package org.jgroups.protocols;

import io.netty.handler.codec.rtsp.RtspHeaders;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ArrayBlockingQueue;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.log4j.spi.Configurator;
import org.jgroups.Address;
import org.jgroups.Event;
import org.jgroups.MergeView;
import org.jgroups.Message;
import org.jgroups.View;
import org.jgroups.annotations.MBean;
import org.jgroups.annotations.ManagedAttribute;
import org.jgroups.annotations.ManagedOperation;
import org.jgroups.annotations.Property;
import org.jgroups.conf.ClassConfigurator;
import org.jgroups.logging.Log;
import org.jgroups.protocols.pbcast.GMS;
import org.jgroups.protocols.pbcast.JoinRsp;
import org.jgroups.util.AsciiString;
import org.jgroups.util.Digest;
import org.jgroups.util.MessageBatch;
import org.jgroups.util.ResponseCollectorTask;
import org.jgroups.util.Tuple;
import org.jgroups.util.Util;

/* JADX WARN: Classes with same name are omitted:
  input_file:_bootstrap/kie-wb-common-ala-distribution-7.14.1-SNAPSHOT.war:WEB-INF/lib/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ASYM_ENCRYPT.class
 */
@MBean(description = "Asymmetric encryption protocol. The secret key for encryption and decryption of messages is fetched from a key server (the coordinator) via asymmetric encryption")
/* loaded from: input_file:m2repo/org/jgroups/jgroups/3.6.14.Final/jgroups-3.6.14.Final.jar:org/jgroups/protocols/ASYM_ENCRYPT.class */
public class ASYM_ENCRYPT extends EncryptBase {
    protected static final short GMS_ID = ClassConfigurator.getProtocolId(GMS.class);

    @Property(description = "If true, a separate KeyExchange protocol (somewhere below in ths stack) is used to fetch the shared secret key. If false, the default (built-in) key exchange protocol will be used.")
    protected boolean use_external_key_exchange;
    protected volatile Address key_server_addr;
    protected KeyPair key_pair;
    protected Cipher asym_cipher;
    protected volatile long last_key_request;
    protected ResponseCollectorTask<Boolean> key_requesters;

    @Property(description = "When a member leaves, change the secret key, preventing old members from eavesdropping")
    protected boolean change_key_on_leave = true;

    @Property(description = "Interval (in ms) to send out announcements when the key server changed. Members will then start the key exchange protocol. When all members have acked, the task is cancelled.")
    protected long key_server_interval = 1000;
    protected final Lock queue_lock = new ReentrantLock();

    @ManagedAttribute(description = "whether or not to queue received messages (until the secret key was received)")
    protected boolean queue_up_msgs = true;
    protected final BlockingQueue<Message> up_queue = new ArrayBlockingQueue(100);

    @Property(description = "Min time (in millis) between key requests")
    protected long min_time_between_key_requests = 2000;

    public KeyPair keyPair() {
        return this.key_pair;
    }

    public Cipher asymCipher() {
        return this.asym_cipher;
    }

    public Address keyServerAddr() {
        return this.key_server_addr;
    }

    public ASYM_ENCRYPT keyServerAddr(Address address) {
        this.key_server_addr = address;
        return this;
    }

    public long minTimeBetweenKeyRequests() {
        return this.min_time_between_key_requests;
    }

    public ASYM_ENCRYPT minTimeBetweenKeyRequests(long j) {
        this.min_time_between_key_requests = j;
        return this;
    }

    @Override // org.jgroups.stack.Protocol
    public List<Integer> providedDownServices() {
        return Arrays.asList(111, 112);
    }

    @ManagedAttribute(description = "Number of received messages currently queued")
    public int queueSize() {
        return this.up_queue.size();
    }

    @ManagedAttribute(description = "The current key server")
    public String getKeyServerAddress() {
        return this.key_server_addr != null ? this.key_server_addr.toString() : Configurator.NULL;
    }

    @ManagedOperation(description = "Triggers a request for the secret key to the current keyserver")
    public void sendKeyRequest() {
        if (this.key_server_addr == null) {
            this.log.debug("%s: sending secret key request failed as the key server is currently not set", this.local_addr);
        } else {
            sendKeyRequest(this.key_server_addr);
        }
    }

    @ManagedAttribute(description = "True if this member is the current key server, false otherwise")
    public boolean isKeyServer() {
        return Objects.equals(this.key_server_addr, this.local_addr);
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol
    public void init() throws Exception {
        initKeyPair();
        super.init();
        if (this.use_external_key_exchange) {
            List<Integer> downServices = getDownServices();
            if (downServices == null || !downServices.contains(110)) {
                throw new IllegalStateException("found no key exchange protocol below servicing event FETCH_SECRET_KEY");
            }
        }
    }

    @Override // org.jgroups.stack.Protocol
    public void stop() {
        if (this.key_requesters != null) {
            this.key_requesters.stop();
        }
        stopQueueing();
        super.stop();
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol
    public Object down(Event event) {
        return (event.type() == 1 && skip((Message) event.arg())) ? this.down_prot.down(event) : super.down(event);
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol, org.jgroups.UpHandler
    public Object up(Event event) {
        switch (event.type()) {
            case 1:
                Message message = (Message) event.arg();
                if (skip(message)) {
                    Address coordinator = getCoordinator(message, (GMS.GmsHeader) message.getHeader(GMS_ID));
                    if (coordinator != null) {
                        if (this.key_server_addr == null) {
                            this.key_server_addr = coordinator;
                        }
                        sendKeyRequest(coordinator);
                    }
                    return this.up_prot.up(event);
                }
                break;
            case 111:
                return new Tuple(this.secret_key, this.sym_version);
            case 112:
                Tuple tuple = (Tuple) event.arg();
                try {
                    setKeys((SecretKey) tuple.getVal1(), (byte[]) tuple.getVal2());
                    return null;
                } catch (Exception e) {
                    this.log.error("failed setting secret key", e);
                    return null;
                }
        }
        return super.up(event);
    }

    @Override // org.jgroups.protocols.EncryptBase, org.jgroups.stack.Protocol
    public void up(MessageBatch messageBatch) {
        Iterator<Message> it = messageBatch.iterator();
        while (it.hasNext()) {
            Message next = it.next();
            if (skip(next)) {
                try {
                    this.up_prot.up(new Event(1, next));
                    messageBatch.remove(next);
                    Address coordinator = getCoordinator(next, (GMS.GmsHeader) next.getHeader(GMS_ID));
                    if (coordinator != null) {
                        sendKeyRequest(coordinator);
                    }
                } catch (Throwable th) {
                    this.log.error("failed passing up message from %s: %s, ex=%s", next.src(), next.printHeaders(), th);
                }
            }
            EncryptHeader encryptHeader = (EncryptHeader) next.getHeader(this.id);
            if (encryptHeader != null && encryptHeader.type != 1) {
                handleUpEvent(next, encryptHeader);
                messageBatch.remove(next);
            }
        }
        if (messageBatch.isEmpty()) {
            return;
        }
        super.up(messageBatch);
    }

    protected Address getCoordinator(Message message, GMS.GmsHeader gmsHeader) {
        switch (gmsHeader.getType()) {
            case 2:
                try {
                    JoinRsp joinRsp = (JoinRsp) Util.streamableFromBuffer(JoinRsp.class, message.getRawBuffer(), message.getOffset(), message.getLength());
                    View view = joinRsp != null ? joinRsp.getView() : null;
                    if (view != null) {
                        return view.getCoord();
                    }
                    return null;
                } catch (Throwable th) {
                    this.log.error("%s: failed getting coordinator (keyserver) from JoinRsp: %s", this.local_addr, th);
                    return null;
                }
            case 8:
                try {
                    Tuple<View, Digest> _readViewAndDigest = GMS._readViewAndDigest(message.getRawBuffer(), message.getOffset(), message.getLength());
                    View val1 = _readViewAndDigest != null ? _readViewAndDigest.getVal1() : null;
                    if (val1 != null) {
                        return val1.getCoord();
                    }
                    return null;
                } catch (Throwable th2) {
                    this.log.error("%s: failed getting coordinator (keyserver) from INSTALL_MERGE_VIEW: %s", this.local_addr, th2);
                    return null;
                }
            default:
                return null;
        }
    }

    protected static boolean skip(Message message) {
        GMS.GmsHeader gmsHeader = (GMS.GmsHeader) message.getHeader(GMS_ID);
        if (gmsHeader == null) {
            return false;
        }
        switch (gmsHeader.getType()) {
            case 1:
            case 2:
            case 6:
            case 7:
            case 8:
            case 10:
            case 11:
            case 13:
            case 14:
                return true;
            case 3:
            case 4:
            case 5:
            case 9:
            case 12:
            default:
                return false;
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected Object handleUpEvent(Message message, EncryptHeader encryptHeader) {
        switch (encryptHeader.type()) {
            case 2:
                handleSecretKeyRequest(message);
                return null;
            case 4:
                handleSecretKeyResponse(message, encryptHeader.version());
                sendNewKeyserverAck(message.src());
                return null;
            case 8:
                Address src = message.src();
                if (!Objects.equals(this.key_server_addr, src)) {
                    this.key_server_addr = src;
                }
                if (Arrays.equals(this.sym_version, encryptHeader.version)) {
                    sendNewKeyserverAck(src);
                    return null;
                }
                sendKeyRequest(src);
                return null;
            case 16:
                if (this.key_requesters == null) {
                    return null;
                }
                this.key_requesters.add(message.src(), true);
                return null;
            default:
                return null;
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected boolean process(Message message) {
        if (!enqueue(message)) {
            return true;
        }
        Log log = this.log;
        Object[] objArr = new Object[5];
        objArr[0] = this.local_addr;
        objArr[1] = message.dest() == null ? "mcast" : RtspHeaders.Values.UNICAST;
        objArr[2] = message.src();
        objArr[3] = this.key_server_addr;
        objArr[4] = message.printHeaders();
        log.trace("%s: queuing %s message from %s as secret key hasn't been retrieved from keyserver %s yet, hdrs: %s", objArr);
        sendKeyRequest(this.key_server_addr);
        return false;
    }

    protected void handleSecretKeyRequest(Message message) {
        if (inView(message.src(), "key requester %s is not in current view %s; ignoring key request")) {
            this.log.debug("%s: received secret key request from %s", this.local_addr, message.getSrc());
            try {
                sendSecretKey(this.secret_key, generatePubKey(message.getBuffer()), message.getSrc());
            } catch (Exception e) {
                this.log.warn("%s: unable to reconstitute peer's public key", this.local_addr);
            }
        }
    }

    protected void handleSecretKeyResponse(Message message, byte[] bArr) {
        if (inView(message.src(), "ignoring secret key sent by %s which is not in current view %s")) {
            if (Arrays.equals(this.sym_version, bArr)) {
                this.log.debug("%s: secret key (version %s) already installed, ignoring key response", this.local_addr, Util.byteArrayToHexString(bArr));
                stopQueueing();
                return;
            }
            try {
                SecretKeySpec decodeKey = decodeKey(message.getBuffer());
                if (decodeKey == null) {
                    sendKeyRequest(this.key_server_addr);
                } else {
                    this.log.debug("%s: installing secret key received from %s (version: %s)", this.local_addr, message.getSrc(), Util.byteArrayToHexString(bArr));
                    setKeys(decodeKey, bArr);
                }
            } catch (Exception e) {
                this.log.warn("%s: unable to process received public key", this.local_addr, e);
            }
        }
    }

    protected SecretKey createSecretKey() throws Exception {
        KeyGenerator keyGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm)) : KeyGenerator.getInstance(getAlgorithm(this.sym_algorithm), this.provider);
        keyGenerator.init(this.sym_keylength);
        return keyGenerator.generateKey();
    }

    protected void initKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = (this.provider == null || this.provider.trim().isEmpty()) ? KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm)) : KeyPairGenerator.getInstance(getAlgorithm(this.asym_algorithm), this.provider);
        keyPairGenerator.initialize(this.asym_keylength, new SecureRandom());
        this.key_pair = keyPairGenerator.generateKeyPair();
        if (this.provider == null || this.provider.trim().isEmpty()) {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm);
        } else {
            this.asym_cipher = Cipher.getInstance(this.asym_algorithm, this.provider);
        }
        this.asym_cipher.init(2, this.key_pair.getPrivate());
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected synchronized void handleView(View view) {
        boolean z = (!this.change_key_on_leave || this.view == null || view.containsMembers(this.view.getMembersRaw())) ? false : true;
        boolean z2 = this.secret_key == null || z;
        super.handleView(view);
        if (this.key_requesters != null) {
            this.key_requesters.retainAll(view.getMembers());
        }
        Address address = this.key_server_addr;
        this.key_server_addr = view.getCoord();
        if (!Objects.equals(this.key_server_addr, this.local_addr)) {
            handleNewKeyServer(address, view instanceof MergeView, z);
            return;
        }
        if (!Objects.equals(this.key_server_addr, address)) {
            this.log.debug("%s: I'm the new key server", this.local_addr);
        }
        if (z2) {
            createNewKey();
            if (this.key_requesters != null) {
                this.key_requesters.stop();
            }
            ArrayList arrayList = new ArrayList(view.getMembers());
            arrayList.remove(this.local_addr);
            if (arrayList.isEmpty()) {
                return;
            }
            this.key_requesters = new ResponseCollectorTask(arrayList).setPeriodicTask(new ResponseCollectorTask.Consumer<ResponseCollectorTask<Boolean>>() { // from class: org.jgroups.protocols.ASYM_ENCRYPT.1
                @Override // org.jgroups.util.ResponseCollectorTask.Consumer
                public void accept(ResponseCollectorTask<Boolean> responseCollectorTask) {
                    ASYM_ENCRYPT.this.down_prot.down(new Event(1, new Message((Address) null).setTransientFlag(Message.TransientFlag.DONT_LOOPBACK).putHeader(ASYM_ENCRYPT.this.id, new EncryptHeader((byte) 8, ASYM_ENCRYPT.this.sym_version))));
                }
            }).start(getTransport().getTimer(), 0L, this.key_server_interval);
        }
    }

    protected void createNewKey() {
        try {
            this.secret_key = createSecretKey();
            initSymCiphers(this.sym_algorithm, this.secret_key);
            this.log.debug("%s: created new secret key (version: %s)", this.local_addr, Util.byteArrayToHexString(this.sym_version));
            stopQueueing();
        } catch (Exception e) {
            this.log.error("%s: failed creating secret key and initializing ciphers", this.local_addr, e);
        }
    }

    protected void handleNewKeyServer(Address address, boolean z, boolean z2) {
        if (this.change_key_on_leave) {
            if (keyServerChanged(address) || z || z2) {
                startQueueing();
                this.log.debug("%s: sending request for secret key to the new keyserver %s", this.local_addr, this.key_server_addr);
                sendKeyRequest(this.key_server_addr);
            }
        }
    }

    protected boolean keyServerChanged(Address address) {
        return !Objects.equals(this.key_server_addr, address);
    }

    protected void setKeys(SecretKey secretKey, byte[] bArr) throws Exception {
        synchronized (this) {
            if (Arrays.equals(this.sym_version, bArr)) {
                stopQueueing();
                return;
            }
            Cipher take = this.secret_key != null ? this.decoding_ciphers.take() : null;
            if (take != null) {
                this.key_map.put(new AsciiString(bArr), take);
            }
            this.secret_key = secretKey;
            initSymCiphers(secretKey.getAlgorithm(), secretKey);
            this.sym_version = bArr;
            stopQueueing();
        }
    }

    protected void sendSecretKey(Key key, PublicKey publicKey, Address address) throws Exception {
        Message putHeader = new Message(address, encryptSecretKey(key, publicKey)).src(this.local_addr).putHeader(this.id, new EncryptHeader((byte) 4, symVersion()));
        this.log.debug("%s: sending secret key response to %s (version: %s)", this.local_addr, address, Util.byteArrayToHexString(this.sym_version));
        this.down_prot.down(new Event(1, putHeader));
    }

    protected byte[] encryptSecretKey(Key key, PublicKey publicKey) throws Exception {
        Cipher cipher = (this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.asym_algorithm) : Cipher.getInstance(this.asym_algorithm, this.provider);
        cipher.init(1, publicKey);
        return cipher.doFinal(key.getEncoded());
    }

    protected void sendKeyRequest(Address address) {
        if (address == null) {
            return;
        }
        if (this.last_key_request == 0 || System.currentTimeMillis() - this.last_key_request > this.min_time_between_key_requests) {
            this.last_key_request = System.currentTimeMillis();
            if (this.use_external_key_exchange) {
                this.log.debug("%s: asking key exchange protocol to get secret key", this.local_addr);
                this.down_prot.down(new Event(110, address));
            } else {
                this.log.debug("%s: asking %s for the secret key (my version: %s)", this.local_addr, address, Util.byteArrayToHexString(this.sym_version));
                this.down_prot.down(new Event(1, new Message(address, this.key_pair.getPublic().getEncoded()).src(this.local_addr).putHeader(this.id, new EncryptHeader((byte) 2, null))));
            }
        }
    }

    protected void sendNewKeyserverAck(Address address) {
        this.down_prot.down(new Event(1, new Message(address).putHeader(this.id, new EncryptHeader((byte) 16, null))));
    }

    protected SecretKeySpec decodeKey(byte[] bArr) throws Exception {
        byte[] doFinal;
        synchronized (this) {
            doFinal = this.asym_cipher.doFinal(bArr);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(doFinal, getAlgorithm(this.sym_algorithm));
            ((this.provider == null || this.provider.trim().isEmpty()) ? Cipher.getInstance(this.sym_algorithm) : Cipher.getInstance(this.sym_algorithm, this.provider)).init(3, secretKeySpec);
            return secretKeySpec;
        } catch (Exception e) {
            this.log.error(Util.getMessage("FailedDecodingKey"), e);
            return null;
        }
    }

    protected void startQueueing() {
        this.queue_lock.lock();
        try {
            this.queue_up_msgs = true;
        } finally {
            this.queue_lock.unlock();
        }
    }

    protected boolean enqueue(Message message) {
        boolean z;
        this.queue_lock.lock();
        try {
            if (this.queue_up_msgs) {
                if (this.up_queue.offer(message)) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } finally {
            this.queue_lock.unlock();
        }
    }

    protected void stopQueueing() {
        ArrayList<Message> arrayList = new ArrayList(this.up_queue.size());
        this.queue_lock.lock();
        try {
            this.queue_up_msgs = false;
            this.up_queue.drainTo(arrayList);
            for (Message message : arrayList) {
                try {
                    Message decryptMessage = decryptMessage(null, message.copy());
                    if (decryptMessage != null) {
                        this.up_prot.up(new Event(1, decryptMessage));
                    }
                } catch (Exception e) {
                    this.log.error("failed decrypting message from %s: %s", message.src(), e);
                }
            }
        } finally {
            this.queue_lock.unlock();
        }
    }

    @Override // org.jgroups.protocols.EncryptBase
    protected void handleUnknownVersion(byte[] bArr) {
        if (isKeyServer()) {
            return;
        }
        this.log.debug("%s: received msg encrypted with version %s (my version: %s), getting new secret key from %s", this.local_addr, Util.byteArrayToHexString(bArr), Util.byteArrayToHexString(this.sym_version), this.key_server_addr);
        sendKeyRequest(this.key_server_addr);
    }

    protected PublicKey generatePubKey(byte[] bArr) {
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(getAlgorithm(this.asym_algorithm)).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return publicKey;
    }
}
