package org.apache.plc4x.java.opcua.context;

import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.plc4x.java.api.exceptions.PlcRuntimeException;
import org.apache.plc4x.java.opcua.protocol.OpcuaProtocolLogic;
import org.apache.plc4x.java.opcua.readwrite.MessagePDU;
import org.apache.plc4x.java.opcua.readwrite.OpcuaAPU;
import org.apache.plc4x.java.opcua.readwrite.OpcuaMessageResponse;
import org.apache.plc4x.java.opcua.readwrite.OpcuaOpenResponse;
import org.apache.plc4x.java.spi.generation.ByteOrder;
import org.apache.plc4x.java.spi.generation.ParseException;
import org.apache.plc4x.java.spi.generation.ReadBuffer;
import org.apache.plc4x.java.spi.generation.ReadBufferByteBased;
import org.apache.plc4x.java.spi.generation.SerializationException;
import org.apache.plc4x.java.spi.generation.WithWriterArgs;
import org.apache.plc4x.java.spi.generation.WriteBuffer;
import org.apache.plc4x.java.spi.generation.WriteBufferByteBased;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/EncryptionHandler.class */
public class EncryptionHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(OpcuaProtocolLogic.class);
    private static int PREENCRYPTED_BLOCK_LENGTH = 190;
    private X509Certificate serverCertificate;
    private X509Certificate clientCertificate;
    private PrivateKey clientPrivateKey;
    private PublicKey clientPublicKey;
    private final String securitypolicy;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public EncryptionHandler(CertificateKeyPair certificateKeyPair, byte[] bArr, String str) {
        if (certificateKeyPair != null) {
            this.clientPrivateKey = certificateKeyPair.getKeyPair().getPrivate();
            this.clientPublicKey = certificateKeyPair.getKeyPair().getPublic();
            this.clientCertificate = certificateKeyPair.getCertificate();
        }
        if (bArr != null) {
            this.serverCertificate = getCertificateX509(bArr);
        }
        this.securitypolicy = str;
    }

    public void setServerCertificate(X509Certificate x509Certificate) {
        this.serverCertificate = x509Certificate;
    }

    public ReadBuffer encodeMessage(MessagePDU messagePDU, byte[] bArr) {
        int lengthInBytes = messagePDU.getLengthInBytes();
        int length = bArr.length;
        int i = (lengthInBytes - length) - 8;
        int i2 = PREENCRYPTED_BLOCK_LENGTH - ((((length + 256) + 1) + 8) % PREENCRYPTED_BLOCK_LENGTH);
        int i3 = length + 256 + 1 + 8 + i2;
        if (i3 % PREENCRYPTED_BLOCK_LENGTH != 0) {
            throw new PlcRuntimeException("Pre encrypted block length " + i3 + " isn't a multiple of the block size");
        }
        int i4 = ((i3 / PREENCRYPTED_BLOCK_LENGTH) * 256) + i;
        WriteBuffer writeBufferByteBased = new WriteBufferByteBased(i4, ByteOrder.LITTLE_ENDIAN);
        try {
            new OpcuaAPU(messagePDU).serialize(writeBufferByteBased);
            byte b = (byte) i2;
            writeBufferByteBased.writeByte(b, new WithWriterArgs[0]);
            for (int i5 = 0; i5 < i2; i5++) {
                writeBufferByteBased.writeByte(b, new WithWriterArgs[0]);
            }
            int pos = writeBufferByteBased.getPos();
            writeBufferByteBased.setPos(4);
            writeBufferByteBased.writeInt(32, i4, new WithWriterArgs[0]);
            writeBufferByteBased.setPos(pos);
            for (byte b2 : sign(getBytes(writeBufferByteBased.getBytes(), 0, lengthInBytes + i2 + 1))) {
                writeBufferByteBased.writeByte(b2, new WithWriterArgs[0]);
            }
            writeBufferByteBased.setPos(i);
            encryptBlock(writeBufferByteBased, getBytes(writeBufferByteBased.getBytes(), i, i + i3));
            return new ReadBufferByteBased(writeBufferByteBased.getBytes(), ByteOrder.LITTLE_ENDIAN);
        } catch (SerializationException e) {
            throw new PlcRuntimeException("Unable to parse apu prior to encrypting");
        }
    }

    public OpcuaAPU decodeMessage(OpcuaAPU opcuaAPU) {
        byte[] message;
        LOGGER.info("Decoding Message with Security policy {}", this.securitypolicy);
        String str = this.securitypolicy;
        switch (str.hashCode()) {
            case -857086452:
                if (str.equals("Basic256Sha256")) {
                    if (opcuaAPU.getMessage() instanceof OpcuaOpenResponse) {
                        message = ((OpcuaOpenResponse) opcuaAPU.getMessage()).getMessage();
                    } else {
                        if (!(opcuaAPU.getMessage() instanceof OpcuaMessageResponse)) {
                            return opcuaAPU;
                        }
                        message = ((OpcuaMessageResponse) opcuaAPU.getMessage()).getMessage();
                    }
                    try {
                        int lengthInBytes = opcuaAPU.getLengthInBytes();
                        int length = message.length + 8;
                        int i = lengthInBytes - length;
                        WriteBufferByteBased writeBufferByteBased = new WriteBufferByteBased(i + ((length / 256) * 256), ByteOrder.LITTLE_ENDIAN);
                        opcuaAPU.serialize(writeBufferByteBased);
                        byte[] bytes = getBytes(writeBufferByteBased.getBytes(), i, lengthInBytes);
                        writeBufferByteBased.setPos(i);
                        decryptBlock(writeBufferByteBased, bytes);
                        int pos = writeBufferByteBased.getPos();
                        writeBufferByteBased.setPos(0);
                        if (!checkSignature(getBytes(writeBufferByteBased.getBytes(), 0, pos))) {
                            LOGGER.info("Signature verification failed: - {}", getBytes(writeBufferByteBased.getBytes(), 0, pos - 256));
                        }
                        writeBufferByteBased.setPos(4);
                        writeBufferByteBased.writeInt(32, pos - 256, new WithWriterArgs[0]);
                        return OpcuaAPU.staticParse((ReadBuffer) new ReadBufferByteBased(getBytes(writeBufferByteBased.getBytes(), 0, pos - 256), ByteOrder.LITTLE_ENDIAN), (Boolean) true);
                    } catch (SerializationException | ParseException e) {
                        LOGGER.error("Unable to Parse encrypted message");
                        break;
                    }
                }
                break;
            case 2433880:
                if (str.equals("None")) {
                    return opcuaAPU;
                }
                break;
        }
        return opcuaAPU;
    }

    public void decryptBlock(WriteBuffer writeBuffer, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(2, this.clientPrivateKey);
            for (int i = 0; i < bArr.length; i += 256) {
                byte[] doFinal = cipher.doFinal(bArr, i, 256);
                for (int i2 = 0; i2 < 214; i2++) {
                    writeBuffer.writeByte(doFinal[i2], new WithWriterArgs[0]);
                }
            }
        } catch (Exception e) {
            LOGGER.error("Unable to decrypt Data", e);
        }
    }

    public boolean checkSignature(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA", "BC");
            signature.initVerify(this.serverCertificate.getPublicKey());
            signature.update(bArr);
            return signature.verify(bArr, 0, bArr.length - 256);
        } catch (Exception e) {
            LOGGER.error("Unable to sign Data", e);
            return false;
        }
    }

    public byte[] encryptPassword(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, this.serverCertificate.getPublicKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            LOGGER.error("Unable to encrypt Data", e);
            return null;
        }
    }

    public void encryptBlock(WriteBuffer writeBuffer, byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, this.serverCertificate.getPublicKey());
            for (int i = 0; i < bArr.length; i += 190) {
                LOGGER.info("Iterate:- {}, Data Length:- {}", Integer.valueOf(i), Integer.valueOf(bArr.length));
                byte[] doFinal = cipher.doFinal(bArr, i, 190);
                for (int i2 = 0; i2 < 256; i2++) {
                    writeBuffer.writeByte(doFinal[i2], new WithWriterArgs[0]);
                }
            }
        } catch (Exception e) {
            LOGGER.error("Unable to encrypt Data", e);
        }
    }

    public void encryptHmacBlock(WriteBuffer writeBuffer, byte[] bArr) {
        try {
            Mac.getInstance("HmacSHA256").init(new SecretKeySpec(getSecretKey(), "HmacSHA256"));
        } catch (Exception e) {
            LOGGER.error("Unable to encrypt Data", e);
        }
    }

    public byte[] getSecretKey() {
        return null;
    }

    public static X509Certificate getCertificateX509(byte[] bArr) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            LOGGER.info("Public Key Length {}", Integer.valueOf(bArr.length));
            return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
        } catch (Exception e) {
            LOGGER.error("Unable to get certificate from String {}", bArr);
            return null;
        }
    }

    public byte[] sign(byte[] bArr) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA", "BC");
            signature.initSign(this.clientPrivateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            LOGGER.info("----------------Signature Length{}", Integer.valueOf(sign.length));
            return sign;
        } catch (Exception e) {
            LOGGER.error("Unable to sign Data", e);
            return null;
        }
    }

    private byte[] getBytes(byte[] bArr, int i, int i2) {
        int i3 = i2 - i;
        byte[] bArr2 = new byte[i3];
        System.arraycopy(bArr, i, bArr2, 0, i3);
        return bArr2;
    }
}
