package cz.smarteon.loxone;

import cz.smarteon.loxone.CommandListener;
import cz.smarteon.loxone.message.ApiInfo;
import cz.smarteon.loxone.message.Hashing;
import cz.smarteon.loxone.message.LoxoneMessage;
import cz.smarteon.loxone.message.LoxoneValue;
import cz.smarteon.loxone.message.PubKeyInfo;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.java_websocket.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cz/smarteon/loxone/LoxoneAuth.class */
public class LoxoneAuth implements CommandListener {
    public static final String CLIENT_UUID = "5231fc55-a384-41b4-b0ae10b7f774add1";
    public static final String DEFAULT_CLIENT_INFO = "loxoneJava";
    private static final Logger log = LoggerFactory.getLogger(LoxoneAuth.class);
    private static final int MAX_SALT_USAGE = 20;
    private final LoxoneHttp loxoneHttp;
    private final String loxoneUser;
    private final String loxonePass;
    private final String loxoneVisPass;
    private ApiInfo apiInfo;
    private Hashing hashing;
    private PublicKey publicKey;
    private SecretKey sharedKey;
    private byte[] sharedKeyIv;
    private Hashing visuHashing;
    private String sharedSalt;
    private SecureRandom sha1PRNG;
    private int saltUsageCount = 0;
    private String clientInfo = DEFAULT_CLIENT_INFO;

    public LoxoneAuth(LoxoneHttp loxoneHttp, String str, String str2, String str3) {
        this.loxoneHttp = (LoxoneHttp) Objects.requireNonNull(loxoneHttp, "loxoneHttp shouldn't be null");
        this.loxoneUser = (String) Objects.requireNonNull(str, "loxoneUser shouldn't be null");
        this.loxonePass = (String) Objects.requireNonNull(str2, "loxonePass shouldn't be null");
        this.loxoneVisPass = (String) Objects.requireNonNull(str3, "loxoneVisPass shouldn't be null");
    }

    public ApiInfo getApiInfo() {
        return this.apiInfo;
    }

    public String getUser() {
        return this.loxoneUser;
    }

    public String getUuid() {
        return CLIENT_UUID;
    }

    public String getClientInfo() {
        return this.clientInfo;
    }

    public void setClientInfo(String str) {
        this.clientInfo = str;
    }

    public void init() {
        log.trace("LoxoneAuth init start");
        fetchApiInfo();
        fetchPublicKey();
        try {
            this.sha1PRNG = SecureRandom.getInstance("SHA1PRNG");
            if (this.sharedKey == null) {
                createSharedKey();
            }
            createSharedKeyIv();
            log.trace("LoxoneAuth init finish");
        } catch (NoSuchAlgorithmException e) {
            throw new LoxoneException("No SHA1PRNG provider present", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInitialized() {
        return (this.publicKey == null || this.sharedKey == null || this.sharedKeyIv == null || this.sha1PRNG == null) ? false : true;
    }

    public Map<String, String> authHeaders() {
        return Collections.singletonMap("Authorization", "Basic " + Base64.encodeBytes(Codec.concatToBytes(this.loxoneUser, this.loxonePass)));
    }

    public String getSessionKey() {
        checkInitialized();
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, this.publicKey);
            byte[] doFinal = cipher.doFinal(Codec.concatToBytes(Codec.bytesToHex(this.sharedKey.getEncoded()), Codec.bytesToHex(this.sharedKeyIv)));
            log.trace("Created session key (in hex): {}", Codec.bytesToHex(doFinal));
            return Base64.encodeBytes(doFinal);
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new LoxoneException("Can't encrypt sharedKey to obtain sessionKey", e);
        }
    }

    public String getTokenCommand() {
        try {
            String upperCase = Codec.bytesToHex(MessageDigest.getInstance("SHA-1").digest(Codec.concatToBytes(this.loxonePass, this.hashing.getSalt()))).toUpperCase();
            log.trace("getToken password hash: {}", upperCase);
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(this.hashing.getKey(), "HmacSHA1"));
            String bytesToHex = Codec.bytesToHex(mac.doFinal(Codec.concatToBytes(this.loxoneUser, upperCase)));
            log.trace("getToken final hash: {}", bytesToHex);
            return Protocol.jsonGetToken(bytesToHex, this.loxoneUser, CLIENT_UUID, this.clientInfo);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new LoxoneException("Can't perform hashing to prepare gettoken command", e);
        }
    }

    public String encryptCommand(String str) {
        if (this.sharedSalt == null) {
            this.sharedSalt = generateSalt();
        }
        String str2 = "salt/" + this.sharedSalt;
        if (isNewSaltNeeded()) {
            log.trace("changing the salt");
            String str3 = "nextSalt/" + this.sharedSalt + "/";
            this.sharedSalt = generateSalt();
            str2 = str3 + this.sharedSalt;
        }
        return Protocol.jsonEncrypted(encryptWithSharedKey(str2 + "/" + str));
    }

    public String getVisuHash() {
        try {
            String upperCase = Codec.bytesToHex(MessageDigest.getInstance("SHA-1").digest(Codec.concatToBytes(this.loxoneVisPass, this.visuHashing.getSalt()))).toUpperCase();
            log.trace("visuPassHash: {}", upperCase);
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(this.visuHashing.getKey(), "HmacSHA1"));
            String bytesToHex = Codec.bytesToHex(mac.doFinal(upperCase.getBytes()));
            log.trace("visuPass final hash: {}", bytesToHex);
            return bytesToHex;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new LoxoneException("Can't perform hashing to prepare visuHash", e);
        }
    }

    @Override // cz.smarteon.loxone.CommandListener
    public CommandListener.State onCommand(String str, LoxoneValue loxoneValue) {
        if (Protocol.jsonGetKey(this.loxoneUser).equals(str)) {
            this.hashing = parseHashing(loxoneValue);
            return this.hashing != null ? CommandListener.State.CONSUMED : CommandListener.State.IGNORED;
        }
        if (!Protocol.isCommandGetVisuSalt(str, this.loxoneUser)) {
            return CommandListener.State.IGNORED;
        }
        this.visuHashing = parseHashing(loxoneValue);
        return this.visuHashing != null ? CommandListener.State.CONSUMED : CommandListener.State.IGNORED;
    }

    private Hashing parseHashing(Object obj) {
        if (obj instanceof Hashing) {
            return (Hashing) obj;
        }
        log.warn("Unexpected type of hashing received from loxone: {}", obj.getClass());
        return null;
    }

    private void checkInitialized() {
        if (!isInitialized()) {
            throw new IllegalStateException("LoxoneAuth has not been initialized - call init() first");
        }
    }

    private void fetchApiInfo() {
        log.trace("Fetching ApiInfo start");
        try {
            LoxoneMessage loxoneMessage = (LoxoneMessage) this.loxoneHttp.get(Command.DEV_CFG_API);
            if (loxoneMessage.getValue() == null) {
                throw new LoxoneException("Got empty apiInfo");
            }
            if (!(loxoneMessage.getValue() instanceof ApiInfo)) {
                throw new LoxoneException("Unexpected apiInfo message type " + loxoneMessage.getValue().getClass());
            }
            this.apiInfo = (ApiInfo) loxoneMessage.getValue();
            log.trace("Fetching ApiInfo finish");
        } catch (Throwable th) {
            log.trace("Fetching ApiInfo finish");
            throw th;
        }
    }

    private void fetchPublicKey() {
        log.trace("Fetching PublicKey start");
        try {
            LoxoneMessage loxoneMessage = (LoxoneMessage) this.loxoneHttp.get(Command.DEV_SYS_GETPUBLICKEY);
            if (loxoneMessage.getValue() == null) {
                throw new LoxoneException("Got empty pubKeyInfo");
            }
            if (!(loxoneMessage.getValue() instanceof PubKeyInfo)) {
                throw new LoxoneException("Unexpected pubKeyInfo message type " + loxoneMessage.getValue().getClass());
            }
            this.publicKey = ((PubKeyInfo) loxoneMessage.getValue()).asPublicKey();
            log.trace("Fetching PublicKey finish");
        } catch (Throwable th) {
            log.trace("Fetching PublicKey finish");
            throw th;
        }
    }

    private void createSharedKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            this.sharedKey = keyGenerator.generateKey();
            log.trace("Created sharedKey: {}", Codec.bytesToHex(this.sharedKey.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            throw new LoxoneException("No AES provider present", e);
        }
    }

    private void createSharedKeyIv() {
        this.sharedKeyIv = new byte[16];
        this.sha1PRNG.nextBytes(this.sharedKeyIv);
        log.trace("Created sharedKeyIv: {}", Codec.bytesToHex(this.sharedKeyIv));
    }

    private String encryptWithSharedKey(String str) {
        checkInitialized();
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
            cipher.init(1, this.sharedKey, new IvParameterSpec(this.sharedKeyIv));
            return Base64.encodeBytes(cipher.doFinal(str.getBytes()));
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new LoxoneException("Can't perform AES encryption", e);
        }
    }

    private String decryptWithSharedKey(String str) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, this.sharedKey, new IvParameterSpec(this.sharedKeyIv));
            return new String(cipher.doFinal(Base64.decode(str)));
        } catch (IOException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new LoxoneException("Can't perform AES decryption", e);
        }
    }

    private boolean isNewSaltNeeded() {
        if (this.saltUsageCount <= 0) {
        }
        this.saltUsageCount++;
        if (this.saltUsageCount < MAX_SALT_USAGE) {
            return false;
        }
        this.saltUsageCount = 0;
        return true;
    }

    private String generateSalt() {
        byte[] bArr = new byte[16];
        this.sha1PRNG.nextBytes(bArr);
        String bytesToHex = Codec.bytesToHex(bArr);
        log.trace("new command encryption salt generated: {}", bytesToHex);
        return bytesToHex;
    }
}
