceImpl;
import coldfusion.runtime.StructUtils;
import coldfusion.security.SecurityManager;
import coldfusion.security.SecurityUtils;
import coldfusion.server.DocumentService;
import coldfusion.server.FlexAssemblerService;
import coldfusion.server.MailSpoolService;
import coldfusion.server.MonitoringService;
import coldfusion.server.PDFGService;
import coldfusion.server.ServiceException;
import coldfusion.server.ServiceFactory;
import coldfusion.server.ServiceRuntimeException;
import coldfusion.server.SolrService;
import coldfusion.server.WebSocketService;
import coldfusion.server.XmlRpcService;
import coldfusion.serverless.ServerlessUtil;
import coldfusion.sql.Executive;
import coldfusion.tagext.io.cache.GenericCache;
import coldfusion.wddx.Base64Encoder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.Observable;
import java.util.Observer;
import java.util.Properties;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/util/PasswordUtils.class */
public class PasswordUtils extends Observable {
    private static final char PADCHAR = '#';
    private static final String DESALGORITHM = "DESede";
    private static final String AES_CBC_PKCS5_ALGORITHM = "AES/CBC/PKCS5Padding";
    private static final String SEEDFILE = "seed.properties";
    private static final String BASEENCODING = "Base64";
    private static final String DEFAULT_ENCODING = "UU";
    public static final String SEED = "seed";
    public static final String ALGORITHM = "algorithm";
    public static final String CURRENT_ALGORITHM = "AES/CBC/PKCS5Padding";
    public static final int FORAES_START_MAJOR_VERSION = 9;
    public static final int FORAES_START_MINOR_VERSION = 5;
    private static String ROOTDIR;
    private static String SEEDFILEPATH;
    private static PasswordUtils instance = null;
    private String seedValue;
    private Properties seedProperties = new Properties();
    private static File seedFileObj;

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/util/PasswordUtils$SeedException.class */
    public class SeedException extends ApplicationException {
        private static final long serialVersionUID = 1;

        public SeedException() {
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/util/PasswordUtils$UnknownAlgorithmException.class */
    public class UnknownAlgorithmException extends ApplicationException {
        private static final long serialVersionUID = 1;

        public UnknownAlgorithmException() {
        }
    }

    public static PasswordUtils getInstance(String str) throws ServiceException {
        synchronized (PasswordUtils.class) {
            if (instance == null) {
                ROOTDIR = str;
                SEEDFILEPATH = ROOTDIR + File.separatorChar + "lib" + File.separatorChar + "seed.properties";
                instance = new PasswordUtils();
            }
        }
        return instance;
    }

    public static PasswordUtils getInstance() {
        return instance;
    }

    private PasswordUtils() throws ServiceException {
        loadSeed();
    }

    private void loadSeed() throws ServiceException {
        seedFileObj = new File(SEEDFILEPATH);
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(seedFileObj);
                this.seedProperties.load(fileInputStream);
                try {
                    fileInputStream.close();
                } catch (Throwable th) {
                }
            } catch (Throwable th2) {
                if (seedFileObj.exists()) {
                    throw new ServiceException(th2);
                }
                try {
                    fileInputStream.close();
                } catch (Throwable th3) {
                }
            }
            String property = this.seedProperties.getProperty("seed");
            String property2 = this.seedProperties.getProperty("algorithm");
            if (property == null || property2 == null || property.length() <= 0 || property2.length() <= 0) {
                if (ServerlessUtil.isLambdaEnv()) {
                    this.seedValue = generateSeed();
                }
            } else {
                this.seedValue = property;
                if (!property2.equalsIgnoreCase("AES/CBC/PKCS5Padding")) {
                    throw new SeedException();
                }
            }
        } catch (Throwable th4) {
            try {
                fileInputStream.close();
            } catch (Throwable th5) {
            }
            throw th4;
        }
    }

    private String generateSeed() {
        String str = new String(generateRandom());
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.reset();
            try {
                messageDigest.update(str.getBytes("UTF-8"));
                return stringify(messageDigest.digest());
            } catch (UnsupportedEncodingException e) {
                return null;
            }
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    private byte[] generateRandom() {
        byte[] bArr = new byte[20];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static String stringify(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(2 * bArr.length);
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] & 240) >> 4;
            int i3 = bArr[i] & 15;
            stringBuffer.append((char) (i2 > 9 ? (65 + i2) - 10 : 48 + i2));
            stringBuffer.append((char) (i3 > 9 ? (65 + i3) - 10 : 48 + i3));
        }
        return stringBuffer.toString();
    }

    public void setSeed(String str) throws Exception {
        if (str == null) {
            throw new RuntimeException("Seed cannot be null");
        }
        String substring = SecurityUtils.hash(str, "SHA-256", "", "").substring(0, 16);
        if (substring.equals(this.seedValue)) {
            return;
        }
        this.seedValue = substring;
        AccessController.doPrivileged(new PrivilegedAction() { // from class: coldfusion.util.PasswordUtils.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                PasswordUtils.this.seedProperties.setProperty("seed", PasswordUtils.this.seedValue);
                PasswordUtils.this.storeSeedProperties();
                return null;
            }
        });
        setChanged();
        notifyObservers(this.seedValue);
    }

    public String getSeedValue() {
        return this.seedValue;
    }

    @Override // java.util.Observable
    public synchronized void addObserver(Observer observer) {
        if (observer == null) {
            throw new NullPointerException();
        }
        SolrService solrService = ServiceFactory.getSolrService();
        boolean z = false;
        if (solrService != null && solrService.isSolrServiceInstance(observer)) {
            z = true;
        }
        DocumentService documentService = ServiceFactory.getDocumentService(false);
        boolean z2 = false;
        if (documentService != null && documentService.isInstanceOfDocumentService(observer)) {
            z2 = true;
        }
        PDFGService pDFGService = ServiceFactory.getPDFGService();
        boolean z3 = false;
        if (pDFGService != null && pDFGService.isInstanceOfPDFGService(observer)) {
            z3 = true;
        }
        SamlService samlService = ServiceFactory.getSamlService(false);
        boolean z4 = false;
        if (samlService != null && samlService.isInstaceOfSamlService(observer)) {
            z4 = true;
        }
        WebSocketService websocketService = ServiceFactory.getWebsocketService();
        boolean z5 = false;
        if (websocketService != null && websocketService.isInstanceOfwebSocketService(observer)) {
            z5 = true;
        }
        XmlRpcService xmlRpcService = ServiceFactory.getXmlRpcService();
        boolean z6 = false;
        if (xmlRpcService != null && xmlRpcService.isInstanceOfXmlRpcService(observer)) {
            z6 = true;
        }
        MonitoringService monitoringService = ServiceFactory.getMonitoringService();
        boolean z7 = false;
        if (monitoringService != null && monitoringService.isInstanceOfMonitoringService(observer)) {
            z7 = true;
        }
        if (!(observer instanceof RuntimeServiceImpl) && !z && !(observer instanceof SecurityManager) && !(observer instanceof Executive) && !(observer instanceof FlexAssemblerService) && !(observer instanceof CronService) && !z7 && !(observer instanceof MailSpoolService) && !z6 && !(observer instanceof ArchiveDeployServiceImpl) && !z2 && !z3 && !z5 && !z4 && !(observer instanceof VendorCredentialService) && !(observer instanceof CloudConfigService) && !(observer instanceof NoSQLServiceImpl) && !(observer instanceof GenericCache)) {
            throw new SeedException();
        }
        super.addObserver(observer);
        observer.update(instance, this.seedValue);
    }

    public static String reEncryptWithNewSeed(String str, String str2, String str3, String str4, int i, int i2) {
        return reEncryptWithNewSeed(str, str2, str3, false, str4, i, i2);
    }

    public static String reEncryptWithNewSeed(String str, String str2, String str3, boolean z, String str4, int i, int i2) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (i == 0) {
            PasswordUtils passwordUtils = instance;
            passwordUtils.getClass();
            throw new SeedException();
        }
        if (!isAESS(i, i2)) {
            return encryptWithAES_CBC_PKCS5(decryptWith3DES(str, str2, z), str3);
        }
        if (str4 == null || str4.length() <= 0) {
            PasswordUtils passwordUtils2 = instance;
            passwordUtils2.getClass();
            throw new SeedException();
        }
        if ((!str4.equalsIgnoreCase("AES/CBC/PKCS5Padding") || !str2.equals(str3)) && str4.equalsIgnoreCase("AES/CBC/PKCS5Padding")) {
            return encryptWithAES_CBC_PKCS5(decryptWithAES_CBC_PKCS5(str, str2), str3);
        }
        return str;
    }

    public static String reEncryptForSM(String str, String str2, String str3) {
        return (str == null || (str != null && str.equals(""))) ? str : (str2 == null || !str2.equals(str3)) ? encryptWith3DES(decryptWithAES_CBC_PKCS5(str, str2), str3) : str;
    }

    public static String reEncryptWithNewSeed(String str, String str2, String str3) {
        return (str == null || (str != null && str.equals(""))) ? str : (str2 == null || !str2.equals(str3)) ? encryptWithAES_CBC_PKCS5(decryptWithAES_CBC_PKCS5(str, str2), str3) : str;
    }

    public static String decryptPassword(String str, String str2, String str3) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (str2 == null) {
            throw new RuntimeException("Seed passed for encryption in null.");
        }
        String str4 = null;
        if (str3 != null && str3.length() > 0) {
            if (!str3.equalsIgnoreCase("AES/CBC/PKCS5Padding")) {
                CFLogs.SERVER_LOG.error("Unknown Algorithm Specified.");
                PasswordUtils passwordUtils = instance;
                passwordUtils.getClass();
                throw new UnknownAlgorithmException();
            }
            str4 = decryptWithAES_CBC_PKCS5(str, str2);
        }
        return str4;
    }

    public static String decryptPassword(String str, String str2) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (str2 == null) {
            throw new RuntimeException("Seed passed for encryption in null.");
        }
        return decryptWithAES_CBC_PKCS5(str, str2);
    }

    public static String encryptPassword(String str, String str2) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (str2 == null) {
            throw new RuntimeException("Seed passed for encryption in null.");
        }
        return encryptWithAES_CBC_PKCS5(str, str2);
    }

    public static String encryptWith3DES(String str, String str2) {
        return Encryptor.encrypt(str, Encryptor.generate3DesKey(str2), "DESede", "Base64", null, 0);
    }

    private static String decryptWith3DES(String str, String str2, boolean z) {
        String generate3DesKey = Encryptor.generate3DesKey(str2);
        return z ? Encryptor.decrypt(str, generate3DesKey, "DESede", "UU", null, 0) : Encryptor.decrypt(str, generate3DesKey, "DESede", "Base64", null, 0);
    }

    private static String decryptWithAES_CBC_PKCS5(String str, String str2) {
        return Encryptor.decrypt(str, generateAesKey(str2), "AES/CBC/PKCS5Padding", "Base64", null, 0);
    }

    private static String decryptWithAES_CBC_PKCS5(String str, String str2, String str3) {
        String generateAesKey = generateAesKey(str2);
        return (str3 == null || str3.length() <= 0) ? Encryptor.decrypt(str, generateAesKey, "AES/CBC/PKCS5Padding", "Base64", null, 0) : Encryptor.decrypt(str, generateAesKey, "AES/CBC/PKCS5Padding", str3, null, 0);
    }

    private static String encryptWithAES_CBC_PKCS5(String str, String str2) {
        return Encryptor.encrypt(str, generateAesKey(str2), "AES/CBC/PKCS5Padding", "Base64", null, 0);
    }

    private static String encryptWithAES_CBC_PKCS5(String str, String str2, String str3) {
        String generateAesKey = generateAesKey(str2);
        return (str3 == null || str3.length() <= 0) ? Encryptor.encrypt(str, generateAesKey, "AES/CBC/PKCS5Padding", "Base64", null, 0) : Encryptor.encrypt(str, generateAesKey, "AES/CBC/PKCS5Padding", str3, null, 0);
    }

    private static String generateAesKey(String str) {
        byte[] bytes;
        if (str == null || (str != null && str.length() == 0)) {
            PasswordUtils passwordUtils = instance;
            passwordUtils.getClass();
            throw new SeedException();
        }
        try {
            bytes = str.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            bytes = str.getBytes();
        }
        int length = bytes.length;
        byte[] copyOf = Arrays.copyOf(bytes, 16);
        if (length < 16) {
            for (int i = length; i < 16; i++) {
                copyOf[i] = 35;
            }
        }
        return Base64Encoder.encode(new SecretKeySpec(copyOf, "AES").getEncoded());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void storeSeedProperties() {
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(SEEDFILEPATH);
                this.seedProperties.store(fileOutputStream, (String) null);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e) {
                        CFLogs.SERVER_LOG.error((Throwable) e);
                    }
                }
                try {
                    coldfusion.tagext.io.FileUtils.setUnixModes(SEEDFILEPATH, 600);
                } catch (Exception e2) {
                    CFLogs.SERVER_LOG.error((Throwable) e2);
                }
            } catch (Exception e3) {
                throw new ServiceRuntimeException(e3);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Exception e4) {
                    CFLogs.SERVER_LOG.error((Throwable) e4);
                }
            }
            throw th;
        }
    }

    public static Map loadSeedForMigration(String str) throws ServiceException {
        ServiceFactory.getSecurityService().authenticateAdmin();
        Map StructNew = StructUtils.StructNew();
        Properties properties = new Properties();
        if (str == null) {
            return StructNew;
        }
        File file = new File(str);
        if (file != null && !file.exists()) {
            return StructNew;
        }
        try {
            if (seedFileObj != null && file != null) {
                if (seedFileObj.getCanonicalPath().equalsIgnoreCase(file.getCanonicalPath())) {
                    return StructNew;
                }
            }
        } catch (IOException e) {
            CFLogs.SERVER_LOG.error((Throwable) e);
        }
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(file);
            properties.load(fileInputStream);
            try {
                fileInputStream.close();
            } catch (Throwable th) {
                CFLogs.SERVER_LOG.error(th);
            }
        } catch (Throwable th2) {
            try {
                fileInputStream.close();
            } catch (Throwable th3) {
                CFLogs.SERVER_LOG.error(th3);
            }
            throw th2;
        }
        if (properties != null) {
            String property = properties.getProperty("seed");
            String property2 = properties.getProperty("algorithm");
            if (property != null && property.length() > 0) {
                StructNew.put("seed", property);
            }
            if (property2 != null && property2.length() > 0) {
                StructNew.put("algorithm", property2);
            }
        }
        return StructNew;
    }

    public static boolean isAESS(int i, int i2) {
        if (i <= 9) {
            return i == 9 && i2 == 5;
        }
        return true;
    }

    public static String encryptWithEncoding(String str, String str2, String str3) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (str2 == null) {
            throw new RuntimeException("Seed passed for encryption in null.");
        }
        return encryptWithAES_CBC_PKCS5(str, str2, str3);
    }

    public static String decryptWithEncoding(String str, String str2, String str3) {
        if (str == null || (str != null && str.equals(""))) {
            return str;
        }
        if (str2 == null) {
            throw new RuntimeException("Seed passed for encryption in null.");
        }
        return decryptWithAES_CBC_PKCS5(str, str2, str3);
    }
}
