package com.prosysopc.ua.stack.transport.security;

import com.prosysopc.ua.stack.common.RuntimeServiceResultException;
import com.prosysopc.ua.stack.common.ServiceResultException;
import com.prosysopc.ua.stack.core.StatusCodes;
import com.prosysopc.ua.stack.utils.CertificateUtils;
import com.prosysopc.ua.stack.utils.CryptoUtil;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/transport/security/JceCryptoProvider.class */
public class JceCryptoProvider implements CryptoProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JceCryptoProvider.class);
    protected final Provider provider;

    public JceCryptoProvider(Provider provider) {
        if (provider == null) {
            throw new IllegalArgumentException("Given provider cannot be null");
        }
        this.provider = provider;
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public byte[] base64Decode(String str) {
        return CertificateUtils.base64Decode(str);
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public String base64Encode(byte[] bArr) {
        return CertificateUtils.base64Encode(bArr);
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public Mac createMac(SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, securityAlgorithm.getStandardName());
        try {
            Mac mac = Mac.getInstance(securityAlgorithm.getStandardName(), this.provider);
            mac.init(secretKeySpec);
            return mac;
        } catch (InvalidKeyException e) {
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, e);
        } catch (GeneralSecurityException e2) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public int decryptAsymm(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        int bitLength = ((RSAPrivateKey) privateKey).getModulus().bitLength() / 8;
        try {
            Cipher a = a(securityAlgorithm, privateKey);
            if (bArr.length % bitLength != 0) {
                logger.error("decrypt: Wrong blockSize!!!");
                throw new ServiceResultException(StatusCodes.Bad_InternalError, "Error in asymmetric decrypt: Input data is not an even number of encryption blocks.");
            }
            try {
                logger.info("JceCipherDecrypt={}", a);
                int length = i + bArr.length;
                int i2 = 0;
                int i3 = 0;
                for (int i4 = i; i4 < length; i4 += bitLength) {
                    int doFinal = a.doFinal(bArr, i3, bitLength, bArr2, i);
                    i3 += bitLength;
                    i += doFinal;
                    i2 += doFinal;
                }
                return i2;
            } catch (GeneralSecurityException e) {
                logger.error("decrypt: error", (Throwable) e);
                throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
            }
        } catch (InvalidKeyException e2) {
            logger.info("decrypt: The provided RSA key is invalid", (Throwable) e2);
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, e2);
        } catch (GeneralSecurityException e3) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e3);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public int decryptSymm(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, byte[] bArr4, int i3) throws ServiceResultException {
        SecurityAlgorithm symmetricEncryptionAlgorithm = securityPolicy.getSymmetricEncryptionAlgorithm();
        if (logger.isTraceEnabled()) {
            logger.trace("decrypt: token.getRemoteEncryptingKey()=" + CryptoUtil.toHex(bArr));
            logger.trace("decrypt: token.getRemoteInitializationVector()=" + CryptoUtil.toHex(bArr2));
            logger.trace("decrypt: dataToDecrypt=" + CryptoUtil.toHex(bArr3));
            logger.trace("decrypt: algorithm=" + symmetricEncryptionAlgorithm);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, symmetricEncryptionAlgorithm.getStandardName());
        try {
            Cipher cipher = Cipher.getInstance(symmetricEncryptionAlgorithm.getTransformation());
            cipher.init(2, secretKeySpec, new IvParameterSpec(bArr2));
            int update = cipher.update(bArr3, i, i2, bArr4, i3);
            int doFinal = update + cipher.doFinal(bArr4, i3 + update);
            if (logger.isTraceEnabled()) {
                logger.trace("decrypt: output=" + CryptoUtil.toHex(bArr4));
            }
            return doFinal;
        } catch (IllegalStateException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        } catch (InvalidKeyException e2) {
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, e2);
        } catch (GeneralSecurityException e3) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e3);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public void encryptAsymm(PublicKey publicKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        int plainTextBlockSize = CryptoUtil.getPlainTextBlockSize(securityAlgorithm, publicKey);
        try {
            Cipher a = a(securityAlgorithm, publicKey);
            int length = i + bArr.length;
            int i2 = 0;
            for (int i3 = i; i3 < length; i3 += plainTextBlockSize) {
                int doFinal = a.doFinal(bArr, i2, Math.min(length - i3, plainTextBlockSize), bArr2, i);
                i2 += plainTextBlockSize;
                i += doFinal;
                logger.debug("Asym encryption: amountOfEncryptedBytes={} inputOffset={} outputOffset={} index={}", Integer.valueOf(doFinal), Integer.valueOf(i2), Integer.valueOf(i), Integer.valueOf(i3));
            }
        } catch (GeneralSecurityException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public int encryptSymm(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, byte[] bArr4, int i3) throws ServiceResultException {
        SecurityAlgorithm symmetricEncryptionAlgorithm = securityPolicy.getSymmetricEncryptionAlgorithm();
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, symmetricEncryptionAlgorithm.getStandardName());
        try {
            Cipher cipher = Cipher.getInstance(symmetricEncryptionAlgorithm.getTransformation());
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
            int update = cipher.update(bArr3, i, i2, bArr4, i3);
            return update + cipher.doFinal(bArr4, i3 + update);
        } catch (InvalidKeyException e) {
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, e);
        } catch (GeneralSecurityException e2) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public String getSecurityProviderName(Class<?> cls) {
        return this.provider.getName();
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public byte[] signAsymm(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return null;
        }
        if (bArr == null || privateKey == null) {
            throw new IllegalArgumentException("null arg");
        }
        try {
            Signature a = a(securityAlgorithm);
            logger.debug("signer.getProvider(): {}", a.getProvider());
            a.initSign(privateKey);
            a.update(bArr);
            return a.sign();
        } catch (GeneralSecurityException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public void signSymm(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3, int i3) throws ServiceResultException {
        Mac createMac = createMac(securityPolicy.getSymmetricSignatureAlgorithm(), bArr);
        createMac.update(bArr2, i, i2);
        try {
            createMac.doFinal(bArr3, i3);
        } catch (GeneralSecurityException e) {
            throw new RuntimeServiceResultException(new ServiceResultException(StatusCodes.Bad_InternalError, e));
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public boolean verifyAsymm(PublicKey publicKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return true;
        }
        if (publicKey == null || bArr == null || bArr2 == null) {
            throw new IllegalArgumentException("null arg");
        }
        try {
            Signature a = a(securityAlgorithm);
            a.initVerify(publicKey);
            a.update(bArr);
            if (a.verify(bArr2)) {
                logger.debug("Asym Signature Verify : OK");
                return true;
            }
            logger.error("Asymmetric Signature Verification fails");
            return false;
        } catch (GeneralSecurityException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.CryptoProvider
    public void verifySymm(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws ServiceResultException {
        Mac createMac = createMac(securityPolicy.getSymmetricSignatureAlgorithm(), bArr);
        createMac.update(bArr2, i, i2);
        byte[] bArr4 = new byte[createMac.getMacLength()];
        try {
            createMac.doFinal(bArr4, 0);
            if (bArr3.length != bArr4.length) {
                logger.warn("Signature lengths do not match: \n{} vs. \n{}", CryptoUtil.toHex(bArr3), CryptoUtil.toHex(bArr4));
                throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Invalid signature");
            }
            for (int i3 = 0; i3 < bArr3.length; i3++) {
                if (bArr3[i3] != bArr4[i3]) {
                    logger.warn("Signatures do not match: \n{} vs. \n{}", CryptoUtil.toHex(bArr3), CryptoUtil.toHex(bArr4));
                    throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Invalid signature");
                }
            }
        } catch (IllegalStateException e) {
            logger.error("verifySymm", (Throwable) e);
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Invalid signature");
        } catch (ShortBufferException e2) {
            logger.error("verifySymm", (Throwable) e2);
            throw new ServiceResultException(StatusCodes.Bad_SecurityChecksFailed, "Invalid signature");
        }
    }

    private Cipher a(SecurityAlgorithm securityAlgorithm, PrivateKey privateKey) throws NoSuchProviderException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance(securityAlgorithm.getTransformation(), this.provider);
        } catch (NoSuchAlgorithmException e) {
            cipher = Cipher.getInstance(securityAlgorithm.getStandardName(), this.provider);
        }
        cipher.init(2, privateKey);
        logger.debug("decrypt: cipher.provider={}", cipher.getProvider());
        return cipher;
    }

    private Cipher a(SecurityAlgorithm securityAlgorithm, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, InvalidAlgorithmParameterException {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance(securityAlgorithm.getTransformation(), this.provider);
        } catch (NoSuchAlgorithmException e) {
            cipher = Cipher.getInstance(securityAlgorithm.getStandardName(), this.provider);
        }
        cipher.init(1, publicKey);
        logger.trace("encrypt: cipher.provider={}", cipher.getProvider());
        return cipher;
    }

    private Signature a(SecurityAlgorithm securityAlgorithm) throws NoSuchAlgorithmException {
        try {
            return Signature.getInstance(securityAlgorithm.getStandardName(), this.provider);
        } catch (NoSuchAlgorithmException e) {
            return Signature.getInstance(securityAlgorithm.getStandardName());
        }
    }
}
