package org.apache.plc4x.java.opcua.context;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Supplier;
import org.apache.plc4x.java.opcua.protocol.chunk.Chunk;
import org.apache.plc4x.java.opcua.protocol.chunk.PayloadConverter;
import org.apache.plc4x.java.opcua.readwrite.ChunkType;
import org.apache.plc4x.java.opcua.readwrite.MessagePDU;
import org.apache.plc4x.java.opcua.security.SecurityPolicy;
import org.apache.plc4x.java.spi.generation.ByteOrder;
import org.apache.plc4x.java.spi.generation.SerializationException;
import org.apache.plc4x.java.spi.generation.WithWriterArgs;
import org.apache.plc4x.java.spi.generation.WriteBufferByteBased;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/plc4x/java/opcua/context/BaseEncryptionHandler.class */
public abstract class BaseEncryptionHandler {
    protected static final int SECURE_MESSAGE_HEADER_SIZE = 12;
    protected static final int SEQUENCE_HEADER_SIZE = 8;
    protected final Conversation conversation;
    protected final SecurityPolicy securityPolicy;
    static final /* synthetic */ boolean $assertionsDisabled;

    static {
        $assertionsDisabled = !BaseEncryptionHandler.class.desiredAssertionStatus();
    }

    public BaseEncryptionHandler(Conversation conversation, SecurityPolicy securityPolicy) {
        this.conversation = conversation;
        this.securityPolicy = securityPolicy;
    }

    public final List<MessagePDU> encodeMessage(Chunk chunk, MessagePDU messagePDU, Supplier<Integer> supplier) {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(PayloadConverter.toStream(messagePDU));
            int securityHeaderSize = 12 + chunk.getSecurityHeaderSize();
            byte[] bArr = new byte[12];
            wrap.get(bArr);
            byte[] bArr2 = new byte[chunk.getSecurityHeaderSize()];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[8];
            wrap.get(bArr3);
            ByteBuffer slice = wrap.slice();
            ArrayList arrayList = new ArrayList();
            boolean z = true;
            while (slice.hasRemaining()) {
                int min = Math.min(slice.remaining(), chunk.getMaxBodySize());
                int i = 0;
                if (chunk.isEncrypted()) {
                    int paddingOverhead = (((8 + min) + chunk.getPaddingOverhead()) + chunk.getSignatureSize()) % chunk.getPlainTextBlockSize();
                    i = paddingOverhead > 0 ? chunk.getPlainTextBlockSize() - paddingOverhead : 0;
                }
                int signatureSize = 8 + min + chunk.getSignatureSize() + i + chunk.getPaddingOverhead();
                if (chunk.isEncrypted() && !$assertionsDisabled && signatureSize % chunk.getPlainTextBlockSize() != 0) {
                    throw new AssertionError();
                }
                int securityHeaderSize2 = 12 + chunk.getSecurityHeaderSize() + ((signatureSize / chunk.getPlainTextBlockSize()) * chunk.getCipherTextBlockSize());
                WriteBufferByteBased writeBufferByteBased = new WriteBufferByteBased(securityHeaderSize2, ByteOrder.LITTLE_ENDIAN);
                writeBufferByteBased.writeByteArray("messageHeader", bArr, new WithWriterArgs[0]);
                writeBufferByteBased.writeByteArray("securityHeader", bArr2, new WithWriterArgs[0]);
                writeBufferByteBased.writeByteArray("sequenceHeader", bArr3, new WithWriterArgs[0]);
                updateFrameSize(writeBufferByteBased, securityHeaderSize2);
                updateFrame(z, writeBufferByteBased, chunk, slice.remaining() - min > 0 ? ChunkType.CONTINUE : ChunkType.FINAL, supplier);
                z = false;
                byte[] bArr4 = new byte[min];
                slice.get(bArr4);
                writeBufferByteBased.writeByteArray("payload", bArr4, new WithWriterArgs[0]);
                if (chunk.isEncrypted()) {
                    int paddingOverhead2 = i + chunk.getPaddingOverhead();
                    for (int i2 = 0; i2 < paddingOverhead2; i2++) {
                        writeBufferByteBased.writeByte("padding", (byte) i, new WithWriterArgs[0]);
                    }
                    if (chunk.getPaddingOverhead() > 1) {
                        writeBufferByteBased.setPos(min + i + chunk.getPaddingOverhead());
                        writeBufferByteBased.writeByte("paddingMSB", (byte) ((i >> 8) & 255), new WithWriterArgs[0]);
                    }
                }
                if (chunk.isSigned()) {
                    writeBufferByteBased.writeByteArray("signature", sign(writeBufferByteBased.getBytes(0, writeBufferByteBased.getPos())), new WithWriterArgs[0]);
                }
                if (chunk.isEncrypted()) {
                    encrypt(writeBufferByteBased, chunk.getSecurityHeaderSize(), chunk.getPlainTextBlockSize(), chunk.getCipherTextBlockSize(), signatureSize / chunk.getPlainTextBlockSize());
                }
                arrayList.add(PayloadConverter.pduFromStream(writeBufferByteBased.getBytes(), messagePDU.getResponse().booleanValue()));
            }
            return arrayList;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public final MessagePDU decodeMessage(Chunk chunk, MessagePDU messagePDU) {
        try {
            if (!chunk.isEncrypted() && !chunk.isSigned()) {
                return messagePDU;
            }
            int lengthInBytes = messagePDU.getLengthInBytes();
            WriteBufferByteBased writeBufferByteBased = new WriteBufferByteBased(lengthInBytes, ByteOrder.LITTLE_ENDIAN);
            messagePDU.serialize(writeBufferByteBased);
            int securityHeaderSize = (lengthInBytes - chunk.getSecurityHeaderSize()) - 12;
            if (chunk.isEncrypted()) {
                securityHeaderSize = decrypt(writeBufferByteBased, chunk, lengthInBytes);
            }
            if (chunk.isSigned()) {
                verify(writeBufferByteBased, chunk, lengthInBytes);
            }
            int encryptionOverhead = getEncryptionOverhead(chunk, lengthInBytes);
            short paddingSize = getPaddingSize(writeBufferByteBased, chunk, lengthInBytes);
            int securityHeaderSize2 = ((((12 + chunk.getSecurityHeaderSize()) + securityHeaderSize) - paddingSize) - chunk.getSignatureSize()) - chunk.getPaddingOverhead();
            int signatureSize = (((lengthInBytes - securityHeaderSize2) - chunk.getSignatureSize()) - encryptionOverhead) - chunk.getPaddingOverhead();
            if (paddingSize != signatureSize) {
                throw new IllegalArgumentException("Malformed data detected - expected padding size do not match");
            }
            if (chunk.isEncrypted()) {
                byte[] bytes = writeBufferByteBased.getBytes(securityHeaderSize2, securityHeaderSize2 + signatureSize);
                byte b = (byte) (paddingSize & 255);
                for (int i = 0; i < bytes.length; i++) {
                    if (bytes[i] != b) {
                        throw new IllegalArgumentException("Malformed padding byte at index " + i);
                    }
                }
            }
            updateFrameSize(writeBufferByteBased, lengthInBytes - (((paddingSize + chunk.getSignatureSize()) + chunk.getPaddingOverhead()) + encryptionOverhead));
            return PayloadConverter.pduFromStream(writeBufferByteBased.getBytes(), messagePDU.getResponse().booleanValue());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void updateFrame(boolean z, WriteBufferByteBased writeBufferByteBased, Chunk chunk, ChunkType chunkType, Supplier<Integer> supplier) throws SerializationException {
        int securityHeaderSize = 12 + chunk.getSecurityHeaderSize();
        if (chunkType != ChunkType.FINAL) {
            writeBufferByteBased.setPos(3);
            writeBufferByteBased.writeString("chunkType", 8, chunkType.getValue(), new WithWriterArgs[0]);
        }
        if (!z) {
            writeBufferByteBased.setPos(securityHeaderSize);
            writeBufferByteBased.writeUnsignedLong("sequenceId", 32, supplier.get().intValue(), new WithWriterArgs[0]);
        }
        writeBufferByteBased.setPos(securityHeaderSize + 8);
    }

    private void updateFrameSize(WriteBufferByteBased writeBufferByteBased, long j) throws SerializationException {
        int pos = writeBufferByteBased.getPos();
        try {
            writeBufferByteBased.setPos(4);
            writeBufferByteBased.writeUnsignedLong("totalLength", 32, j, new WithWriterArgs[0]);
        } finally {
            writeBufferByteBased.setPos(pos);
        }
    }

    private int getEncryptionOverhead(Chunk chunk, int i) {
        if (!chunk.isEncrypted()) {
            return 0;
        }
        int securityHeaderSize = (i - (12 + chunk.getSecurityHeaderSize())) / chunk.getCipherTextBlockSize();
        return (chunk.getCipherTextBlockSize() * securityHeaderSize) - (chunk.getPlainTextBlockSize() * securityHeaderSize);
    }

    private short getPaddingSize(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) {
        if (!chunk.isEncrypted()) {
            return (short) 0;
        }
        int securityHeaderSize = (i - (12 + chunk.getSecurityHeaderSize())) / chunk.getCipherTextBlockSize();
        int signatureSize = ((i - chunk.getSignatureSize()) - ((chunk.getCipherTextBlockSize() * securityHeaderSize) - (chunk.getPlainTextBlockSize() * securityHeaderSize))) - chunk.getPaddingOverhead();
        byte[] bytes = writeBufferByteBased.getBytes(signatureSize, signatureSize + chunk.getPaddingOverhead());
        return bytes.length > 2 ? (short) (((bytes[1] & 255) << 8) | (bytes[0] & 255)) : bytes[0];
    }

    protected abstract void verify(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception;

    protected abstract int decrypt(WriteBufferByteBased writeBufferByteBased, Chunk chunk, int i) throws Exception;

    protected abstract void encrypt(WriteBufferByteBased writeBufferByteBased, int i, int i2, int i3, int i4) throws Exception;

    protected abstract byte[] sign(byte[] bArr) throws GeneralSecurityException;
}
