package com.prosysopc.ua;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.transport.security.Cert;
import org.opcfoundation.ua.transport.security.KeyPair;
import org.opcfoundation.ua.transport.security.PrivKey;
import org.opcfoundation.ua.transport.security.SecurityAlgorithm;
import org.opcfoundation.ua.transport.security.SecurityPolicy;
import org.opcfoundation.ua.utils.CryptoUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-3.1.8-580.jar:com/prosysopc/ua/SecureIdentity.class */
public class SecureIdentity {
    private static Logger logger = LoggerFactory.getLogger(SecureIdentity.class);
    protected Cert certificate;
    protected final PrivKey privateKey;

    private static byte[] a(byte[] bArr, byte[] bArr2, RSAPrivateKey rSAPrivateKey, SecurityAlgorithm securityAlgorithm) throws SecureIdentityException {
        if (logger.isDebugEnabled()) {
            logger.debug("rsa_Decrypt: {}", CryptoUtil.toHex(bArr));
        }
        if (securityAlgorithm == null) {
            System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
            return bArr2;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("rsa_Decrypt: algorithm={} transformation={}", securityAlgorithm, securityAlgorithm.getTransformation());
        }
        try {
            Cipher asymmetricCipher = CryptoUtil.getAsymmetricCipher(securityAlgorithm);
            int bitLength = rSAPrivateKey.getModulus().bitLength() / 8;
            logger.debug("rsa_Decrypt: {}", Integer.valueOf(bitLength));
            if (bArr.length % bitLength != 0) {
                logger.info("rsa_Decrypt: Wrong blockSize!!!");
                throw new SecureIdentityException("Error in asymmetric decrypt: Input data is not an even number of encryption blocks.");
            }
            try {
                asymmetricCipher.init(2, rSAPrivateKey);
                asymmetricCipher.getOutputSize(bArr.length);
                asymmetricCipher.getBlockSize();
                int i = 0;
                int length = 0 + bArr.length;
                int i2 = 0;
                for (int i3 = 0; i3 < length; i3 += bitLength) {
                    int doFinal = asymmetricCipher.doFinal(bArr, i2, bitLength, bArr2, i);
                    i2 += bitLength;
                    i += doFinal;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("rsa_Decrypt: output={}", CryptoUtil.toHex(bArr2));
                }
                return bArr2;
            } catch (ShortBufferException e) {
                logger.info("rsa_Decrypt: Error in asymmetric decrypt: ", (Throwable) e);
                throw new SecureIdentityException("Error in asymmetric decrypt", e);
            } catch (GeneralSecurityException e2) {
                logger.info("rsa_Decrypt: Error in asymmetric decrypt: ", (Throwable) e2);
                throw new SecureIdentityException("Error in asymmetric decrypt", e2);
            }
        } catch (ServiceResultException e3) {
            logger.info("rsa_Decrypt: Failed to get asymmetric cipher for algorithm {}", securityAlgorithm);
            throw new SecureIdentityException("Error in asymmetric decrypt: failed to get asymmtric cipher for algorithm" + securityAlgorithm, e3);
        }
    }

    public SecureIdentity(Cert cert, PrivKey privKey) {
        this.certificate = cert;
        this.privateKey = privKey;
    }

    public SecureIdentity(File file, File file2, String str) throws IOException, SecureIdentityException {
        try {
            this.certificate = Cert.load(file);
            this.privateKey = a(file2, str);
        } catch (CertificateException e) {
            throw new SecureIdentityException("Cannot load certificate from " + file, e);
        }
    }

    public SecureIdentity(File file, String str, String str2, String str3, String str4) throws IOException, SecureIdentityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(str4);
                        keyStore.load(fileInputStream, str3.toCharArray());
                        str = keyStore.containsAlias(str) ? str : null;
                        if (str == null) {
                            Enumeration<String> aliases = keyStore.aliases();
                            while (aliases.hasMoreElements()) {
                                str = aliases.nextElement();
                            }
                            if (str == null) {
                                throw new KeyStoreException("Empty Key Store.");
                            }
                        }
                        this.certificate = new Cert((X509Certificate) keyStore.getCertificate(str));
                        if (str2 != null) {
                            this.privateKey = new PrivKey((RSAPrivateKey) keyStore.getKey(str, str2.toCharArray()));
                        } else {
                            this.privateKey = new PrivKey((RSAPrivateKey) keyStore.getKey(str, null));
                        }
                    } catch (UnrecoverableKeyException e) {
                        throw new SecureIdentityException("Cannot load key from PKCS12 KeyStore: " + e.getMessage(), e);
                    }
                } catch (CertificateException e2) {
                    throw new SecureIdentityException("Cannot load key from PKCS12 KeyStore: " + e2.getMessage(), e2);
                }
            } catch (KeyStoreException e3) {
                throw new SecureIdentityException("Cannot load key from PKCS12 KeyStore: " + e3.getMessage(), e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SecureIdentityException("Cannot load key from PKCS12 KeyStore: " + e4.getMessage(), e4);
            }
        } finally {
            fileInputStream.close();
        }
    }

    public SecureIdentity(URL url, URL url2, String str) throws IOException, SecureIdentityException {
        try {
            this.certificate = Cert.load(url);
            try {
                this.privateKey = PrivKey.loadFromKeyStore(url2, str);
            } catch (KeyStoreException e) {
                throw new SecureIdentityException("Cannot load private key from " + url2, e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SecureIdentityException("Cannot load private key from " + url2, e2);
            } catch (UnrecoverableKeyException e3) {
                throw new SecureIdentityException("Cannot load private key from " + url2, e3);
            } catch (CertificateException e4) {
                throw new SecureIdentityException("Cannot load private key from " + url2, e4);
            }
        } catch (CertificateException e5) {
            throw new SecureIdentityException("Cannot load certificate from " + url, e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecureIdentity() {
        this.certificate = null;
        this.privateKey = null;
    }

    public byte[] decrypt(SecurityPolicy securityPolicy, byte[] bArr) throws SecureIdentityException {
        return decrypt(securityPolicy.getAsymmetricEncryptionAlgorithm(), bArr, this.privateKey);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v15, types: [int] */
    public byte[] encrypt(SecurityPolicy securityPolicy, byte[] bArr) throws SecureIdentityException {
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        SecurityAlgorithm asymmetricEncryptionAlgorithm = securityPolicy.getAsymmetricEncryptionAlgorithm();
        logger.debug("encrypt: algorithm={}", asymmetricEncryptionAlgorithm);
        try {
            int plainTextBlockSize = CryptoUtil.getPlainTextBlockSize(asymmetricEncryptionAlgorithm, this.certificate.getCertificate().getPublicKey());
            int length = (((bArr.length + 4) / plainTextBlockSize) + 1) * plainTextBlockSize;
            int length2 = ((bArr.length / plainTextBlockSize) + 1) * plainTextBlockSize;
            byte[] bArr2 = new byte[length];
            bArr2[0] = (byte) (255 & bArr.length);
            bArr2[1] = (byte) ((65280 & bArr.length) >> 8);
            bArr2[2] = (byte) ((16711680 & bArr.length) >> 16);
            bArr2[3] = ((-16777216) & bArr.length) >> 24;
            System.arraycopy(bArr, 0, bArr2, 4, bArr.length);
            byte[] bArr3 = new byte[length2];
            X509Certificate certificate = this.certificate.getCertificate();
            int i = 0;
            if (asymmetricEncryptionAlgorithm == null) {
                System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            } else {
                Key key = (RSAPublicKey) certificate.getPublicKey();
                try {
                    if (bArr2.length % plainTextBlockSize != 0) {
                        logger.warn("Wrong block size in asym encryption");
                        throw new SecureIdentityException("Error in asymmetric encrypt: Input data is not an even number of encryption blocks.");
                    }
                    Cipher cipher = Cipher.getInstance(asymmetricEncryptionAlgorithm.getTransformation());
                    try {
                        cipher.init(1, key);
                        int length3 = 0 + bArr2.length;
                        int i2 = 0;
                        for (int i3 = 0; i3 < length3; i3 += plainTextBlockSize) {
                            int doFinal = cipher.doFinal(bArr2, i2, plainTextBlockSize, bArr3, i);
                            i2 += plainTextBlockSize;
                            i += doFinal;
                        }
                    } catch (InvalidKeyException e) {
                        logger.debug("InvalidKeyException: ", (Throwable) e);
                        throw new SecureIdentityException("Error in asymmetric encrypt", e);
                    } catch (BadPaddingException e2) {
                        logger.debug("BadPaddingException: ", (Throwable) e2);
                        throw new SecureIdentityException("Error in asymmetric encrypt", e2);
                    } catch (IllegalBlockSizeException e3) {
                        logger.debug("IllegalBlockSizeException: ", (Throwable) e3);
                        throw new SecureIdentityException("Error in asymmetric encrypt", e3);
                    } catch (ShortBufferException e4) {
                        logger.debug("ShortBufferException: ", (Throwable) e4);
                        throw new SecureIdentityException("Error in asymmetric encrypt", e4);
                    }
                } catch (NoSuchAlgorithmException e5) {
                    logger.debug("NoSuchAlgorithmException: ", (Throwable) e5);
                    throw new SecureIdentityException("Error in asymmetric encrypt: no such algorithm ", e5);
                } catch (NoSuchPaddingException e6) {
                    logger.debug("NoSuchPaddingException: ", (Throwable) e6);
                    throw new SecureIdentityException("Error in asymmetric encrypt: failed to get asymmetric cipher", e6);
                }
            }
            return bArr3;
        } catch (ServiceResultException e7) {
            throw new SecureIdentityException("Error in asymmetric encrypt: failed to get plain text block size", e7);
        }
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof SecureIdentity)) {
            return false;
        }
        SecureIdentity secureIdentity = (SecureIdentity) obj;
        return this.certificate == null ? secureIdentity.certificate == null : this.certificate.equals(secureIdentity.certificate);
    }

    public Cert getCertificate() {
        return this.certificate;
    }

    public KeyPair getKeys() {
        if (this.certificate == null) {
            return null;
        }
        return new KeyPair(this.certificate, this.privateKey);
    }

    public PrivKey getPrivateKey() {
        return this.privateKey;
    }

    public int hashCode() {
        return 31 + (this.certificate == null ? 0 : this.certificate.hashCode());
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [org.opcfoundation.ua.transport.security.PrivKey, java.io.IOException] */
    private static PrivKey a(File file, String str) throws IOException, SecureIdentityException {
        ?? loadFromKeyStore;
        try {
            try {
                loadFromKeyStore = PrivKey.loadFromKeyStore(file, str);
                return loadFromKeyStore;
            } catch (IOException e) {
                if (loadFromKeyStore.getCause() instanceof UnrecoverableKeyException) {
                    throw new SecureIdentityException("Wrong password for key store " + file, e);
                }
                try {
                    return PrivKey.load(file, str);
                } catch (GeneralSecurityException e2) {
                    throw new SecureIdentityException("Cannot load private key from " + file, e2);
                }
            }
        } catch (KeyStoreException e3) {
            throw new SecureIdentityException("Cannot load private key from key store " + file, e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new SecureIdentityException("Cannot load private key from key store " + file, e4);
        } catch (UnrecoverableKeyException e5) {
            throw new SecureIdentityException("Cannot load private key from key store " + file, e5);
        } catch (CertificateException e6) {
            throw new SecureIdentityException("Cannot load private key from key store " + file, e6);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] decrypt(SecurityAlgorithm securityAlgorithm, byte[] bArr, PrivKey privKey) throws SecureIdentityException {
        if (bArr == null || bArr.length == 0) {
            return bArr;
        }
        RSAPrivateKey privateKey = privKey.getPrivateKey();
        byte[] bArr2 = new byte[(privateKey == null || privateKey.getModulus().bitLength() <= 2048) ? 256 : 512];
        a(bArr, bArr2, privateKey, securityAlgorithm);
        int i = 0 + bArr2[0] + (bArr2[1] << 8) + (bArr2[2] << 16) + (bArr2[3] << 24);
        if (logger.isDebugEnabled()) {
            logger.debug("decrypt: length={}", Integer.valueOf(i));
        }
        for (int i2 = i + 4; i2 < bArr2.length; i2++) {
            if (bArr2[i2] != 0) {
                throw new SecureIdentityException("Invalid padding");
            }
        }
        byte[] bArr3 = new byte[i];
        System.arraycopy(bArr2, 4, bArr3, 0, i);
        return bArr3;
    }
}
