package org.dcache.xrootd.plugins.authn.gsi;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.pkcs.DHParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/dcache/xrootd/plugins/authn/gsi/DHSession.class */
public class DHSession {
    private static final String DH_ALGORITHM_NAME = "DH";
    private static final String DH_HEADER = "-----BEGIN DH PARAMETERS-----";
    private static final String DH_FOOTER = "-----END DH PARAMETERS-----";
    private static final String DH_PUBKEY_HEADER = "---BPUB---";
    private static final String DH_PUBKEY_FOOTER = "---EPUB---";
    private DHParameterSpec _dhParameterSpec;
    private KeyPair _localDHKeyPair;
    private KeyAgreement _keyAgreement;
    private static final Logger LOGGER = LoggerFactory.getLogger(DHSession.class);
    private static final String DH_PRIME = "00:a8:37:9d:6f:ff:e8:63:a0:b1:47:0c:26:dd:1a:45:0b:e2:03:9a:f0:83:b1:ba:5b:fa:1d:2f:5b:2a:89:08:02:d8:c4:d4:66:8d:14:8d:35:bb:24:b1:af:1a:d3:75:c7:c0:3b:61:aa:85:3f:56:69:ae:f2:67:da:20:87:5d:93".replaceAll("[:\\s]+", "");
    static final DHParameterSpec DH_PARAMETERS = new DHParameterSpec(new BigInteger(DH_PRIME, 16), BigInteger.valueOf(2));

    private static String printBytesAsHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            sb.append(String.format("%02X ", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public DHSession(boolean z) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        if (z) {
            this._dhParameterSpec = DH_PARAMETERS;
            initialize();
        }
    }

    private void initialize() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DH_ALGORITHM_NAME, "BC");
        keyPairGenerator.initialize(this._dhParameterSpec);
        this._localDHKeyPair = keyPairGenerator.generateKeyPair();
        this._keyAgreement = KeyAgreement.getInstance(DH_ALGORITHM_NAME, "BC");
        this._keyAgreement.init(this._localDHKeyPair.getPrivate());
    }

    public String getEncodedDHMaterial() throws IOException {
        return CertUtil.toPEM(toDER(this._dhParameterSpec), DH_HEADER, DH_FOOTER) + '\n' + DH_PUBKEY_HEADER + ((DHPublicKey) this._localDHKeyPair.getPublic()).getY().toString(16) + DH_PUBKEY_FOOTER;
    }

    public void finaliseKeyAgreement(String str) throws IOException, GeneralSecurityException, IllegalStateException {
        int indexOf = str.indexOf(DH_PUBKEY_HEADER);
        if (indexOf < 0 || indexOf >= str.length()) {
            throw new IllegalArgumentException("Illegal DH message: " + str);
        }
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf);
        DHParameterSpec fromDER = fromDER(CertUtil.fromPEM(substring, DH_HEADER, DH_FOOTER));
        LOGGER.trace("Remote endpoint sent: P = {}, G = {}, L = {},", new Object[]{fromDER.getP(), fromDER.getG(), Integer.valueOf(fromDER.getL())});
        if (this._keyAgreement == null) {
            int l = fromDER.getL();
            this._dhParameterSpec = new DHParameterSpec(fromDER.getP(), fromDER.getG(), l == 0 ? fromDER.getP().bitLength() : l);
            initialize();
        } else if (!this._dhParameterSpec.getP().equals(fromDER.getP()) || !this._dhParameterSpec.getG().equals(fromDER.getG())) {
            throw new GeneralSecurityException("remote DH parameters differ from local ones");
        }
        removeCharFromString(substring2, '\n');
        int length = DH_PUBKEY_HEADER.length();
        this._keyAgreement.doPhase(KeyFactory.getInstance(DH_ALGORITHM_NAME, "BC").generatePublic(new DHPublicKeySpec(new BigInteger(substring2.substring(length, substring2.length() - length), 16), fromDER.getP(), fromDER.getG())), true);
    }

    public byte[] decrypt(String str, String str2, int i, byte[] bArr) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchProviderException {
        return translate(str, str2, i, bArr, 2);
    }

    public byte[] encrypt(String str, String str2, int i, byte[] bArr) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchProviderException {
        return translate(str, str2, i, bArr, 1);
    }

    private byte[] translate(String str, String str2, int i, byte[] bArr, int i2) throws InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, NoSuchProviderException {
        byte[] bArr2 = new byte[i];
        Arrays.fill(bArr2, (byte) 0);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher cipher = Cipher.getInstance(str, "BC");
        byte[] encoded = this._keyAgreement.generateSecret("TlsPremasterSecret").getEncoded();
        if (encoded.length < i && i2 == 1) {
            byte[] copyOf = Arrays.copyOf(encoded, i);
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Adjusting truncated encoded array by appending 0s; old {}, new {}.", printBytesAsHex(encoded), printBytesAsHex(copyOf));
            }
        }
        cipher.init(i2, new SecretKeySpec(this._keyAgreement.generateSecret("TlsPremasterSecret").getEncoded(), 0, i, str2), ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    private static String removeCharFromString(String str, char c) {
        return str.replaceAll(String.valueOf(c), "");
    }

    private static DHParameterSpec fromDER(byte[] bArr) throws IOException {
        DHParameter dHParameter = DHParameter.getInstance(new ASN1InputStream(new ByteArrayInputStream(bArr)).readObject());
        return new DHParameterSpec(dHParameter.getP(), dHParameter.getG());
    }

    private static byte[] toDER(DHParameterSpec dHParameterSpec) throws IOException {
        return new DHParameter(dHParameterSpec.getP(), dHParameterSpec.getG(), dHParameterSpec.getP().bitLength()).getEncoded("DER");
    }
}
