package org.cesecore.util;

import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import java.text.DecimalFormat;
import java.util.Collection;
import java.util.LinkedList;
import java.util.Locale;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang.CharUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.encoders.Hex;
import org.cesecore.certificates.ca.catoken.CAToken;
import org.cesecore.config.CesecoreConfiguration;

/* loaded from: input_file:org/cesecore/util/StringTools.class */
public final class StringTools {
    private static final Logger log = Logger.getLogger(StringTools.class);
    private static Pattern VALID_IPV4_PATTERN;
    private static Pattern VALID_IPV6_PATTERN;
    private static final String ipv4Pattern = "(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])";
    private static final String ipv6Pattern = "([0-9a-f]{1,4}:){7}([0-9a-f]){1,4}";
    private static final char[] stripXSS;
    private static final char[] stripSqlChars;
    private static final char[] stripFilenameChars;
    private static final char[] allowedEscapeChars;
    private static final Pattern WS;
    public static final int KEY_SEQUENCE_FORMAT_NUMERIC = 1;
    public static final int KEY_SEQUENCE_FORMAT_ALPHANUMERIC = 2;
    public static final int KEY_SEQUENCE_FORMAT_COUNTRY_CODE_PLUS_NUMERIC = 4;
    public static final int KEY_SEQUENCE_FORMAT_COUNTRY_CODE_PLUS_ALPHANUMERIC = 8;
    private static final char[] p;
    private static final int iCount = 100;

    private StringTools() {
    }

    public static String strip(String str) {
        return strip(str, CesecoreConfiguration.getForbiddenCharacters());
    }

    public static String stripUsername(String str) {
        return strip(strip(str, stripXSS));
    }

    public static String stripFilename(String str) {
        return strip(str, stripFilenameChars);
    }

    private static String strip(String str, char[] cArr) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder(str);
        int i = 0;
        int length = sb.length();
        while (i < length) {
            if (sb.charAt(i) == '\\') {
                if (i + 1 == length) {
                    sb.setCharAt(i, '/');
                } else if (isAllowedEscape(sb.charAt(i + 1))) {
                    i++;
                } else {
                    sb.setCharAt(i, '/');
                    sb.deleteCharAt(i + 1);
                    length--;
                }
            } else if (isCharInArray(sb.charAt(i), cArr)) {
                sb.setCharAt(i, '/');
            }
            i++;
        }
        String sb2 = sb.toString();
        if (log.isDebugEnabled() && !sb2.equals(str)) {
            log.debug("Some chars stripped. Was '" + str + "' is now '" + sb2 + "'.");
        }
        return sb2;
    }

    public static boolean hasSqlStripChars(String str) {
        return hasStripChars(str, stripSqlChars);
    }

    public static boolean hasStripChars(String str) {
        return hasStripChars(str, CesecoreConfiguration.getForbiddenCharacters());
    }

    private static boolean hasStripChars(String str, char[] cArr) {
        if (str == null) {
            return false;
        }
        int i = 0;
        int length = str.length();
        while (i < length) {
            if (str.charAt(i) == '\\') {
                if (i + 1 == length || !isAllowedEscape(str.charAt(i + 1))) {
                    return true;
                }
                i++;
            } else if (isCharInArray(str.charAt(i), cArr)) {
                return true;
            }
            i++;
        }
        return false;
    }

    private static boolean isAllowedEscape(char c) {
        return isCharInArray(c, allowedEscapeChars);
    }

    private static boolean isCharInArray(char c, char[] cArr) {
        return new String(cArr).indexOf(c) > -1;
    }

    public static String stripWhitespace(String str) {
        if (str == null) {
            return null;
        }
        return WS.matcher(str).replaceAll("");
    }

    public static String ipOctetsToString(byte[] bArr) {
        String str = null;
        if (bArr.length == 4) {
            String str2 = "";
            for (int i = 0; i < 4; i++) {
                short s = (short) (255 & bArr[i]);
                if (StringUtils.isNotEmpty(str2)) {
                    str2 = str2 + ".";
                }
                str2 = str2 + ((int) s);
            }
            str = str2;
        }
        return str;
    }

    public static byte[] ipStringToOctets(String str) {
        byte[] bArr = null;
        if (isIpAddress(str)) {
            try {
                bArr = InetAddress.getByName(str).getAddress();
            } catch (UnknownHostException e) {
                log.info("Error parsing ip address (ipv4 or ipv6): ", e);
            }
        }
        if (bArr == null) {
            log.info("Not a IPv4 or IPv6 address, returning empty array.");
            bArr = new byte[0];
        }
        return bArr;
    }

    public static boolean isIpAddress(String str) {
        if (VALID_IPV4_PATTERN.matcher(str).matches()) {
            return true;
        }
        return VALID_IPV6_PATTERN.matcher(str).matches();
    }

    public static String putBase64String(String str) {
        return putBase64String(str, false);
    }

    public static String putBase64String(String str, boolean z) {
        String str2;
        if (!StringUtils.isEmpty(str) && !str.startsWith("B64:")) {
            if (z && StringUtils.isAsciiPrintable(str)) {
                return str;
            }
            try {
                str2 = "B64:" + new String(Base64.encode(str.getBytes("UTF-8"), false));
            } catch (UnsupportedEncodingException e) {
                str2 = str;
            }
            return str2;
        }
        return str;
    }

    public static String getBase64String(String str) {
        String str2;
        if (!StringUtils.isEmpty(str) && str.startsWith("B64:")) {
            try {
                str2 = new String(Base64.decode(new String(str.substring(4)).getBytes("UTF-8")), "UTF-8");
            } catch (DecoderException e) {
                str2 = str;
            } catch (UnsupportedEncodingException e2) {
                str2 = str;
            }
            return str2;
        }
        return str;
    }

    public static String obfuscateIfNot(String str) {
        return str.startsWith("OBF:") ? str : obfuscate(str);
    }

    public static String obfuscate(String str) {
        StringBuilder sb = new StringBuilder("OBF:");
        byte[] bytes = str.getBytes();
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            byte b2 = bytes[str.length() - (i + 1)];
            String num = Integer.toString(((b + b2 + 127) * 256) + (b - b2) + 127, 36);
            switch (num.length()) {
                case 1:
                case 2:
                case 3:
                    sb.append('0');
                    break;
                default:
                    sb.append(num);
                    break;
            }
        }
        return sb.toString();
    }

    public static String deobfuscateIf(String str) {
        return str.startsWith("OBF:") ? deobfuscate(str) : str;
    }

    public static String deobfuscate(String str) {
        String str2 = str;
        if (str2.startsWith("OBF:")) {
            str2 = str2.substring(4);
        }
        byte[] bArr = new byte[str2.length() / 2];
        int i = 0;
        for (int i2 = 0; i2 < str2.length(); i2 += 4) {
            int parseInt = Integer.parseInt(str2.substring(i2, i2 + 4), 36);
            int i3 = i;
            i++;
            bArr[i3] = (byte) ((((parseInt / 256) + (parseInt % 256)) - 254) / 2);
        }
        return new String(bArr, 0, i);
    }

    private static byte[] getSalt() throws UnsupportedEncodingException {
        return "1958473059684739584hfurmaqiekcmq".getBytes("UTF-8");
    }

    public static String pbeEncryptStringWithSha256Aes192(String str) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        CryptoProviderTools.installBCProviderIfNotAvailable();
        if (CryptoProviderTools.isUsingExportableCryptography()) {
            log.warn("Obfuscation not possible due to weak crypto policy.");
            return str;
        }
        PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA256Digest());
        pKCS12ParametersGenerator.init(PBEParametersGenerator.PKCS12PasswordToBytes(p), getSalt(), 100);
        ParametersWithIV generateDerivedParameters = pKCS12ParametersGenerator.generateDerivedParameters(192, 128);
        SecretKeySpec secretKeySpec = new SecretKeySpec(generateDerivedParameters.getParameters().getKey(), "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
        cipher.init(1, secretKeySpec, new IvParameterSpec(generateDerivedParameters.getIV()));
        return new String(Hex.encode(cipher.doFinal(str.getBytes("UTF-8"))));
    }

    public static String pbeDecryptStringWithSha256Aes192(String str) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, UnsupportedEncodingException {
        CryptoProviderTools.installBCProviderIfNotAvailable();
        if (CryptoProviderTools.isUsingExportableCryptography()) {
            log.warn("De-obfuscation not possible due to weak crypto policy.");
            return str;
        }
        Cipher cipher = Cipher.getInstance("PBEWithSHA256And192BitAES-CBC-BC", "BC");
        cipher.init(2, SecretKeyFactory.getInstance("PBEWithSHA256And192BitAES-CBC-BC", "BC").generateSecret(new PBEKeySpec(p, getSalt(), 100)));
        return new String(cipher.doFinal(Hex.decode(str.getBytes("UTF-8"))));
    }

    public static String passwordDecryption(String str, String str2) {
        try {
            String pbeDecryptStringWithSha256Aes192 = pbeDecryptStringWithSha256Aes192(str);
            if (log.isDebugEnabled()) {
                log.debug("Using encrypted " + str2);
            }
            return pbeDecryptStringWithSha256Aes192;
        } catch (Throwable th) {
            if (log.isDebugEnabled()) {
                log.debug("Using cleartext " + str2);
            }
            return str;
        }
    }

    public static String incrementKeySequence(int i, String str) {
        if (log.isTraceEnabled()) {
            log.trace(">incrementKeySequence: " + i + ", " + str);
        }
        String str2 = null;
        if (i == 1) {
            str2 = incrementNumeric(str);
        } else if (i == 2) {
            str2 = incrementAlphaNumeric(str);
        } else if (i == 4) {
            String substring = str.substring(0, Math.min(2, str.length()));
            if (log.isDebugEnabled()) {
                log.debug("countryCode: " + substring);
            }
            String incrementNumeric = incrementNumeric(str.substring(2));
            if (str.length() > 2 && incrementNumeric != null) {
                str2 = substring + incrementNumeric;
            }
        } else if (i == 8) {
            String substring2 = str.substring(0, Math.min(2, str.length()));
            if (log.isDebugEnabled()) {
                log.debug("countryCode: " + substring2);
            }
            String incrementAlphaNumeric = incrementAlphaNumeric(str.substring(2));
            if (str.length() > 2 && incrementAlphaNumeric != null) {
                str2 = substring2 + incrementAlphaNumeric;
            }
        }
        if (str2 == null) {
            str2 = str;
            StringBuilder sb = new StringBuilder();
            for (int length = str.length() - 1; length >= 0; length--) {
                char charAt = str.charAt(length);
                if (!CharUtils.isAsciiNumeric(charAt)) {
                    break;
                }
                sb.insert(0, charAt);
            }
            String substring3 = str.substring(0, str.length() - sb.length());
            String sb2 = sb.toString();
            if (StringUtils.isNotEmpty(sb2)) {
                str2 = substring3 + new DecimalFormat("0000000000".substring(0, sb2.length())).format(Integer.valueOf(Integer.valueOf(sb2).intValue() + 1));
                if (log.isTraceEnabled()) {
                    log.trace("<incrementKeySequence: " + str2);
                }
            } else {
                log.info("incrementKeySequence - Sequence does not contain any nummeric part: " + str2);
            }
        }
        return str2;
    }

    private static String incrementNumeric(String str) {
        if (!str.matches("[0-9]{1,5}")) {
            return null;
        }
        int length = str.length();
        int parseInt = Integer.parseInt(str, 10) + 1;
        if (parseInt == Math.pow(10.0d, length)) {
            parseInt = 0;
        }
        String str2 = CAToken.DEFAULT_KEYSEQUENCE + Integer.toString(parseInt, 10);
        return str2.substring(str2.length() - length).toUpperCase(Locale.ENGLISH);
    }

    private static String incrementAlphaNumeric(String str) {
        if (!str.matches("[0-9A-Z]{1,5}")) {
            return null;
        }
        int length = str.length();
        int parseInt = Integer.parseInt(str, 36) + 1;
        if (parseInt == Math.pow(36.0d, length)) {
            parseInt = 0;
        }
        String str2 = CAToken.DEFAULT_KEYSEQUENCE + Integer.toString(parseInt, 36);
        return str2.substring(str2.length() - length).toUpperCase(Locale.ENGLISH);
    }

    public static Collection<String> splitURIs(String str) {
        String trim = str.trim();
        LinkedList linkedList = new LinkedList();
        int i = 0;
        while (true) {
            if (i >= trim.length()) {
                break;
            }
            if (trim.indexOf(34, i) == i) {
                int indexOf = trim.indexOf(34, i + 1);
                if (indexOf == -1) {
                    indexOf = trim.length();
                }
                linkedList.add(trim.substring(i + 1, indexOf).trim());
                i = indexOf;
            } else {
                int indexOf2 = trim.indexOf(59, i);
                if (indexOf2 == i) {
                    continue;
                } else if (indexOf2 != -1) {
                    linkedList.add(trim.substring(i, indexOf2).trim());
                    i = indexOf2;
                } else if (i < trim.length()) {
                    linkedList.add(trim.substring(i).trim());
                    break;
                }
            }
            i++;
        }
        return linkedList;
    }

    public static String[] parseCertData(String str) {
        if (str == null) {
            return null;
        }
        String[] strArr = {"(^[0-9A-Fa-f]+), ?(((unstructuredName|dnQualifier|postalAddress|name|emailAddress|UID|OU|NIF|CIF|ST|SN|businessCategory|streetAddress|CN|postalCode|O|pseudonym|DC|surname|C|initials|serialNumber|L|givenName|telephoneNumber|title|DC)=[^,]+,)*((unstructuredName|dnQualifier|postalAddress|name|emailAddress|UID|OU|NIF|CIF|ST|SN|businessCategory|streetAddress|CN|postalCode|O|pseudonym|DC|surname|C|initials|serialNumber|L|givenName|telephoneNumber|title|DC)=[^,]+)*)", "(^[0-9A-Fa-f]+) : DN : \"([^\"]*)\"( ?: SubjectDN : \"[^\"]*\")?"};
        String[] strArr2 = null;
        int i = 0;
        while (true) {
            if (i >= strArr.length) {
                break;
            }
            Matcher matcher = Pattern.compile(strArr[i]).matcher(str);
            if (matcher.find()) {
                strArr2 = new String[]{matcher.group(1), matcher.group(2)};
                break;
            }
            i++;
        }
        return strArr2;
    }

    static {
        VALID_IPV4_PATTERN = null;
        VALID_IPV6_PATTERN = null;
        try {
            VALID_IPV4_PATTERN = Pattern.compile(ipv4Pattern, 2);
            VALID_IPV6_PATTERN = Pattern.compile(ipv6Pattern, 2);
        } catch (PatternSyntaxException e) {
            log.error("Unable to compile IP address validation pattern", e);
        }
        stripXSS = new char[]{'<', '>'};
        stripSqlChars = new char[]{'\'', '\"', '\n', '\r', '\\', ';', '&', '|', '!', 0, '%', '`', '<', '>', '?', '$', '~'};
        stripFilenameChars = new char[]{0, '\n', '\r', '/', '\\', '?', '%', '*', ':', ';', '|', '\"', '<', '>'};
        allowedEscapeChars = new char[]{',', '\"', '\\', '+', '<', '>', ';', '=', '#', ' '};
        WS = Pattern.compile("\\s+");
        p = deobfuscate("OBF:1m0r1kmo1ioe1ia01j8z17y41l0q1abo1abm1abg1abe1kyc17ya1j631i5y1ik01kjy1lxf").toCharArray();
    }
}
