package org.apache.catalina.tribes.group.interceptors;

import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.concurrent.ConcurrentLinkedQueue;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.catalina.tribes.ChannelException;
import org.apache.catalina.tribes.ChannelInterceptor;
import org.apache.catalina.tribes.ChannelMessage;
import org.apache.catalina.tribes.Member;
import org.apache.catalina.tribes.group.ChannelInterceptorBase;
import org.apache.catalina.tribes.group.InterceptorPayload;
import org.apache.catalina.tribes.io.XByteBuffer;
import org.apache.catalina.tribes.util.StringManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:WEB-INF/lib/tomcat-tribes-9.0.59.jar:org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.class */
public class EncryptInterceptor extends ChannelInterceptorBase implements EncryptInterceptorMBean {
    private static final String DEFAULT_ENCRYPTION_ALGORITHM = "AES/CBC/PKCS5Padding";
    private String providerName;
    private String encryptionAlgorithm = DEFAULT_ENCRYPTION_ALGORITHM;
    private byte[] encryptionKeyBytes;
    private String encryptionKeyString;
    private BaseEncryptionManager encryptionManager;
    private static final Log log = LogFactory.getLog((Class<?>) EncryptInterceptor.class);
    protected static final StringManager sm = StringManager.getManager((Class<?>) EncryptInterceptor.class);
    private static final int[] DEC = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/tomcat-tribes-9.0.59.jar:org/apache/catalina/tribes/group/interceptors/EncryptInterceptor$BaseEncryptionManager.class */
    public static class BaseEncryptionManager {
        private final String algorithm;
        private final int blockSize;
        private final String providerName;
        private final SecretKeySpec secretKey;
        private final ConcurrentLinkedQueue<Cipher> cipherPool = new ConcurrentLinkedQueue<>();
        private final ConcurrentLinkedQueue<SecureRandom> randomPool;

        public BaseEncryptionManager(String str, SecretKeySpec secretKeySpec, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
            this.algorithm = str;
            this.providerName = str2;
            this.secretKey = secretKeySpec;
            Cipher createCipher = createCipher();
            this.blockSize = createCipher.getBlockSize();
            this.cipherPool.offer(createCipher);
            this.randomPool = new ConcurrentLinkedQueue<>();
        }

        public void shutdown() {
            this.cipherPool.clear();
            this.randomPool.clear();
        }

        private String getAlgorithm() {
            return this.algorithm;
        }

        private SecretKeySpec getSecretKey() {
            return this.secretKey;
        }

        protected int getIVSize() {
            return this.blockSize;
        }

        private String getProviderName() {
            return this.providerName;
        }

        private Cipher createCipher() throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
            String providerName = getProviderName();
            return null == providerName ? Cipher.getInstance(getAlgorithm()) : Cipher.getInstance(getAlgorithm(), providerName);
        }

        private Cipher getCipher() throws GeneralSecurityException {
            Cipher poll = this.cipherPool.poll();
            if (null == poll) {
                poll = createCipher();
            }
            return poll;
        }

        private void returnCipher(Cipher cipher) {
            this.cipherPool.offer(cipher);
        }

        private SecureRandom getRandom() {
            SecureRandom poll = this.randomPool.poll();
            if (null == poll) {
                poll = new SecureRandom();
            }
            return poll;
        }

        private void returnRandom(SecureRandom secureRandom) {
            this.randomPool.offer(secureRandom);
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
        public byte[][] encrypt(byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = null;
            byte[] generateIVBytes = generateIVBytes();
            try {
                cipher = getCipher();
                cipher.init(1, getSecretKey(), generateIV(generateIVBytes, 0, getIVSize()));
                ?? r0 = {generateIVBytes, cipher.doFinal(bArr)};
                if (null != cipher) {
                    returnCipher(cipher);
                }
                return r0;
            } catch (Throwable th) {
                if (null != cipher) {
                    returnCipher(cipher);
                }
                throw th;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] decrypt(byte[] bArr) throws GeneralSecurityException {
            Cipher cipher = null;
            int iVSize = getIVSize();
            AlgorithmParameterSpec generateIV = generateIV(bArr, 0, iVSize);
            try {
                cipher = getCipher();
                cipher.init(2, getSecretKey(), generateIV);
                byte[] doFinal = cipher.doFinal(bArr, iVSize, bArr.length - iVSize);
                if (null != cipher) {
                    returnCipher(cipher);
                }
                return doFinal;
            } catch (Throwable th) {
                if (null != cipher) {
                    returnCipher(cipher);
                }
                throw th;
            }
        }

        protected byte[] generateIVBytes() {
            byte[] bArr = new byte[getIVSize()];
            SecureRandom secureRandom = null;
            try {
                secureRandom = getRandom();
                secureRandom.nextBytes(bArr);
                if (null != secureRandom) {
                    returnRandom(secureRandom);
                }
                return bArr;
            } catch (Throwable th) {
                if (null != secureRandom) {
                    returnRandom(secureRandom);
                }
                throw th;
            }
        }

        protected AlgorithmParameterSpec generateIV(byte[] bArr, int i, int i2) {
            return new IvParameterSpec(bArr, i, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/tomcat-tribes-9.0.59.jar:org/apache/catalina/tribes/group/interceptors/EncryptInterceptor$ChannelConfigException.class */
    public static class ChannelConfigException extends ChannelException {
        private static final long serialVersionUID = 1;

        public ChannelConfigException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/tomcat-tribes-9.0.59.jar:org/apache/catalina/tribes/group/interceptors/EncryptInterceptor$GCMEncryptionManager.class */
    public static class GCMEncryptionManager extends BaseEncryptionManager {
        public GCMEncryptionManager(String str, SecretKeySpec secretKeySpec, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
            super(str, secretKeySpec, str2);
        }

        @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptor.BaseEncryptionManager
        protected int getIVSize() {
            return 12;
        }

        @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptor.BaseEncryptionManager
        protected AlgorithmParameterSpec generateIV(byte[] bArr, int i, int i2) {
            return new GCMParameterSpec(128, bArr, i, i2);
        }
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor
    public void start(int i) throws ChannelException {
        validateChannelChain();
        if (2 == (i & 2)) {
            try {
                this.encryptionManager = createEncryptionManager(getEncryptionAlgorithm(), getEncryptionKeyInternal(), getProviderName());
            } catch (GeneralSecurityException e) {
                throw new ChannelException(sm.getString("encryptInterceptor.init.failed"), e);
            }
        }
        super.start(i);
    }

    private void validateChannelChain() throws ChannelException {
        ChannelInterceptor previous = getPrevious();
        while (true) {
            ChannelInterceptor channelInterceptor = previous;
            if (null == channelInterceptor) {
                return;
            }
            if (channelInterceptor instanceof TcpFailureDetector) {
                throw new ChannelConfigException(sm.getString("encryptInterceptor.tcpFailureDetector.ordering"));
            }
            previous = channelInterceptor.getPrevious();
        }
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor
    public void stop(int i) throws ChannelException {
        if (2 == (i & 2)) {
            this.encryptionManager.shutdown();
        }
        super.stop(i);
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor
    public void sendMessage(Member[] memberArr, ChannelMessage channelMessage, InterceptorPayload interceptorPayload) throws ChannelException {
        try {
            byte[][] encrypt = this.encryptionManager.encrypt(channelMessage.getMessage().getBytes());
            XByteBuffer message = channelMessage.getMessage();
            message.clear();
            message.append(encrypt[0], 0, encrypt[0].length);
            message.append(encrypt[1], 0, encrypt[1].length);
            super.sendMessage(memberArr, channelMessage, interceptorPayload);
        } catch (GeneralSecurityException e) {
            log.error(sm.getString("encryptInterceptor.encrypt.failed"));
            throw new ChannelException(e);
        }
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor, org.apache.catalina.tribes.MessageListener
    public void messageReceived(ChannelMessage channelMessage) {
        try {
            byte[] decrypt = this.encryptionManager.decrypt(channelMessage.getMessage().getBytes());
            XByteBuffer message = channelMessage.getMessage();
            message.clear();
            message.append(decrypt, 0, decrypt.length);
            super.messageReceived(channelMessage);
        } catch (GeneralSecurityException e) {
            log.error(sm.getString("encryptInterceptor.decrypt.failed"), e);
        }
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setEncryptionAlgorithm(String str) {
        if (null == getEncryptionAlgorithm()) {
            throw new IllegalStateException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        int indexOf = str.indexOf(47);
        if (indexOf < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        if (str.indexOf(47, indexOf + 1) < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        this.encryptionAlgorithm = str;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setEncryptionKey(byte[] bArr) {
        if (null == bArr) {
            this.encryptionKeyBytes = null;
        } else {
            this.encryptionKeyBytes = (byte[]) bArr.clone();
        }
    }

    public void setEncryptionKey(String str) {
        this.encryptionKeyString = str;
        if (null == str) {
            setEncryptionKey((byte[]) null);
        } else {
            setEncryptionKey(fromHexString(str.trim()));
        }
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public byte[] getEncryptionKey() {
        byte[] encryptionKeyInternal = getEncryptionKeyInternal();
        if (null != encryptionKeyInternal) {
            encryptionKeyInternal = (byte[]) encryptionKeyInternal.clone();
        }
        return encryptionKeyInternal;
    }

    private byte[] getEncryptionKeyInternal() {
        return this.encryptionKeyBytes;
    }

    public String getEncryptionKeyString() {
        return this.encryptionKeyString;
    }

    public void setEncryptionKeyString(String str) {
        setEncryptionKey(str);
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setProviderName(String str) {
        this.providerName = str;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public String getProviderName() {
        return this.providerName;
    }

    private static int getDec(int i) {
        try {
            return DEC[i - 48];
        } catch (ArrayIndexOutOfBoundsException e) {
            return -1;
        }
    }

    private static byte[] fromHexString(String str) {
        if (str == null) {
            return null;
        }
        if ((str.length() & 1) == 1) {
            throw new IllegalArgumentException(sm.getString("hexUtils.fromHex.oddDigits"));
        }
        char[] charArray = str.toCharArray();
        byte[] bArr = new byte[str.length() >> 1];
        for (int i = 0; i < bArr.length; i++) {
            int dec = getDec(charArray[2 * i]);
            int dec2 = getDec(charArray[(2 * i) + 1]);
            if (dec < 0 || dec2 < 0) {
                throw new IllegalArgumentException(sm.getString("hexUtils.fromHex.nonHex"));
            }
            bArr[i] = (byte) ((dec << 4) + dec2);
        }
        return bArr;
    }

    private static BaseEncryptionManager createEncryptionManager(String str, byte[] bArr, String str2) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
        String str3;
        String str4;
        if (null == bArr) {
            throw new IllegalStateException(sm.getString("encryptInterceptor.key.required"));
        }
        int indexOf = str.indexOf(47);
        if (indexOf >= 0) {
            str3 = str.substring(0, indexOf);
            int indexOf2 = str.indexOf(47, indexOf + 1);
            str4 = indexOf2 >= 0 ? str.substring(indexOf + 1, indexOf2) : JCAConstants.CIPHER_MODE_CBC;
        } else {
            str3 = str;
            str4 = JCAConstants.CIPHER_MODE_CBC;
        }
        if (JCAConstants.CIPHER_MODE_GCM.equalsIgnoreCase(str4)) {
            return new GCMEncryptionManager(str, new SecretKeySpec(bArr, str3), str2);
        }
        if (JCAConstants.CIPHER_MODE_CBC.equalsIgnoreCase(str4) || "OFB".equalsIgnoreCase(str4) || "CFB".equalsIgnoreCase(str4)) {
            return new BaseEncryptionManager(str, new SecretKeySpec(bArr, str3), str2);
        }
        throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.unsupported-mode", str4));
    }
}
