package org.netxms.base;

import com.ibm.icu.impl.locale.LanguageTag;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.zip.CRC32;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:WEB-INF/plugins/org.netxms.ui.base_4.2.432.jar:org/netxms/base/EncryptionContext.class */
public final class EncryptionContext {
    private static final String[] CIPHERS;
    private static int[] KEY_LENGTHS;
    private static final String CIPHER_MODE = "/CBC/PKCS5Padding";
    private static final byte[] TEST_BYTES;
    private static final boolean[] cipherTests;
    private int cipher;
    private int keyLength;
    private Cipher encryptor;
    private Cipher decryptor;
    private SecretKey key;
    private IvParameterSpec iv;
    private PublicKey serverPublicKey;

    static {
        String[] strArr = new String[6];
        strArr[0] = "AES";
        strArr[1] = "Blowfish";
        strArr[4] = "AES";
        strArr[5] = "Blowfish";
        CIPHERS = strArr;
        KEY_LENGTHS = new int[]{256, 256, 0, 0, 128, 128};
        TEST_BYTES = "Test String".getBytes();
        cipherTests = new boolean[CIPHERS.length];
        for (int i = 0; i < CIPHERS.length; i++) {
            cipherTests[i] = testCipher(i);
        }
    }

    public String toString() {
        return "EncryptionContext [cipher=" + CIPHERS[this.cipher] + " keyLength=" + KEY_LENGTHS[this.cipher] + "]";
    }

    public static String getCipherName(int i) {
        try {
            return String.valueOf(CIPHERS[i]) + LanguageTag.SEP + Integer.toString(KEY_LENGTHS[i]);
        } catch (ArrayIndexOutOfBoundsException e) {
            return null;
        }
    }

    private static void safeWriteBytes(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) throws IOException {
        if (bArr != null) {
            byteArrayOutputStream.write(bArr);
        }
    }

    public static boolean testCipher(int i) {
        if (CIPHERS[i] == null) {
            return false;
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(CIPHERS[i]);
            keyGenerator.init(KEY_LENGTHS[i]);
            SecretKey generateKey = keyGenerator.generateKey();
            Cipher cipher = Cipher.getInstance(String.valueOf(CIPHERS[i]) + CIPHER_MODE);
            int blockSize = cipher.getBlockSize();
            byte[] bArr = new byte[blockSize > 0 ? blockSize : 16];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(128);
            cipher.init(1, generateKey, ivParameterSpec);
            safeWriteBytes(byteArrayOutputStream, cipher.update(TEST_BYTES));
            safeWriteBytes(byteArrayOutputStream, cipher.doFinal());
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.reset();
            Cipher cipher2 = Cipher.getInstance(String.valueOf(CIPHERS[i]) + CIPHER_MODE);
            cipher2.init(2, generateKey, ivParameterSpec);
            safeWriteBytes(byteArrayOutputStream, cipher2.update(byteArray));
            safeWriteBytes(byteArrayOutputStream, cipher2.doFinal());
            return Arrays.equals(TEST_BYTES, byteArrayOutputStream.toByteArray());
        } catch (Exception e) {
            return false;
        }
    }

    public static EncryptionContext createInstance(NXCPMessage nXCPMessage) throws NXCPException {
        int fieldAsInt32 = nXCPMessage.getFieldAsInt32(122L);
        int i = -1;
        int i2 = 0;
        while (true) {
            if (i2 >= CIPHERS.length) {
                break;
            }
            if (CIPHERS[i2] != null && cipherTests[i2] && (fieldAsInt32 & (1 << i2)) != 0) {
                try {
                    Cipher.getInstance(String.valueOf(CIPHERS[i2]) + CIPHER_MODE);
                    if (Cipher.getMaxAllowedKeyLength(String.valueOf(CIPHERS[i2]) + CIPHER_MODE) >= KEY_LENGTHS[i2]) {
                        i = i2;
                        break;
                    }
                } catch (Exception e) {
                }
            }
            i2++;
        }
        if (i == -1) {
            throw new NXCPException(3);
        }
        try {
            return new EncryptionContext(i, nXCPMessage);
        } catch (Exception e2) {
            throw new NXCPException(3, e2);
        }
    }

    protected EncryptionContext(int i, NXCPMessage nXCPMessage) throws GeneralSecurityException {
        this.cipher = i;
        this.keyLength = KEY_LENGTHS[i];
        KeyGenerator keyGenerator = KeyGenerator.getInstance(CIPHERS[i]);
        keyGenerator.init(KEY_LENGTHS[i]);
        this.key = keyGenerator.generateKey();
        this.encryptor = Cipher.getInstance(String.valueOf(CIPHERS[i]) + CIPHER_MODE);
        this.decryptor = Cipher.getInstance(String.valueOf(CIPHERS[i]) + CIPHER_MODE);
        int blockSize = this.encryptor.getBlockSize();
        byte[] bArr = new byte[blockSize > 0 ? blockSize : 16];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        this.iv = new IvParameterSpec(bArr);
        if (nXCPMessage != null) {
            this.serverPublicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(nXCPMessage.getFieldAsBinary(154L)));
        }
    }

    public byte[] getEncryptedSessionKey() throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
        cipher.init(1, this.serverPublicKey);
        return cipher.doFinal(this.key.getEncoded());
    }

    public byte[] getEncryptedIv() throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding");
        cipher.init(1, this.serverPublicKey);
        return cipher.doFinal(this.iv.getIV());
    }

    private byte[] encryptPayloadHeader(byte[] bArr) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        CRC32 crc32 = new CRC32();
        crc32.update(bArr);
        dataOutputStream.writeInt((int) crc32.getValue());
        dataOutputStream.writeInt(0);
        return this.encryptor.update(byteArrayOutputStream.toByteArray());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v18 */
    /* JADX WARN: Type inference failed for: r0v9, types: [javax.crypto.Cipher] */
    public byte[] encryptMessage(NXCPMessage nXCPMessage, boolean z) throws IOException, GeneralSecurityException {
        byte[] createNXCPMessage = nXCPMessage.createNXCPMessage(z);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeShort(131);
        dataOutputStream.writeByte(0);
        dataOutputStream.writeByte(0);
        dataOutputStream.writeInt(0);
        ?? r0 = this.encryptor;
        synchronized (r0) {
            this.encryptor.init(1, this.key, this.iv);
            byte[] encryptPayloadHeader = encryptPayloadHeader(createNXCPMessage);
            if (encryptPayloadHeader != null) {
                dataOutputStream.write(encryptPayloadHeader);
            }
            dataOutputStream.write(this.encryptor.update(createNXCPMessage));
            dataOutputStream.write(this.encryptor.doFinal());
            r0 = r0;
            int size = (8 - (byteArrayOutputStream.size() % 8)) & 7;
            for (int i = 0; i < size; i++) {
                dataOutputStream.writeByte(0);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArray[2] = (byte) size;
            byteArray[4] = (byte) (byteArray.length >> 24);
            byteArray[5] = (byte) ((byteArray.length >> 16) & 255);
            byteArray[6] = (byte) ((byteArray.length >> 8) & 255);
            byteArray[7] = (byte) (byteArray.length & 255);
            return byteArray;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v5, types: [javax.crypto.Cipher] */
    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable] */
    public byte[] decryptMessage(NXCPDataInputStream nXCPDataInputStream, int i) throws GeneralSecurityException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[4096];
        int i2 = i;
        ?? r0 = this.decryptor;
        synchronized (r0) {
            this.decryptor.init(2, this.key, this.iv);
            while (i2 > 0) {
                int read = nXCPDataInputStream.read(bArr, 0, Math.min(bArr.length, i2));
                byteArrayOutputStream.write(this.decryptor.update(bArr, 0, read));
                i2 -= read;
            }
            byteArrayOutputStream.write(this.decryptor.doFinal());
            r0 = r0;
            return byteArrayOutputStream.toByteArray();
        }
    }

    public int getCipher() {
        return this.cipher;
    }

    public int getKeyLength() {
        return this.keyLength / 8;
    }

    public int getIvLength() {
        return this.iv.getIV().length;
    }

    public String getServerKeyFingerprint() {
        if (this.serverPublicKey == null) {
            return "none";
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] encoded = this.serverPublicKey.getEncoded();
            messageDigest.update(encoded, 0, encoded.length);
            StringBuilder sb = new StringBuilder();
            byte[] digest = messageDigest.digest();
            int length = digest.length;
            for (int i = 0; i < length; i++) {
                byte b = digest[i];
                if (sb.length() > 0) {
                    sb.append(':');
                }
                Object[] objArr = new Object[1];
                objArr[0] = Integer.valueOf(b < 0 ? 129 + b : b);
                sb.append(String.format("%02x", objArr));
            }
            return sb.toString();
        } catch (NoSuchAlgorithmException e) {
            return "error";
        }
    }
}
