package gurux.dlms.secure;

import gurux.dlms.GXByteBuffer;
import gurux.dlms.GXDLMSClient;
import gurux.dlms.asn.GXAsn1Converter;
import gurux.dlms.enums.Authentication;
import gurux.dlms.enums.InterfaceType;
import gurux.dlms.objects.GXDLMSSecuritySetup;
import gurux.dlms.objects.enums.CertificateEntity;
import gurux.dlms.objects.enums.CertificateType;
import gurux.dlms.objects.enums.SecuritySuite;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyAgreement;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:gurux/dlms/secure/GXDLMSSecureClient.class */
public class GXDLMSSecureClient extends GXDLMSClient {
    private GXCiphering ciphering;

    public GXDLMSSecureClient() {
        this(false);
    }

    public GXDLMSSecureClient(boolean z) {
        this(z, 16, 1, Authentication.NONE, null, InterfaceType.HDLC);
    }

    public GXDLMSSecureClient(boolean z, int i, int i2, Authentication authentication, String str, InterfaceType interfaceType) {
        super(z, i, i2, authentication, str, interfaceType);
        this.ciphering = new GXCiphering("ABCDEFGH".getBytes());
        setCipher(this.ciphering);
    }

    public final GXCiphering getCiphering() {
        return this.ciphering;
    }

    public static Cipher getCipher(boolean z, byte[] bArr) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        GXByteBuffer gXByteBuffer = new GXByteBuffer();
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(z ? 1 : 2, secretKeySpec, new GCMParameterSpec(96, gXByteBuffer.array()));
        return cipher;
    }

    public static byte[] encrypt(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return GXSecure.encryptAesKeyWrapping(bArr2, bArr);
    }

    public static byte[] decrypt(byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new NullPointerException("Key Encrypting Key");
        }
        if (bArr.length < 16) {
            throw new IllegalArgumentException("Key Encrypting Key");
        }
        if (bArr.length % 8 != 0) {
            throw new IllegalArgumentException("Key Encrypting Key");
        }
        if (bArr2 == null) {
            throw new NullPointerException("data");
        }
        if (bArr2.length < 16) {
            throw new IllegalArgumentException("data");
        }
        if (bArr2.length % 8 != 0) {
            throw new IllegalArgumentException("data");
        }
        try {
            return GXSecure.decryptAesKeyWrapping(bArr2, bArr);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public SecuritySuite getSecuritySuite() {
        return this.ciphering.getSecuritySuite();
    }

    public void setSecuritySuite(SecuritySuite securitySuite) {
        this.ciphering.setSecuritySuite(securitySuite);
    }

    public byte[] getServerSystemTitle() {
        return getSettings().getSourceSystemTitle();
    }

    public void setServerSystemTitle(byte[] bArr) {
        getSettings().setSourceSystemTitle(bArr);
    }

    public final byte[][] getServerCertificate(GXDLMSSecuritySetup gXDLMSSecuritySetup, CertificateType certificateType) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        return gXDLMSSecuritySetup.exportCertificateByEntity(this, CertificateEntity.SERVER, certificateType, getSettings().getSourceSystemTitle());
    }

    public final void parseServerCertificate(byte[] bArr, PublicKey publicKey) {
        GXByteBuffer gXByteBuffer = new GXByteBuffer(65);
        gXByteBuffer.setUInt8(0);
        gXByteBuffer.set(bArr, 0, 64);
        GXByteBuffer gXByteBuffer2 = new GXByteBuffer();
        gXByteBuffer2.set(bArr, 64, 64);
        getSettings().setTargetEphemeralKey(publicKey);
        try {
            if (GXSecure.validateEphemeralPublicKeySignature(gXByteBuffer.array(), gXByteBuffer2.array(), publicKey)) {
            } else {
                throw new IllegalArgumentException("Key agreement failed.");
            }
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    public final void getSharedSecret(byte[] bArr, PublicKey publicKey) {
        GXByteBuffer gXByteBuffer = new GXByteBuffer(65);
        gXByteBuffer.setUInt8(0);
        gXByteBuffer.set(bArr, 0, 64);
        GXByteBuffer gXByteBuffer2 = new GXByteBuffer();
        gXByteBuffer2.set(bArr, 64, 64);
        getSettings().setTargetEphemeralKey(null);
        try {
            if (!GXSecure.validateEphemeralPublicKeySignature(gXByteBuffer.array(), gXByteBuffer2.array(), publicKey)) {
                throw new IllegalArgumentException("Key agreement failed.");
            }
            PublicKey publicKey2 = GXAsn1Converter.getPublicKey(gXByteBuffer.subArray(1, 64));
            try {
                KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
                keyAgreement.init(getCiphering().getEphemeralKeyPair().getPrivate());
                keyAgreement.doPhase(publicKey2, true);
                getSettings().getCipher().setSharedSecret(keyAgreement.generateSecret());
                getSettings().setTargetEphemeralKey(publicKey2);
            } catch (Exception e) {
                throw new RuntimeException(e.getMessage());
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }
}
