package com.ibm.ws.xs.xio.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.transport.XsTransportProperties;
import com.ibm.ws.xs.NLSConstants;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/ibm/ws/xs/xio/security/XIOAuthKeyClient.class */
public class XIOAuthKeyClient {
    public static final int CLIENT_SQN_LENGTH = 6;
    private static SecretKey secretKey;
    private Mac mac;
    private byte[] sqn;
    private static final TraceComponent tc = Tr.register(XIOAuthKeyClient.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static final SecureRandom sr = new SecureRandom();
    private static boolean initialized = false;

    private static synchronized void init() {
        KeySpec dESKeySpec;
        SecretKeyFactory secretKeyFactory;
        if (initialized) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "initializing");
        }
        String authSecret = XsTransportProperties.getAuthSecret();
        if (XsTransportProperties.mangleAuthSecret) {
            authSecret = authSecret + "mangle";
        }
        if (authSecret != null) {
            try {
                byte[] digest = MessageDigest.getInstance("MD5").digest(authSecret.getBytes("UTF-8"));
                try {
                    dESKeySpec = new SecretKeySpec(digest, "AES");
                    secretKeyFactory = SecretKeyFactory.getInstance("AES");
                } catch (NoSuchAlgorithmException e) {
                    Tr.warning(tc, NLSConstants.AES_NOT_SUPPORTED_CWOBJ1328W, new Object[]{"XIOAuthKeyClient", "DES"});
                    dESKeySpec = new DESKeySpec(digest);
                    secretKeyFactory = SecretKeyFactory.getInstance("DES");
                }
                secretKey = secretKeyFactory.generateSecret(dESKeySpec);
            } catch (Exception e2) {
                secretKey = null;
                Tr.error(tc, NLSConstants.GEN_EXCEPTION, new Object[]{"XIOAuthKeyClient", e2});
                FFDCFilter.processException(e2, XIOAuthKeyClient.class.getName() + ".init", "51");
            }
        } else {
            secretKey = null;
        }
        initialized = true;
    }

    public XIOAuthKeyClient() throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
        init();
        if (secretKey == null) {
            throw new IllegalStateException("should never initialize XIOAuthKeyClient without secretKey");
        }
        this.mac = Mac.getInstance("HmacMD5");
    }

    public static synchronized void reset() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(tc, "Reset client auth Key");
        }
        initialized = false;
        secretKey = null;
    }

    public byte[] clientSQN() {
        init();
        this.sqn = new byte[6];
        sr.nextBytes(this.sqn);
        return this.sqn;
    }

    public boolean client_verifyServerMac(byte[] bArr, byte[] bArr2) throws InvalidKeyException {
        init();
        this.mac.init(secretKey);
        this.mac.update(this.sqn);
        return Arrays.equals(this.mac.doFinal(bArr), bArr2);
    }

    public byte[] clientMac(byte[] bArr) throws InvalidKeyException {
        init();
        this.mac.init(secretKey);
        return this.mac.doFinal(bArr);
    }
}
