package org.jgroups.protocols;

import io.netty.handler.codec.rtsp.RtspHeaders;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStore.Entry;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.stream.Collectors;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import org.jgroups.Address;
import org.jgroups.BytesMessage;
import org.jgroups.Event;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.ManagedAttribute;
import org.jgroups.annotations.ManagedOperation;
import org.jgroups.annotations.Property;
import org.jgroups.logging.Log;
import org.jgroups.stack.Protocol;
import org.jgroups.util.AsciiString;
import org.jgroups.util.BoundedHashMap;
import org.jgroups.util.ByteArray;
import org.jgroups.util.FastArray;
import org.jgroups.util.MessageBatch;
import org.jgroups.util.Util;

/* loaded from: input_file:BOOT-INF/lib/jgroups-5.4.6.Final.jar:org/jgroups/protocols/Encrypt.class */
public abstract class Encrypt<E extends KeyStore.Entry> extends Protocol {
    protected static final String DEFAULT_SYM_ALGO = "AES";

    @Property(description = "Cryptographic Service Provider")
    protected String provider;

    @Property(description = "Initialization vector length for symmetric encryption. A value must be specified here if the configured sym_algorithm requires an initialization vector.")
    protected int sym_iv_length;
    protected volatile View view;
    protected volatile BlockingQueue<Cipher> encoding_ciphers;
    protected volatile BlockingQueue<Cipher> decoding_ciphers;
    protected volatile byte[] sym_version;
    protected volatile Key secret_key;
    protected Map<AsciiString, Key> key_map;

    @Property(description = "Cipher engine transformation for asymmetric algorithm. Default is RSA")
    protected String asym_algorithm = "RSA";

    @Property(description = "Cipher engine transformation for symmetric algorithm. Default is AES")
    protected String sym_algorithm = DEFAULT_SYM_ALGO;

    @Property(description = "Initial public/private key length. Default is 2048")
    protected int asym_keylength = 2048;

    @Property(description = "Initial key length for matching symmetric algorithm. Default is 128")
    protected int sym_keylength = 128;

    @Property(description = "Number of ciphers in the pool to parallelize encrypt and decrypt requests", writable = false)
    protected int cipher_pool_size = 8;

    @Property(description = "Max number of keys in key_map")
    protected int key_map_max_size = 20;
    protected SecureRandom secure_random = new SecureRandom();

    public abstract <T extends Encrypt<E>> T setKeyStoreEntry(E e);

    public int asymKeylength() {
        return this.asym_keylength;
    }

    public <T extends Encrypt<E>> T asymKeylength(int i) {
        this.asym_keylength = i;
        return this;
    }

    public int symKeylength() {
        return this.sym_keylength;
    }

    public <T extends Encrypt<E>> T symKeylength(int i) {
        this.sym_keylength = i;
        return this;
    }

    public Key secretKey() {
        return this.secret_key;
    }

    public String symAlgorithm() {
        return this.sym_algorithm;
    }

    public <T extends Encrypt<E>> T symAlgorithm(String str) {
        this.sym_algorithm = str;
        return this;
    }

    public String symKeyAlgorithm() {
        return getAlgorithm(this.sym_algorithm);
    }

    public int simIvLength() {
        return this.sym_iv_length;
    }

    public <T extends Encrypt<E>> T symIvLength(int i) {
        this.sym_iv_length = i;
        return this;
    }

    public String asymAlgorithm() {
        return this.asym_algorithm;
    }

    public <T extends Encrypt<E>> T asymAlgorithm(String str) {
        this.asym_algorithm = str;
        return this;
    }

    public byte[] symVersion() {
        return this.sym_version;
    }

    public SecureRandom secureRandom() {
        return this.secure_random;
    }

    public <T extends Encrypt<E>> T secureRandom(SecureRandom secureRandom) {
        this.secure_random = secureRandom;
        return this;
    }

    @ManagedAttribute
    public String version() {
        return Util.byteArrayToHexString(this.sym_version);
    }

    @ManagedOperation(description = "Prints the versions of the shared group keys cached in the key map")
    public String printCachedGroupKeys() {
        return (String) this.key_map.keySet().stream().map(asciiString -> {
            return Util.byteArrayToHexString(asciiString.chars());
        }).collect(Collectors.joining(", "));
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.Lifecycle
    public void init() throws Exception {
        int nextHigherPowerOfTwo = Util.getNextHigherPowerOfTwo(this.cipher_pool_size);
        if (nextHigherPowerOfTwo != this.cipher_pool_size) {
            this.log.warn("%s: setting cipher_pool_size (%d) to %d (power of 2) for faster modulo operation", this.local_addr, Integer.valueOf(this.cipher_pool_size), Integer.valueOf(nextHigherPowerOfTwo));
            this.cipher_pool_size = nextHigherPowerOfTwo;
        }
        this.key_map = new BoundedHashMap(this.key_map_max_size);
        initSymCiphers(this.sym_algorithm, this.secret_key);
        getTransport();
    }

    @Override // org.jgroups.stack.Protocol
    public Object down(Event event) {
        switch (event.getType()) {
            case 6:
                Object down = this.down_prot.down(event);
                handleView((View) event.getArg());
                return down;
            default:
                return this.down_prot.down(event);
        }
    }

    @Override // org.jgroups.stack.Protocol
    public Object down(Message message) {
        try {
            if (this.secret_key != null) {
                this.down_prot.down(encrypt(message));
                return null;
            }
            Log log = this.log;
            Object[] objArr = new Object[4];
            objArr[0] = this.local_addr;
            objArr[1] = message.dest() == null ? "mcast" : RtspHeaders.Values.UNICAST;
            objArr[2] = message.dest();
            objArr[3] = message.printHeaders();
            log.trace("%s: discarded %s message to %s as secret key is null, hdrs: %s", objArr);
            return null;
        } catch (Exception e) {
            this.log.warn("%s: unable to send message down", this.local_addr, e);
            return null;
        }
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        switch (event.getType()) {
            case 6:
                handleView((View) event.getArg());
                break;
        }
        return this.up_prot.up(event);
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Message message) {
        if (((EncryptHeader) message.getHeader(this.id)) == null) {
            this.log.error("%s: received message without encrypt header from %s; dropping it", this.local_addr, message.src());
            return null;
        }
        try {
            return handleEncryptedMessage(message);
        } catch (Exception e) {
            this.log.warn("%s: exception occurred decrypting message", this.local_addr, e);
            return null;
        }
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public void up(MessageBatch messageBatch) {
        if (this.secret_key == null) {
            Log log = this.log;
            Object[] objArr = new Object[3];
            objArr[0] = this.local_addr;
            objArr[1] = messageBatch.dest() == null ? "mcast" : RtspHeaders.Values.UNICAST;
            objArr[2] = messageBatch.sender();
            log.trace("%s: discarded %s batch from %s as secret key is null", objArr);
            return;
        }
        BlockingQueue<Cipher> blockingQueue = this.decoding_ciphers;
        if (blockingQueue == null) {
            return;
        }
        Cipher cipher = null;
        try {
            try {
                cipher = blockingQueue.take();
                FastArray.FastIterator fastIterator = (FastArray.FastIterator) messageBatch.iterator();
                while (fastIterator.hasNext()) {
                    Message message = (Message) fastIterator.next();
                    if (message.getHeader(this.id) == null) {
                        this.log.error("%s: received message without encrypt header from %s; dropping it", this.local_addr, messageBatch.sender());
                        fastIterator.remove();
                    } else {
                        try {
                            Message decrypt = decrypt(cipher, message.copy(true, true));
                            if (decrypt != null) {
                                fastIterator.replace(decrypt);
                            } else {
                                fastIterator.remove();
                            }
                        } catch (Exception e) {
                            this.log.error("%s: failed decrypting message from %s (offset=%d, length=%d, buf.length=%d): %s, headers are %s", this.local_addr, message.getSrc(), Integer.valueOf(message.getOffset()), Integer.valueOf(message.getLength()), Integer.valueOf(message.getArray().length), e, message.printHeaders());
                            fastIterator.remove();
                        }
                    }
                }
                if (cipher != null) {
                    blockingQueue.offer(cipher);
                }
                if (messageBatch.isEmpty()) {
                    return;
                }
                this.up_prot.up(messageBatch);
            } catch (InterruptedException e2) {
                this.log.error("%s: failed processing batch; discarding batch", this.local_addr, e2);
                if (cipher != null) {
                    blockingQueue.offer(cipher);
                }
            }
        } catch (Throwable th) {
            if (cipher != null) {
                blockingQueue.offer(cipher);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initSymCiphers(String str, Key key) throws Exception {
        if (key == null) {
            return;
        }
        ArrayBlockingQueue arrayBlockingQueue = new ArrayBlockingQueue(this.cipher_pool_size);
        ArrayBlockingQueue arrayBlockingQueue2 = new ArrayBlockingQueue(this.cipher_pool_size);
        for (int i = 0; i < this.cipher_pool_size; i++) {
            arrayBlockingQueue.offer(createCipher(str));
            arrayBlockingQueue2.offer(createCipher(str));
        }
        byte[] digest = MessageDigest.getInstance("MD5").digest(key.getEncoded());
        this.encoding_ciphers = arrayBlockingQueue;
        this.decoding_ciphers = arrayBlockingQueue2;
        this.sym_version = digest;
    }

    protected Cipher createCipher(String str) throws Exception {
        return (this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(str) : Cipher.getInstance(str, this.provider);
    }

    protected static void initCipher(Cipher cipher, int i, Key key, byte[] bArr) throws Exception {
        if (bArr != null) {
            cipher.init(i, key, new IvParameterSpec(bArr));
        } else {
            cipher.init(i, key);
        }
    }

    protected byte[] makeIv() {
        if (this.sym_iv_length <= 0) {
            return null;
        }
        byte[] bArr = new byte[this.sym_iv_length];
        this.secure_random.nextBytes(bArr);
        return bArr;
    }

    protected Object handleEncryptedMessage(Message message) throws Exception {
        Message decrypt = decrypt(null, message.copy(true, true));
        if (decrypt != null) {
            return this.up_prot.up(decrypt);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleView(View view) {
        this.view = view;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean inView(Address address, String str) {
        View view = this.view;
        if (view == null || view.containsMember(address)) {
            return true;
        }
        this.log.error(str, address, view);
        return false;
    }

    protected Message decrypt(Cipher cipher, Message message) throws Exception {
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        if (Arrays.equals(encryptHeader.version(), this.sym_version)) {
            return _decrypt(cipher, this.secret_key, message, encryptHeader);
        }
        Address src = message.src();
        Object[] objArr = new Object[3];
        objArr[0] = this.local_addr;
        objArr[1] = message.dest() == null ? RtspHeaders.Values.MULTICAST : RtspHeaders.Values.UNICAST;
        objArr[2] = message.getSrc();
        if (!inView(src, String.format("%s: rejected decryption of %s message from non-member %s", objArr))) {
            return null;
        }
        Key key = this.key_map.get(new AsciiString(encryptHeader.version()));
        if (key == null) {
            this.log.trace("%s: message from %s (version: %s) dropped, as a key matching that version wasn't found (current version: %s)", this.local_addr, message.src(), Util.byteArrayToHexString(encryptHeader.version()), Util.byteArrayToHexString(this.sym_version));
            return null;
        }
        this.log.trace("%s: decrypting msg from %s using previous key version %s", this.local_addr, message.src(), Util.byteArrayToHexString(encryptHeader.version()));
        return _decrypt(cipher, key, message, encryptHeader);
    }

    protected Message _decrypt(Cipher cipher, Key key, Message message, EncryptHeader encryptHeader) throws Exception {
        byte[] doFinal;
        if (!message.hasPayload()) {
            return message;
        }
        if (cipher == null) {
            doFinal = code(message.getArray(), message.getOffset(), message.getLength(), encryptHeader.iv(), true);
        } else {
            initCipher(cipher, 2, key, encryptHeader.iv());
            doFinal = cipher.doFinal(message.getArray(), message.getOffset(), message.getLength());
        }
        return encryptHeader.needsDeserialization() ? Util.messageFromBuffer(doFinal, 0, doFinal.length) : message.setArray(doFinal, 0, doFinal.length);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Message encrypt(Message message) throws Exception {
        byte[] array;
        if (message.getSrc() == null) {
            message.setSrc(this.local_addr);
        }
        if (!message.hasPayload()) {
            return message.putHeader(this.id, new EncryptHeader((byte) 0, symVersion(), makeIv()));
        }
        boolean z = !message.hasArray();
        ByteArray byteArray = null;
        if (z) {
            ByteArray messageToBuffer = Util.messageToBuffer(message);
            byteArray = messageToBuffer;
            array = messageToBuffer.getArray();
        } else {
            array = message.getArray();
        }
        byte[] bArr = array;
        int offset = z ? byteArray.getOffset() : message.getOffset();
        int length = z ? byteArray.getLength() : message.getLength();
        byte[] makeIv = makeIv();
        Message putHeader = (z ? new BytesMessage(message.dest()) : message.copy(false, true)).putHeader(this.id, new EncryptHeader((byte) 0, symVersion(), makeIv).needsDeserialization(z));
        if (length > 0) {
            putHeader.setArray(code(bArr, offset, length, makeIv, false));
        } else {
            putHeader.setArray(bArr, offset, length);
        }
        return putHeader;
    }

    protected byte[] code(byte[] bArr, int i, int i2, byte[] bArr2, boolean z) throws Exception {
        BlockingQueue<Cipher> blockingQueue = z ? this.decoding_ciphers : this.encoding_ciphers;
        Cipher take = blockingQueue.take();
        try {
            initCipher(take, z ? 2 : 1, this.secret_key, bArr2);
            byte[] doFinal = take.doFinal(bArr, i, i2);
            blockingQueue.offer(take);
            return doFinal;
        } catch (Throwable th) {
            blockingQueue.offer(take);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getAlgorithm(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getModeAndPadding(String str) {
        int indexOf = str.indexOf(47);
        String substring = indexOf == -1 ? null : str.substring(indexOf + 1);
        if (substring == null || substring.isEmpty()) {
            return null;
        }
        return substring;
    }
}
