package net.named_data.jndn.encrypt;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.named_data.jndn.Data;
import net.named_data.jndn.Face;
import net.named_data.jndn.Interest;
import net.named_data.jndn.KeyLocatorType;
import net.named_data.jndn.Name;
import net.named_data.jndn.NetworkNack;
import net.named_data.jndn.OnData;
import net.named_data.jndn.OnNetworkNack;
import net.named_data.jndn.OnTimeout;
import net.named_data.jndn.encrypt.EncryptError;
import net.named_data.jndn.security.KeyChain;
import net.named_data.jndn.security.SafeBag;
import net.named_data.jndn.security.pib.Pib;
import net.named_data.jndn.security.pib.PibIdentity;
import net.named_data.jndn.security.pib.PibKey;
import net.named_data.jndn.security.v2.Validator;
import net.named_data.jndn.util.Blob;

/* loaded from: input_file:net/named_data/jndn/encrypt/DecryptorV2.class */
public class DecryptorV2 {
    private final PibKey credentialsKey_;
    private final Face face_;
    private final KeyChain keyChain_;
    private final KeyChain internalKeyChain_;
    private final HashMap<Name, ContentKey> contentKeys_ = new HashMap<>();
    private static final Logger logger_ = Logger.getLogger(DecryptorV2.class.getName());

    /* loaded from: input_file:net/named_data/jndn/encrypt/DecryptorV2$ContentKey.class */
    public static class ContentKey {
        public Blob bits;
        public boolean isRetrieved = false;
        public long pendingInterest = 0;
        public ArrayList<PendingDecrypt> pendingDecrypts = new ArrayList<>();

        /* loaded from: input_file:net/named_data/jndn/encrypt/DecryptorV2$ContentKey$PendingDecrypt.class */
        public static class PendingDecrypt {
            public EncryptedContent encryptedContent;
            public DecryptSuccessCallback onSuccess;
            public EncryptError.OnError onError;

            public PendingDecrypt(EncryptedContent encryptedContent, DecryptSuccessCallback decryptSuccessCallback, EncryptError.OnError onError) {
                this.encryptedContent = encryptedContent;
                this.onSuccess = decryptSuccessCallback;
                this.onError = onError;
            }
        }
    }

    /* loaded from: input_file:net/named_data/jndn/encrypt/DecryptorV2$DecryptSuccessCallback.class */
    public interface DecryptSuccessCallback {
        void onSuccess(Blob blob);
    }

    public DecryptorV2(PibKey pibKey, Validator validator, KeyChain keyChain, Face face) {
        this.credentialsKey_ = pibKey;
        this.face_ = face;
        this.keyChain_ = keyChain;
        try {
            this.internalKeyChain_ = new KeyChain("pib-memory:", "tpm-memory:");
        } catch (Exception e) {
            throw new Error("Error creating in-memory KeyChain: " + e);
        }
    }

    public void shutdown() {
        for (ContentKey contentKey : this.contentKeys_.values()) {
            if (contentKey.pendingInterest > 0) {
                this.face_.removePendingInterest(contentKey.pendingInterest);
                contentKey.pendingInterest = 0L;
                Iterator<ContentKey.PendingDecrypt> it = contentKey.pendingDecrypts.iterator();
                while (it.hasNext()) {
                    it.next().onError.onError(EncryptError.ErrorCode.CkRetrievalFailure, "Canceling pending decrypt as ContentKey is being destroyed");
                }
                contentKey.pendingDecrypts.clear();
            }
        }
    }

    public final void decrypt(EncryptedContent encryptedContent, DecryptSuccessCallback decryptSuccessCallback, EncryptError.OnError onError) throws IOException {
        if (encryptedContent.getKeyLocator().getType() != KeyLocatorType.KEYNAME) {
            logger_.log(Level.INFO, "Missing required KeyLocator in the supplied EncryptedContent block");
            onError.onError(EncryptError.ErrorCode.MissingRequiredKeyLocator, "Missing required KeyLocator in the supplied EncryptedContent block");
            return;
        }
        if (!encryptedContent.hasInitialVector()) {
            logger_.log(Level.INFO, "Missing required initial vector in the supplied EncryptedContent block");
            onError.onError(EncryptError.ErrorCode.MissingRequiredInitialVector, "Missing required initial vector in the supplied EncryptedContent block");
            return;
        }
        Name keyLocatorName = encryptedContent.getKeyLocatorName();
        ContentKey contentKey = this.contentKeys_.get(keyLocatorName);
        boolean z = contentKey == null;
        if (z) {
            contentKey = new ContentKey();
            this.contentKeys_.put(keyLocatorName, contentKey);
        }
        if (contentKey.isRetrieved) {
            doDecrypt(encryptedContent, contentKey.bits, decryptSuccessCallback, onError);
        } else {
            logger_.log(Level.INFO, "CK {0} not yet available, so adding to the pending decrypt queue", keyLocatorName);
            contentKey.pendingDecrypts.add(new ContentKey.PendingDecrypt(encryptedContent, decryptSuccessCallback, onError));
        }
        if (z) {
            fetchCk(keyLocatorName, contentKey, onError, 3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void fetchCk(final Name name, final ContentKey contentKey, final EncryptError.OnError onError, final int i) {
        logger_.log(Level.INFO, "Fetching CK {0}", name);
        try {
            contentKey.pendingInterest = this.face_.expressInterest(new Interest(name).setMustBeFresh(false).setCanBePrefix(true), new OnData() { // from class: net.named_data.jndn.encrypt.DecryptorV2.1
                @Override // net.named_data.jndn.OnData
                public void onData(Interest interest, Data data) {
                    try {
                        contentKey.pendingInterest = 0L;
                        Name[] nameArr = new Name[1];
                        Name[] nameArr2 = new Name[1];
                        Name[] nameArr3 = new Name[1];
                        if (DecryptorV2.extractKdkInfoFromCkName(data.getName(), interest.getName(), onError, nameArr, nameArr2, nameArr3)) {
                            PibIdentity pibIdentity = null;
                            try {
                                pibIdentity = DecryptorV2.this.internalKeyChain_.getPib().getIdentity(nameArr2[0]);
                            } catch (Pib.Error e) {
                            }
                            if (pibIdentity != null) {
                                PibKey pibKey = null;
                                try {
                                    pibKey = pibIdentity.getKey(nameArr3[0]);
                                } catch (Pib.Error e2) {
                                }
                                if (pibKey != null) {
                                    DecryptorV2.logger_.log(Level.INFO, "KDK {0} already exists, so directly using it to decrypt the CK", (Object[]) nameArr3);
                                    DecryptorV2.this.decryptCkAndProcessPendingDecrypts(contentKey, data, nameArr3[0], onError);
                                    return;
                                }
                            }
                            DecryptorV2.this.fetchKdk(contentKey, nameArr[0], data, onError, 3);
                        }
                    } catch (Exception e3) {
                        onError.onError(EncryptError.ErrorCode.General, "Error in fetchCk onData: " + e3);
                    }
                }
            }, new OnTimeout() { // from class: net.named_data.jndn.encrypt.DecryptorV2.2
                @Override // net.named_data.jndn.OnTimeout
                public void onTimeout(Interest interest) {
                    contentKey.pendingInterest = 0L;
                    if (i > 1) {
                        DecryptorV2.this.fetchCk(name, contentKey, onError, i - 1);
                    } else {
                        onError.onError(EncryptError.ErrorCode.CkRetrievalTimeout, "Retrieval of CK [" + interest.getName().toUri() + "] timed out");
                    }
                }
            }, new OnNetworkNack() { // from class: net.named_data.jndn.encrypt.DecryptorV2.3
                @Override // net.named_data.jndn.OnNetworkNack
                public void onNetworkNack(Interest interest, NetworkNack networkNack) {
                    contentKey.pendingInterest = 0L;
                    onError.onError(EncryptError.ErrorCode.CkRetrievalFailure, "Retrieval of CK [" + interest.getName().toUri() + "] failed. Got NACK (" + networkNack.getReason() + ")");
                }
            });
        } catch (Exception e) {
            onError.onError(EncryptError.ErrorCode.General, "expressInterest error: " + e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void fetchKdk(final ContentKey contentKey, final Name name, final Data data, final EncryptError.OnError onError, final int i) {
        Name name2 = new Name(name);
        name2.append(EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY).append(this.credentialsKey_.getName());
        logger_.log(Level.INFO, "Fetching KDK {0}", name2);
        try {
            contentKey.pendingInterest = this.face_.expressInterest(new Interest(name2).setMustBeFresh(true).setCanBePrefix(false), new OnData() { // from class: net.named_data.jndn.encrypt.DecryptorV2.4
                @Override // net.named_data.jndn.OnData
                public void onData(Interest interest, Data data2) {
                    contentKey.pendingInterest = 0L;
                    if (DecryptorV2.this.decryptAndImportKdk(data2, onError)) {
                        DecryptorV2.this.decryptCkAndProcessPendingDecrypts(contentKey, data, name.getPrefix(-2).append("KEY").append(name.get(-1)), onError);
                    }
                }
            }, new OnTimeout() { // from class: net.named_data.jndn.encrypt.DecryptorV2.5
                @Override // net.named_data.jndn.OnTimeout
                public void onTimeout(Interest interest) {
                    contentKey.pendingInterest = 0L;
                    if (i > 1) {
                        DecryptorV2.this.fetchKdk(contentKey, name, data, onError, i - 1);
                    } else {
                        onError.onError(EncryptError.ErrorCode.KdkRetrievalTimeout, "Retrieval of KDK [" + interest.getName().toUri() + "] timed out");
                    }
                }
            }, new OnNetworkNack() { // from class: net.named_data.jndn.encrypt.DecryptorV2.6
                @Override // net.named_data.jndn.OnNetworkNack
                public void onNetworkNack(Interest interest, NetworkNack networkNack) {
                    contentKey.pendingInterest = 0L;
                    onError.onError(EncryptError.ErrorCode.KdkRetrievalFailure, "Retrieval of KDK [" + interest.getName().toUri() + "] failed. Got NACK (" + networkNack.getReason() + ")");
                }
            });
        } catch (Exception e) {
            onError.onError(EncryptError.ErrorCode.General, "expressInterest error: " + e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean decryptAndImportKdk(Data data, EncryptError.OnError onError) {
        try {
            logger_.log(Level.INFO, "Decrypting and importing KDK {0}", data.getName());
            EncryptedContent encryptedContent = new EncryptedContent();
            encryptedContent.wireDecodeV2(data.getContent());
            SafeBag safeBag = new SafeBag(encryptedContent.getPayload());
            Blob decrypt = this.keyChain_.getTpm().decrypt(encryptedContent.getPayloadKey().buf(), this.credentialsKey_.getName());
            if (decrypt.isNull()) {
                onError.onError(EncryptError.ErrorCode.TpmKeyNotFound, "Could not decrypt secret, " + this.credentialsKey_.getName().toUri() + " not found in TPM");
                return false;
            }
            this.internalKeyChain_.importSafeBag(safeBag, decrypt.buf());
            return true;
        } catch (Exception e) {
            onError.onError(EncryptError.ErrorCode.DecryptionFailure, "Failed to decrypt KDK [" + data.getName().toUri() + "]: " + e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void decryptCkAndProcessPendingDecrypts(ContentKey contentKey, Data data, Name name, EncryptError.OnError onError) {
        logger_.log(Level.INFO, "Decrypting CK data {0}", data.getName());
        EncryptedContent encryptedContent = new EncryptedContent();
        try {
            encryptedContent.wireDecodeV2(data.getContent());
            try {
                Blob decrypt = this.internalKeyChain_.getTpm().decrypt(encryptedContent.getPayload().buf(), name);
                if (decrypt.isNull()) {
                    onError.onError(EncryptError.ErrorCode.TpmKeyNotFound, "Could not decrypt secret, " + name.toUri() + " not found in TPM");
                    return;
                }
                contentKey.bits = decrypt;
                contentKey.isRetrieved = true;
                Iterator<ContentKey.PendingDecrypt> it = contentKey.pendingDecrypts.iterator();
                while (it.hasNext()) {
                    ContentKey.PendingDecrypt next = it.next();
                    doDecrypt(next.encryptedContent, contentKey.bits, next.onSuccess, next.onError);
                }
                contentKey.pendingDecrypts.clear();
            } catch (Exception e) {
                onError.onError(EncryptError.ErrorCode.DecryptionFailure, "Error decrypting the CK EncryptedContent " + e);
            }
        } catch (Exception e2) {
            onError.onError(EncryptError.ErrorCode.InvalidEncryptedFormat, "Error decrypting EncryptedContent: " + e2);
        }
    }

    private static void doDecrypt(EncryptedContent encryptedContent, Blob blob, DecryptSuccessCallback decryptSuccessCallback, EncryptError.OnError onError) {
        if (!encryptedContent.hasInitialVector()) {
            onError.onError(EncryptError.ErrorCode.MissingRequiredInitialVector, "Expecting Initial Vector in the encrypted content, but it is not present");
            return;
        }
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(2, new SecretKeySpec(blob.getImmutableArray(), "AES"), new IvParameterSpec(encryptedContent.getInitialVector().getImmutableArray()));
            try {
                decryptSuccessCallback.onSuccess(new Blob(cipher.doFinal(encryptedContent.getPayload().getImmutableArray()), false));
            } catch (Throwable th) {
                logger_.log(Level.SEVERE, "Error in onSuccess", th);
            }
        } catch (Exception e) {
            onError.onError(EncryptError.ErrorCode.DecryptionFailure, "Decryption error in doDecrypt: " + e);
        }
    }

    private static Name convertKekNameToKdkPrefix(Name name, EncryptError.OnError onError) {
        if (name.size() >= 2 && name.get(-2).equals(EncryptorV2.NAME_COMPONENT_KEK)) {
            return name.getPrefix(-2).append(EncryptorV2.NAME_COMPONENT_KDK).append(name.get(-1));
        }
        onError.onError(EncryptError.ErrorCode.KekInvalidName, "Invalid KEK name [" + name.toUri() + "]");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean extractKdkInfoFromCkName(Name name, Name name2, EncryptError.OnError onError, Name[] nameArr, Name[] nameArr2, Name[] nameArr3) {
        if (name.size() < name2.size() + 1 || !name.getPrefix(name2.size()).equals(name2) || !name.get(name2.size()).equals(EncryptorV2.NAME_COMPONENT_ENCRYPTED_BY)) {
            onError.onError(EncryptError.ErrorCode.CkInvalidName, "Invalid CK name [" + name.toUri() + "]");
            return false;
        }
        Name subName = name.getSubName(name2.size() + 1);
        nameArr[0] = convertKekNameToKdkPrefix(subName, onError);
        if (nameArr[0] == null) {
            return false;
        }
        nameArr2[0] = subName.getPrefix(-2);
        nameArr3[0] = subName.getPrefix(-2).append("KEY").append(subName.get(-1));
        return true;
    }
}
