package org.opcfoundation.ua.utils;

import java.lang.reflect.Array;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.NetworkInterface;
import java.net.SocketAddress;
import java.net.SocketException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.opcfoundation.ua.builtintypes.ByteString;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.AnonymousIdentityToken;
import org.opcfoundation.ua.core.EndpointDescription;
import org.opcfoundation.ua.core.IssuedIdentityToken;
import org.opcfoundation.ua.core.MessageSecurityMode;
import org.opcfoundation.ua.core.SignatureData;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.core.UserIdentityToken;
import org.opcfoundation.ua.core.UserNameIdentityToken;
import org.opcfoundation.ua.core.UserTokenPolicy;
import org.opcfoundation.ua.core.UserTokenType;
import org.opcfoundation.ua.core.X509IdentityToken;
import org.opcfoundation.ua.encoding.binary.BinaryEncoder;
import org.opcfoundation.ua.transport.UriUtil;
import org.opcfoundation.ua.transport.security.Cert;
import org.opcfoundation.ua.transport.security.SecurityAlgorithm;
import org.opcfoundation.ua.transport.security.SecurityPolicy;
import org.opcfoundation.ua.utils.bytebuffer.ByteBufferUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opc-ua-stack-1.3.346-197.jar:org/opcfoundation/ua/utils/EndpointUtil.class */
public class EndpointUtil {
    private static Logger logger = LoggerFactory.getLogger(EndpointUtil.class);

    public static EndpointDescription select(EndpointDescription[] endpointDescriptionArr, String str) throws ServiceResultException {
        EndpointDescription[] select = select(endpointDescriptionArr, str, null, null, null, null);
        if (select.length > 0) {
            return select(select);
        }
        EndpointDescription[] select2 = select(endpointDescriptionArr, null, UriUtil.getTransportProtocol(str), null, null, null);
        return select2.length > 0 ? select(select2) : select(endpointDescriptionArr);
    }

    public static EndpointDescription select(EndpointDescription[] endpointDescriptionArr) throws ServiceResultException {
        EndpointDescription[] selectByProtocol = selectByProtocol(endpointDescriptionArr, UriUtil.SCHEME_OPCTCP);
        if (selectByProtocol.length != 0) {
            EndpointDescription[] sortBySecurityLevel = sortBySecurityLevel(selectByProtocol);
            return sortBySecurityLevel[sortBySecurityLevel.length - 1];
        }
        EndpointDescription[] selectByProtocol2 = selectByProtocol(endpointDescriptionArr, "https");
        if (selectByProtocol2.length == 0) {
            throw new ServiceResultException("No compatible endpoint was found");
        }
        return selectByProtocol2[0];
    }

    public static EndpointDescription[] select(EndpointDescription[] endpointDescriptionArr, String str, String str2, MessageSecurityMode messageSecurityMode, SecurityPolicy securityPolicy, byte[] bArr) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            String lowerCase = endpointDescription.getEndpointUrl() == null ? null : endpointDescription.getEndpointUrl().toLowerCase();
            if (lowerCase != null && ((str2 == null || lowerCase.startsWith(str2.toLowerCase())) && ((str == null || ObjectUtils.objectEquals(lowerCase, str.toLowerCase())) && ((messageSecurityMode == null || ObjectUtils.objectEquals(endpointDescription.getSecurityMode(), messageSecurityMode)) && ((securityPolicy == null || ObjectUtils.objectEquals(endpointDescription.getSecurityPolicyUri(), securityPolicy.getPolicyUri())) && (bArr == null || Arrays.equals(bArr, ByteString.asByteArray(endpointDescription.getServerCertificate())))))))) {
                arrayList.add(endpointDescription);
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] select(EndpointDescription[] endpointDescriptionArr, int i, int i2) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            try {
                int keySize = new Cert(ByteString.asByteArray(endpointDescription.getServerCertificate())).getKeySize();
                if (keySize >= i && keySize <= i2) {
                    arrayList.add(endpointDescription);
                }
            } catch (ServiceResultException e) {
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] selectByProtocol(EndpointDescription[] endpointDescriptionArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            if (endpointDescription.getEndpointUrl().toLowerCase().startsWith(str.toLowerCase())) {
                arrayList.add(endpointDescription);
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] selectByMessageSecurityMode(EndpointDescription[] endpointDescriptionArr, MessageSecurityMode messageSecurityMode) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            if (endpointDescription.getSecurityMode() == messageSecurityMode) {
                arrayList.add(endpointDescription);
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] selectBySecurityPolicy(EndpointDescription[] endpointDescriptionArr, SecurityPolicy securityPolicy) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            if (ObjectUtils.objectEquals(endpointDescription.getSecurityPolicyUri(), securityPolicy.getPolicyUri())) {
                arrayList.add(endpointDescription);
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] selectByUrl(EndpointDescription[] endpointDescriptionArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (EndpointDescription endpointDescription : endpointDescriptionArr) {
            if (str.equalsIgnoreCase(endpointDescription.getEndpointUrl())) {
                arrayList.add(endpointDescription);
            }
        }
        return (EndpointDescription[]) arrayList.toArray(new EndpointDescription[arrayList.size()]);
    }

    public static EndpointDescription[] sortBySecurityLevel(EndpointDescription[] endpointDescriptionArr) {
        Comparator<EndpointDescription> comparator = new Comparator<EndpointDescription>() { // from class: org.opcfoundation.ua.utils.EndpointUtil.1
            @Override // java.util.Comparator
            public int compare(EndpointDescription endpointDescription, EndpointDescription endpointDescription2) {
                return endpointDescription.getSecurityLevel().intValue() - endpointDescription2.getSecurityLevel().intValue();
            }
        };
        EndpointDescription[] endpointDescriptionArr2 = (EndpointDescription[]) endpointDescriptionArr.clone();
        Arrays.sort(endpointDescriptionArr2, comparator);
        return endpointDescriptionArr2;
    }

    public static EndpointDescription selectEndpoint(EndpointDescription[] endpointDescriptionArr) {
        if (endpointDescriptionArr == null) {
            throw new IllegalArgumentException("null arg");
        }
        EndpointDescription[] selectByMessageSecurityMode = selectByMessageSecurityMode(selectByProtocol(endpointDescriptionArr, UriUtil.SCHEME_OPCTCP), MessageSecurityMode.SignAndEncrypt);
        if (selectByMessageSecurityMode.length == 0) {
            return null;
        }
        EndpointDescription[] sortBySecurityLevel = sortBySecurityLevel(selectByMessageSecurityMode);
        reverse(sortBySecurityLevel);
        return sortBySecurityLevel[0];
    }

    public static void reverse(Object obj) {
        int length = Array.getLength(obj);
        for (int i = 0; i < length / 2; i++) {
            Object obj2 = Array.get(obj, i);
            Array.set(obj, i, Array.get(obj, (length - 1) - i));
            Array.set(obj, (length - i) - 1, obj2);
        }
    }

    /* JADX WARN: Type inference failed for: r0v31, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v38, types: [byte[], byte[][]] */
    public static UserIdentityToken createUserNameIdentityToken(EndpointDescription endpointDescription, byte[] bArr, String str, String str2) throws ServiceResultException {
        UserTokenPolicy findUserTokenPolicy = endpointDescription.findUserTokenPolicy(UserTokenType.UserName);
        if (findUserTokenPolicy == null) {
            throw new ServiceResultException(StatusCodes.Bad_IdentityTokenRejected, "UserName not supported");
        }
        String securityPolicyUri = findUserTokenPolicy.getSecurityPolicyUri();
        if (securityPolicyUri == null) {
            securityPolicyUri = endpointDescription.getSecurityPolicyUri();
        }
        SecurityPolicy securityPolicy = SecurityPolicy.getSecurityPolicy(securityPolicyUri);
        if (securityPolicy == null) {
            securityPolicy = SecurityPolicy.NONE;
        }
        UserNameIdentityToken userNameIdentityToken = new UserNameIdentityToken();
        userNameIdentityToken.setUserName(str);
        userNameIdentityToken.setPolicyId(findUserTokenPolicy.getPolicyId());
        SecurityAlgorithm asymmetricEncryptionAlgorithm = securityPolicy.getAsymmetricEncryptionAlgorithm();
        logger.debug("createUserNameIdentityToken: algorithm={}", asymmetricEncryptionAlgorithm);
        byte[] bytes = str2.getBytes(BinaryEncoder.UTF8);
        if (asymmetricEncryptionAlgorithm == null) {
            userNameIdentityToken.setPassword(ByteString.valueOf(bytes));
        } else {
            try {
                byte[] asByteArray = ByteString.asByteArray(endpointDescription.getServerCertificate());
                userNameIdentityToken.setPassword(ByteString.valueOf(CryptoUtil.encryptAsymm(bArr != null ? ByteBufferUtils.concatenate(new byte[]{toArray(bytes.length + bArr.length), bytes, bArr}) : ByteBufferUtils.concatenate(new byte[]{toArray(bytes.length), bytes}), ((asByteArray == null || asByteArray.length == 0) ? null : new Cert(asByteArray)).getCertificate().getPublicKey(), asymmetricEncryptionAlgorithm)));
                userNameIdentityToken.setEncryptionAlgorithm(asymmetricEncryptionAlgorithm.getUri());
            } catch (InvalidKeyException e) {
                throw new ServiceResultException(StatusCodes.Bad_CertificateInvalid, "Server certificate in endpoint is invalid: " + e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
            } catch (BadPaddingException e3) {
                throw new ServiceResultException(StatusCodes.Bad_CertificateInvalid, "Server certificate in endpoint is invalid: " + e3.getMessage());
            } catch (IllegalBlockSizeException e4) {
                throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, e4.getClass().getName() + ":" + e4.getMessage());
            } catch (NoSuchPaddingException e5) {
                throw new ServiceResultException(StatusCodes.Bad_InternalError, e5);
            }
        }
        return userNameIdentityToken;
    }

    /* JADX WARN: Type inference failed for: r0v30, types: [byte[], byte[][]] */
    public static UserIdentityToken createIssuedIdentityToken(EndpointDescription endpointDescription, byte[] bArr, byte[] bArr2) throws ServiceResultException {
        UserTokenPolicy findUserTokenPolicy = endpointDescription.findUserTokenPolicy(UserTokenType.IssuedToken);
        if (findUserTokenPolicy == null) {
            throw new ServiceResultException(StatusCodes.Bad_IdentityTokenRejected, "IssuedToken not supported");
        }
        String securityPolicyUri = findUserTokenPolicy.getSecurityPolicyUri();
        if (securityPolicyUri == null) {
            securityPolicyUri = endpointDescription.getSecurityPolicyUri();
        }
        SecurityPolicy securityPolicy = SecurityPolicy.getSecurityPolicy(securityPolicyUri);
        if (securityPolicy == null) {
            securityPolicy = SecurityPolicy.NONE;
        }
        IssuedIdentityToken issuedIdentityToken = new IssuedIdentityToken();
        issuedIdentityToken.setTokenData(ByteString.valueOf(bArr2));
        SecurityAlgorithm asymmetricEncryptionAlgorithm = securityPolicy.getAsymmetricEncryptionAlgorithm();
        if (asymmetricEncryptionAlgorithm == null) {
            asymmetricEncryptionAlgorithm = SecurityAlgorithm.RsaOaep;
        }
        try {
            Cipher cipher = Cipher.getInstance(asymmetricEncryptionAlgorithm.getStandardName());
            cipher.init(1, new Cert(ByteString.asByteArray(endpointDescription.getServerCertificate())).getCertificate());
            byte[] bArr3 = bArr2;
            if (bArr != null) {
                bArr3 = ByteBufferUtils.concatenate(new byte[]{toArray(bArr2.length + bArr.length), bArr2, bArr});
            }
            issuedIdentityToken.setTokenData(ByteString.valueOf(cipher.doFinal(bArr3)));
            issuedIdentityToken.setEncryptionAlgorithm(asymmetricEncryptionAlgorithm.getUri());
            return issuedIdentityToken;
        } catch (InvalidKeyException e) {
            throw new ServiceResultException(StatusCodes.Bad_CertificateInvalid, "Server certificate in endpoint is invalid: " + e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
        } catch (BadPaddingException e3) {
            throw new ServiceResultException(StatusCodes.Bad_CertificateInvalid, "Server certificate in endpoint is invalid: " + e3.getMessage());
        } catch (IllegalBlockSizeException e4) {
            throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, e4.getClass().getName() + ":" + e4.getMessage());
        } catch (NoSuchPaddingException e5) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e5);
        }
    }

    public static Set<InetAddress> getInetAddresses() throws SocketException {
        return getInetAddresses(false);
    }

    public static Set<InetAddress> getInetAddresses(boolean z) throws SocketException {
        HashSet hashSet = new HashSet();
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            Enumeration<InetAddress> inetAddresses = networkInterfaces.nextElement().getInetAddresses();
            while (inetAddresses.hasMoreElements()) {
                InetAddress nextElement = inetAddresses.nextElement();
                if (!(nextElement instanceof Inet6Address) || z) {
                    hashSet.add(nextElement);
                }
            }
        }
        return hashSet;
    }

    public static String getHostname() throws SocketException {
        try {
            String hostName = InetAddress.getLocalHost().getHostName();
            if (hostName != null) {
                return hostName;
            }
        } catch (UnknownHostException e) {
        }
        for (InetAddress inetAddress : getInetAddresses()) {
            String hostAddress = inetAddress.getHostAddress();
            String inetAddressToName = inetAddressToName(inetAddress);
            if (!hostAddress.equals(inetAddressToName)) {
                return inetAddressToName;
            }
        }
        return SshdSocketAddress.LOCALHOST_NAME;
    }

    public static Set<String> getInetAddressNames() throws SocketException {
        HashSet hashSet = new HashSet();
        Enumeration<NetworkInterface> networkInterfaces = NetworkInterface.getNetworkInterfaces();
        while (networkInterfaces.hasMoreElements()) {
            Enumeration<InetAddress> inetAddresses = networkInterfaces.nextElement().getInetAddresses();
            while (inetAddresses.hasMoreElements()) {
                InetAddress nextElement = inetAddresses.nextElement();
                if (!(nextElement instanceof Inet6Address)) {
                    hashSet.add(inetAddressToName(nextElement));
                }
            }
        }
        return hashSet;
    }

    public static String inetAddressToName(InetAddress inetAddress) {
        String hostName = inetAddress.getHostName();
        String hostAddress = inetAddress.getHostAddress();
        return !hostName.equals(hostAddress) ? hostName : inetAddress instanceof Inet6Address ? "[" + hostAddress + "]" : hostAddress;
    }

    public static List<SocketAddress> toSocketAddresses(String str) throws IllegalArgumentException {
        return toSocketAddresses(str, false);
    }

    public static List<SocketAddress> toSocketAddresses(String str, boolean z) throws IllegalArgumentException {
        ArrayList arrayList = new ArrayList();
        if (str == null) {
            throw new IllegalArgumentException("URL not valid.");
        }
        try {
            URI uri = new URI(str);
            String transportProtocol = UriUtil.getTransportProtocol(str);
            String host = uri.getHost();
            int port = uri.getPort();
            if (host == null) {
                String[] split = str.split("/+")[1].split(":");
                host = split[0];
                try {
                    port = Integer.parseInt(split[1]);
                } catch (ArrayIndexOutOfBoundsException e) {
                    port = 0;
                } catch (NumberFormatException e2) {
                    port = 0;
                }
            }
            String lowerCase = transportProtocol.toLowerCase();
            if (port == 0 || port == -1) {
                port = UriUtil.defaultPort(lowerCase);
            }
            if (!lowerCase.equals(UriUtil.SCHEME_OPCTCP) && !lowerCase.equals("http") && !lowerCase.equals("https")) {
                throw new IllegalArgumentException("Unsupported protocol " + lowerCase);
            }
            try {
                InetAddress[] allByName = InetAddress.getAllByName(host);
                boolean z2 = false;
                boolean z3 = false;
                for (InetAddress inetAddress : allByName) {
                    z2 |= inetAddress instanceof Inet4Address;
                    z3 |= inetAddress instanceof Inet6Address;
                }
                for (InetAddress inetAddress2 : allByName) {
                    boolean z4 = inetAddress2 instanceof Inet6Address;
                    if (!z && z4 && z3 && z2) {
                        logger.warn("Binding of {} to {} was omited. (Workaround)", str, inetAddress2.getHostAddress());
                    } else {
                        arrayList.add(new InetSocketAddress(inetAddress2, port));
                    }
                }
                return arrayList;
            } catch (UnknownHostException e3) {
                throw new IllegalArgumentException(e3);
            }
        } catch (URISyntaxException e4) {
            throw new IllegalArgumentException("Invalid URL", e4);
        }
    }

    public static UserIdentityToken createAnonymousIdentityToken(EndpointDescription endpointDescription) throws ServiceResultException {
        UserTokenPolicy findUserTokenPolicy = endpointDescription.findUserTokenPolicy(UserTokenType.Anonymous);
        if (findUserTokenPolicy == null) {
            throw new ServiceResultException(StatusCodes.Bad_IdentityTokenRejected, "Anonymous UserTokenType is not supported");
        }
        return new AnonymousIdentityToken(findUserTokenPolicy.getPolicyId());
    }

    public static X509IdentityToken createX509IdentityToken(EndpointDescription endpointDescription, byte[] bArr, Cert cert, PrivateKey privateKey, SignatureData signatureData) throws ServiceResultException {
        if (signatureData == null) {
            throw new NullPointerException("signatureData must be defined (will be filled in)");
        }
        UserTokenPolicy findUserTokenPolicy = endpointDescription.findUserTokenPolicy(UserTokenType.Certificate);
        if (findUserTokenPolicy == null) {
            throw new ServiceResultException(StatusCodes.Bad_IdentityTokenRejected, "Certificate UserTokenType is not supported");
        }
        X509IdentityToken x509IdentityToken = new X509IdentityToken(findUserTokenPolicy.getPolicyId(), ByteString.valueOf(cert.getEncoded()));
        String securityPolicyUri = findUserTokenPolicy.getSecurityPolicyUri();
        if (securityPolicyUri == null) {
            securityPolicyUri = endpointDescription.getSecurityPolicyUri();
        }
        SecurityPolicy securityPolicy = SecurityPolicy.getSecurityPolicy(securityPolicyUri);
        Cert cert2 = new Cert(ByteString.asByteArray(endpointDescription.getServerCertificate()));
        if (securityPolicy != null && cert2 != null) {
            try {
                Signature signature = Signature.getInstance(securityPolicy.getAsymmetricSignatureAlgorithm().getTransformation());
                signature.initSign(privateKey);
                signature.update(cert2.getEncoded());
                signature.update(bArr);
                signatureData.setSignature(ByteString.valueOf(signature.sign()));
                signatureData.setAlgorithm(securityPolicy.getAsymmetricSignatureAlgorithm().getUri());
            } catch (InvalidKeyException e) {
                throw new ServiceResultException(StatusCodes.Bad_CertificateInvalid, "Server certificate in endpoint is invalid: " + e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Signature generation failed: " + e2.getMessage());
            } catch (SignatureException e3) {
                throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Signature generation failed: " + e3.getMessage());
            }
        }
        return x509IdentityToken;
    }

    private static byte[] toArray(int i) {
        return new byte[]{(byte) i, (byte) (i >> 8), (byte) (i >> 16), (byte) (i >> 24)};
    }

    public static boolean urlEqualsHostIgnoreCase(URI uri, URI uri2) {
        return uri.getScheme().equalsIgnoreCase(uri2.getScheme()) && uri.getPort() == uri2.getPort() && uri.getPath().equalsIgnoreCase(uri2.getPath());
    }

    public static boolean urlEqualsHostIgnoreCase(String str, String str2) {
        try {
            return urlEqualsHostIgnoreCase(new URI(str), new URI(str2));
        } catch (URISyntaxException e) {
            return false;
        }
    }

    public static boolean containsSecureUserTokenPolicy(UserTokenPolicy[] userTokenPolicyArr) {
        if (userTokenPolicyArr == null) {
            return false;
        }
        for (UserTokenPolicy userTokenPolicy : userTokenPolicyArr) {
            if (userTokenPolicy.getSecurityPolicyUri() != null && !userTokenPolicy.getSecurityPolicyUri().equals(SecurityPolicy.NONE)) {
                return true;
            }
        }
        return false;
    }
}
