package net.named_data.jndn.encrypt;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import net.named_data.jndn.Data;
import net.named_data.jndn.Face;
import net.named_data.jndn.Interest;
import net.named_data.jndn.InterestFilter;
import net.named_data.jndn.Name;
import net.named_data.jndn.OnInterestCallback;
import net.named_data.jndn.OnRegisterFailed;
import net.named_data.jndn.encoding.EncodingException;
import net.named_data.jndn.encrypt.algo.EncryptAlgorithmType;
import net.named_data.jndn.in_memory_storage.InMemoryStorageRetaining;
import net.named_data.jndn.security.KeyChain;
import net.named_data.jndn.security.KeyType;
import net.named_data.jndn.security.RsaKeyParams;
import net.named_data.jndn.security.SafeBag;
import net.named_data.jndn.security.SecurityException;
import net.named_data.jndn.security.SigningInfo;
import net.named_data.jndn.security.UnrecognizedKeyFormatException;
import net.named_data.jndn.security.certificate.PublicKey;
import net.named_data.jndn.security.pib.Pib;
import net.named_data.jndn.security.pib.PibIdentity;
import net.named_data.jndn.security.pib.PibImpl;
import net.named_data.jndn.security.pib.PibKey;
import net.named_data.jndn.security.tpm.Tpm;
import net.named_data.jndn.security.tpm.TpmBackEnd;
import net.named_data.jndn.security.v2.CertificateV2;
import net.named_data.jndn.util.Common;

/* loaded from: input_file:net/named_data/jndn/encrypt/AccessManagerV2.class */
public class AccessManagerV2 {
    private final PibIdentity identity_;
    private PibKey nacKey_;
    private final KeyChain keyChain_;
    private final Face face_;
    private final InMemoryStorageRetaining storage_ = new InMemoryStorageRetaining();
    private final long kekRegisteredPrefixId_;
    private final long kdkRegisteredPrefixId_;
    private static final Logger logger_ = Logger.getLogger(AccessManagerV2.class.getName());
    private static final double DEFAULT_KEK_FRESHNESS_PERIOD_MS = 3600000.0d;
    private static final double DEFAULT_KDK_FRESHNESS_PERIOD_MS = 3600000.0d;

    public AccessManagerV2(PibIdentity pibIdentity, Name name, KeyChain keyChain, Face face) throws Tpm.Error, TpmBackEnd.Error, PibImpl.Error, Pib.Error, KeyChain.Error, EncodingException, IOException, SecurityException {
        this.identity_ = pibIdentity;
        this.keyChain_ = keyChain;
        this.face_ = face;
        PibIdentity createIdentityV2 = this.keyChain_.createIdentityV2(new Name(pibIdentity.getName()).append(EncryptorV2.NAME_COMPONENT_NAC).append(name), new RsaKeyParams());
        this.nacKey_ = createIdentityV2.getDefaultKey();
        if (this.nacKey_.getKeyType() != KeyType.RSA) {
            logger_.log(Level.INFO, "Cannot re-use existing KEK/KDK pair, as it is not an RSA key, regenerating");
            this.nacKey_ = this.keyChain_.createKey(createIdentityV2, new RsaKeyParams());
        }
        Name.Component component = this.nacKey_.getName().get(-1);
        Name append = new Name(this.nacKey_.getIdentityName()).append(EncryptorV2.NAME_COMPONENT_KEK);
        Data data = new Data(this.nacKey_.getDefaultCertificate());
        data.setName(new Name(append).append(component));
        data.getMetaInfo().setFreshnessPeriod(3600000.0d);
        this.keyChain_.sign(data, new SigningInfo(this.identity_));
        this.storage_.insert(data);
        OnInterestCallback onInterestCallback = new OnInterestCallback() { // from class: net.named_data.jndn.encrypt.AccessManagerV2.1
            @Override // net.named_data.jndn.OnInterestCallback
            public void onInterest(Name name2, Interest interest, Face face2, long j, InterestFilter interestFilter) {
                Data find = AccessManagerV2.this.storage_.find(interest);
                if (find == null) {
                    AccessManagerV2.logger_.log(Level.INFO, "Didn't find data for {0}", interest.getName());
                    return;
                }
                AccessManagerV2.logger_.log(Level.INFO, "Serving {0} from in-memory-storage", find.getName());
                try {
                    face2.putData(find);
                } catch (Throwable th) {
                    AccessManagerV2.logger_.log(Level.SEVERE, "AccessManagerV2: Error in Face.putData", th);
                }
            }
        };
        OnRegisterFailed onRegisterFailed = new OnRegisterFailed() { // from class: net.named_data.jndn.encrypt.AccessManagerV2.2
            @Override // net.named_data.jndn.OnRegisterFailed
            public void onRegisterFailed(Name name2) {
                AccessManagerV2.logger_.log(Level.SEVERE, "AccessManagerV2: Failed to register prefix {0}", name2.toUri());
            }
        };
        this.kekRegisteredPrefixId_ = this.face_.registerPrefix(append, onInterestCallback, onRegisterFailed);
        this.kdkRegisteredPrefixId_ = this.face_.registerPrefix(new Name(this.nacKey_.getIdentityName()).append(EncryptorV2.NAME_COMPONENT_KDK).append(component), onInterestCallback, onRegisterFailed);
    }

    public final void shutdown() {
        this.face_.unsetInterestFilter(this.kekRegisteredPrefixId_);
        this.face_.unsetInterestFilter(this.kdkRegisteredPrefixId_);
    }

    public final Data addMember(CertificateV2 certificateV2) throws Pib.Error, PibImpl.Error, UnrecognizedKeyFormatException, EncodingException, TpmBackEnd.Error, KeyChain.Error, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, CertificateV2.Error {
        Name name = new Name(this.nacKey_.getIdentityName());
        name.append(EncryptorV2.NAME_COMPONENT_KDK).append(this.nacKey_.getName().get(-1)).append(EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY).append(certificateV2.getKeyName());
        byte[] bArr = new byte[32];
        Common.getRandom().nextBytes(bArr);
        for (int i = 0; i < 32; i++) {
            if (bArr[i] == 0) {
                bArr[i] = 1;
            }
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] & Byte.MAX_VALUE);
        }
        SafeBag exportSafeBag = this.keyChain_.exportSafeBag(this.nacKey_.getDefaultCertificate(), ByteBuffer.wrap(bArr));
        PublicKey publicKey = new PublicKey(certificateV2.getPublicKey());
        EncryptedContent encryptedContent = new EncryptedContent();
        encryptedContent.setPayload(exportSafeBag.wireEncode());
        encryptedContent.setPayloadKey(publicKey.encrypt(bArr, EncryptAlgorithmType.RsaOaep));
        Data data = new Data(name);
        data.setContent(encryptedContent.wireEncodeV2());
        data.getMetaInfo().setFreshnessPeriod(3600000.0d);
        this.keyChain_.sign(data, new SigningInfo(this.identity_));
        this.storage_.insert(data);
        return data;
    }

    public final int size() {
        return this.storage_.size();
    }

    public final HashMap getCache_() {
        return this.storage_.getCache_();
    }
}
