package org.ssonet.net;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.ssonet.io.IOStream;
import org.ssonet.io.XMLTools;

/* loaded from: input_file:org/ssonet/net/KeyExchange.class */
public class KeyExchange {
    public static boolean debug = false;
    public static boolean debugProfiling = false;
    private static final boolean useAES = false;
    private PublicKey partnerTestKey;
    private PublicKey partnerCipherKey;
    private Key aesKey;
    private IOStream ioStream;
    private boolean isServer;
    public SSONETContext context;

    public KeyExchange(IOStream iOStream, SSONETContext sSONETContext, boolean z) throws SSONETCertificateNotValidException, IOException {
        this.aesKey = null;
        long[] jArr = new long[12];
        if (debugProfiling) {
            jArr[0] = System.currentTimeMillis();
        }
        if (debug) {
            System.out.println("Initializing key exchange.");
        }
        this.context = sSONETContext;
        this.ioStream = iOStream;
        this.isServer = z;
        if (sSONETContext.getPartnerTestCertificate() != null) {
            this.partnerTestKey = sSONETContext.getPartnerTestCertificate().getPublicKey();
            this.partnerCipherKey = sSONETContext.getPartnerCipherCertificate().getPublicKey();
            this.aesKey = sSONETContext.getOwnKeyExchangeAESKey();
            return;
        }
        if (debugProfiling) {
            jArr[1] = System.currentTimeMillis();
        }
        byte[] bArr = new byte[32];
        try {
            if (z) {
                if (debug) {
                    System.out.println("KeyExchange(server): send testkey certificate");
                }
                XMLTools.writeByteArrayWithLengthEncoding(iOStream, sSONETContext.getOwnTestCertificate().getEncoded());
                if (debug) {
                    System.out.println("KeyExchange(server): send cipher certificate");
                }
                XMLTools.writeByteArrayWithLengthEncoding(iOStream, sSONETContext.getOwnCipherCertificate().getEncoded());
                if (debugProfiling) {
                    jArr[2] = System.currentTimeMillis();
                }
                if (debugProfiling) {
                    jArr[3] = System.currentTimeMillis();
                }
                if (debug) {
                    System.out.println("KeyExchange(server): wait for partners RSA-encrypted testkey certificate");
                }
                byte[] readByteArrayWithLengthEncoding = XMLTools.readByteArrayWithLengthEncoding(iOStream);
                if (debugProfiling) {
                    jArr[4] = System.currentTimeMillis();
                }
                if (debug) {
                    System.out.println("KeyExchange(server): decrypt partners RSA-encrypted testkey certificate");
                }
                try {
                    byte[] decryptRSA = decryptRSA(readByteArrayWithLengthEncoding, sSONETContext.getOwnCiphKey());
                    if (debugProfiling) {
                        long currentTimeMillis = System.currentTimeMillis();
                        jArr[7] = currentTimeMillis;
                        jArr[6] = currentTimeMillis;
                        jArr[5] = currentTimeMillis;
                    }
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptRSA);
                    if (debugProfiling) {
                        jArr[8] = System.currentTimeMillis();
                    }
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    if (debug) {
                        System.out.println(new StringBuffer().append("KeyExchange.KeyExchange: X.509 uses Provider:").append(certificateFactory.getProvider().getName()).toString());
                    }
                    try {
                        if (debugProfiling) {
                            jArr[9] = System.currentTimeMillis();
                        }
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                        if (debugProfiling) {
                            jArr[10] = System.currentTimeMillis();
                        }
                        sSONETContext.setPartnerTestCertificate(x509Certificate);
                        if (!sSONETContext.checkCertificate(x509Certificate)) {
                            if (debug) {
                                System.out.println("KeyExchange(server): partner identity certificate NOT valid.");
                            }
                            throw new SSONETCertificateNotValidException();
                        }
                        this.partnerTestKey = x509Certificate.getPublicKey();
                        if (debug) {
                            System.out.println("KeyExchange(server): wait for partners encrypted cipherKey certificate");
                        }
                        byte[] readByteArrayWithLengthEncoding2 = XMLTools.readByteArrayWithLengthEncoding(iOStream);
                        if (debug) {
                            System.out.println("KeyExchange(server): decrypt partners encrypted cipherKey certificate");
                        }
                        try {
                            try {
                                X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(decryptRSA(readByteArrayWithLengthEncoding2, sSONETContext.getOwnCiphKey())));
                                sSONETContext.setPartnerCipherCertificate(x509Certificate2);
                                try {
                                    CryptoTools.testCertificate(x509Certificate2, this.partnerTestKey);
                                    if (debug) {
                                        System.out.println("KeyExchange(server): partner cipher certificate is valid.");
                                    }
                                    this.partnerCipherKey = x509Certificate2.getPublicKey();
                                    if (debugProfiling) {
                                        jArr[11] = System.currentTimeMillis();
                                    }
                                } catch (Exception e) {
                                    if (debug) {
                                        System.out.println("KeyExchange(server): partner cipher certificate is NOT valid.");
                                    }
                                    throw new SSONETCertificateNotValidException(e.getMessage());
                                }
                            } catch (CertificateException e2) {
                                throw new IOException(e2.getMessage());
                            }
                        } catch (BadPaddingException e3) {
                            throw new IOException(e3.getMessage());
                        }
                    } catch (CertificateException e4) {
                        throw new IOException(e4.getMessage());
                    }
                } catch (BadPaddingException e5) {
                    throw new IOException(e5.getMessage());
                }
            } else {
                if (debug) {
                    System.out.println("KeyExchange(client): wait for partners testkey certificate");
                }
                CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509");
                try {
                    X509Certificate x509Certificate3 = (X509Certificate) certificateFactory2.generateCertificate(new ByteArrayInputStream(XMLTools.readByteArrayWithLengthEncoding(iOStream)));
                    if (x509Certificate3 == null) {
                        throw new IOException("KeyExchange(client): partner identity certificate is null.");
                    }
                    sSONETContext.setPartnerTestCertificate(x509Certificate3);
                    if (debug) {
                        System.out.println("KeyExchange(client): check partner identity certificate by listener method");
                    }
                    if (!sSONETContext.checkCertificate(x509Certificate3)) {
                        if (debug) {
                            System.out.println("KeyExchange(client): partner identity certificate NOT valid.");
                        }
                        throw new SSONETCertificateNotValidException();
                    }
                    this.partnerTestKey = x509Certificate3.getPublicKey();
                    if (debugProfiling) {
                        jArr[1] = System.currentTimeMillis();
                    }
                    if (debug) {
                        System.out.println("KeyExchange(client): wait for partners cipher certificate");
                    }
                    try {
                        X509Certificate x509Certificate4 = (X509Certificate) certificateFactory2.generateCertificate(new ByteArrayInputStream(XMLTools.readByteArrayWithLengthEncoding(iOStream)));
                        if (debugProfiling) {
                            jArr[2] = System.currentTimeMillis();
                        }
                        sSONETContext.setPartnerCipherCertificate(x509Certificate4);
                        if (debug) {
                            System.out.println("KeyExchange(client): verify partners cipher certificate");
                        }
                        try {
                            CryptoTools.testCertificate(x509Certificate4, x509Certificate3.getPublicKey());
                            if (debug) {
                                System.out.println("KeyExchange(client): partner cipher certificate is valid.");
                            }
                            this.partnerCipherKey = x509Certificate4.getPublicKey();
                            if (debugProfiling) {
                                jArr[3] = System.currentTimeMillis();
                            }
                            if (debug) {
                                System.out.println("KeyExchange(client): encrypt own testkey certificate with partners cipher key");
                            }
                            try {
                                byte[] encryptRSA = encryptRSA(sSONETContext.getOwnTestCertificate().getEncoded(), this.partnerCipherKey);
                                if (debugProfiling) {
                                    long currentTimeMillis2 = System.currentTimeMillis();
                                    jArr[8] = currentTimeMillis2;
                                    jArr[7] = currentTimeMillis2;
                                    jArr[6] = currentTimeMillis2;
                                    jArr[5] = currentTimeMillis2;
                                    jArr[4] = currentTimeMillis2;
                                }
                                if (debug) {
                                    System.out.println("KeyExchange(client): send own encrypted testkey certificate");
                                }
                                XMLTools.writeByteArrayWithLengthEncoding(iOStream, encryptRSA);
                                if (debugProfiling) {
                                    jArr[9] = System.currentTimeMillis();
                                }
                                if (debug) {
                                    System.out.println("KeyExchange(client): encrypt own cipherKey certificate with partners cipher key");
                                }
                                try {
                                    byte[] encryptRSA2 = encryptRSA(sSONETContext.getOwnCipherCertificate().getEncoded(), this.partnerCipherKey);
                                    if (debugProfiling) {
                                        jArr[10] = System.currentTimeMillis();
                                    }
                                    if (debug) {
                                        System.out.println("KeyExchange(client): send own encrypted cipherKey certificate");
                                    }
                                    XMLTools.writeByteArrayWithLengthEncoding(iOStream, encryptRSA2);
                                    if (debugProfiling) {
                                        jArr[11] = System.currentTimeMillis();
                                    }
                                } catch (InvalidKeyException e6) {
                                    throw new IOException(e6.getMessage());
                                }
                            } catch (InvalidKeyException e7) {
                                throw new IOException(e7.getMessage());
                            }
                        } catch (Exception e8) {
                            if (debug) {
                                System.out.println("KeyExchange(client): partner cipher certificate is NOT valid.");
                            }
                            throw new SSONETCertificateNotValidException(e8.getMessage());
                        }
                    } catch (CertificateException e9) {
                        throw new IOException(e9.getMessage());
                    }
                } catch (CertificateException e10) {
                    throw new IOException(e10.getMessage());
                }
            }
            if (debugProfiling) {
                System.out.println(new StringBuffer().append("KeyExchange: Detailed Times for Certificate exchange (").append(z ? "server" : "client").append("):").toString());
                for (int i = 0; i < 11; i++) {
                    System.out.print(new StringBuffer().append("").append(jArr[i + 1] - jArr[i]).append(",").toString());
                }
                System.out.println();
            }
        } catch (NoSuchProviderException e11) {
            System.out.println("Implementation Error. Stop.");
            e11.printStackTrace();
            System.exit(-1);
        } catch (CertificateException e12) {
            System.out.println("Implementation Error. Stop.");
            e12.printStackTrace();
            System.exit(-1);
        } catch (SSONETCertificateNotValidException e13) {
            if (debug) {
                System.out.println("KeyExchange.KeyExchange: Some key certificates not valid. Abort.");
            }
            throw e13;
        }
    }

    public void sendOwnMechanismCertificate(X509Certificate x509Certificate) throws IOException {
        try {
            if (debug) {
                System.out.println("KeyExchange.sendOwnMechanismCertificate: Write mechanism public key certificate, encrypted with partners key.");
            }
            XMLTools.writeByteArrayWithLengthEncoding(this.ioStream, encryptRSA(x509Certificate.getEncoded(), this.partnerCipherKey));
        } catch (IOException e) {
            if (debug) {
                e.printStackTrace();
            }
            throw e;
        } catch (InvalidKeyException e2) {
            throw new IOException(e2.getMessage());
        } catch (CertificateEncodingException e3) {
            System.out.println("Implementation error. Stop.");
            e3.printStackTrace();
            System.exit(-1);
        }
    }

    public PublicKey getPartnerMechanismCertificate() throws IOException {
        try {
            if (debug) {
                System.out.println("KeyExchange.getPartnerMechanismCertificate: Wait for partners encrypted mechanism public key certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decryptRSA(XMLTools.readByteArrayWithLengthEncoding(this.ioStream), this.context.getOwnCiphKey())));
            CryptoTools.testCertificate(x509Certificate, this.partnerTestKey);
            return x509Certificate.getPublicKey();
        } catch (InvalidKeyException e) {
            if (debug) {
                e.printStackTrace();
            }
            throw new IOException("Partners testkey is invalid.");
        } catch (NoSuchAlgorithmException e2) {
            if (debug) {
                e2.printStackTrace();
            }
            throw new IOException("Partner certificate uses an unknown algorithm.");
        } catch (SignatureException e3) {
            if (debug) {
                e3.printStackTrace();
            }
            throw new IOException("Invalid Signature under partner certificate.");
        } catch (CertificateException e4) {
            if (debug) {
                e4.printStackTrace();
            }
            throw new IOException("Partner certificate is invalid.");
        } catch (BadPaddingException e5) {
            throw new IOException(e5.getMessage());
        } catch (IllegalBlockSizeException e6) {
            throw new IOException(e6.getMessage());
        }
    }

    public Key getSessionKey(String str, String str2) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return getSessionKey(str, str2, -1);
    }

    public Key getSessionKey(String str, String str2, int i) throws IOException, NoSuchProviderException, NoSuchAlgorithmException {
        SecretKey generateKey;
        try {
            if (this.isServer) {
                if (debug) {
                    System.out.println("getSessionKey: Wait for encrypted message");
                }
                byte[] readByteArrayWithLengthEncoding = XMLTools.readByteArrayWithLengthEncoding(this.ioStream);
                if (debug) {
                    System.out.println("getSessionKey: decrypt message");
                }
                byte[] decryptRSA = decryptRSA(readByteArrayWithLengthEncoding, this.context.getOwnCiphKey());
                int decodeLength = XMLTools.decodeLength(decryptRSA);
                if (debug) {
                    System.out.println(new StringBuffer().append("expected keylength: ").append(Integer.toString(i)).append(", receivedKeyLength: ").append(Integer.toString(decodeLength)).toString());
                }
                if (i >= 0 && decodeLength * 8 != i) {
                    if (debug) {
                        System.out.println("Received Key of incorrect length. Terminating Connection.");
                    }
                    throw new IOException("Received key of incorrect length. Terminating Connection.");
                }
                if (debug) {
                    System.out.println(new StringBuffer().append("extract ").append(decodeLength).append(" Byte Sessionkey").toString());
                }
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decryptRSA);
                byte[] readByteArrayWithLengthEncoding2 = XMLTools.readByteArrayWithLengthEncoding(byteArrayInputStream);
                if (debug) {
                    System.out.println("test signatur under sessionkey");
                }
                try {
                    if (!verifyDSA(readByteArrayWithLengthEncoding2, XMLTools.readByteArrayWithLengthEncoding(byteArrayInputStream), this.partnerTestKey)) {
                        if (debug) {
                            System.out.println("signature under sessionkey not valid!");
                        }
                        throw new IOException("Signature under sessionKey not valid.");
                    }
                    generateKey = new SecretKeySpec(readByteArrayWithLengthEncoding2, str);
                } catch (InvalidKeyException e) {
                    throw new IOException(e.getMessage());
                } catch (SignatureException e2) {
                    throw new IOException(e2.getMessage());
                }
            } else {
                if (debug) {
                    System.out.println("create sessionkey");
                }
                KeyGenerator keyGenerator = KeyGenerator.getInstance(str, str2);
                if (i < 0) {
                    keyGenerator.init(CryptoTools.getSecureRandom());
                } else {
                    keyGenerator.init(i, CryptoTools.getSecureRandom());
                }
                generateKey = keyGenerator.generateKey();
                if (debug) {
                    System.out.println(new StringBuffer().append("expected generation keylength: ").append(Integer.toString(i)).append(", generated KeyLength: ").append(Integer.toString(generateKey.getEncoded().length)).toString());
                }
                if (!generateKey.getFormat().equalsIgnoreCase("RAW")) {
                    if (debug) {
                        System.out.println(new StringBuffer().append("Wrong encoding format for secret key: ").append(generateKey.getFormat()).toString());
                    }
                    throw new IOException(new StringBuffer().append("Wrong encoding format for secret key: ").append(generateKey.getFormat()).toString());
                }
                if (debug) {
                    System.out.println(new StringBuffer().append(generateKey.getEncoded().length).append(" Byte Sessionkey created").toString());
                }
                if (debug) {
                    System.out.println("Sign sessionkey");
                }
                byte[] signDSA = signDSA(generateKey.getEncoded(), this.context.getOwnSigKey());
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                XMLTools.writeByteArrayWithLengthEncoding(byteArrayOutputStream, generateKey.getEncoded());
                XMLTools.writeByteArrayWithLengthEncoding(byteArrayOutputStream, signDSA);
                if (debug) {
                    System.out.println("encrypt message");
                }
                byte[] encryptRSA = encryptRSA(byteArrayOutputStream.toByteArray(), this.partnerCipherKey);
                if (debug) {
                    System.out.println("write encrypted message");
                }
                XMLTools.writeByteArrayWithLengthEncoding(this.ioStream, encryptRSA);
            }
            return generateKey;
        } catch (InvalidKeyException e3) {
            throw new IOException(e3.getMessage());
        } catch (BadPaddingException e4) {
            throw new IOException(e4.getMessage());
        } catch (IllegalBlockSizeException e5) {
            throw new IOException(e5.getMessage());
        }
    }

    private byte[] encryptRSA(byte[] bArr, PublicKey publicKey) throws InvalidKeyException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");
            cipher.init(1, publicKey, CryptoTools.getSecureRandom());
            int length = bArr.length / cipher.getBlockSize();
            if (bArr.length % cipher.getBlockSize() > 0) {
                length++;
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int length2 = bArr.length;
            for (int i = 0; i < length; i++) {
                int blockSize = cipher.getBlockSize();
                if (length2 < blockSize) {
                    blockSize = length2;
                }
                byteArrayOutputStream.write(cipher.doFinal(bArr, bArr.length - length2, blockSize));
                length2 -= blockSize;
            }
            return byteArrayOutputStream.toByteArray();
        } catch (InvalidKeyException e) {
            throw e;
        } catch (Exception e2) {
            System.out.println("Implementation Error. Stop.");
            e2.printStackTrace();
            System.exit(-1);
            return null;
        }
    }

    private byte[] decryptRSA(byte[] bArr, PrivateKey privateKey) throws BadPaddingException {
        try {
            long[] jArr = new long[8];
            if (debugProfiling) {
                jArr[0] = System.currentTimeMillis();
            }
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");
            if (debugProfiling) {
                jArr[1] = System.currentTimeMillis();
            }
            if (debugProfiling) {
                jArr[4] = System.currentTimeMillis();
            }
            cipher.init(2, privateKey, CryptoTools.getSecureRandom());
            if (debugProfiling) {
                jArr[5] = System.currentTimeMillis();
            }
            int length = bArr.length / cipher.getBlockSize();
            if (bArr.length % cipher.getBlockSize() > 0) {
                length++;
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int length2 = bArr.length;
            if (debugProfiling) {
                jArr[6] = System.currentTimeMillis();
            }
            for (int i = 0; i < length; i++) {
                int blockSize = cipher.getBlockSize();
                if (length2 < blockSize) {
                    blockSize = length2;
                }
                byteArrayOutputStream.write(cipher.doFinal(bArr, bArr.length - length2, blockSize));
                length2 -= blockSize;
            }
            return byteArrayOutputStream.toByteArray();
        } catch (BadPaddingException e) {
            e.printStackTrace();
            throw e;
        } catch (Exception e2) {
            System.out.println("Implementation Error. Stop.");
            e2.printStackTrace();
            System.exit(-1);
            return null;
        }
    }

    private byte[] signDSA(byte[] bArr, PrivateKey privateKey) {
        try {
            Signature signature = Signature.getInstance("DSA", "SUN");
            signature.initSign(privateKey, CryptoTools.getSecureRandom());
            signature.update(bArr);
            return signature.sign();
        } catch (Exception e) {
            System.out.println("Implementation Error. Stop.");
            e.printStackTrace();
            System.exit(-1);
            return null;
        }
    }

    private boolean verifyDSA(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws SignatureException, InvalidKeyException {
        try {
            Signature signature = Signature.getInstance("DSA", "SUN");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException e) {
            throw e;
        } catch (SignatureException e2) {
            throw e2;
        } catch (Exception e3) {
            System.out.println("Implementation Error. Stop.");
            e3.printStackTrace();
            System.exit(-1);
            return false;
        }
    }

    private byte[] encryptAES(byte[] bArr, Key key) throws InvalidKeyException {
        try {
            Cipher cipher = Cipher.getInstance("Rijndael/CBC/PKCS7Padding", "BC");
            byte[] bArr2 = new byte[cipher.getBlockSize()];
            Arrays.fill(bArr2, (byte) 0);
            cipher.init(1, key, new IvParameterSpec(bArr2), CryptoTools.getSecureRandom());
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw e;
        } catch (Exception e2) {
            System.out.println("Implementation Error. Stop.");
            e2.printStackTrace();
            System.exit(-1);
            return null;
        }
    }

    private byte[] decryptAES(byte[] bArr, Key key) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        try {
            Cipher cipher = Cipher.getInstance("Rijndael/CBC/PKCS7Padding", "BC");
            byte[] bArr2 = new byte[cipher.getBlockSize()];
            Arrays.fill(bArr2, (byte) 0);
            cipher.init(2, key, new IvParameterSpec(bArr2), CryptoTools.getSecureRandom());
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw e;
        } catch (BadPaddingException e2) {
            throw e2;
        } catch (IllegalBlockSizeException e3) {
            throw e3;
        } catch (Exception e4) {
            System.out.println("Implementation Error. Stop.");
            e4.printStackTrace();
            System.exit(-1);
            return null;
        }
    }

    static {
        try {
            CertificateFactory.getInstance("X.509", "BC");
            KeyGenerator.getInstance("Rijndael", "BC");
            Cipher.getInstance("RSA/ECB/PKCS1PADDING", "BC");
            Signature.getInstance("DSA", "SUN");
            Cipher.getInstance("Rijndael/CBC/PKCS7Padding", "BC");
            if (debug) {
                System.out.println("KeyExchange: Mechanism Classes preloaded.");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
