package com.unbound.client.kmip;

import com.unbound.client.BaseObject;
import com.unbound.client.CertObject;
import com.unbound.client.ECPRFKey;
import com.unbound.client.ECPrivateKeyObject;
import com.unbound.client.EDDSAPrivateKeyObject;
import com.unbound.client.LocateParams;
import com.unbound.client.ObjectType;
import com.unbound.client.Partition;
import com.unbound.client.RSAPrivateKeyObject;
import com.unbound.client.RSAPublicKeyObject;
import com.unbound.client.SecretKeyObject;
import com.unbound.client.Session;
import com.unbound.common.Base64;
import com.unbound.common.JSON;
import com.unbound.common.Log;
import com.unbound.common.STR;
import com.unbound.common.crypto.EC;
import com.unbound.kmip.KMIPConverter;
import com.unbound.kmip.attribute.Authentication;
import com.unbound.kmip.request.RequestItem;
import com.unbound.kmip.request.RequestMessage;
import com.unbound.kmip.request.dy.DyLoginRequest;
import com.unbound.kmip.response.ResponseItem;
import com.unbound.kmip.response.ResponseMessage;
import com.unbound.kmip.response.dy.DyLoginResponse;
import com.unbound.provider.KeyParameters;
import java.security.ProviderException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.time.Clock;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/unbound/client/kmip/KMIPSession.class */
public class KMIPSession implements Session {
    private static final Clock clock = Clock.systemUTC();
    private final KMIPPartition partition;
    private KMIPServer server = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KMIPSession(KMIPPartition kMIPPartition) {
        this.partition = kMIPPartition;
    }

    private byte[] transmitBytes(byte[] bArr) {
        if (KMIPClient.simulator != null) {
            return KMIPClient.simTransmit(bArr);
        }
        if (this.server != null) {
            return this.server.transmit(this.partition, bArr);
        }
        KMIPServer[] list = KMIPServer.getList();
        int length = list.length;
        for (KMIPServer kMIPServer : list) {
            try {
                byte[] transmit = kMIPServer.transmit(this.partition, bArr);
                this.server = kMIPServer;
                return transmit;
            } catch (Exception e) {
                length--;
                if (length == 0) {
                    throw new ProviderException(e);
                }
            }
        }
        throw new ProviderException("No servers found");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseMessage transmit(RequestMessage requestMessage) {
        byte[] bArr;
        long j;
        Log end = Log.func("KMIPConnection.transmit").end();
        try {
            try {
                if (this.partition != null) {
                    synchronized (this.partition) {
                        bArr = this.partition.jwt;
                        j = this.partition.jwtValidityClock;
                    }
                    if (requestMessage.header.auth == null && bArr != null) {
                        if (j < clock.millis()) {
                            loginRenew();
                        }
                        requestMessage.header.auth = new Authentication();
                        requestMessage.header.auth.credType = 3;
                        requestMessage.header.auth.attestationType = -2147483647;
                        requestMessage.header.auth.attestationAssertion = bArr;
                    }
                }
                byte[] convert = KMIPConverter.convert(requestMessage);
                requestMessage.log();
                int i = KMIPConnection.retriesTransmit;
                while (true) {
                    try {
                        ResponseMessage convertResponseMessage = KMIPConverter.convertResponseMessage(transmitBytes(convert));
                        convertResponseMessage.log();
                        if (convertResponseMessage.header.batchCount == 0) {
                            throw new ProviderException("Invalid KMIP response");
                        }
                        Iterator<ResponseItem> it = convertResponseMessage.batch.iterator();
                        while (it.hasNext()) {
                            ResponseItem next = it.next();
                            if (next.resultStatus != 0) {
                                throw new ProviderException("KMIP error " + next.reason + " " + next.resultMsg);
                            }
                        }
                        return convertResponseMessage;
                    } catch (Exception e) {
                        i--;
                        if (i == 0) {
                            throw e;
                        }
                        Thread.sleep(KMIPConnection.retrySuspend);
                    }
                }
            } catch (Exception e2) {
                end.failed(e2);
                throw new ProviderException(e2);
            }
        } finally {
            end.leave();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseItem transmit(RequestItem requestItem) {
        RequestMessage requestMessage = new RequestMessage();
        requestMessage.batch.add(requestItem);
        return transmit(requestMessage).batch.get(0);
    }

    private void loginRenew() {
        loginOrRenew(null, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void login(String str) {
        loginOrRenew(str, false);
    }

    private void loginOrRenew(String str, boolean z) {
        String str2;
        int jwtTokenValidity;
        Log end = Log.func("KMIPSession.loginOrRenew").log("renewWjt", z).log("password", (str == null || str.isEmpty()) ? false : true).end();
        try {
            try {
                RequestMessage requestMessage = new RequestMessage();
                requestMessage.header.auth = new Authentication();
                if (z) {
                    requestMessage.header.auth = new Authentication();
                    requestMessage.header.auth.credType = 3;
                    requestMessage.header.auth.attestationType = -2147483647;
                    requestMessage.header.auth.attestationAssertion = this.partition.jwt;
                } else {
                    requestMessage.header.auth.credType = 1;
                    requestMessage.header.auth.username = "user";
                    requestMessage.header.auth.password = "";
                    if (str != null) {
                        try {
                            Map map = (Map) JSON.convert(str);
                            str2 = (String) map.get("username");
                            str = (String) map.get("password");
                        } catch (Exception e) {
                            str2 = "user";
                        }
                        requestMessage.header.auth.password = str;
                        requestMessage.header.auth.username = str2;
                    }
                }
                DyLoginRequest dyLoginRequest = new DyLoginRequest();
                dyLoginRequest.doCreateWjt = true;
                requestMessage.batch.add(dyLoginRequest);
                try {
                    DyLoginResponse dyLoginResponse = (DyLoginResponse) transmit(requestMessage).batch.get(0);
                    if (dyLoginResponse.jwt != null && (jwtTokenValidity = jwtTokenValidity(STR.utf8(dyLoginResponse.jwt))) > 0) {
                        synchronized (this.partition) {
                            long millis = clock.millis();
                            this.partition.jwt = dyLoginResponse.jwt;
                            this.partition.jwtValidityClock = millis + (jwtTokenValidity * 1000);
                        }
                    }
                } catch (Exception e2) {
                    synchronized (this.partition) {
                        this.partition.jwt = null;
                        throw e2;
                    }
                }
            } finally {
                end.leave();
            }
        } catch (Exception e3) {
            end.failed(e3);
            throw new ProviderException(e3);
        }
    }

    static int jwtTokenValidity(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return 0;
        }
        Map map = (Map) JSON.convert(STR.utf8(Base64.decodeUrl(split[1])));
        return (int) ((((Long) map.get("exp")).longValue() - ((Long) map.get("iat")).longValue()) - 30);
    }

    @Override // com.unbound.client.Session
    public Partition getPartition() {
        return this.partition;
    }

    @Override // com.unbound.client.Session
    public void release() {
    }

    @Override // com.unbound.client.Session
    public SecretKeyObject generateSecretKey(String str, ObjectType objectType, int i, KeyParameters keyParameters) {
        return KMIPSecretKey.generate(this, str, objectType, i, keyParameters);
    }

    @Override // com.unbound.client.Session
    public SecretKeyObject importSecretKey(String str, ObjectType objectType, byte[] bArr, KeyParameters keyParameters) {
        return KMIPSecretKey.importKey(this, str, objectType, bArr, keyParameters);
    }

    @Override // com.unbound.client.Session
    public EDDSAPrivateKeyObject generateEddsaKey(String str, KeyParameters keyParameters) {
        throw new ProviderException("Not implemented");
    }

    @Override // com.unbound.client.Session
    public RSAPrivateKeyObject importRsaKey(String str, RSAPrivateCrtKey rSAPrivateCrtKey, KeyParameters keyParameters) {
        return KMIPRSAPrivateKey.importKey(this, str, rSAPrivateCrtKey, keyParameters);
    }

    @Override // com.unbound.client.Session
    public ECPrivateKeyObject generateEcKey(String str, EC.Curve curve, KeyParameters keyParameters) {
        return KMIPECPrivateKey.generate(this, str, curve, keyParameters);
    }

    @Override // com.unbound.client.Session
    public RSAPublicKeyObject importPubRsaKey(String str, RSAPublicKey rSAPublicKey, KeyParameters keyParameters) {
        return KMIPRSAPublicKey.importKey(this, str, rSAPublicKey, keyParameters);
    }

    @Override // com.unbound.client.Session
    public ECPrivateKeyObject importEcKey(String str, ECPrivateKey eCPrivateKey, KeyParameters keyParameters) {
        return KMIPECPrivateKey.importKey(this, str, eCPrivateKey, keyParameters);
    }

    @Override // com.unbound.client.Session
    public ECPRFKey generateEcprfKey(String str, KeyParameters keyParameters) {
        return KMIPECPRFKey.generate(this, str, keyParameters);
    }

    @Override // com.unbound.client.Session
    public CertObject importCert(String str, X509Certificate x509Certificate) {
        return KMIPCert.importCert(this, str, x509Certificate);
    }

    @Override // com.unbound.client.Session
    public RSAPrivateKeyObject generateRsaKey(String str, int i, KeyParameters keyParameters) {
        return KMIPRSAPrivateKey.generate(this, str, i, keyParameters);
    }

    @Override // com.unbound.client.Session
    public BaseObject locate(ObjectType objectType, LocateParams locateParams) {
        return KMIPObject.locate(this, objectType, locateParams);
    }

    @Override // com.unbound.client.Session
    public ArrayList<BaseObject> locate(ObjectType objectType) {
        return KMIPObject.locate(this, objectType);
    }
}
