package com.prosysopc.ua.stack.transport.tcp.impl;

import com.prosysopc.ua.stack.common.RuntimeServiceResultException;
import com.prosysopc.ua.stack.common.ServiceResultException;
import com.prosysopc.ua.stack.core.MessageSecurityMode;
import com.prosysopc.ua.stack.core.StatusCodes;
import com.prosysopc.ua.stack.transport.security.SecurityPolicy;
import com.prosysopc.ua.stack.utils.CryptoUtil;
import java.nio.ByteBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/transport/tcp/impl/ChunkSymmDecryptVerifier.class */
public class ChunkSymmDecryptVerifier implements Runnable {
    static Logger logger = LoggerFactory.getLogger((Class<?>) ChunkSymmDecryptVerifier.class);
    static final int lg = 8;
    static final int messageHeaderSize = 8;
    static final int lh = 8;
    static final int li = 16;
    ByteBuffer kZ;
    SecurityToken lj;

    public ChunkSymmDecryptVerifier(ByteBuffer byteBuffer, SecurityToken securityToken) {
        this.kZ = byteBuffer;
        this.lj = securityToken;
    }

    @Override // java.lang.Runnable
    public void run() throws RuntimeServiceResultException {
        int limit;
        SecurityPolicy securityPolicy = this.lj.getSecurityPolicy();
        MessageSecurityMode messageSecurityMode = this.lj.getMessageSecurityMode();
        int limit2 = this.kZ.limit();
        try {
            if (ChunkUtils.getTokenId(this.kZ) != this.lj.getTokenId()) {
                throw new ServiceResultException(StatusCodes.Bad_UnexpectedError);
            }
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                this.kZ.position(16);
                byte[] bArr = new byte[this.kZ.limit() - 16];
                this.kZ.get(bArr, 0, bArr.length);
                limit = a(this.lj, bArr, 0, bArr.length, this.kZ.array(), 16 + this.kZ.arrayOffset());
            } else {
                limit = this.kZ.limit() - 16;
            }
            int i = 0;
            int symmetricSignatureSize = securityPolicy.getSymmetricSignatureSize();
            if (messageSecurityMode == MessageSecurityMode.Sign || messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                byte[] bArr2 = new byte[symmetricSignatureSize];
                this.kZ.position(limit2 - symmetricSignatureSize);
                this.kZ.get(bArr2);
                this.kZ.position(0);
                byte[] bArr3 = new byte[(16 + limit) - symmetricSignatureSize];
                this.kZ.get(bArr3, 0, bArr3.length);
                a(this.lj, bArr3, bArr2);
            }
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                int i2 = ((16 + limit) - symmetricSignatureSize) - 1;
                byte b = this.kZ.get(i2);
                for (int i3 = i2 - b; i3 < i2; i3++) {
                    if (this.kZ.get(i3) != b) {
                        logger.error("Padding does not match");
                        throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Could not verify the padding in the message");
                    }
                }
                i = b + 1;
            }
            this.kZ.position(24);
            this.kZ.limit((((this.kZ.position() + limit) - 8) - i) - symmetricSignatureSize);
            if (((((this.kZ.limit() - 8) - 8) - 8) - symmetricSignatureSize) - i < 0) {
            }
        } catch (ServiceResultException e) {
            throw new RuntimeServiceResultException(e);
        }
    }

    private int a(SecurityToken securityToken, byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ServiceResultException {
        logger.debug("decrypt: dataToDecrypt.length={} inputOffset={} inputLength={} output.length={} outputOffset={}", Integer.valueOf(bArr.length), Integer.valueOf(i), Integer.valueOf(i2), Integer.valueOf(bArr2.length), Integer.valueOf(i3));
        return CryptoUtil.getCryptoProvider().decryptSymm(securityToken.getSecurityPolicy(), securityToken.getRemoteEncryptingKey(), securityToken.getRemoteInitializationVector(), bArr, i, i2, bArr2, i3);
    }

    private void a(SecurityToken securityToken, byte[] bArr, byte[] bArr2) throws ServiceResultException {
        CryptoUtil.getCryptoProvider().verifySymm(securityToken.getSecurityPolicy(), securityToken.getRemoteSigningKey(), bArr, 0, bArr.length, bArr2);
    }
}
