package org.jgroups.protocols;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.drools.core.util.KeyStoreConstants;
import org.jboss.weld.bootstrap.spi.helpers.MetadataImpl;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.Header;
import org.jgroups.MergeView;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.MBean;
import org.jgroups.annotations.Property;
import org.jgroups.stack.Protocol;
import org.jgroups.util.AsciiString;
import org.jgroups.util.Buffer;
import org.jgroups.util.MessageBatch;
import org.jgroups.util.Util;

/* JADX WARN: Classes with same name are omitted:
  input_file:_bootstrap/kie-wb-common-ala-distribution-7.14.1-SNAPSHOT.war:WEB-INF/lib/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT.class
 */
@MBean(description = "Protocol which encrypts and decrypts cluster traffic")
@Deprecated
/* loaded from: input_file:m2repo/org/jgroups/jgroups/3.6.14.Final/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT.class */
public class ENCRYPT extends Protocol {
    private static final String DEFAULT_SYM_ALGO = "AES";
    Address local_addr;
    Address keyServerAddr;

    @Property(name = "key_store_name", description = "File on classpath that contains keystore repository")
    String keyStoreName;
    KeyPair Kpair;
    protected Cipher[] encoding_ciphers;
    protected Cipher[] decoding_ciphers;
    protected Lock[] encoding_locks;
    protected Lock[] decoding_locks;
    protected byte[] symVersion;
    protected SecretKey secretKey;
    private Cipher asymCipher;
    boolean keyServer = false;

    @Property(name = "asym_provider", description = "Cryptographic Service Provider. Default is Bouncy Castle Provider")
    String asymProvider = null;

    @Property(name = "sym_provider", description = "Cryptographic Service Provider. Default is Bouncy Castle Provider")
    String symProvider = null;

    @Property(name = "asym_algorithm", description = "Cipher engine transformation for asymmetric algorithm. Default is RSA")
    protected String asymAlgorithm = "RSA";

    @Property(name = "sym_algorithm", description = "Cipher engine transformation for symmetric algorithm. Default is AES")
    String symAlgorithm = "AES";

    @Property(name = "asym_init", description = "Initial public/private key length. Default is 512")
    int asymInit = 512;

    @Property(name = "sym_init", description = "Initial key length for matching symmetric algorithm. Default is 128")
    int symInit = 128;

    @Property(name = "change_keys", description = "Generate new symmetric keys on every view change. Default is false. Set this to true when using asymmetric encryption, to handle merging (JGRP-1907)")
    boolean changeKeysOnViewChange = false;
    private boolean suppliedKey = false;

    @Property(name = "store_password", description = "Password used to check the integrity/unlock the keystore. Change the default", exposeAsManagedAttribute = false)
    private String storePassword = "changeit";

    @Property(name = "key_password", description = "Password for recovering the key. Change the default", exposeAsManagedAttribute = false)
    private String keyPassword = null;

    @Property(name = "alias", description = "Alias used for recovering the key. Change the default", exposeAsManagedAttribute = false)
    private String alias = "mykey";

    @Property(description = "Number of ciphers in the pool to parallelize encrypt and decrypt requests", writable = false)
    protected int cipher_pool_size = 8;
    PublicKey serverPubKey = null;
    protected final AtomicInteger cipher_index = new AtomicInteger(0);
    final Map<AsciiString, Cipher> keyMap = new WeakHashMap();
    private boolean queue_up = true;
    private boolean queue_down = false;
    private BlockingQueue<Message> upMessageQueue = new LinkedBlockingQueue();
    private BlockingQueue<Message> downMessageQueue = new LinkedBlockingQueue();

    @Property
    private boolean encrypt_entire_message = false;

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/kie-wb-common-ala-distribution-7.14.1-SNAPSHOT.war:WEB-INF/lib/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT$Decrypter.class
     */
    /* loaded from: input_file:m2repo/org/jgroups/jgroups/3.6.14.Final/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT$Decrypter.class */
    protected class Decrypter implements MessageBatch.Visitor<Message> {
        protected Lock lock;
        protected Cipher cipher;

        protected Decrypter() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.jgroups.util.MessageBatch.Visitor
        public Message visit(Message message, MessageBatch messageBatch) {
            EncryptHeader encryptHeader;
            if (message == null) {
                return null;
            }
            if ((message.getLength() == 0 && !ENCRYPT.this.encrypt_entire_message) || (encryptHeader = (EncryptHeader) message.getHeader(ENCRYPT.this.id)) == null) {
                return null;
            }
            if (encryptHeader.getType() != 1) {
                messageBatch.remove(message);
                ENCRYPT.this.handleUpEvent(message, encryptHeader);
                return null;
            }
            if (ENCRYPT.this.queue_up) {
                queueUpMessage(message, messageBatch);
                return null;
            }
            if (!ENCRYPT.this.suppliedKey) {
                ENCRYPT.this.drainUpQueue();
            }
            if (this.lock == null) {
                int nextIndex = ENCRYPT.this.getNextIndex();
                this.lock = ENCRYPT.this.decoding_locks[nextIndex];
                this.cipher = ENCRYPT.this.decoding_ciphers[nextIndex];
                this.lock.lock();
            }
            try {
                Message decryptMessage = ENCRYPT.this.decryptMessage(this.cipher, message.copy());
                if (decryptMessage != null) {
                    messageBatch.replace(message, decryptMessage);
                }
                return null;
            } catch (Exception e) {
                ENCRYPT.this.log.error("failed decrypting message from %s (offset=%d, length=%d, buf.length=%d): %s, headers are %s", message.getSrc(), Integer.valueOf(message.getOffset()), Integer.valueOf(message.getLength()), Integer.valueOf(message.getRawBuffer().length), e, message.printHeaders());
                return null;
            }
        }

        protected void unlock() {
            if (this.lock != null) {
                this.lock.unlock();
                this.lock = null;
            }
        }

        protected void queueUpMessage(Message message, MessageBatch messageBatch) {
            ENCRYPT.this.log.trace("queueing up message as no session key established: " + message);
            try {
                ENCRYPT.this.upMessageQueue.put(message);
                messageBatch.remove(message);
            } catch (InterruptedException e) {
            }
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/kie-wb-common-ala-distribution-7.14.1-SNAPSHOT.war:WEB-INF/lib/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT$EncryptHeader.class
     */
    /* loaded from: input_file:m2repo/org/jgroups/jgroups/3.6.14.Final/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ENCRYPT$EncryptHeader.class */
    public static class EncryptHeader extends Header {
        public static final byte ENCRYPT = 1;
        public static final byte KEY_REQUEST = 2;
        public static final byte SECRETKEY = 4;
        public static final byte ENCRYPT_ENTIRE_MSG = 8;
        private byte type;
        protected byte[] version;

        public EncryptHeader() {
        }

        public EncryptHeader(byte b, byte[] bArr) {
            this.type = b;
            this.version = bArr;
            if (bArr == null) {
                throw new IllegalArgumentException("version must be defined");
            }
        }

        public byte getType() {
            return (byte) (this.type & (-9));
        }

        protected byte[] getVersion() {
            return this.version;
        }

        public boolean encryptEntireMessage() {
            return Util.isFlagSet(this.type, (byte) 8);
        }

        @Override // org.jgroups.util.Streamable
        public void writeTo(DataOutput dataOutput) throws Exception {
            dataOutput.writeByte(this.type);
            dataOutput.writeShort(this.version.length);
            dataOutput.write(this.version);
        }

        @Override // org.jgroups.util.Streamable
        public void readFrom(DataInput dataInput) throws Exception {
            this.type = dataInput.readByte();
            this.version = new byte[dataInput.readShort()];
            dataInput.readFully(this.version);
        }

        @Override // org.jgroups.Header
        public String toString() {
            return "[type=" + ((int) this.type) + " version=\"" + (this.version != null ? this.version.length + " bytes" : MetadataImpl.LOCATION_NOT_AVAILABLE) + "\"]";
        }

        @Override // org.jgroups.Header
        public int size() {
            return 3 + this.version.length;
        }
    }

    protected int getNextIndex() {
        return this.cipher_index.getAndIncrement() & (this.cipher_pool_size - 1);
    }

    public int getAsymInit() {
        return this.asymInit;
    }

    public SecretKey getDesKey() {
        return this.secretKey;
    }

    public KeyPair getKpair() {
        return this.Kpair;
    }

    public Cipher getAsymCipher() {
        return this.asymCipher;
    }

    public String getSymAlgorithm() {
        return this.symAlgorithm;
    }

    public int getSymInit() {
        return this.symInit;
    }

    public String getAsymAlgorithm() {
        return this.asymAlgorithm;
    }

    public byte[] getSymVersion() {
        return this.symVersion;
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }

    public Cipher getSymDecodingCipher() {
        return this.decoding_ciphers[getNextIndex()];
    }

    public Cipher getSymEncodingCipher() {
        return this.encoding_ciphers[getNextIndex()];
    }

    public Address getKeyServerAddr() {
        return this.keyServerAddr;
    }

    private void setSymVersion(byte[] bArr) {
        this.symVersion = Arrays.copyOf(bArr, bArr.length);
    }

    private void setSecretKey(SecretKey secretKey) {
        this.secretKey = secretKey;
    }

    protected void setLocalAddress(Address address) {
        this.local_addr = address;
    }

    protected void setKeyServerAddr(Address address) {
        this.keyServerAddr = address;
    }

    private static String getAlgorithm(String str) {
        int indexOf = str.indexOf("/");
        return indexOf == -1 ? str : str.substring(0, indexOf);
    }

    @Override // org.jgroups.stack.Protocol
    public void init() throws Exception {
        if (this.keyPassword == null && this.storePassword != null) {
            this.keyPassword = this.storePassword;
            this.log.debug("key_password used is same as store_password");
        }
        if (this.keyStoreName == null) {
            initSymKey();
            initKeyPair();
        } else {
            initConfiguredKey();
        }
        if (this.cipher_pool_size <= 0) {
            this.log.warn("cipher_pool_size of %d is invalid; setting it to 1", Integer.valueOf(this.cipher_pool_size));
            this.cipher_pool_size = 1;
        }
        int nextHigherPowerOfTwo = Util.getNextHigherPowerOfTwo(this.cipher_pool_size);
        if (nextHigherPowerOfTwo != this.cipher_pool_size) {
            this.log.warn("setting cipher_pool_size (%d) to %d (power of 2) for faster modulo operation", Integer.valueOf(this.cipher_pool_size), Integer.valueOf(nextHigherPowerOfTwo));
            this.cipher_pool_size = nextHigherPowerOfTwo;
        }
        this.encoding_ciphers = new Cipher[this.cipher_pool_size];
        this.encoding_locks = new Lock[this.cipher_pool_size];
        this.decoding_ciphers = new Cipher[this.cipher_pool_size];
        this.decoding_locks = new Lock[this.cipher_pool_size];
        initSymCiphers(this.symAlgorithm, getSecretKey());
    }

    private void initConfiguredKey() throws Exception {
        InputStream inputStream = null;
        KeyStore keyStore = KeyStore.getInstance(KeyStoreConstants.KEY_PASSWORD_TYPE);
        try {
            inputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keyStoreName);
            if (inputStream == null) {
                inputStream = new FileInputStream(this.keyStoreName);
            }
            if (inputStream == null) {
                throw new Exception("Unable to load keystore " + this.keyStoreName + " ensure file is on classpath");
            }
            try {
                keyStore.load(inputStream, this.storePassword.toCharArray());
                SecretKey secretKey = (SecretKey) keyStore.getKey(this.alias, this.keyPassword.toCharArray());
                if (secretKey == null) {
                    throw new Exception("Unable to retrieve key '" + this.alias + "' from keystore " + this.keyStoreName);
                }
                setSecretKey(secretKey);
                if (this.symAlgorithm.equals("AES")) {
                    this.symAlgorithm = secretKey.getAlgorithm();
                }
                this.suppliedKey = true;
                this.queue_up = false;
                this.queue_down = false;
                Util.close(inputStream);
            } catch (IOException e) {
                throw new Exception("Unable to load keystore " + this.keyStoreName + ": " + e);
            } catch (NoSuchAlgorithmException e2) {
                throw new Exception("No Such algorithm " + this.keyStoreName + ": " + e2);
            } catch (CertificateException e3) {
                throw new Exception("Certificate exception " + this.keyStoreName + ": " + e3);
            }
        } catch (Throwable th) {
            Util.close(inputStream);
            throw th;
        }
    }

    public void initSymKey() throws Exception {
        KeyGenerator keyGenerator = (this.symProvider == null || this.symProvider.trim().isEmpty()) ? KeyGenerator.getInstance(getAlgorithm(this.symAlgorithm)) : KeyGenerator.getInstance(getAlgorithm(this.symAlgorithm), this.symProvider);
        keyGenerator.init(this.symInit);
        this.secretKey = keyGenerator.generateKey();
        setSecretKey(this.secretKey);
        this.log.debug("symmetric key generated ");
    }

    private void initSymCiphers(String str, SecretKey secretKey) throws Exception {
        this.log.debug("initializing symmetric ciphers (pool size=%d)", Integer.valueOf(this.cipher_pool_size));
        for (int i = 0; i < this.cipher_pool_size; i++) {
            this.encoding_ciphers[i] = (this.symProvider == null || this.symProvider.trim().isEmpty()) ? Cipher.getInstance(str) : Cipher.getInstance(str, this.symProvider);
            this.encoding_ciphers[i].init(1, secretKey);
            this.decoding_ciphers[i] = (this.symProvider == null || this.symProvider.trim().isEmpty()) ? Cipher.getInstance(str) : Cipher.getInstance(str, this.symProvider);
            this.decoding_ciphers[i].init(2, secretKey);
            this.encoding_locks[i] = new ReentrantLock();
            this.decoding_locks[i] = new ReentrantLock();
        }
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.reset();
        messageDigest.update(secretKey.getEncoded());
        byte[] digest = messageDigest.digest();
        this.symVersion = Arrays.copyOf(digest, digest.length);
        this.log.debug("initialized symmetric ciphers with secret key (" + this.symVersion.length + " bytes)");
    }

    public void initKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = (this.asymProvider == null || this.asymProvider.trim().isEmpty()) ? KeyPairGenerator.getInstance(getAlgorithm(this.asymAlgorithm)) : KeyPairGenerator.getInstance(getAlgorithm(this.asymAlgorithm), this.asymProvider);
        keyPairGenerator.initialize(this.asymInit, new SecureRandom());
        this.Kpair = keyPairGenerator.generateKeyPair();
        if (this.asymProvider == null || this.asymProvider.trim().isEmpty()) {
            this.asymCipher = Cipher.getInstance(this.asymAlgorithm);
        } else {
            this.asymCipher = Cipher.getInstance(this.asymAlgorithm, this.asymProvider);
        }
        this.asymCipher.init(2, this.Kpair.getPrivate());
        this.log.debug("asym algo initialized");
    }

    @Override // org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        switch (event.getType()) {
            case 1:
                try {
                    return handleUpMessage(event);
                } catch (Exception e) {
                    this.log.warn("exception occurred decrypting message", e);
                    return null;
                }
            case 6:
                View view = (View) event.getArg();
                this.log.debug("new view: " + view);
                if (!this.suppliedKey) {
                    handleViewChange(view, false);
                    break;
                }
                break;
            case 15:
                View view2 = (View) event.getArg();
                if (!this.suppliedKey) {
                    handleViewChange(view2, true);
                    break;
                }
                break;
        }
        return this.up_prot.up(event);
    }

    @Override // org.jgroups.stack.Protocol
    public void up(MessageBatch messageBatch) {
        Decrypter decrypter = new Decrypter();
        messageBatch.map(decrypter);
        decrypter.unlock();
        if (messageBatch.isEmpty()) {
            return;
        }
        this.up_prot.up(messageBatch);
    }

    private synchronized void handleViewChange(View view, boolean z) {
        if (z) {
            initializeNewSymmetricKey(view instanceof MergeView);
        }
        List<Address> members = view.getMembers();
        if (members == null || members.isEmpty() || members.get(0) == null) {
            becomeKeyServer(this.local_addr, false);
            return;
        }
        Address address = view.getMembers().get(0);
        if (z || address.equals(this.local_addr)) {
            becomeKeyServer(address, z);
        } else {
            handleNewKeyServer(address, view instanceof MergeView);
        }
    }

    private void initializeNewSymmetricKey(boolean z) {
        try {
            if (this.changeKeysOnViewChange || !this.keyServer || z) {
                this.log.debug("initalizing new ciphers");
                initSymKey();
                initSymCiphers(getSymAlgorithm(), getSecretKey());
            }
        } catch (Exception e) {
            this.log.error(Util.getMessage("CouldNotInitializeNewCiphers"), e);
            if (!(e instanceof RuntimeException)) {
                throw new IllegalStateException(e);
            }
            throw ((RuntimeException) e);
        }
    }

    private void becomeKeyServer(Address address, boolean z) {
        this.keyServerAddr = address;
        this.keyServer = true;
        if (this.log.isDebugEnabled() && !z) {
            this.log.debug("%s: I have become the new key server", this.local_addr);
        }
        this.queue_down = false;
        this.queue_up = false;
    }

    private void handleNewKeyServer(Address address, boolean z) {
        if (this.changeKeysOnViewChange || keyServerChanged(address) || z) {
            this.queue_up = true;
            this.queue_down = true;
            this.keyServerAddr = address;
            this.keyServer = false;
            this.log.debug("%s: %s has become the new key server, sending key request to it", this.local_addr, this.keyServerAddr);
            sendKeyRequest();
        }
    }

    private boolean keyServerChanged(Address address) {
        return this.keyServerAddr == null || !this.keyServerAddr.equals(address);
    }

    private Object handleUpMessage(Event event) throws Exception {
        EncryptHeader encryptHeader;
        Message message = (Message) event.getArg();
        if (message == null || ((message.getLength() == 0 && !this.encrypt_entire_message) || (encryptHeader = (EncryptHeader) message.getHeader(this.id)) == null)) {
            return this.up_prot.up(event);
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("header received %s", encryptHeader);
        }
        switch (encryptHeader.getType()) {
            case 1:
                return handleEncryptedMessage(message, event, encryptHeader);
            default:
                handleUpEvent(message, encryptHeader);
                return null;
        }
    }

    protected Object handleEncryptedMessage(Message message, Event event, EncryptHeader encryptHeader) throws Exception {
        if (this.queue_up) {
            this.log.trace("queueing up message as no session key established: %s", message);
            this.upMessageQueue.put(message);
            return null;
        }
        if (!this.suppliedKey) {
            drainUpQueue();
        }
        Message decryptMessage = decryptMessage(null, message.copy());
        if (decryptMessage != null) {
            return this.up_prot.up(new Event(1, decryptMessage));
        }
        this.log.warn("unrecognised cipher; discarding message");
        return null;
    }

    protected void handleUpEvent(Message message, EncryptHeader encryptHeader) {
        if (this.suppliedKey) {
            this.log.warn("we received an encrypt header of %s while in configured mode", Byte.valueOf(encryptHeader.getType()));
            return;
        }
        switch (encryptHeader.getType()) {
            case 2:
                this.log.debug("received a key request from peer %s", message.getSrc());
                try {
                    sendSecretKey(getSecretKey(), generatePubKey(message.getBuffer()), message.getSrc());
                    return;
                } catch (Exception e) {
                    this.log.warn("unable to reconstitute peer's public key");
                    return;
                }
            case 4:
                this.log.debug("received a secretkey response from keyserver %s", message.getSrc());
                try {
                    SecretKeySpec decodeKey = decodeKey(message.getBuffer());
                    if (decodeKey == null) {
                        sendKeyRequest();
                    } else {
                        setKeys(decodeKey, encryptHeader.getVersion());
                        this.log.debug("decoded secretkey response");
                    }
                    return;
                } catch (Exception e2) {
                    this.log.warn("unable to process received public key", e2);
                    return;
                }
            default:
                this.log.warn("received ignored encrypt header of %s", Byte.valueOf(encryptHeader.getType()));
                return;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void drainUpQueue() {
        Message poll;
        int size;
        if (this.log.isTraceEnabled() && (size = this.upMessageQueue.size()) > 0) {
            this.log.trace("draining %d messages from the up queue", Integer.valueOf(size));
        }
        while (true) {
            try {
                poll = this.upMessageQueue.poll(0L, TimeUnit.MILLISECONDS);
            } catch (Throwable th) {
                this.log.error(Util.getMessage("FailedDecryptingAndSendingMessageUpWhenDrainingQueue"), th);
            }
            if (poll == null) {
                return;
            }
            Message decryptMessage = decryptMessage(null, poll.copy());
            if (decryptMessage != null) {
                this.up_prot.up(new Event(1, decryptMessage));
            }
        }
    }

    private void drainDownQueue() {
        Message poll;
        int size;
        if (this.log.isTraceEnabled() && (size = this.downMessageQueue.size()) > 0) {
            this.log.trace("draining %d messages from the down queue", Integer.valueOf(size));
        }
        while (true) {
            try {
                poll = this.downMessageQueue.poll(0L, TimeUnit.MILLISECONDS);
            } catch (Throwable th) {
                this.log.error(Util.getMessage("FailedSendingMessageDownWhenDrainingQueue"), th);
            }
            if (poll == null) {
                return;
            } else {
                encryptAndSend(poll);
            }
        }
    }

    private void setKeys(SecretKey secretKey, byte[] bArr) throws Exception {
        this.keyMap.put(new AsciiString(getSymVersion()), getSymDecodingCipher());
        setSecretKey(secretKey);
        initSymCiphers(secretKey.getAlgorithm(), secretKey);
        setSymVersion(bArr);
        this.log.debug("setting queue up to false in setKeys");
        this.queue_up = false;
        drainUpQueue();
        this.queue_down = false;
        drainDownQueue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Message decryptMessage(Cipher cipher, Message message) throws Exception {
        Message _decrypt;
        EncryptHeader encryptHeader = (EncryptHeader) message.getHeader(this.id);
        if (Arrays.equals(encryptHeader.getVersion(), getSymVersion())) {
            return _decrypt(cipher, message, encryptHeader.encryptEntireMessage());
        }
        this.log.warn("attempting to use stored cipher as message does not use current encryption version ");
        Cipher cipher2 = this.keyMap.get(new AsciiString(encryptHeader.getVersion()));
        if (cipher2 == null) {
            this.log.warn("unable to find a matching cipher in previous key map");
            return null;
        }
        this.log.trace("decrypting using previous cipher version");
        synchronized (cipher2) {
            _decrypt = _decrypt(cipher2, message, encryptHeader.encryptEntireMessage());
        }
        return _decrypt;
    }

    private Message _decrypt(Cipher cipher, Message message, boolean z) throws Exception {
        byte[] code = cipher == null ? code(message.getRawBuffer(), message.getOffset(), message.getLength(), true) : cipher.doFinal(message.getRawBuffer(), message.getOffset(), message.getLength());
        if (!z) {
            message.setBuffer(code);
            return message;
        }
        Message message2 = (Message) Util.streamableFromBuffer(Message.class, code, 0, code.length);
        if (message2.getDest() == null) {
            message2.setDest(message.getDest());
        }
        if (message2.getSrc() == null) {
            message2.setSrc(message.getSrc());
        }
        return message2;
    }

    private void sendSecretKey(SecretKey secretKey, PublicKey publicKey, Address address) throws Exception {
        Cipher cipher = (this.asymProvider == null || this.asymProvider.trim().isEmpty()) ? Cipher.getInstance(this.asymAlgorithm) : Cipher.getInstance(this.asymAlgorithm, this.asymProvider);
        cipher.init(1, publicKey);
        Message putHeader = new Message(address, this.local_addr, cipher.doFinal(secretKey.getEncoded())).putHeader(this.id, new EncryptHeader((byte) 4, getSymVersion()));
        this.log.debug("sending version %s encoded key to client", new String(getSymVersion()));
        this.down_prot.down(new Event(1, putHeader));
    }

    private void sendKeyRequest() {
        this.down_prot.down(new Event(1, new Message(this.keyServerAddr, this.local_addr, this.Kpair.getPublic().getEncoded()).putHeader(this.id, new EncryptHeader((byte) 2, getSymVersion()))));
    }

    @Override // org.jgroups.stack.Protocol
    public Object down(Event event) {
        switch (event.getType()) {
            case 1:
                Message message = (Message) event.getArg();
                if (message.getLength() != 0 || this.encrypt_entire_message) {
                    try {
                        if (this.queue_down) {
                            this.log.trace("queueing down message as no session key established: %s", message);
                            this.downMessageQueue.put(message);
                        } else {
                            if (!this.suppliedKey) {
                                drainDownQueue();
                            }
                            encryptAndSend(message);
                        }
                        return null;
                    } catch (Exception e) {
                        this.log.warn("unable to send message down", e);
                        return null;
                    }
                }
                break;
            case 6:
                View view = (View) event.getArg();
                this.log.debug("new view: " + view);
                if (!this.suppliedKey) {
                    handleViewChange(view, false);
                    break;
                }
                break;
            case 8:
                this.local_addr = (Address) event.getArg();
                this.log.debug("set local address to %s", this.local_addr);
                break;
            case 15:
                View view2 = (View) event.getArg();
                if (!this.suppliedKey) {
                    handleViewChange(view2, true);
                    break;
                }
                break;
        }
        return this.down_prot.down(event);
    }

    private void encryptAndSend(Message message) throws Exception {
        EncryptHeader encryptHeader = new EncryptHeader((byte) 1, getSymVersion());
        if (this.encrypt_entire_message) {
            encryptHeader.type = (byte) (encryptHeader.type | 8);
        }
        if (!this.encrypt_entire_message) {
            this.down_prot.down(new Event(1, message.copy(false).putHeader(this.id, encryptHeader).setBuffer(code(message.getRawBuffer(), message.getOffset(), message.getLength(), false))));
            return;
        }
        if (message.getSrc() == null) {
            message.setSrc(this.local_addr);
        }
        Buffer streamableToBuffer = Util.streamableToBuffer(message);
        this.down_prot.down(new Event(1, message.copy(false, false).setBuffer(code(streamableToBuffer.getBuf(), streamableToBuffer.getOffset(), streamableToBuffer.getLength(), false)).putHeader(this.id, encryptHeader)));
    }

    private byte[] code(byte[] bArr, int i, int i2, boolean z) throws Exception {
        int nextIndex = getNextIndex();
        Lock lock = z ? this.decoding_locks[nextIndex] : this.encoding_locks[nextIndex];
        Cipher cipher = z ? this.decoding_ciphers[nextIndex] : this.encoding_ciphers[nextIndex];
        lock.lock();
        try {
            byte[] doFinal = cipher.doFinal(bArr, i, i2);
            lock.unlock();
            return doFinal;
        } catch (Throwable th) {
            lock.unlock();
            throw th;
        }
    }

    private SecretKeySpec decodeKey(byte[] bArr) throws Exception {
        byte[] doFinal;
        synchronized (this) {
            doFinal = this.asymCipher.doFinal(bArr);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, getAlgorithm(this.symAlgorithm));
            ((this.symProvider == null || this.symProvider.trim().isEmpty()) ? Cipher.getInstance(this.symAlgorithm) : Cipher.getInstance(this.symAlgorithm, this.symProvider)).init(3, secretKeySpec);
            return secretKeySpec;
        } catch (Exception e) {
            this.log.error(Util.getMessage("FailedDecodingKey"), e);
            return null;
        }
    }

    private PublicKey generatePubKey(byte[] bArr) {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(getAlgorithm(this.asymAlgorithm)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return publicKey;
    }
}
