package org.kaaproject.kaa.common.endpoint.security;

import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class MessageEncoderDecoder {
    private static final String RSA = "RSA/ECB/PKCS1Padding";
    private static final String SESSION_CRYPT_ALGORITHM = "AES/ECB/PKCS5PADDING";
    private static final String SESSION_KEY_ALGORITHM = "AES";
    private static final int SESSION_KEY_SIZE = 128;
    private static final String SHA1WITH_RSA = "SHA1withRSA";
    private final PrivateKey privateKey;
    private final PublicKey publicKey;
    private PublicKey remotePublicKey;
    private CipherPair sessionCipherPair;
    private SecretKey sessionKey;
    protected static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
    private static final Logger LOG = LoggerFactory.getLogger(MessageEncoderDecoder.class);
    private static final ThreadLocal<Cipher> RSA_CIPHER = new ThreadLocal<Cipher>() { // from class: org.kaaproject.kaa.common.endpoint.security.MessageEncoderDecoder.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public Cipher initialValue() {
            return MessageEncoderDecoder.cipherForAlgorithm(MessageEncoderDecoder.RSA);
        }
    };
    private static final ThreadLocal<Signature> SHA1WITH_RSA_SIGNATURE = new ThreadLocal<Signature>() { // from class: org.kaaproject.kaa.common.endpoint.security.MessageEncoderDecoder.2
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public Signature initialValue() {
            return MessageEncoderDecoder.signatureForAlgorithm(MessageEncoderDecoder.SHA1WITH_RSA);
        }
    };
    private static final ThreadLocal<KeyGenerator> SESSION_KEY_GENERATOR = new ThreadLocal<KeyGenerator>() { // from class: org.kaaproject.kaa.common.endpoint.security.MessageEncoderDecoder.3
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        public KeyGenerator initialValue() {
            return MessageEncoderDecoder.keyGeneratorForAlgorithm(MessageEncoderDecoder.SESSION_KEY_ALGORITHM, 128);
        }
    };

    /* loaded from: classes.dex */
    public static class CipherPair {
        private Cipher decCipher;
        private Cipher encCipher;

        private CipherPair(String str, SecretKey secretKey) throws InvalidKeyException {
            this.decCipher = MessageEncoderDecoder.cipherForAlgorithm(str);
            this.decCipher.init(2, secretKey);
            this.encCipher = MessageEncoderDecoder.cipherForAlgorithm(str);
            this.encCipher.init(1, secretKey);
        }
    }

    public MessageEncoderDecoder(PrivateKey privateKey, PublicKey publicKey) {
        this(privateKey, publicKey, null);
    }

    public MessageEncoderDecoder(PrivateKey privateKey, PublicKey publicKey, PublicKey publicKey2) {
        this.privateKey = privateKey;
        this.publicKey = publicKey;
        this.remotePublicKey = publicKey2;
        if (LOG.isTraceEnabled()) {
            LOG.trace("Creating MessageEncoderDecoder with\nPublicKey {};\nRemotePublicKey {}", this.publicKey != null ? bytesToHex(this.publicKey.getEncoded()) : "empty", this.remotePublicKey != null ? bytesToHex(this.remotePublicKey.getEncoded()) : "empty");
        }
    }

    public static String bytesToHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 3];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            cArr[i * 3] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 3) + 1] = HEX_ARRAY[i2 & 15];
            cArr[(i * 3) + 2] = ' ';
        }
        return new String(cArr);
    }

    static Cipher cipherForAlgorithm(String str) {
        try {
            return Cipher.getInstance(str);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            LOG.error("Cipher init error", e);
            return null;
        }
    }

    private void decodeSessionKey(byte[] bArr) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = RSA_CIPHER.get();
        cipher.init(2, this.privateKey);
        this.sessionKey = new SecretKeySpec(cipher.doFinal(bArr), 0, 16, SESSION_KEY_ALGORITHM);
    }

    private SecretKey getSessionKey() throws NoSuchAlgorithmException {
        if (this.sessionKey == null) {
            this.sessionKey = SESSION_KEY_GENERATOR.get().generateKey();
        }
        return this.sessionKey;
    }

    static KeyGenerator keyGeneratorForAlgorithm(String str, int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(i);
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Key generator init error", (Throwable) e);
            return null;
        }
    }

    static Signature signatureForAlgorithm(String str) {
        try {
            return Signature.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Signature init error", (Throwable) e);
            return null;
        }
    }

    public byte[] decodeData(byte[] bArr) throws GeneralSecurityException {
        if (this.sessionCipherPair == null) {
            this.sessionCipherPair = new CipherPair(SESSION_CRYPT_ALGORITHM, getSessionKey());
        }
        return this.sessionCipherPair.decCipher.doFinal(bArr);
    }

    public byte[] decodeData(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        this.sessionCipherPair = null;
        decodeSessionKey(bArr2);
        return decodeData(bArr);
    }

    public byte[] encodeData(byte[] bArr) throws GeneralSecurityException {
        if (this.sessionCipherPair == null) {
            this.sessionCipherPair = new CipherPair(SESSION_CRYPT_ALGORITHM, getSessionKey());
        }
        return this.sessionCipherPair.encCipher.doFinal(bArr);
    }

    public byte[] getEncodedSessionKey() throws GeneralSecurityException {
        SecretKey sessionKey = getSessionKey();
        Cipher cipher = RSA_CIPHER.get();
        cipher.init(1, this.remotePublicKey);
        return cipher.doFinal(sessionKey.getEncoded());
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public PublicKey getRemotePublicKey() {
        return this.remotePublicKey;
    }

    public CipherPair getSessionCipherPair() {
        return this.sessionCipherPair;
    }

    public void setRemotePublicKey(PublicKey publicKey) throws GeneralSecurityException {
        this.remotePublicKey = publicKey;
        if (LOG.isTraceEnabled()) {
            LOG.trace("RemotePublicKey {}", this.remotePublicKey != null ? bytesToHex(this.remotePublicKey.getEncoded()) : "empty");
        }
    }

    public void setRemotePublicKey(byte[] bArr) throws GeneralSecurityException {
        this.remotePublicKey = KeyUtil.getPublic(bArr);
        if (LOG.isTraceEnabled()) {
            LOG.trace("RemotePublicKey {}", this.remotePublicKey != null ? bytesToHex(this.remotePublicKey.getEncoded()) : "empty");
        }
    }

    public void setSessionCipherPair(CipherPair cipherPair) {
        this.sessionCipherPair = cipherPair;
    }

    public byte[] sign(byte[] bArr) throws GeneralSecurityException {
        Signature signature = SHA1WITH_RSA_SIGNATURE.get();
        signature.initSign(this.privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    public boolean verify(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Signature signature = SHA1WITH_RSA_SIGNATURE.get();
        signature.initVerify(this.remotePublicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }
}
