package org.apache.plc4x.java.opcua.context;

import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Security;
import java.util.List;
import java.util.function.Supplier;
import javax.crypto.Cipher;
import org.apache.plc4x.java.opcua.protocol.chunk.ChunkFactory;
import org.apache.plc4x.java.opcua.readwrite.MessagePDU;
import org.apache.plc4x.java.opcua.readwrite.OpcuaOpenRequest;
import org.apache.plc4x.java.opcua.readwrite.OpcuaOpenResponse;
import org.apache.plc4x.java.opcua.readwrite.OpcuaProtocolLimits;
import org.apache.plc4x.java.opcua.readwrite.PascalByteString;
import org.apache.plc4x.java.opcua.readwrite.PascalString;
import org.apache.plc4x.java.opcua.readwrite.SignatureData;
import org.apache.plc4x.java.opcua.security.SecurityPolicy;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/EncryptionHandler.class */
public class EncryptionHandler {
    private final Logger logger = LoggerFactory.getLogger(EncryptionHandler.class);
    private final Conversation conversation;
    private final SymmetricEncryptionHandler symmetricEncryptionHandler;
    private final AsymmetricEncryptionHandler asymmetricEncryptionHandler;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public EncryptionHandler(Conversation conversation, PrivateKey privateKey) {
        this.conversation = conversation;
        this.symmetricEncryptionHandler = new SymmetricEncryptionHandler(conversation, conversation.getSecurityPolicy());
        this.asymmetricEncryptionHandler = new AsymmetricEncryptionHandler(conversation, conversation.getSecurityPolicy(), privateKey);
    }

    public List<MessagePDU> encodeMessage(MessagePDU messagePDU, Supplier<Integer> supplier) {
        OpcuaProtocolLimits limits = this.conversation.getLimits();
        this.logger.debug("Encoding Message with Security policy {} and encoding limits {}", this.conversation.getSecurityPolicy(), limits);
        if ((messagePDU instanceof OpcuaOpenRequest) || (messagePDU instanceof OpcuaOpenResponse)) {
            return this.asymmetricEncryptionHandler.encodeMessage(new ChunkFactory().create(true, this.conversation.isSymmetricEncryptionEnabled(), this.conversation.isSymmetricSigningEnabled(), this.conversation.getSecurityPolicy(), limits, this.conversation.getLocalCertificate(), this.conversation.getRemoteCertificate()), messagePDU, supplier);
        }
        return this.symmetricEncryptionHandler.encodeMessage(new ChunkFactory().create(false, this.conversation.isSymmetricEncryptionEnabled(), this.conversation.isSymmetricSigningEnabled(), this.conversation.getSecurityPolicy(), limits, this.conversation.getLocalCertificate(), this.conversation.getRemoteCertificate()), messagePDU, supplier);
    }

    public MessagePDU decodeMessage(MessagePDU messagePDU) {
        OpcuaProtocolLimits limits = this.conversation.getLimits();
        this.logger.debug("Decoding Message with Security policy {} and encoding limits {}", this.conversation.getSecurityPolicy(), limits);
        if ((messagePDU instanceof OpcuaOpenResponse) || (messagePDU instanceof OpcuaOpenRequest)) {
            return this.asymmetricEncryptionHandler.decodeMessage(new ChunkFactory().create(true, this.conversation.isSymmetricEncryptionEnabled(), this.conversation.isSymmetricSigningEnabled(), this.conversation.getSecurityPolicy(), limits, this.conversation.getRemoteCertificate(), this.conversation.getLocalCertificate()), messagePDU);
        }
        return this.symmetricEncryptionHandler.decodeMessage(new ChunkFactory().create(false, this.conversation.isSymmetricEncryptionEnabled(), this.conversation.isSymmetricSigningEnabled(), this.conversation.getSecurityPolicy(), limits, this.conversation.getRemoteCertificate(), this.conversation.getLocalCertificate()), messagePDU);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public SignatureData createClientSignature() throws GeneralSecurityException {
        SecurityPolicy securityPolicy = this.conversation.getSecurityPolicy();
        byte[] remoteNonce = this.conversation.getRemoteNonce();
        byte[] bArr = (byte[]) Try.of(() -> {
            return this.conversation.getRemoteCertificate().getEncoded();
        }).getOrElse((Try) new byte[0]);
        byte[] sign = this.asymmetricEncryptionHandler.sign(ByteBuffer.allocate(bArr.length + remoteNonce.length).put(bArr).put(remoteNonce).array());
        return new SignatureData(new PascalString(securityPolicy.getAsymmetricSignatureAlgorithm().getUri()), new PascalByteString(sign.length, sign));
    }

    public byte[] encryptPassword(byte[] bArr) {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, this.conversation.getRemoteCertificate().getPublicKey());
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            this.logger.error("Unable to encrypt Data", e);
            return null;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1647345005:
                if (implMethodName.equals("lambda$0")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 7 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/apache/plc4x/java/opcua/context/EncryptionHandler") && serializedLambda.getImplMethodSignature().equals("()[B")) {
                    EncryptionHandler encryptionHandler = (EncryptionHandler) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return this.conversation.getRemoteCertificate().getEncoded();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
