package org.opcfoundation.ua.transport.tcp.impl;

import java.nio.ByteBuffer;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import org.opcfoundation.ua.common.RuntimeServiceResultException;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.MessageSecurityMode;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.transport.security.SecurityConfiguration;
import org.opcfoundation.ua.transport.security.SecurityPolicy;
import org.opcfoundation.ua.utils.CryptoUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opcfoundation/ua/transport/tcp/impl/ChunkAsymmEncryptSigner.class */
public class ChunkAsymmEncryptSigner implements Runnable {
    static Logger logger = LoggerFactory.getLogger(ChunkAsymmEncryptSigner.class);
    ByteBuffer chunk;
    ByteBuffer plaintext;
    SecurityConfiguration profile;
    private int signatureSize;

    public ChunkAsymmEncryptSigner(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, SecurityConfiguration securityConfiguration) {
        this.chunk = byteBuffer;
        this.plaintext = byteBuffer2;
        this.profile = securityConfiguration;
    }

    @Override // java.lang.Runnable
    public void run() throws RuntimeServiceResultException {
        try {
            int limit = this.plaintext.limit();
            MessageSecurityMode messageSecurityMode = this.profile.getMessageSecurityMode();
            if (messageSecurityMode == MessageSecurityMode.Sign) {
                messageSecurityMode = MessageSecurityMode.SignAndEncrypt;
            }
            this.signatureSize = messageSecurityMode.hasSigning() ? CryptoUtil.getSignatureSize(this.profile.getSecurityPolicy().getAsymmetricSignatureAlgorithm(), this.profile.getLocalPrivateKey()) : 0;
            logger.debug("SecurityMode in asymm enc: {}", Integer.valueOf(messageSecurityMode.getValue()));
            int i = 0;
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                int keySize = this.profile.getRemoteCertificate2().getKeySize();
                logger.trace("keySize={}", Integer.valueOf(keySize));
                i = getPaddingSize(keySize);
                logger.trace("padding={}", Integer.valueOf(i));
            }
            if (messageSecurityMode == MessageSecurityMode.Sign || messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                byte[] bArr = new byte[this.plaintext.arrayOffset() + limit + i];
                this.chunk.rewind();
                this.chunk.get(bArr, 0, bArr.length);
                this.chunk.put(sign(bArr, this.profile.getLocalPrivateKey()));
            }
            if (logger.isTraceEnabled()) {
                logger.trace("getPaddingSize: chunk={}", CryptoUtil.toHex(this.chunk.array(), 64));
            }
            if (messageSecurityMode == MessageSecurityMode.SignAndEncrypt) {
                byte[] bArr2 = new byte[8 + limit + i + this.signatureSize];
                this.chunk.position(this.plaintext.arrayOffset() - 8);
                this.chunk.get(bArr2, 0, bArr2.length);
                encrypt(bArr2, this.profile.getRemoteCertificate().getPublicKey(), this.chunk.array(), this.plaintext.arrayOffset() - 8);
            }
            this.chunk.position(this.plaintext.arrayOffset());
        } catch (ServiceResultException e) {
            throw new RuntimeServiceResultException(e);
        }
    }

    private int getPaddingSize(int i) {
        int limit = this.chunk.limit() - 1;
        if (logger.isTraceEnabled()) {
            logger.trace("getPaddingSize: chunk={}", CryptoUtil.toHex(this.chunk.array(), 64));
            logger.trace("getPaddingSize: plaintext={}", CryptoUtil.toHex(this.plaintext.array(), 64));
            logger.trace("getPaddingSize: plaintext.arrayOffset()={}", Integer.valueOf(this.plaintext.arrayOffset()));
            logger.trace("getPaddingSize: plaintext.limit()={}", Integer.valueOf(this.plaintext.limit()));
            logger.trace("getPaddingSize: lastPaddingBytePosition={}", Integer.valueOf(limit));
        }
        if (i <= 2048) {
            return (this.chunk.get(limit) & 255 & 255) + 1;
        }
        int i2 = this.chunk.get(limit) & 255;
        int i3 = this.chunk.get(limit - 1) & 255;
        logger.trace("getPaddingSize: paddingByte={}", Integer.valueOf(i3));
        logger.trace("getPaddingSize: extraPaddingByte={}", Integer.valueOf(i2));
        logger.trace("getPaddingSize: padding={}", Integer.valueOf(i3 | (i2 << 8)));
        return ((i3 & 255) | ((i2 & 255) << 8)) + 2;
    }

    private void encrypt(byte[] bArr, PublicKey publicKey, byte[] bArr2, int i) throws ServiceResultException {
        SecurityPolicy securityPolicy = this.profile.getSecurityPolicy();
        logger.debug("rsa_Encrypt: policy={}", securityPolicy);
        int plainTextBlockSize = CryptoUtil.getPlainTextBlockSize(securityPolicy.getAsymmetricEncryptionAlgorithm(), this.profile.getRemoteCertificate().getPublicKey());
        logger.debug("encrypt: inputBlockSize={}", Integer.valueOf(plainTextBlockSize));
        if (bArr.length % plainTextBlockSize != 0) {
            logger.error("Wrong block size in asym encryption: length={} inputBlockSize={}", Integer.valueOf(bArr.length), Integer.valueOf(plainTextBlockSize));
            throw new ServiceResultException(StatusCodes.Bad_InternalError, "Error in asymmetric encrypt: Input data is not an even number of encryption blocks.");
        }
        CryptoUtil.getCryptoProvider().encryptAsymm(publicKey, this.profile.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
        if (logger.isTraceEnabled()) {
            logger.trace("encrypt: dataToEncrypt={}", CryptoUtil.toHex(bArr, 64));
            logger.trace("encrypt: output={}", CryptoUtil.toHex(bArr2, 64));
        }
    }

    private byte[] sign(byte[] bArr, RSAPrivateKey rSAPrivateKey) throws ServiceResultException {
        if (this.profile.getSecurityPolicy() == SecurityPolicy.NONE) {
            return null;
        }
        byte[] signAsymm = CryptoUtil.getCryptoProvider().signAsymm(rSAPrivateKey, this.profile.getSecurityPolicy().getAsymmetricSignatureAlgorithm(), bArr);
        if (logger.isTraceEnabled()) {
            logger.trace("sign: dataToSign={}", CryptoUtil.toHex(bArr, 64));
            logger.trace("sign: signature={}", CryptoUtil.toHex(signAsymm, 64));
        }
        return signAsymm;
    }
}
