package com.prosysopc.ua.stack.transport.security;

import com.prosysopc.ua.stack.core.K;
import com.prosysopc.ua.stack.utils.C;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.pkcs.RSAPrivateKey;
import org.spongycastle.crypto.AsymmetricBlockCipher;
import org.spongycastle.crypto.BufferedBlockCipher;
import org.spongycastle.crypto.CipherParameters;
import org.spongycastle.crypto.CryptoException;
import org.spongycastle.crypto.DataLengthException;
import org.spongycastle.crypto.InvalidCipherTextException;
import org.spongycastle.crypto.Signer;
import org.spongycastle.crypto.digests.SHA1Digest;
import org.spongycastle.crypto.digests.SHA256Digest;
import org.spongycastle.crypto.encodings.OAEPEncoding;
import org.spongycastle.crypto.encodings.PKCS1Encoding;
import org.spongycastle.crypto.engines.AESEngine;
import org.spongycastle.crypto.engines.RSAEngine;
import org.spongycastle.crypto.engines.RijndaelEngine;
import org.spongycastle.crypto.macs.HMac;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.crypto.params.KeyParameter;
import org.spongycastle.crypto.params.ParametersWithIV;
import org.spongycastle.crypto.params.RSAKeyParameters;
import org.spongycastle.crypto.params.RSAPrivateCrtKeyParameters;
import org.spongycastle.crypto.signers.PSSSigner;
import org.spongycastle.crypto.signers.RSADigestSigner;
import org.spongycastle.util.encoders.Base64;

/* loaded from: input_file:com/prosysopc/ua/stack/transport/security/r.class */
public class r implements m {
    static Logger logger = LoggerFactory.getLogger((Class<?>) r.class);

    public r() {
        com.prosysopc.ua.stack.utils.i.v("SC", "org.spongycastle.jce.provider.BouncyCastleProvider");
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public byte[] gx(String str) {
        return Base64.decode(C.gI(str));
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public String i(byte[] bArr) {
        try {
            return new String(Base64.encode(bArr), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public Mac a(SecurityAlgorithm securityAlgorithm, byte[] bArr) throws com.prosysopc.ua.stack.c.h {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, securityAlgorithm.getStandardName());
        try {
            Mac mac = Mac.getInstance(securityAlgorithm.getStandardName());
            mac.init(secretKeySpec);
            return mac;
        } catch (InvalidKeyException e) {
            throw new com.prosysopc.ua.stack.c.h(K.fng, e);
        } catch (GeneralSecurityException e2) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public int a(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2, int i) throws com.prosysopc.ua.stack.c.h {
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        AsymmetricBlockCipher a = a(securityAlgorithm, new RSAPrivateKey(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient()));
        try {
            int i2 = 0;
            int inputBlockSize = a.getInputBlockSize();
            logger.debug("Decrypt: inputBlockSize={}, outputBlockSize={}, dataToDecrypt.length={}", Integer.valueOf(inputBlockSize), Integer.valueOf(a.getOutputBlockSize()), Integer.valueOf(bArr.length));
            for (int i3 = 0; i3 < bArr.length; i3 += inputBlockSize) {
                byte[] processBlock = a.processBlock(bArr, i3, Math.min(bArr.length - i3, inputBlockSize));
                System.arraycopy(processBlock, 0, bArr2, i + i2, processBlock.length);
                i2 += processBlock.length;
            }
            return i2;
        } catch (CryptoException e) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, (Throwable) e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public int a(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, byte[] bArr4, int i3) throws com.prosysopc.ua.stack.c.h {
        BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(new CBCBlockCipher(new AESEngine()));
        bufferedBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), bArr2));
        int processBytes = bufferedBlockCipher.processBytes(bArr3, i, i2, bArr4, i3);
        try {
            return processBytes + bufferedBlockCipher.doFinal(bArr4, i3 + processBytes);
        } catch (DataLengthException e) {
            logger.error("Input data is not an even number of encryption blocks.");
            throw new com.prosysopc.ua.stack.c.h(K.flI, "Error in symmetric decrypt: Input data is not an even number of encryption blocks.");
        } catch (CryptoException e2) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, (Throwable) e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public void a(PublicKey publicKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2, int i) throws com.prosysopc.ua.stack.c.h {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            AsymmetricBlockCipher a = a(securityAlgorithm, new org.spongycastle.asn1.pkcs.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            int i2 = 0;
            int inputBlockSize = a.getInputBlockSize();
            logger.debug("Encrypt: inputBlockSize={}, outputBlockSize={}, dataToEncrypt.length={}", Integer.valueOf(inputBlockSize), Integer.valueOf(a.getOutputBlockSize()), Integer.valueOf(bArr.length));
            for (int i3 = 0; i3 < bArr.length; i3 += inputBlockSize) {
                byte[] processBlock = a.processBlock(bArr, i3, Math.min(bArr.length - i3, inputBlockSize));
                System.arraycopy(processBlock, 0, bArr2, i + i2, processBlock.length);
                i2 += processBlock.length;
            }
        } catch (InvalidCipherTextException e) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, (Throwable) e);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public int b(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, byte[] bArr4, int i3) throws com.prosysopc.ua.stack.c.h {
        BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(new CBCBlockCipher(new RijndaelEngine()));
        bufferedBlockCipher.init(true, new ParametersWithIV(new KeyParameter(bArr), bArr2));
        int processBytes = bufferedBlockCipher.processBytes(bArr3, i, i2, bArr4, i3);
        try {
            return processBytes + bufferedBlockCipher.doFinal(bArr4, i3 + processBytes);
        } catch (DataLengthException e) {
            logger.error("Input data is not an even number of encryption blocks.");
            throw new com.prosysopc.ua.stack.c.h(K.flI, "Error in symmetric decrypt: Input data is not an even number of encryption blocks.");
        } catch (CryptoException e2) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, (Throwable) e2);
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public String t(Class<?> cls) {
        return "SC";
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public byte[] a(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws com.prosysopc.ua.stack.c.h {
        RSAPrivateKey rSAPrivateKey;
        if (securityAlgorithm == null) {
            return null;
        }
        if (bArr == null || privateKey == null) {
            throw new IllegalArgumentException("null arg");
        }
        if (privateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
            rSAPrivateKey = new RSAPrivateKey(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient());
        } else {
            if (!(privateKey instanceof RSAPrivateKey)) {
                throw new IllegalArgumentException("Private Key is not RSAPrivateKey: " + privateKey.getClass().getName());
            }
            rSAPrivateKey = (RSAPrivateKey) privateKey;
        }
        Signer a = a(true, securityAlgorithm, rSAPrivateKey);
        a.update(bArr, 0, bArr.length);
        try {
            return a.generateSignature();
        } catch (CryptoException e) {
            throw new com.prosysopc.ua.stack.c.h(K.flI, (Throwable) e);
        } catch (DataLengthException e2) {
            logger.error("Input data is not an even number of encryption blocks.");
            throw new com.prosysopc.ua.stack.c.h(K.flI, "Error in symmetric decrypt: Input data is not an even number of encryption blocks.");
        }
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public void a(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3, int i3) throws com.prosysopc.ua.stack.c.h {
        HMac a = a(securityPolicy.getSymmetricSignatureAlgorithm(), new KeyParameter(bArr));
        a.update(bArr2, i, i2);
        a.doFinal(bArr3, i3);
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public boolean a(PublicKey publicKey, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2) throws com.prosysopc.ua.stack.c.h {
        if (securityAlgorithm == null) {
            return true;
        }
        if (publicKey == null || bArr == null || bArr2 == null) {
            throw new IllegalArgumentException("null arg");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        Signer a = a(false, securityAlgorithm, new org.spongycastle.asn1.pkcs.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        a.update(bArr, 0, bArr.length);
        return a.verifySignature(bArr2);
    }

    @Override // com.prosysopc.ua.stack.transport.security.m
    public void a(SecurityPolicy securityPolicy, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws com.prosysopc.ua.stack.c.h {
        HMac a = a(securityPolicy.getSymmetricSignatureAlgorithm(), new KeyParameter(bArr));
        byte[] bArr4 = new byte[a.getMacSize()];
        a.update(bArr2, i, i2);
        a.doFinal(bArr4, 0);
        if (bArr3.length != bArr4.length) {
            logger.warn("Signature lengths do not match: \n" + com.prosysopc.ua.stack.utils.i.s(bArr3) + " vs. \n" + com.prosysopc.ua.stack.utils.i.s(bArr4));
            throw new com.prosysopc.ua.stack.c.h(K.fng, "Invalid signature: lengths do not match");
        }
        for (int i3 = 0; i3 < bArr3.length; i3++) {
            if (bArr3[i3] != bArr4[i3]) {
                logger.warn("Signatures do not match: \n" + com.prosysopc.ua.stack.utils.i.s(bArr3) + " vs. \n" + com.prosysopc.ua.stack.utils.i.s(bArr4));
                throw new com.prosysopc.ua.stack.c.h(K.fng, "Invalid signature: signatures do not match");
            }
        }
    }

    private HMac a(SecurityAlgorithm securityAlgorithm, KeyParameter keyParameter) throws com.prosysopc.ua.stack.c.h {
        HMac hMac;
        if (securityAlgorithm.equals(SecurityAlgorithm.HmacSha1)) {
            hMac = new HMac(new SHA1Digest());
        } else {
            if (!securityAlgorithm.equals(SecurityAlgorithm.HmacSha256)) {
                throw new com.prosysopc.ua.stack.c.h(K.fnj, "Unsupported symmetric signature algorithm: " + securityAlgorithm);
            }
            hMac = new HMac(new SHA256Digest());
        }
        hMac.init(keyParameter);
        return hMac;
    }

    private AsymmetricBlockCipher a(boolean z, SecurityAlgorithm securityAlgorithm, CipherParameters cipherParameters) throws com.prosysopc.ua.stack.c.h {
        PKCS1Encoding oAEPEncoding;
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15)) {
            oAEPEncoding = new PKCS1Encoding(new RSAEngine());
        } else if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
            oAEPEncoding = new OAEPEncoding(new RSAEngine(), new SHA1Digest());
        } else {
            if (!securityAlgorithm.equals(SecurityAlgorithm.RsaOaep256)) {
                throw new com.prosysopc.ua.stack.c.h(K.fnj, "Unsupported asymmetric encryption algorithm: " + securityAlgorithm);
            }
            oAEPEncoding = new OAEPEncoding(new RSAEngine(), new SHA256Digest());
        }
        oAEPEncoding.init(z, cipherParameters);
        return oAEPEncoding;
    }

    private AsymmetricBlockCipher a(SecurityAlgorithm securityAlgorithm, RSAPrivateKey rSAPrivateKey) throws com.prosysopc.ua.stack.c.h {
        return a(false, securityAlgorithm, (CipherParameters) new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient()));
    }

    private AsymmetricBlockCipher a(SecurityAlgorithm securityAlgorithm, org.spongycastle.asn1.pkcs.RSAPublicKey rSAPublicKey) throws com.prosysopc.ua.stack.c.h {
        return a(true, securityAlgorithm, (CipherParameters) new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
    }

    private Signer b(boolean z, SecurityAlgorithm securityAlgorithm, CipherParameters cipherParameters) throws com.prosysopc.ua.stack.c.h {
        RSADigestSigner pSSSigner;
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha1)) {
            pSSSigner = new RSADigestSigner(new SHA1Digest());
        } else if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha256)) {
            pSSSigner = new RSADigestSigner(new SHA256Digest());
        } else {
            if (!securityAlgorithm.equals(SecurityAlgorithm.RsaPssSha256)) {
                throw new com.prosysopc.ua.stack.c.h(K.fnj, "Unsupported asymmetric signature algorithm: " + securityAlgorithm);
            }
            pSSSigner = new PSSSigner(new RSAEngine(), new SHA256Digest(), 32);
        }
        pSSSigner.init(z, cipherParameters);
        return pSSSigner;
    }

    private Signer a(boolean z, SecurityAlgorithm securityAlgorithm, RSAPrivateKey rSAPrivateKey) throws com.prosysopc.ua.stack.c.h {
        return b(z, securityAlgorithm, new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient()));
    }

    private Signer a(boolean z, SecurityAlgorithm securityAlgorithm, org.spongycastle.asn1.pkcs.RSAPublicKey rSAPublicKey) throws com.prosysopc.ua.stack.c.h {
        return b(z, securityAlgorithm, new RSAKeyParameters(false, rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
    }
}
