package org.eclipse.milo.opcua.sdk.server.identity;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
import org.eclipse.milo.opcua.sdk.server.Session;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.channel.SecureChannel;
import org.eclipse.milo.opcua.stack.core.channel.ServerSecureChannel;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.structured.AnonymousIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.IssuedIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.SignatureData;
import org.eclipse.milo.opcua.stack.core.types.structured.UserIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.UserNameIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.eclipse.milo.opcua.stack.core.types.structured.X509IdentityToken;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.DigestUtil;

/* loaded from: input_file:org/eclipse/milo/opcua/sdk/server/identity/AbstractIdentityValidator.class */
public abstract class AbstractIdentityValidator implements IdentityValidator {
    @Override // org.eclipse.milo.opcua.sdk.server.identity.IdentityValidator
    public Object validateIdentityToken(ServerSecureChannel serverSecureChannel, Session session, UserIdentityToken userIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        if (userIdentityToken instanceof AnonymousIdentityToken) {
            return validateAnonymousToken(serverSecureChannel, session, (AnonymousIdentityToken) userIdentityToken, userTokenPolicy, signatureData);
        }
        if (userIdentityToken instanceof UserNameIdentityToken) {
            return validateUsernameToken(serverSecureChannel, session, (UserNameIdentityToken) userIdentityToken, userTokenPolicy, signatureData);
        }
        if (userIdentityToken instanceof X509IdentityToken) {
            return validateX509Token(serverSecureChannel, session, (X509IdentityToken) userIdentityToken, userTokenPolicy, signatureData);
        }
        if (userIdentityToken instanceof IssuedIdentityToken) {
            return validateIssuedIdentityToken(serverSecureChannel, session, (IssuedIdentityToken) userIdentityToken, userTokenPolicy, signatureData);
        }
        throw new UaException(2149580800L);
    }

    protected Object validateAnonymousToken(ServerSecureChannel serverSecureChannel, Session session, AnonymousIdentityToken anonymousIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        throw new UaException(2149580800L);
    }

    protected Object validateUsernameToken(ServerSecureChannel serverSecureChannel, Session session, UserNameIdentityToken userNameIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        throw new UaException(2149580800L);
    }

    protected Object validateX509Token(ServerSecureChannel serverSecureChannel, Session session, X509IdentityToken x509IdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        throw new UaException(2149580800L);
    }

    protected Object validateIssuedIdentityToken(ServerSecureChannel serverSecureChannel, Session session, IssuedIdentityToken issuedIdentityToken, UserTokenPolicy userTokenPolicy, SignatureData signatureData) throws UaException {
        throw new UaException(2149580800L);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] decryptTokenData(ServerSecureChannel serverSecureChannel, Session session, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws UaException {
        X509Certificate decodeCertificate = CertificateUtil.decodeCertificate(serverSecureChannel.getEndpointDescription().getServerCertificate().bytesOrEmpty());
        int asymmetricCipherTextBlockSize = SecureChannel.getAsymmetricCipherTextBlockSize(decodeCertificate, securityAlgorithm);
        int length = bArr.length / asymmetricCipherTextBlockSize;
        byte[] bArr2 = new byte[asymmetricCipherTextBlockSize * length];
        ByteBuffer wrap = ByteBuffer.wrap(bArr2);
        ByteBuffer wrap2 = ByteBuffer.wrap(bArr);
        try {
            Cipher cipher = getCipher(securityAlgorithm, (KeyPair) session.getServer().getConfig().getCertificateManager().getKeyPair(ByteString.of(DigestUtil.sha1(decodeCertificate.getEncoded()))).orElseThrow(() -> {
                return new UaException(2148728832L);
            }));
            for (int i = 0; i < length; i++) {
                wrap2.limit(wrap2.position() + asymmetricCipherTextBlockSize);
                cipher.doFinal(wrap2, wrap);
            }
            return bArr2;
        } catch (GeneralSecurityException e) {
            throw new UaException(2148728832L, e);
        }
    }

    private Cipher getCipher(SecurityAlgorithm securityAlgorithm, KeyPair keyPair) throws UaException {
        try {
            Cipher cipher = Cipher.getInstance(securityAlgorithm.getTransformation());
            cipher.init(2, keyPair.getPrivate());
            return cipher;
        } catch (GeneralSecurityException e) {
            throw new UaException(2148728832L, e);
        }
    }
}
