package org.apache.plc4x.java.opcua.context;

import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import javax.crypto.Cipher;
import org.apache.plc4x.java.opcua.protocol.chunk.Chunk;
import org.apache.plc4x.java.opcua.security.SecurityPolicy;
import org.apache.plc4x.java.spi.generation.WithWriterArgs;
import org.apache.plc4x.java.spi.generation.WriteBufferByteBased;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/AsymmetricEncryptionHandler.class */
public class AsymmetricEncryptionHandler extends BaseEncryptionHandler {
    private final PrivateKey senderPrivateKey;
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !AsymmetricEncryptionHandler.class.desiredAssertionStatus();
    }

    public AsymmetricEncryptionHandler(Conversation conversation, SecurityPolicy securityPolicy, PrivateKey privateKey) {
        super(conversation, securityPolicy);
        this.senderPrivateKey = privateKey;
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected void verify(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception {
        int signatureSize = i - chunk.getSignatureSize();
        byte[] bytes = writeBufferByteBased.getBytes(0, signatureSize);
        byte[] bytes2 = writeBufferByteBased.getBytes(signatureSize, signatureSize + chunk.getSignatureSize());
        Signature signature = this.securityPolicy.getAsymmetricSignatureAlgorithm().getSignature();
        signature.initVerify(this.conversation.getRemoteCertificate().getPublicKey());
        signature.update(bytes);
        if (signature.verify(bytes2)) {
            throw new IllegalArgumentException("Invalid signature");
        }
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected int decrypt(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception {
        int securityHeaderSize = 12 + chunk.getSecurityHeaderSize();
        int i2 = i - securityHeaderSize;
        int cipherTextBlockSize = i2 / chunk.getCipherTextBlockSize();
        if (!$assertionsDisabled && i2 % chunk.getCipherTextBlockSize() != 0) {
            throw new AssertionError();
        }
        byte[] bytes = writeBufferByteBased.getBytes(securityHeaderSize, securityHeaderSize + i2);
        byte[] bArr = new byte[chunk.getCipherTextBlockSize() * cipherTextBlockSize];
        Cipher cipher = this.securityPolicy.getAsymmetricEncryptionAlgorithm().getCipher();
        cipher.init(2, this.senderPrivateKey);
        int i3 = 0;
        for (int i4 = 0; i4 < cipherTextBlockSize; i4++) {
            int cipherTextBlockSize2 = i4 * chunk.getCipherTextBlockSize();
            i3 += cipher.doFinal(bytes, cipherTextBlockSize2, chunk.getCipherTextBlockSize(), bArr, cipherTextBlockSize2);
        }
        writeBufferByteBased.setPos(securityHeaderSize);
        byte[] bArr2 = new byte[i3];
        System.arraycopy(bArr, 0, bArr2, 0, i3);
        writeBufferByteBased.writeByteArray("payload", bArr2, new WithWriterArgs[0]);
        return i3;
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected void encrypt(WriteBufferByteBased writeBufferByteBased, int i, int i2, int i3, int i4) throws Exception {
        int i5 = 12 + i;
        byte[] bytes = writeBufferByteBased.getBytes(i5, i5 + (i2 * i4));
        byte[] bArr = new byte[i3 * i4];
        Cipher cipher = this.securityPolicy.getAsymmetricEncryptionAlgorithm().getCipher();
        cipher.init(1, this.conversation.getRemoteCertificate().getPublicKey());
        for (int i6 = 0; i6 < i4; i6++) {
            cipher.doFinal(bytes, i6 * i2, i2, bArr, i6 * i3);
        }
        writeBufferByteBased.setPos(i5);
        writeBufferByteBased.writeByteArray("encrypted", bArr, new WithWriterArgs[0]);
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    public byte[] sign(byte[] bArr) throws GeneralSecurityException {
        Signature signature = this.securityPolicy.getAsymmetricSignatureAlgorithm().getSignature();
        signature.initSign(this.senderPrivateKey);
        signature.update(bArr);
        return signature.sign();
    }
}
