package com.prosysopc.ua.stack.transport.tcp.impl;

import com.prosysopc.ua.stack.common.RuntimeServiceResultException;
import com.prosysopc.ua.stack.common.ServiceResultException;
import com.prosysopc.ua.stack.core.MessageSecurityMode;
import com.prosysopc.ua.stack.core.StatusCodes;
import com.prosysopc.ua.stack.transport.security.SecurityConfiguration;
import com.prosysopc.ua.stack.transport.security.SecurityPolicy;
import com.prosysopc.ua.stack.utils.CryptoUtil;
import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/transport/tcp/impl/ChunkAsymmEncryptSigner.class */
public class ChunkAsymmEncryptSigner implements Runnable {
    static Logger logger = LoggerFactory.getLogger((Class<?>) ChunkAsymmEncryptSigner.class);
    ByteBuffer kZ;
    ByteBuffer ld;
    SecurityConfiguration le;
    private int signatureSize;

    public ChunkAsymmEncryptSigner(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, SecurityConfiguration securityConfiguration) {
        this.kZ = byteBuffer;
        this.ld = byteBuffer2;
        this.le = securityConfiguration;
    }

    @Override // java.lang.Runnable
    public void run() throws RuntimeServiceResultException {
        try {
            int limit = this.ld.limit();
            MessageSecurityMode messageSecurityMode = this.le.getMessageSecurityMode();
            if (messageSecurityMode == MessageSecurityMode.Sign) {
                messageSecurityMode = MessageSecurityMode.SignAndEncrypt;
            }
            this.signatureSize = MessageSecurityMode.Sign == messageSecurityMode || MessageSecurityMode.SignAndEncrypt == messageSecurityMode ? CryptoUtil.getSignatureSize(this.le.getSecurityPolicy().getAsymmetricSignatureAlgorithm(), this.le.getLocalPrivateKey()) : 0;
            logger.debug("SecurityMode in asymm enc: {}", Integer.valueOf(messageSecurityMode.getValue()));
            int i = 0;
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                int keySize = this.le.getRemoteCertificate2().getKeySize();
                logger.trace("keySize={}", Integer.valueOf(keySize));
                i = j(keySize);
                logger.trace("padding={}", Integer.valueOf(i));
            }
            if (messageSecurityMode == MessageSecurityMode.Sign || messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                byte[] bArr = new byte[this.ld.arrayOffset() + limit + i];
                this.kZ.rewind();
                this.kZ.get(bArr, 0, bArr.length);
                this.kZ.put(a(bArr, this.le.getLocalPrivateKey()));
            }
            if (logger.isTraceEnabled()) {
                logger.trace("getPaddingSize: chunk={}", CryptoUtil.toHex(this.kZ.array(), 64));
            }
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                byte[] bArr2 = new byte[8 + limit + i + this.signatureSize];
                this.kZ.position(this.ld.arrayOffset() - 8);
                this.kZ.get(bArr2, 0, bArr2.length);
                a(bArr2, this.le.getRemoteCertificate().getPublicKey(), this.kZ.array(), this.ld.arrayOffset() - 8);
            }
            this.kZ.position(this.ld.arrayOffset());
        } catch (ServiceResultException e) {
            throw new RuntimeServiceResultException(e);
        }
    }

    private void a(byte[] bArr, PublicKey publicKey, byte[] bArr2, int i) throws ServiceResultException {
        SecurityPolicy securityPolicy = this.le.getSecurityPolicy();
        logger.debug("rsa_Encrypt: policy={}", securityPolicy);
        int plainTextBlockSize = CryptoUtil.getPlainTextBlockSize(securityPolicy.getAsymmetricEncryptionAlgorithm(), this.le.getRemoteCertificate().getPublicKey());
        logger.debug("encrypt: inputBlockSize={}", Integer.valueOf(plainTextBlockSize));
        if (bArr.length % plainTextBlockSize != 0) {
            logger.error("Wrong block size in asym encryption: length={} inputBlockSize={}", Integer.valueOf(bArr.length), Integer.valueOf(plainTextBlockSize));
            throw new ServiceResultException(StatusCodes.Bad_InternalError, "Error in asymmetric encrypt: Input data is not an even number of encryption blocks.");
        }
        CryptoUtil.getCryptoProvider().encryptAsymm(publicKey, this.le.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
        if (logger.isTraceEnabled()) {
            logger.trace("encrypt: dataToEncrypt={}", CryptoUtil.toHex(bArr, 64));
            logger.trace("encrypt: output={}", CryptoUtil.toHex(bArr2, 64));
        }
    }

    private int j(int i) {
        int limit = this.kZ.limit() - 1;
        if (logger.isTraceEnabled()) {
            logger.trace("getPaddingSize: chunk={}", CryptoUtil.toHex(this.kZ.array(), 64));
            logger.trace("getPaddingSize: plaintext={}", CryptoUtil.toHex(this.ld.array(), 64));
            logger.trace("getPaddingSize: plaintext.arrayOffset()={}", Integer.valueOf(this.ld.arrayOffset()));
            logger.trace("getPaddingSize: plaintext.limit()={}", Integer.valueOf(this.ld.limit()));
            logger.trace("getPaddingSize: lastPaddingBytePosition={}", Integer.valueOf(limit));
        }
        if (i <= 2048) {
            return (this.kZ.get(limit) & 255 & 255) + 1;
        }
        int i2 = this.kZ.get(limit) & 255;
        int i3 = this.kZ.get(limit - 1) & 255;
        logger.trace("getPaddingSize: paddingByte={}", Integer.valueOf(i3));
        logger.trace("getPaddingSize: extraPaddingByte={}", Integer.valueOf(i2));
        logger.trace("getPaddingSize: padding={}", Integer.valueOf(i3 | (i2 << 8)));
        return ((i3 & 255) | ((i2 & 255) << 8)) + 2;
    }

    private byte[] a(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws ServiceResultException {
        if (this.le.getSecurityPolicy() == SecurityPolicy.NONE) {
            return null;
        }
        byte[] signAsymm = CryptoUtil.getCryptoProvider().signAsymm(rSAPrivateKey, this.le.getSecurityPolicy().getAsymmetricSignatureAlgorithm(), bArr);
        if (logger.isTraceEnabled()) {
            logger.trace("sign: dataToSign={}", CryptoUtil.toHex(bArr, 64));
            logger.trace("sign: signature={}", CryptoUtil.toHex(signAsymm, 64));
        }
        return signAsymm;
    }
}
