package org.apache.plc4x.java.opcua.context;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.plc4x.java.opcua.protocol.chunk.Chunk;
import org.apache.plc4x.java.opcua.security.SecurityPolicy;
import org.apache.plc4x.java.opcua.security.SymmetricKeys;
import org.apache.plc4x.java.spi.generation.WithWriterArgs;
import org.apache.plc4x.java.spi.generation.WriteBufferByteBased;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/SymmetricEncryptionHandler.class */
public class SymmetricEncryptionHandler extends BaseEncryptionHandler {
    private SymmetricKeys keys;
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !SymmetricEncryptionHandler.class.desiredAssertionStatus();
    }

    public SymmetricEncryptionHandler(Conversation conversation, SecurityPolicy securityPolicy) {
        super(conversation, securityPolicy);
        this.keys = null;
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected void verify(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception {
        int signatureSize = i - chunk.getSignatureSize();
        byte[] bytes = writeBufferByteBased.getBytes(0, signatureSize);
        byte[] bytes2 = writeBufferByteBased.getBytes(signatureSize, signatureSize + chunk.getSignatureSize());
        SymmetricKeys symmetricKeys = getSymmetricKeys(this.conversation.getLocalNonce(), this.conversation.getRemoteNonce());
        SecurityPolicy.MacSignatureAlgorithm symmetricSignatureAlgorithm = this.securityPolicy.getSymmetricSignatureAlgorithm();
        Mac signature = symmetricSignatureAlgorithm.getSignature();
        signature.init(new SecretKeySpec(symmetricKeys.getServerKeys().getSignatureKey(), symmetricSignatureAlgorithm.getName()));
        signature.update(bytes);
        if (!MessageDigest.isEqual(bytes2, signature.doFinal())) {
            throw new IllegalArgumentException("Invalid signature");
        }
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected int decrypt(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception {
        int securityHeaderSize = 12 + chunk.getSecurityHeaderSize();
        int i2 = i - securityHeaderSize;
        int cipherTextBlockSize = i2 / chunk.getCipherTextBlockSize();
        if (!$assertionsDisabled && i2 % chunk.getCipherTextBlockSize() != 0) {
            throw new AssertionError();
        }
        byte[] bytes = writeBufferByteBased.getBytes(securityHeaderSize, securityHeaderSize + i2);
        byte[] bArr = new byte[chunk.getCipherTextBlockSize() * cipherTextBlockSize];
        int doFinal = getCipher(getSymmetricKeys(this.conversation.getLocalNonce(), this.conversation.getRemoteNonce()).getServerKeys(), this.securityPolicy.getSymmetricEncryptionAlgorithm(), 2).doFinal(bytes, 0, bytes.length, bArr, 0);
        writeBufferByteBased.setPos(securityHeaderSize);
        writeBufferByteBased.writeByteArray("payload", bArr, new WithWriterArgs[0]);
        return doFinal;
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected void encrypt(WriteBufferByteBased writeBufferByteBased, int i, int i2, int i3, int i4) throws Exception {
        SymmetricKeys symmetricKeys = getSymmetricKeys(this.conversation.getLocalNonce(), this.conversation.getRemoteNonce());
        int i5 = 12 + i;
        byte[] bytes = writeBufferByteBased.getBytes(i5, i5 + (i2 * i4));
        byte[] bArr = new byte[i3 * i4];
        getCipher(symmetricKeys.getClientKeys(), this.securityPolicy.getSymmetricEncryptionAlgorithm(), 1).doFinal(bytes, 0, bytes.length, bArr, 0);
        writeBufferByteBased.setPos(i5);
        writeBufferByteBased.writeByteArray("encrypted", bArr, new WithWriterArgs[0]);
    }

    @Override // org.apache.plc4x.java.opcua.context.BaseEncryptionHandler
    protected byte[] sign(byte[] bArr) throws GeneralSecurityException {
        SymmetricKeys symmetricKeys = getSymmetricKeys(this.conversation.getLocalNonce(), this.conversation.getRemoteNonce());
        SecurityPolicy.MacSignatureAlgorithm symmetricSignatureAlgorithm = this.securityPolicy.getSymmetricSignatureAlgorithm();
        Mac signature = symmetricSignatureAlgorithm.getSignature();
        signature.init(new SecretKeySpec(symmetricKeys.getClientKeys().getSignatureKey(), symmetricSignatureAlgorithm.getName()));
        signature.update(bArr);
        return signature.doFinal();
    }

    private SymmetricKeys getSymmetricKeys(byte[] bArr, byte[] bArr2) {
        if (this.keys == null) {
            this.keys = SymmetricKeys.generateKeyPair(bArr, bArr2, this.securityPolicy);
        }
        return this.keys;
    }

    private static Cipher getCipher(SymmetricKeys.Keys keys, SecurityPolicy.EncryptionAlgorithm encryptionAlgorithm, int i) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        Cipher cipher = encryptionAlgorithm.getCipher();
        cipher.init(i, new SecretKeySpec(keys.getEncryptionKey(), "AES"), new IvParameterSpec(keys.getInitializationVector()));
        return cipher;
    }
}
