package com.prosysopc.ua.stack.utils;

import ch.qos.logback.core.net.ssl.SSL;
import com.prosysopc.ua.stack.builtintypes.ByteString;
import com.prosysopc.ua.stack.common.ServiceResultException;
import com.prosysopc.ua.stack.core.SignatureData;
import com.prosysopc.ua.stack.core.StatusCodes;
import com.prosysopc.ua.stack.transport.security.CryptoProvider;
import com.prosysopc.ua.stack.transport.security.SecurityAlgorithm;
import com.prosysopc.ua.stack.transport.security.SecurityConfiguration;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import org.apache.sshd.common.util.buffer.BufferUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/utils/CryptoUtil.class */
public class CryptoUtil {
    static Logger mY = LoggerFactory.getLogger(CryptoUtil.class);
    private static final SecureRandom random;
    private static final char[] mZ;
    private static final String mU = "com.prosysopc.ua.stack.transport.security.ScCryptoProvider";
    private static final String mV = "com.prosysopc.ua.stack.transport.security.BcCryptoProvider";
    private static final String mW = "com.prosysopc.ua.stack.transport.security.BcFipsCryptoProvider";
    private static volatile CryptoProvider na;
    private static volatile String nb;

    @Deprecated
    public static byte[] asymmEncrypt(byte[] bArr, Key key, SecurityAlgorithm securityAlgorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ServiceResultException, NoSuchAlgorithmException, NoSuchPaddingException {
        return encryptAsymm(bArr, (PublicKey) key, securityAlgorithm);
    }

    public static byte[] base64Decode(String str) {
        return getCryptoProvider().base64Decode(str);
    }

    public static String base64Encode(byte[] bArr) {
        return getCryptoProvider().base64Encode(bArr);
    }

    public static Mac createMac(SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        return getCryptoProvider().createMac(securityAlgorithm, bArr);
    }

    public static ByteString createNonce(int i) {
        mY.debug("createNonce: bytes={}", Integer.valueOf(i));
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        return ByteString.valueOf(bArr);
    }

    @Deprecated
    public static ByteString createNonce(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        return createNonce(getNonceLength(securityAlgorithm));
    }

    public static void decryptAsymm(PrivateKey privateKey, SecurityConfiguration securityConfiguration, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        getCryptoProvider().decryptAsymm(privateKey, securityConfiguration.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
    }

    public static byte[] encryptAsymm(byte[] bArr, PublicKey publicKey, SecurityAlgorithm securityAlgorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ServiceResultException, NoSuchAlgorithmException, NoSuchPaddingException {
        byte[] bArr2 = new byte[getCipherBlockSize(securityAlgorithm, publicKey)];
        getCryptoProvider().encryptAsymm(publicKey, securityAlgorithm, bArr, bArr2, 0);
        return bArr2;
    }

    public static void encryptAsymm(Certificate certificate, SecurityConfiguration securityConfiguration, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        mY.info("encryptAsymm called.");
        getCryptoProvider().encryptAsymm(certificate.getPublicKey(), securityConfiguration.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
    }

    public static String[] filterCipherSuiteList(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList(strArr.length);
        Pattern[] patternArr = new Pattern[strArr2.length];
        int length = strArr2.length;
        for (int i = 0; i < length; i++) {
            patternArr[i] = Pattern.compile(strArr2[i]);
        }
        for (String str : strArr) {
            int length2 = patternArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    break;
                }
                if (patternArr[i2].matcher(str).matches()) {
                    arrayList.add(str);
                    break;
                }
                i2++;
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static Cipher getAsymmetricCipher(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm == null) {
            throw new IllegalArgumentException();
        }
        try {
            if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15)) {
                return Cipher.getInstance("RSA");
            }
            if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
                return Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", getSecurityProviderName(Cipher.class));
            }
            throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, "Unsupported asymmetric signature algorithm: " + securityAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        } catch (NoSuchProviderException e2) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
        } catch (NoSuchPaddingException e3) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e3);
        }
    }

    public static int getAsymmInputBlockSize(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15)) {
            return 117;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
            return 86;
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, "Unsupported asymmetric signature algorithm: {0}, " + securityAlgorithm);
    }

    public static int getCipherBlockSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 1;
        }
        SecurityAlgorithm.AlgorithmType type = securityAlgorithm.getType();
        if (type.equals(SecurityAlgorithm.AlgorithmType.SymmetricEncryption)) {
            return 16;
        }
        if (type.equals(SecurityAlgorithm.AlgorithmType.AsymmetricSignature)) {
            return securityAlgorithm.getKeySize() / 8;
        }
        if (type.equals(SecurityAlgorithm.AlgorithmType.AsymmetricEncryption)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static String[] getCipherSuiteIntersection(String[] strArr, String[] strArr2, boolean z) {
        ArrayList arrayList = new ArrayList(Math.max(strArr.length, strArr2.length));
        TreeSet treeSet = new TreeSet();
        for (String str : strArr2) {
            treeSet.add(z ? str.substring(3) : str);
        }
        for (String str2 : strArr) {
            if (treeSet.contains(z ? str2.substring(3) : str2)) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static CryptoProvider getCryptoProvider() {
        if (na == null) {
            if ("SC".equals(getSecurityProviderName())) {
                try {
                    na = (CryptoProvider) Class.forName(mU).newInstance();
                } catch (Exception e) {
                    throw new RuntimeException("Cannot init com.prosysopc.ua.stack.transport.security.ScCryptoProvider", e);
                }
            } else if ("BC".equals(getSecurityProviderName())) {
                try {
                    na = (CryptoProvider) Class.forName(mV).newInstance();
                } catch (Exception e2) {
                    throw new RuntimeException("Cannot init com.prosysopc.ua.stack.transport.security.BcCryptoProvider", e2);
                }
            } else {
                if (!"BCFIPS".equals(getSecurityProviderName())) {
                    throw new RuntimeException("NO CRYPTO PROVIDER AVAILABLE!");
                }
                try {
                    na = (CryptoProvider) Class.forName(mW).newInstance();
                } catch (Exception e3) {
                    throw new RuntimeException("Cannot init com.prosysopc.ua.stack.transport.security.BcFipsCryptoProvider", e3);
                }
            }
            mY.info("Using CryptoProvider {}", na.getClass().getCanonicalName());
        }
        return na;
    }

    @Deprecated
    public static int getNonceLength(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 0;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15) || securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
            return 32;
        }
        if (SecurityAlgorithm.AlgorithmType.SymmetricEncryption == securityAlgorithm.getType()) {
            return securityAlgorithm.getKeySize() / 8;
        }
        mY.error("getNonceLength: Unsupported algorithm={}", securityAlgorithm);
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static int getPlainTextBlockSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        int i;
        if (securityAlgorithm == null) {
            return 1;
        }
        switch (securityAlgorithm) {
            case Rsa15:
                i = 11;
                break;
            case RsaOaep:
                i = 42;
                break;
            case RsaOaep256:
                i = 66;
                break;
            default:
                throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
        }
        try {
            return (((RSAPublicKey) key).getModulus().bitLength() / 8) - i;
        } catch (ClassCastException e) {
            mY.error("key is not instance of RSAPublicKey", (Throwable) e);
            throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
        }
    }

    public static SecureRandom getRandom() {
        return random;
    }

    public static String getSecurityProviderName() {
        if (nb == null) {
            if (mY.isDebugEnabled()) {
                mY.debug("Providers={}", Arrays.toString(Security.getProviders()));
            }
            if (System.getProperty("java.vendor").toLowerCase().contains("android")) {
                nb = "SC";
            } else {
                nb = "BC";
            }
        }
        return nb;
    }

    public static String getSecurityProviderName(Class<?> cls) {
        return getCryptoProvider().getSecurityProviderName(cls);
    }

    public static int getSignatureSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 0;
        }
        if (securityAlgorithm.getType().equals(SecurityAlgorithm.AlgorithmType.SymmetricSignature)) {
            return securityAlgorithm.getKeySize() / 8;
        }
        if (key instanceof RSAPublicKey) {
            return ((RSAPublicKey) key).getModulus().bitLength() / 8;
        }
        if (key instanceof RSAPrivateKey) {
            return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha1)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha256)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static byte[] hexToBytes(String str) {
        if (str == null) {
            return null;
        }
        if (str.startsWith("0x")) {
            str = str.substring(2);
        }
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    public static synchronized Provider loadOrInstallProvider(String str, String str2) throws IllegalArgumentException {
        Provider provider = Security.getProvider(str);
        if (provider != null) {
            return provider;
        }
        try {
            Provider provider2 = (Provider) Class.forName(str2).newInstance();
            Security.addProvider(provider2);
            return provider2;
        } catch (Exception e) {
            throw new IllegalArgumentException("Cannot add Security Provider class: " + str2, e);
        }
    }

    public static void setCryptoProvider(CryptoProvider cryptoProvider) {
        na = cryptoProvider;
        nb = cryptoProvider == null ? null : cryptoProvider.getSecurityProviderName(null);
    }

    public static void setSecurityProviderName(String str) {
        if (StringUtils.equals(str, nb)) {
            return;
        }
        nb = str;
        na = null;
    }

    public static SignatureData signAsymm(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        return securityAlgorithm == null ? new SignatureData(null, null) : new SignatureData(securityAlgorithm.getUri(), ByteString.valueOf(getCryptoProvider().signAsymm(privateKey, securityAlgorithm, bArr)));
    }

    public static String toHex(byte[] bArr) {
        return toHex(bArr, (bArr == null || bArr.length <= 64) ? 0 : 64);
    }

    public static String toHex(byte[] bArr, int i) {
        return toHex(bArr, i, true);
    }

    public static String toHex(byte[] bArr, int i, boolean z) {
        if (bArr == null) {
            return "(null)";
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (z) {
            stringBuffer.append("[" + bArr.length + "] ");
        }
        stringBuffer.append("0x");
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (i > 0 && i2 % i == 0) {
                stringBuffer.append(StringUtils.lineSeparator());
            }
            stringBuffer.append(mZ[(bArr[i2] >> 4) & 15]);
            stringBuffer.append(mZ[bArr[i2] & 15]);
        }
        return stringBuffer.toString();
    }

    public static boolean verifyAsymm(X509Certificate x509Certificate, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2) throws ServiceResultException {
        return getCryptoProvider().verifyAsymm(x509Certificate.getPublicKey(), securityAlgorithm, bArr, bArr2);
    }

    static {
        try {
            mY.debug("CryptoUtil init");
            random = SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
            mY.debug("CryptoUtil init: random={}", random);
            random.setSeed(System.currentTimeMillis());
            mZ = BufferUtils.HEX_DIGITS.toCharArray();
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }
}
