package org.opcfoundation.ua.utils;

import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import org.opcfoundation.ua.common.ServiceResultException;
import org.opcfoundation.ua.core.SignatureData;
import org.opcfoundation.ua.core.StatusCodes;
import org.opcfoundation.ua.transport.security.BcCryptoProvider;
import org.opcfoundation.ua.transport.security.CryptoProvider;
import org.opcfoundation.ua.transport.security.ScCryptoProvider;
import org.opcfoundation.ua.transport.security.SecurityAlgorithm;
import org.opcfoundation.ua.transport.security.SecurityConfiguration;
import org.opcfoundation.ua.transport.security.SunJceCryptoProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opcfoundation/ua/utils/CryptoUtil.class */
public class CryptoUtil {
    static Logger LOGGER = LoggerFactory.getLogger(CryptoUtil.class);
    private static final SecureRandom random;
    private static final char[] HEX_CHARS;
    private static CryptoProvider cryptoProvider;
    private static String securityProviderName;

    @Deprecated
    public static byte[] asymmEncrypt(byte[] bArr, Key key, SecurityAlgorithm securityAlgorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ServiceResultException, NoSuchAlgorithmException, NoSuchPaddingException {
        return encryptAsymm(bArr, (PublicKey) key, securityAlgorithm);
    }

    public static byte[] base64Decode(String str) {
        return getCryptoProvider().base64Decode(str);
    }

    public static String base64Encode(byte[] bArr) {
        return getCryptoProvider().base64Encode(bArr);
    }

    public static Mac createMac(SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        return getCryptoProvider().createMac(securityAlgorithm, bArr);
    }

    public static byte[] createNonce(int i) {
        LOGGER.debug("createNonce: bytes={}", Integer.valueOf(i));
        byte[] bArr = new byte[i];
        random.nextBytes(bArr);
        return bArr;
    }

    public static byte[] createNonce(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        return createNonce(getNonceLength(securityAlgorithm));
    }

    public static void decryptAsymm(PrivateKey privateKey, SecurityConfiguration securityConfiguration, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        getCryptoProvider().decryptAsymm(privateKey, securityConfiguration.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
    }

    public static byte[] encryptAsymm(byte[] bArr, PublicKey publicKey, SecurityAlgorithm securityAlgorithm) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, ServiceResultException, NoSuchAlgorithmException, NoSuchPaddingException {
        byte[] bArr2 = new byte[getCipherBlockSize(securityAlgorithm, publicKey)];
        getCryptoProvider().encryptAsymm(publicKey, securityAlgorithm, bArr, bArr2, 0);
        return bArr2;
    }

    public static void encryptAsymm(Certificate certificate, SecurityConfiguration securityConfiguration, byte[] bArr, byte[] bArr2, int i) throws ServiceResultException {
        LOGGER.info("encryptAsymm called.");
        getCryptoProvider().encryptAsymm(certificate.getPublicKey(), securityConfiguration.getSecurityPolicy().getAsymmetricEncryptionAlgorithm(), bArr, bArr2, i);
    }

    public static String[] filterCipherSuiteList(String[] strArr, String[] strArr2) {
        ArrayList arrayList = new ArrayList(strArr.length);
        Pattern[] patternArr = new Pattern[strArr2.length];
        int length = strArr2.length;
        for (int i = 0; i < length; i++) {
            patternArr[i] = Pattern.compile(strArr2[i]);
        }
        for (String str : strArr) {
            int length2 = patternArr.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length2) {
                    break;
                }
                if (patternArr[i2].matcher(str).matches()) {
                    arrayList.add(str);
                    break;
                }
                i2++;
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static Cipher getAsymmetricCipher(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm == null) {
            throw new IllegalArgumentException();
        }
        try {
            if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15)) {
                return Cipher.getInstance("RSA");
            }
            if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
                return Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding", getSecurityProviderName());
            }
            throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, "Unsupported asymmetric signature algorithm: " + securityAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e);
        } catch (NoSuchProviderException e2) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e2);
        } catch (NoSuchPaddingException e3) {
            throw new ServiceResultException(StatusCodes.Bad_InternalError, e3);
        }
    }

    public static int getAsymmInputBlockSize(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15)) {
            return 117;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
            return 86;
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, "Unsupported asymmetric signature algorithm: {0}, " + securityAlgorithm);
    }

    public static int getCipherBlockSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 1;
        }
        SecurityAlgorithm.AlgorithmType type = securityAlgorithm.getType();
        if (type.equals(SecurityAlgorithm.AlgorithmType.SymmetricEncryption)) {
            return 16;
        }
        if (type.equals(SecurityAlgorithm.AlgorithmType.AsymmetricSignature)) {
            return securityAlgorithm.getKeySize() / 8;
        }
        if (type.equals(SecurityAlgorithm.AlgorithmType.AsymmetricEncryption)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static String[] getCipherSuiteIntersection(String[] strArr, String[] strArr2, boolean z) {
        ArrayList arrayList = new ArrayList(Math.max(strArr.length, strArr2.length));
        TreeSet treeSet = new TreeSet();
        for (String str : strArr2) {
            treeSet.add(z ? str.substring(3) : str);
        }
        for (String str2 : strArr) {
            if (treeSet.contains(z ? str2.substring(3) : str2)) {
                arrayList.add(str2);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static CryptoProvider getCryptoProvider() {
        if (cryptoProvider == null) {
            if ("SC".equals(getSecurityProviderName())) {
                cryptoProvider = new ScCryptoProvider();
            } else if ("BC".equals(getSecurityProviderName())) {
                cryptoProvider = new BcCryptoProvider();
            } else {
                if (!"SunJCE".equals(getSecurityProviderName())) {
                    throw new RuntimeException("NO CRYPTO PROVIDER AVAILABLE!");
                }
                cryptoProvider = new SunJceCryptoProvider();
            }
        }
        return cryptoProvider;
    }

    public static int getNonceLength(SecurityAlgorithm securityAlgorithm) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 0;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15) || securityAlgorithm.equals(SecurityAlgorithm.RsaOaep)) {
            return 32;
        }
        if (SecurityAlgorithm.AlgorithmType.SymmetricEncryption == securityAlgorithm.getType()) {
            return securityAlgorithm.getKeySize() / 8;
        }
        LOGGER.error("getNonceLength: Unsupported algorithm={}", securityAlgorithm);
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static int getPlainTextBlockSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 1;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.Rsa15) && (key instanceof RSAPublicKey)) {
            return (((RSAPublicKey) key).getModulus().bitLength() / 8) - 11;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaOaep) && (key instanceof RSAPublicKey)) {
            return (((RSAPublicKey) key).getModulus().bitLength() / 8) - 42;
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static SecureRandom getRandom() {
        return random;
    }

    public static String getSecurityProviderName() {
        if (securityProviderName == null) {
            Provider provider = null;
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Providers={}", Arrays.toString(Security.getProviders()));
            }
            if (System.getProperty("java.runtime.name").toLowerCase().contains("android")) {
                if (Security.getProvider("SC") != null) {
                    securityProviderName = "SC";
                } else if (hasClass("org.spongycastle.jce.provider.BouncyCastleProvider") != null) {
                    securityProviderName = "SC";
                }
            } else if (Security.getProvider("BC") != null) {
                securityProviderName = "BC";
            } else {
                if (0 == 0) {
                    provider = hasClass("org.bouncycastle.jce.provider.BouncyCastleProvider");
                    if (provider != null) {
                        securityProviderName = "BC";
                    }
                }
                if (provider == null) {
                    provider = hasClass("com.sun.crypto.provider.SunJCE");
                }
                if (provider == null) {
                    Provider[] providers = Security.getProviders();
                    if (providers == null || providers.length == 0) {
                        throw new RuntimeException("No security providers available!");
                    }
                    provider = providers[0];
                }
                if (provider != null) {
                    securityProviderName = provider.getName();
                }
            }
            if (securityProviderName == null) {
                throw new RuntimeException("NO SECURITY PROVIDER AVAILABLE!");
            }
            LOGGER.info("Using SecurityProvider {}", securityProviderName);
        }
        return securityProviderName;
    }

    public static String getSecurityProviderName(Class<?> cls) {
        if ("SunJCE".equals(getSecurityProviderName())) {
            if (Signature.class.equals(cls)) {
                return "SunRsaSign";
            }
            if (KeyStore.class.equals(cls)) {
                return "SunJSSE";
            }
        }
        return getSecurityProviderName();
    }

    public static int getSignatureSize(SecurityAlgorithm securityAlgorithm, Key key) throws ServiceResultException {
        if (securityAlgorithm == null) {
            return 0;
        }
        if (securityAlgorithm.getType().equals(SecurityAlgorithm.AlgorithmType.SymmetricSignature)) {
            return securityAlgorithm.getKeySize() / 8;
        }
        if (key instanceof RSAPublicKey) {
            return ((RSAPublicKey) key).getModulus().bitLength() / 8;
        }
        if (key instanceof RSAPrivateKey) {
            return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha1)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        if (securityAlgorithm.equals(SecurityAlgorithm.RsaSha256)) {
            if (key instanceof RSAPublicKey) {
                return ((RSAPublicKey) key).getModulus().bitLength() / 8;
            }
            if (key instanceof RSAPrivateKey) {
                return ((RSAPrivateKey) key).getModulus().bitLength() / 8;
            }
        }
        throw new ServiceResultException(StatusCodes.Bad_SecurityPolicyRejected, securityAlgorithm.getUri());
    }

    public static byte[] hexToBytes(String str) {
        if (str == null) {
            return null;
        }
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
        }
        return bArr;
    }

    public static void setCryptoProvider(CryptoProvider cryptoProvider2) {
        cryptoProvider = cryptoProvider2;
    }

    public static void setSecurityProviderName(String str) {
        securityProviderName = str;
    }

    public static SignatureData signAsymm(PrivateKey privateKey, SecurityAlgorithm securityAlgorithm, byte[] bArr) throws ServiceResultException {
        return securityAlgorithm == null ? new SignatureData(null, null) : new SignatureData(securityAlgorithm.getUri(), getCryptoProvider().signAsymm(privateKey, securityAlgorithm, bArr));
    }

    public static String toHex(byte[] bArr) {
        return toHex(bArr, (bArr == null || bArr.length <= 64) ? 0 : 64);
    }

    public static String toHex(byte[] bArr, int i) {
        if (bArr == null) {
            return "(null)";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[" + bArr.length + "] 0x");
        for (int i2 = 0; i2 < bArr.length; i2++) {
            if (i > 0 && i2 % i == 0) {
                stringBuffer.append("\n");
            }
            stringBuffer.append(HEX_CHARS[(bArr[i2] >> 4) & 15]);
            stringBuffer.append(HEX_CHARS[bArr[i2] & 15]);
        }
        return stringBuffer.toString();
    }

    public static boolean verifyAsymm(X509Certificate x509Certificate, SecurityAlgorithm securityAlgorithm, byte[] bArr, byte[] bArr2) throws ServiceResultException {
        return getCryptoProvider().verifyAsymm(x509Certificate.getPublicKey(), securityAlgorithm, bArr, bArr2);
    }

    private static Provider hasClass(String str) {
        try {
            Class<?> loadClass = CryptoUtil.class.getClassLoader().loadClass(str);
            try {
                Provider provider = (Provider) loadClass.getConstructor(new Class[0]).newInstance(new Object[0]);
                Security.addProvider(provider);
                LOGGER.info("SecurityProvider initialized from {}", loadClass.getName());
                return provider;
            } catch (Exception e) {
                throw new RuntimeException("Cannot add Security provider class=" + loadClass.getName(), e);
            }
        } catch (ClassNotFoundException e2) {
            return null;
        }
    }

    static {
        try {
            LOGGER.debug("CryptoUtil init");
            random = SecureRandom.getInstance("SHA1PRNG");
            LOGGER.debug("CryptoUtil init: random={}", random);
            random.setSeed(System.currentTimeMillis());
            HEX_CHARS = "0123456789abcdef".toCharArray();
        } catch (NoSuchAlgorithmException e) {
            throw new Error(e);
        }
    }
}
