package org.opcfoundation.ua.transport.tcp.impl;

import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.text.DateFormat;
import java.util.GregorianCalendar;
import javax.crypto.Mac;
import org.opcfoundation.ua.builtintypes.ByteString;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.MessageSecurityMode;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.transport.security.SecurityConfiguration;
import org.opcfoundation.ua.transport.security.SecurityPolicy;
import org.opcfoundation.ua.utils.CryptoUtil;

/* loaded from: input_file:BOOT-INF/lib/opc-ua-stack-1.3.346-197.jar:org/opcfoundation/ua/transport/tcp/impl/SecurityToken.class */
public class SecurityToken {
    private static final Charset UTF8 = Charset.forName("utf-8");
    private SecurityConfiguration securityConfiguration;
    private int tokenId;
    private int secureChannelId;
    private long creationTime;
    private long lifetime;
    private ByteString localNonce;
    private ByteString remoteNonce;
    private byte[] localSigningKey;
    private byte[] localEncryptingKey;
    private byte[] localInitializationVector;
    private byte[] remoteSigningKey;
    private byte[] remoteEncryptingKey;
    private byte[] remoteInitializationVector;

    public SecurityToken(SecurityConfiguration securityConfiguration, int i, int i2, long j, long j2, ByteString byteString, ByteString byteString2) throws ServiceResultException {
        if (securityConfiguration == null) {
            throw new IllegalArgumentException("null arg");
        }
        this.secureChannelId = i;
        this.securityConfiguration = securityConfiguration;
        this.tokenId = i2;
        this.lifetime = j2;
        this.creationTime = j;
        this.localNonce = byteString;
        this.remoteNonce = byteString2;
        boolean z = securityConfiguration.getMessageSecurityMode() == MessageSecurityMode.None;
        int signatureKeySize = getSecurityPolicy().getSignatureKeySize();
        int encryptionKeySize = getSecurityPolicy().getEncryptionKeySize();
        int encryptionBlockSize = getSecurityPolicy().getEncryptionBlockSize();
        this.localSigningKey = z ? null : PSHA(getRemoteNonce(), null, getLocalNonce(), 0, signatureKeySize);
        this.localEncryptingKey = z ? null : PSHA(getRemoteNonce(), null, getLocalNonce(), signatureKeySize, encryptionKeySize);
        this.localInitializationVector = z ? null : PSHA(getRemoteNonce(), null, getLocalNonce(), signatureKeySize + encryptionKeySize, encryptionBlockSize);
        this.remoteSigningKey = z ? null : PSHA(getLocalNonce(), null, getRemoteNonce(), 0, signatureKeySize);
        this.remoteEncryptingKey = z ? null : PSHA(getLocalNonce(), null, getRemoteNonce(), signatureKeySize, encryptionKeySize);
        this.remoteInitializationVector = z ? null : PSHA(getLocalNonce(), null, getRemoteNonce(), signatureKeySize + encryptionKeySize, encryptionBlockSize);
    }

    private byte[] PSHA(ByteString byteString, String str, ByteString byteString2, int i, int i2) throws ServiceResultException {
        if (byteString == null) {
            throw new IllegalArgumentException("ArgumentNullException: secret");
        }
        if (i < 0) {
            throw new IllegalArgumentException("ArgumentOutOfRangeException: offset");
        }
        if (i2 < 0) {
            throw new IllegalArgumentException("ArgumentOutOfRangeException: offset");
        }
        byte[] bytes = (str == null || str.isEmpty()) ? null : str.getBytes(UTF8);
        if (byteString2 != null && byteString2.getLength() > 0) {
            if (bytes != null) {
                ByteBuffer allocate = ByteBuffer.allocate(bytes.length + byteString2.getLength());
                allocate.put(bytes);
                allocate.put(byteString2.getValue());
                allocate.rewind();
                bytes = allocate.array();
            } else {
                bytes = byteString2.getValue();
            }
        }
        if (bytes == null) {
            throw new ServiceResultException(StatusCodes.Bad_UnexpectedError, "The PSHA algorithm requires a non-null seed.");
        }
        Mac createMac = CryptoUtil.createMac(this.securityConfiguration.getSecurityPolicy().getKeyDerivationAlgorithm(), byteString.getValue());
        createMac.update(bytes);
        byte[] doFinal = createMac.doFinal();
        byte[] bArr = new byte[createMac.getMacLength() + bytes.length];
        System.arraycopy(doFinal, 0, bArr, 0, doFinal.length);
        System.arraycopy(bytes, 0, bArr, doFinal.length, bytes.length);
        byte[] bArr2 = new byte[i2];
        int i3 = 0;
        do {
            createMac.update(bArr);
            byte[] doFinal2 = createMac.doFinal();
            if (i < doFinal2.length) {
                for (int i4 = i; i3 < i2 && i4 < doFinal2.length; i4++) {
                    int i5 = i3;
                    i3++;
                    bArr2[i5] = doFinal2[i4];
                }
            }
            i = i > doFinal2.length ? i - doFinal2.length : 0;
            createMac.update(doFinal);
            doFinal = createMac.doFinal();
            System.arraycopy(doFinal, 0, bArr, 0, doFinal.length);
        } while (i3 < i2);
        return bArr2;
    }

    public boolean isValid() {
        return System.currentTimeMillis() < (this.creationTime + this.lifetime) + (this.lifetime / 4);
    }

    public boolean isTimeToRenew() {
        return this.creationTime + ((this.lifetime * 3) / 4) < System.currentTimeMillis();
    }

    public boolean isExpired() {
        return System.currentTimeMillis() >= this.creationTime + this.lifetime;
    }

    public SecurityPolicy getSecurityPolicy() {
        return this.securityConfiguration.getSecurityPolicy();
    }

    public SecurityConfiguration getSecurityConfiguration() {
        return this.securityConfiguration;
    }

    public MessageSecurityMode getMessageSecurityMode() {
        return this.securityConfiguration.getMessageSecurityMode();
    }

    public byte[] getLocalSigningKey() {
        return this.localSigningKey;
    }

    public void setLocalSigningKey(byte[] bArr) {
        this.localSigningKey = bArr;
    }

    public byte[] getLocalEncryptingKey() {
        return this.localEncryptingKey;
    }

    public void setLocalEncryptingKey(byte[] bArr) {
        this.localEncryptingKey = bArr;
    }

    public byte[] getLocalInitializationVector() {
        return this.localInitializationVector;
    }

    public void setLocalInitializationVector(byte[] bArr) {
        this.localInitializationVector = bArr;
    }

    public byte[] getRemoteSigningKey() {
        return this.remoteSigningKey;
    }

    public void setRemoteSigningKey(byte[] bArr) {
        this.remoteSigningKey = bArr;
    }

    public byte[] getRemoteEncryptingKey() {
        return this.remoteEncryptingKey;
    }

    public void setRemoteEncryptingKey(byte[] bArr) {
        this.remoteEncryptingKey = bArr;
    }

    public byte[] getRemoteInitializationVector() {
        return this.remoteInitializationVector;
    }

    public void setRemoteInitializationVector(byte[] bArr) {
        this.remoteInitializationVector = bArr;
    }

    public Mac createRemoteHmac() throws ServiceResultException {
        return createHmac(getRemoteSigningKey());
    }

    public Mac createLocalHmac() throws ServiceResultException {
        return createHmac(getLocalSigningKey());
    }

    protected Mac createHmac(byte[] bArr) throws ServiceResultException {
        return CryptoUtil.createMac(this.securityConfiguration.getSecurityPolicy().getSymmetricSignatureAlgorithm(), bArr);
    }

    public ByteString getLocalNonce() {
        return this.localNonce;
    }

    public ByteString getRemoteNonce() {
        return this.remoteNonce;
    }

    public int getSecureChannelId() {
        return this.secureChannelId;
    }

    public int getTokenId() {
        return this.tokenId;
    }

    public long getCreationTime() {
        return this.creationTime;
    }

    public long getLifeTime() {
        return this.lifetime;
    }

    public long getRenewTime() {
        return this.creationTime + ((this.lifetime * 3) / 4);
    }

    public String toString() {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(this.creationTime);
        return "SecurityToken(Id=" + this.tokenId + ", secureChannelId=" + this.secureChannelId + ", creationTime=" + DateFormat.getDateTimeInstance().format(gregorianCalendar.getTime()) + ", lifetime=" + this.lifetime + ")";
    }
}
