package org.jgroups.protocols;

import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.zip.Adler32;
import java.util.zip.CRC32;
import java.util.zip.Checksum;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.ManagedAttribute;
import org.jgroups.annotations.Property;
import org.jgroups.logging.Log;
import org.jgroups.stack.Protocol;
import org.jgroups.util.AsciiString;
import org.jgroups.util.Bits;
import org.jgroups.util.Buffer;
import org.jgroups.util.MessageBatch;
import org.jgroups.util.Util;

/* loaded from: input_file:WEB-INF/lib/jgroups-3.6.10.Final.jar:org/jgroups/protocols/EncryptBase.class */
public abstract class EncryptBase extends Protocol {
    protected static final String DEFAULT_SYM_ALGO = "AES";

    @Property(description = "Cryptographic Service Provider")
    protected String provider;

    @Property(description = "When sign_msgs is true, by default CRC32 is used to create the checksum. If use_adler is true, Adler32 will be used")
    protected boolean use_adler;
    protected volatile Address local_addr;
    protected volatile View view;
    protected BlockingQueue<Cipher> encoding_ciphers;
    protected BlockingQueue<Cipher> decoding_ciphers;
    protected volatile byte[] sym_version;
    protected volatile SecretKey secret_key;

    @Property(description = "Cipher engine transformation for asymmetric algorithm. Default is RSA")
    protected String asym_algorithm = "RSA";

    @Property(description = "Cipher engine transformation for symmetric algorithm. Default is AES")
    protected String sym_algorithm = "AES";

    @Property(description = "Initial public/private key length. Default is 512")
    protected int asym_keylength = 512;

    @Property(description = "Initial key length for matching symmetric algorithm. Default is 128")
    protected int sym_keylength = 128;

    @Property(description = "Number of ciphers in the pool to parallelize encrypt and decrypt requests", writable = false)
    protected int cipher_pool_size = 8;

    @Property(description = "If true, the entire message (including payload and headers) is encrypted, else only the payload")
    protected boolean encrypt_entire_message = true;

    @Property(description = "If true, all messages are digitally signed by adding an encrypted checksum of the encrypted message to the header. Ignored if encrypt_entire_message is false")
    protected boolean sign_msgs = true;
    protected final Map<AsciiString, Cipher> key_map = new WeakHashMap();

    /* loaded from: input_file:WEB-INF/lib/jgroups-3.6.10.Final.jar:org/jgroups/protocols/EncryptBase$Decrypter.class */
    protected class Decrypter implements MessageBatch.Visitor<Message> {
        protected final Cipher cipher;

        public Decrypter(Cipher cipher) {
            this.cipher = cipher;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jgroups.util.MessageBatch.Visitor
        public Message visit(Message message, MessageBatch messageBatch) {
            EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(EncryptBase.this.id);
            if (encryptHeader == null) {
                EncryptBase.this.log.error("%s: received message without encrypt header from %s; dropping it", EncryptBase.this.local_addr, messageBatch.sender());
                messageBatch.remove(message);
                return null;
            }
            if (encryptHeader.type() != 1) {
                messageBatch.remove(message);
                EncryptBase.this.handleUpEvent(message, encryptHeader);
                return null;
            }
            try {
                if (!EncryptBase.this.process(message)) {
                    messageBatch.remove(message);
                    return null;
                }
                Message decryptMessage = EncryptBase.this.decryptMessage(this.cipher, message.copy());
                if (decryptMessage != null) {
                    messageBatch.replace(message, decryptMessage);
                } else {
                    messageBatch.remove(message);
                }
                return null;
            } catch (Exception e) {
                EncryptBase.this.log.error("%s: failed decrypting message from %s (offset=%d, length=%d, buf.length=%d): %s, headers are %s", EncryptBase.this.local_addr, message.getSrc(), Integer.valueOf(message.getOffset()), Integer.valueOf(message.getLength()), Integer.valueOf(message.getRawBuffer().length), e, message.printHeaders());
                messageBatch.remove(message);
                return null;
            }
        }
    }

    public int asymKeylength() {
        return this.asym_keylength;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T asymKeylength(int i) {
        this.asym_keylength = i;
        return this;
    }

    public int symKeylength() {
        return this.sym_keylength;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T symKeylength(int i) {
        this.sym_keylength = i;
        return this;
    }

    public SecretKey secretKey() {
        return this.secret_key;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T secretKey(SecretKey secretKey) {
        this.secret_key = secretKey;
        return this;
    }

    public String symAlgorithm() {
        return this.sym_algorithm;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T symAlgorithm(String str) {
        this.sym_algorithm = str;
        return this;
    }

    public String asymAlgorithm() {
        return this.asym_algorithm;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T asymAlgorithm(String str) {
        this.asym_algorithm = str;
        return this;
    }

    public byte[] symVersion() {
        return this.sym_version;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T symVersion(byte[] bArr) {
        this.sym_version = Arrays.copyOf(bArr, bArr.length);
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T localAddress(Address address) {
        this.local_addr = address;
        return this;
    }

    public boolean encryptEntireMessage() {
        return this.encrypt_entire_message;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T encryptEntireMessage(boolean z) {
        this.encrypt_entire_message = z;
        return this;
    }

    public boolean signMessages() {
        return this.sign_msgs;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T signMessages(boolean z) {
        this.sign_msgs = z;
        return this;
    }

    public boolean adler() {
        return this.use_adler;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public <T extends EncryptBase> T adler(boolean z) {
        this.use_adler = z;
        return this;
    }

    @ManagedAttribute
    public String version() {
        return Util.byteArrayToHexString(this.sym_version);
    }

    @Override // org.jgroups.stack.Protocol
    public void init() throws Exception {
        int nextHigherPowerOfTwo = Util.getNextHigherPowerOfTwo(this.cipher_pool_size);
        if (nextHigherPowerOfTwo != this.cipher_pool_size) {
            this.log.warn("%s: setting cipher_pool_size (%d) to %d (power of 2) for faster modulo operation", this.local_addr, Integer.valueOf(this.cipher_pool_size), Integer.valueOf(nextHigherPowerOfTwo));
            this.cipher_pool_size = nextHigherPowerOfTwo;
        }
        this.encoding_ciphers = new ArrayBlockingQueue(this.cipher_pool_size);
        this.decoding_ciphers = new ArrayBlockingQueue(this.cipher_pool_size);
        initSymCiphers(this.sym_algorithm, this.secret_key);
    }

    @Override // org.jgroups.stack.Protocol
    public Object down(Event event) {
        switch (event.getType()) {
            case 1:
                Message message = (Message) event.arg();
                try {
                    if (this.secret_key != null) {
                        encryptAndSend(message);
                        return null;
                    }
                    Log log = this.log;
                    Object[] objArr = new Object[4];
                    objArr[0] = this.local_addr;
                    objArr[1] = message.dest() == null ? "mcast" : "unicast";
                    objArr[2] = message.dest();
                    objArr[3] = message.printHeaders();
                    log.trace("%s: discarded %s message to %s as secret key is null, hdrs: %s", objArr);
                    return null;
                } catch (Exception e) {
                    this.log.warn("%s: unable to send message down", this.local_addr, e);
                    return null;
                }
            case 6:
                handleView((View) event.getArg());
                break;
            case 8:
                this.local_addr = (Address) event.arg();
                break;
        }
        return this.down_prot.down(event);
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        switch (event.getType()) {
            case 1:
                try {
                    return handleUpMessage((Message) event.arg());
                } catch (Exception e) {
                    this.log.warn("%s: exception occurred decrypting message", this.local_addr, e);
                    return null;
                }
            case 6:
                handleView((View) event.getArg());
                break;
        }
        return this.up_prot.up(event);
    }

    @Override // org.jgroups.stack.Protocol
    public void up(MessageBatch messageBatch) {
        try {
            try {
                if (this.secret_key != null) {
                    Cipher take = this.decoding_ciphers.take();
                    messageBatch.map(new Decrypter(take));
                    if (take != null) {
                        this.decoding_ciphers.offer(take);
                    }
                    if (messageBatch.isEmpty()) {
                        return;
                    }
                    this.up_prot.up(messageBatch);
                    return;
                }
                Log log = this.log;
                Object[] objArr = new Object[3];
                objArr[0] = this.local_addr;
                objArr[1] = messageBatch.dest() == null ? "mcast" : "unicast";
                objArr[2] = messageBatch.sender();
                log.trace("%s: discarded %s batch from %s as secret key is null", objArr);
                if (0 != 0) {
                    this.decoding_ciphers.offer(null);
                }
            } catch (InterruptedException e) {
                this.log.error("%s: failed processing batch; discarding batch", this.local_addr, e);
                if (0 != 0) {
                    this.decoding_ciphers.offer(null);
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                this.decoding_ciphers.offer(null);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void initSymCiphers(String str, SecretKey secretKey) throws Exception {
        if (secretKey == null) {
            return;
        }
        this.encoding_ciphers.clear();
        this.decoding_ciphers.clear();
        for (int i = 0; i < this.cipher_pool_size; i++) {
            this.encoding_ciphers.add(createCipher(1, secretKey, str));
            this.decoding_ciphers.add(createCipher(2, secretKey, str));
        }
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.reset();
        messageDigest.update(secretKey.getEncoded());
        byte[] digest = messageDigest.digest();
        this.sym_version = Arrays.copyOf(digest, digest.length);
        this.log.debug("%s: created %d symmetric ciphers with secret key (%d bytes)", this.local_addr, Integer.valueOf(this.cipher_pool_size), Integer.valueOf(this.sym_version.length));
    }

    protected Cipher createCipher(int i, SecretKey secretKey, String str) throws Exception {
        Cipher cipher = (this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(str) : Cipher.getInstance(str, this.provider);
        cipher.init(i, secretKey);
        return cipher;
    }

    protected Object handleUpMessage(Message message) throws Exception {
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        if (encryptHeader == null) {
            this.log.error("%s: received message without encrypt header from %s; dropping it", this.local_addr, message.src());
            return null;
        }
        switch (encryptHeader.type()) {
            case 1:
                return handleEncryptedMessage(message);
            default:
                return handleUpEvent(message, encryptHeader);
        }
    }

    protected Object handleEncryptedMessage(Message message) throws Exception {
        if (!process(message)) {
            return null;
        }
        Message decryptMessage = decryptMessage(null, message.copy());
        if (decryptMessage != null) {
            return this.up_prot.up(new Event(1, decryptMessage));
        }
        this.log.warn("%s: unrecognized cipher; discarding message from %s", this.local_addr, message.src());
        return null;
    }

    protected Object handleUpEvent(Message message, EncryptHeader encryptHeader) {
        return null;
    }

    protected boolean process(Message message) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleView(View view) {
        this.view = view;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean inView(Address address, String str) {
        View view = this.view;
        if (view == null || view.containsMember(address)) {
            return true;
        }
        this.log.error(str, address, view);
        return false;
    }

    protected Checksum createChecksummer() {
        return this.use_adler ? new Adler32() : new CRC32();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Message decryptMessage(Cipher cipher, Message message) throws Exception {
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        if (Arrays.equals(encryptHeader.version(), this.sym_version)) {
            return _decrypt(cipher, message, encryptHeader);
        }
        Cipher cipher2 = this.key_map.get(new AsciiString(encryptHeader.version()));
        if (cipher2 == null) {
            handleUnknownVersion();
            return null;
        }
        this.log.trace("%s: decrypting msg from %s using previous cipher version", this.local_addr, message.src());
        return _decrypt(cipher2, message, encryptHeader);
    }

    protected Message _decrypt(Cipher cipher, Message message, EncryptHeader encryptHeader) throws Exception {
        if (!this.encrypt_entire_message && message.getLength() == 0) {
            return message;
        }
        if (this.encrypt_entire_message && this.sign_msgs) {
            byte[] signature = encryptHeader.signature();
            if (signature == null) {
                this.log.error("%s: dropped message from %s as the header did not have a checksum", this.local_addr, message.src());
                return null;
            }
            long decryptChecksum = decryptChecksum(cipher, signature, 0, signature.length);
            long computeChecksum = computeChecksum(message.getRawBuffer(), message.getOffset(), message.getLength());
            if (computeChecksum != decryptChecksum) {
                this.log.error("%s: dropped message from %s as the message's checksum (%d) did not match the computed checksum (%d)", this.local_addr, message.src(), Long.valueOf(decryptChecksum), Long.valueOf(computeChecksum));
                return null;
            }
        }
        byte[] code = cipher == null ? code(message.getRawBuffer(), message.getOffset(), message.getLength(), true) : cipher.doFinal(message.getRawBuffer(), message.getOffset(), message.getLength());
        if (!this.encrypt_entire_message) {
            message.setBuffer(code);
            return message;
        }
        Message message2 = (Message) Util.streamableFromBuffer(Message.class, code, 0, code.length);
        if (message2.getDest() == null) {
            message2.setDest(message.getDest());
        }
        if (message2.getSrc() == null) {
            message2.setSrc(message.getSrc());
        }
        return message2;
    }

    protected void encryptAndSend(Message message) throws Exception {
        EncryptHeader encryptHeader = new EncryptHeader((byte) 1, symVersion());
        if (!this.encrypt_entire_message) {
            Message putHeader = message.copy(false).putHeader(this.id, encryptHeader);
            if (message.getLength() > 0) {
                putHeader.setBuffer(code(message.getRawBuffer(), message.getOffset(), message.getLength(), false));
            }
            this.down_prot.down(new Event(1, putHeader));
            return;
        }
        if (message.getSrc() == null) {
            message.setSrc(this.local_addr);
        }
        Buffer streamableToBuffer = Util.streamableToBuffer(message);
        byte[] code = code(streamableToBuffer.getBuf(), streamableToBuffer.getOffset(), streamableToBuffer.getLength(), false);
        if (this.sign_msgs) {
            encryptHeader.signature(encryptChecksum(computeChecksum(code, 0, code.length)));
        }
        this.down_prot.down(new Event(1, message.copy(false, false).setBuffer(code).putHeader(this.id, encryptHeader)));
    }

    protected byte[] code(byte[] bArr, int i, int i2, boolean z) throws Exception {
        BlockingQueue<Cipher> blockingQueue = z ? this.decoding_ciphers : this.encoding_ciphers;
        Cipher take = blockingQueue.take();
        try {
            byte[] doFinal = take.doFinal(bArr, i, i2);
            blockingQueue.offer(take);
            return doFinal;
        } catch (Throwable th) {
            blockingQueue.offer(take);
            throw th;
        }
    }

    protected long computeChecksum(byte[] bArr, int i, int i2) {
        Checksum createChecksummer = createChecksummer();
        createChecksummer.update(bArr, i, i2);
        return createChecksummer.getValue();
    }

    protected byte[] encryptChecksum(long j) throws Exception {
        byte[] bArr = new byte[8];
        Bits.writeLong(j, bArr, 0);
        return code(bArr, 0, bArr.length, false);
    }

    protected long decryptChecksum(Cipher cipher, byte[] bArr, int i, int i2) throws Exception {
        return Bits.readLong(cipher == null ? code(bArr, i, i2, true) : cipher.doFinal(bArr, i, i2), 0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getAlgorithm(String str) {
        int indexOf = str.indexOf(47);
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    protected void handleUnknownVersion() {
    }
}
