package org.objectweb.proactive.core.security;

import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.security.AccessControlException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.objectweb.proactive.core.security.SecurityConstants;
import org.objectweb.proactive.core.security.crypto.KeyExchangeException;
import org.objectweb.proactive.core.security.crypto.Session;
import org.objectweb.proactive.core.security.crypto.SessionException;
import org.objectweb.proactive.core.security.exceptions.CommunicationForbiddenException;
import org.objectweb.proactive.core.security.exceptions.InvalidPolicyFile;
import org.objectweb.proactive.core.security.exceptions.RenegotiateSessionException;
import org.objectweb.proactive.core.security.exceptions.SecurityNotAvailableException;
import org.objectweb.proactive.core.security.securityentity.Entities;
import org.objectweb.proactive.core.security.securityentity.Entity;
import org.objectweb.proactive.core.security.securityentity.RuleEntities;
import org.objectweb.proactive.core.util.ProActiveRandom;
import org.objectweb.proactive.core.util.converter.ObjectToByteConverter;
import org.objectweb.proactive.core.util.log.Loggers;
import org.objectweb.proactive.core.util.log.ProActiveLogger;

/* loaded from: input_file:org/objectweb/proactive/core/security/ProActiveSecurityManager.class */
public class ProActiveSecurityManager implements Serializable {
    private static final long serialVersionUID = 51;
    private static Logger logger = ProActiveLogger.getLogger(Loggers.SECURITY_MANAGER);
    private Hashtable<Long, Session> sessions;
    private Hashtable<TypedCertificate, Long> sessionIDs;
    private PolicyServer policyServer;
    private transient SecurityEntity parent;
    private final SecurityConstants.EntityType type;
    protected int aesKeySize;
    protected int macKeySize;

    public ProActiveSecurityManager(SecurityConstants.EntityType entityType) {
        this.aesKeySize = 192;
        this.macKeySize = 160;
        this.sessions = new Hashtable<>();
        this.sessionIDs = new Hashtable<>();
        this.policyServer = null;
        this.type = entityType;
    }

    public ProActiveSecurityManager(SecurityConstants.EntityType entityType, String str) throws InvalidPolicyFile {
        this(entityType);
        Security.addProvider(new BouncyCastleProvider());
        if (new File(str).exists()) {
            this.policyServer = ProActiveSecurityDescriptorHandler.createPolicyServer(str);
            this.aesKeySize = this.policyServer.getAesKeySize();
            this.macKeySize = this.policyServer.getMacKeySize();
        }
        logger.debug("creating Security Manager using file " + str);
    }

    public ProActiveSecurityManager(SecurityConstants.EntityType entityType, PolicyServer policyServer) {
        this(entityType);
        this.policyServer = policyServer;
        this.aesKeySize = this.policyServer.getAesKeySize();
        this.macKeySize = this.policyServer.getMacKeySize();
    }

    public SecurityContext getPolicy(Entities entities, Entities entities2) throws SecurityNotAvailableException {
        SecurityContext policy = this.policyServer.getPolicy(entities, entities2);
        if (this.parent != null) {
            try {
                policy = SecurityContext.mergeContexts(policy, this.parent.getPolicy(entities, entities2));
            } catch (IOException e) {
                logger.debug("cannot contact my parent entity " + this.parent);
            } catch (SecurityNotAvailableException e2) {
                logger.debug("my parent entity " + this.parent.toString() + "has no security manager, I ignore him");
            }
        }
        return policy;
    }

    public Session initiateSession(SecurityEntity securityEntity) throws CommunicationForbiddenException, SecurityNotAvailableException {
        TypedCertificate typedCertificate = null;
        try {
            typedCertificate = securityEntity.getCertificate();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (SecurityNotAvailableException e2) {
            e2.printStackTrace();
        }
        Entities entities = getEntities();
        Entities entities2 = null;
        try {
            entities2 = securityEntity.getEntities();
        } catch (IOException e3) {
            e3.printStackTrace();
        } catch (SecurityNotAvailableException e4) {
            e4.printStackTrace();
        }
        SecurityContext policy = this.policyServer.getPolicy(entities, entities2);
        if (policy.isEverythingForbidden()) {
            throw new CommunicationForbiddenException("No communication is allowed from " + entities + "to " + entities2);
        }
        SecurityContext securityContext = null;
        try {
            securityContext = securityEntity.getPolicy(entities2, entities);
        } catch (IOException e5) {
            e5.printStackTrace();
        } catch (SecurityNotAvailableException e6) {
            e6.printStackTrace();
        }
        if (securityContext == null || securityContext.isEverythingForbidden()) {
            throw new CommunicationForbiddenException("The target doesn't allow any communication.");
        }
        SecurityContext computeContext = SecurityContext.computeContext(policy, securityContext);
        try {
            long startNewSession = startNewSession(0L, computeContext, typedCertificate);
            long startNewSession2 = securityEntity.startNewSession(startNewSession, computeContext.otherSideContext(), getCertificate().noPrivateKey());
            Session session = getSession(startNewSession);
            session.setDistantSessionID(startNewSession2);
            ProActiveLogger.getLogger(Loggers.SECURITY_MANAGER).debug("adding new session " + startNewSession + " distant object is " + securityEntity.getCertificate().getCert().getSubjectDN() + "\n local object is " + getCertificate().getCert().getSubjectDN());
            if (!session.isSessionValidated()) {
                keyNegociationSenderSide(securityEntity, session);
            }
            return session;
        } catch (IOException e7) {
            e7.printStackTrace();
            throw new CommunicationForbiddenException("Distant entity unreachable for session creation.");
        } catch (KeyExchangeException e8) {
            logger.warn("Key exchange exception ");
            e8.printStackTrace();
            throw new CommunicationForbiddenException("Key exchange exception.");
        } catch (SessionException e9) {
            e9.printStackTrace();
            throw new CommunicationForbiddenException("Cannot create a new session object.");
        }
    }

    public TypedCertificate getCertificate() {
        if (this.policyServer == null || this.policyServer.getKeyStore() == null) {
            return null;
        }
        return this.policyServer.getCertificate(getType()).noPrivateKey();
    }

    public void terminateSession(long j) {
        synchronized (this.sessions) {
            Session session = getSession(j);
            this.sessions.remove(Long.valueOf(j));
            this.sessionIDs.remove(session.getDistantCertificate());
        }
    }

    public synchronized long startNewSession(long j, SecurityContext securityContext, TypedCertificate typedCertificate) throws SessionException {
        try {
            long sessionIDTo = getSessionIDTo(typedCertificate);
            getSession(sessionIDTo).setDistantSessionID(j);
            return sessionIDTo;
        } catch (SessionException e) {
            while (true) {
                long nextLong = ProActiveRandom.nextLong() + System.currentTimeMillis();
                if (nextLong != 0 && !this.sessions.contains(Long.valueOf(nextLong))) {
                    this.sessions.put(Long.valueOf(nextLong), new Session(j, securityContext, typedCertificate));
                    this.sessionIDs.put(typedCertificate, Long.valueOf(nextLong));
                    ProActiveLogger.getLogger(Loggers.SECURITY).debug("starting a new session : " + nextLong);
                    return nextLong;
                }
            }
        }
    }

    public byte[][] encrypt(long j, Object obj, Session.ActAs actAs) throws RenegotiateSessionException {
        Session session = getSession(j);
        if (session == null) {
            throw new RenegotiateSessionException("Requested session was not found, need to negotiate another one");
        }
        while (!session.isSessionValidated()) {
            try {
                Thread.sleep(50L);
            } catch (Exception e) {
                throw new RenegotiateSessionException("Something wrong when I tried to crypt the message");
            }
        }
        ProActiveLogger.getLogger(Loggers.SECURITY).debug("Ciphering object, session is " + j);
        return session.writePDU(ObjectToByteConverter.MarshallStream.convert(obj), actAs);
    }

    public byte[] decrypt(long j, byte[][] bArr, Session.ActAs actAs) throws RenegotiateSessionException {
        Session session = getSession(j);
        if (session == null) {
            throw new RenegotiateSessionException("While decrypting the session was not found, need to renegotiate a new one");
        }
        int i = 30;
        while (!session.isSessionValidated() && i > 0) {
            try {
                Thread.sleep(50L);
                i--;
            } catch (IOException e) {
                throw new RenegotiateSessionException("Decrypting the session was not found, need to renegotiate a new one");
            } catch (InterruptedException e2) {
                e2.printStackTrace();
                return null;
            }
        }
        if (i == 0) {
            throw new RenegotiateSessionException("Decrypting Request, session validation delay has expired");
        }
        return session.readPDU(bArr[0], bArr[1], actAs);
    }

    public synchronized boolean keyNegociationSenderSide(SecurityEntity securityEntity, Session session) throws KeyExchangeException {
        if (session == null) {
            throw new KeyExchangeException("the session is null");
        }
        try {
            session.sec_rand.nextBytes(session.cl_rand);
            session.se_rand = securityEntity.randomValue(session.getDistantSessionID(), session.cl_rand);
            Signature signature = Signature.getInstance("MD5withRSA", "BC");
            signature.initSign(getPrivateKey(), session.sec_rand);
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            byte[] encoded = getPublicKey().getEncoded();
            byte[] encoded2 = getCertificate().getCert().getEncoded();
            signature.update(encoded);
            signature.update(encoded2);
            byte[] publicKeyExchange = securityEntity.publicKeyExchange(session.getDistantSessionID(), signature.sign());
            signature.initVerify(session.getDistantCertificate().getCert());
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            signature.update(session.getDistantPublicKey().getEncoded());
            signature.update(session.getDistantCertificate().getCert().getEncoded());
            if (!signature.verify(publicKeyExchange)) {
                throw new Exception("(CLIENT)Signature failed on Public key exchange data unit");
            }
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC");
            keyGenerator.init(this.aesKeySize, session.sec_rand);
            session.cl_aes_key = keyGenerator.generateKey();
            keyGenerator.init(this.macKeySize, session.sec_rand);
            session.cl_hmac_key = keyGenerator.generateKey();
            session.cl_iv = new IvParameterSpec(new byte[16]);
            byte[] bArr = new byte[24];
            session.cl_cipher.init(1, session.cl_aes_key, session.cl_iv, session.sec_rand);
            session.cl_mac.init(session.cl_hmac_key);
            session.sec_rand.nextBytes(bArr);
            session.rsa_eng.init(1, session.getDistantPublicKey(), session.sec_rand);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
            cipher.init(1, session.cl_aes_key, session.cl_iv, session.sec_rand);
            signature.initSign(getPrivateKey());
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            byte[] doFinal = session.rsa_eng.doFinal(session.cl_aes_key.getEncoded());
            signature.update(doFinal);
            byte[] doFinal2 = session.rsa_eng.doFinal(session.cl_iv.getIV());
            signature.update(doFinal2);
            byte[] doFinal3 = session.rsa_eng.doFinal(session.cl_hmac_key.getEncoded());
            signature.update(doFinal3);
            byte[] doFinal4 = cipher.doFinal(bArr);
            signature.update(bArr);
            byte[][] secretKeyExchange = securityEntity.secretKeyExchange(session.getDistantSessionID(), doFinal, doFinal2, doFinal3, doFinal4, signature.sign());
            session.rsa_eng.init(2, getPrivateKey(), session.sec_rand);
            byte[] bArr2 = secretKeyExchange[0];
            byte[] bArr3 = secretKeyExchange[1];
            byte[] bArr4 = secretKeyExchange[2];
            byte[] bArr5 = secretKeyExchange[3];
            cipher.init(2, new SecretKeySpec(session.rsa_eng.doFinal(bArr2), "AES"), new IvParameterSpec(session.rsa_eng.doFinal(bArr3)));
            signature.initVerify(session.getDistantCertificate().getCert());
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            signature.update(bArr2);
            signature.update(bArr3);
            signature.update(bArr4);
            signature.update(cipher.doFinal(bArr5));
            if (!signature.verify(secretKeyExchange[4])) {
                throw new Exception("Signature failed on Public key exchange data unit");
            }
            session.se_aes_key = new SecretKeySpec(session.rsa_eng.doFinal(bArr2), "AES");
            session.se_iv = new IvParameterSpec(session.rsa_eng.doFinal(bArr3));
            session.se_cipher.init(2, session.se_aes_key, session.se_iv);
            session.se_hmac_key = new SecretKeySpec(session.rsa_eng.doFinal(bArr4), "AES");
            session.se_mac.init(session.se_hmac_key);
            session.validate();
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            throw new KeyExchangeException("something wrong with the key exchange, see the stack trace");
        }
    }

    private PrivateKey getPrivateKey() {
        try {
            return KeyStoreTools.getSelfPrivateKey(this.policyServer.getKeyStore());
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        } catch (UnrecoverableKeyException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    public byte[] randomValue(long j, byte[] bArr) throws RenegotiateSessionException {
        Session session = getSession(j);
        if (session == null) {
            throw new RenegotiateSessionException("Session not started,session is null");
        }
        try {
            session.cl_rand = bArr;
            session.sec_rand.nextBytes(session.se_rand);
        } catch (Exception e) {
            logger.warn("Server: Hello failed");
            e.printStackTrace();
        }
        return session.se_rand;
    }

    public byte[] publicKeyExchange(long j, byte[] bArr) throws KeyExchangeException {
        Session session = getSession(j);
        if (session == null) {
            throw new KeyExchangeException("Session not started");
        }
        try {
            Signature signature = Signature.getInstance("MD5withRSA", "BC");
            signature.initVerify(session.getDistantPublicKey());
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            signature.update(session.getDistantPublicKey().getEncoded());
            signature.update(session.getDistantCertificate().getCert().getEncoded());
            if (!signature.verify(bArr)) {
                logger.debug(session);
                logger.warn("Signature failed on Public key exchange data unit");
                throw new Exception("Signature failed on Public key exchange data unit");
            }
            signature.initSign(getPrivateKey());
            signature.update(session.cl_rand);
            signature.update(session.se_rand);
            byte[] encoded = getPublicKey().getEncoded();
            byte[] encoded2 = getCertificate().getCert().getEncoded();
            signature.update(encoded);
            signature.update(encoded2);
            return signature.sign();
        } catch (Exception e) {
            e.printStackTrace();
            throw new KeyExchangeException(e.toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    public byte[][] secretKeyExchange(long j, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        Session session;
        ?? r0 = new byte[5];
        try {
            session = this.sessions.get(Long.valueOf(j));
        } catch (InvalidAlgorithmParameterException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
        } catch (NoSuchProviderException e4) {
            e4.printStackTrace();
        } catch (SignatureException e5) {
            e5.printStackTrace();
        } catch (BadPaddingException e6) {
            e6.printStackTrace();
        } catch (IllegalBlockSizeException e7) {
            e7.printStackTrace();
        } catch (KeyExchangeException e8) {
            e8.printStackTrace();
        }
        if (session == null) {
            return r0;
        }
        session.rsa_eng.init(2, getPrivateKey(), session.sec_rand);
        session.se_cipher.init(2, new SecretKeySpec(session.rsa_eng.doFinal(bArr), "AES"), new IvParameterSpec(session.rsa_eng.doFinal(bArr2)), session.sec_rand);
        Signature signature = Signature.getInstance("MD5withRSA", "BC");
        signature.initVerify(session.getDistantCertificate().getCert());
        signature.update(session.cl_rand);
        signature.update(session.se_rand);
        signature.update(bArr);
        signature.update(bArr2);
        signature.update(bArr3);
        signature.update(session.se_cipher.doFinal(bArr4));
        if (!signature.verify(bArr5)) {
            throw new KeyExchangeException("(Server) :Signature failed on Public key exchange data unit");
        }
        session.cl_aes_key = new SecretKeySpec(session.rsa_eng.doFinal(bArr), "AES");
        session.cl_iv = new IvParameterSpec(session.rsa_eng.doFinal(bArr2));
        session.cl_cipher.init(2, session.cl_aes_key, session.cl_iv);
        session.cl_mac_enc = session.rsa_eng.doFinal(bArr3);
        session.cl_hmac_key = new SecretKeySpec(session.cl_mac_enc, "AES");
        session.cl_mac.init(session.cl_hmac_key);
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC");
        keyGenerator.init(this.aesKeySize, session.sec_rand);
        session.se_aes_key = keyGenerator.generateKey();
        keyGenerator.init(this.macKeySize, session.sec_rand);
        session.se_hmac_key = keyGenerator.generateKey();
        session.se_iv = new IvParameterSpec(new byte[16]);
        session.se_cipher.init(1, session.se_aes_key, session.se_iv, session.sec_rand);
        byte[] iv = session.se_cipher.getIV();
        session.se_iv = new IvParameterSpec(iv);
        session.se_mac.init(session.se_hmac_key);
        byte[] bArr6 = new byte[24];
        session.sec_rand.nextBytes(bArr6);
        signature.initSign(getPrivateKey());
        signature.update(session.cl_rand);
        signature.update(session.se_rand);
        session.rsa_eng.init(1, session.getDistantPublicKey(), session.sec_rand);
        r0[0] = session.rsa_eng.doFinal(session.se_aes_key.getEncoded());
        signature.update(r0[0]);
        r0[1] = session.rsa_eng.doFinal(iv);
        signature.update(r0[1]);
        r0[2] = session.rsa_eng.doFinal(session.se_hmac_key.getEncoded());
        signature.update(r0[2]);
        session.se_cipher.init(1, session.se_aes_key, new IvParameterSpec(iv), session.sec_rand);
        r0[3] = session.se_cipher.doFinal(bArr6);
        signature.update(bArr6);
        r0[4] = signature.sign();
        session.validate();
        return r0;
    }

    public long getSessionIDTo(TypedCertificate typedCertificate) throws SessionException {
        if (typedCertificate == null) {
            throw new SessionException("Parameter is null.");
        }
        if (this.sessions == null) {
            ProActiveLogger.getLogger(Loggers.SECURITY_CRYPTO).debug("sessions field is null");
            throw new SessionException("session member of this psm is null.");
        }
        Long l = this.sessionIDs.get(typedCertificate);
        if (l != null) {
            return l.longValue();
        }
        throw new SessionException("Session not found.");
    }

    public Session getSessionTo(TypedCertificate typedCertificate) throws SessionException {
        Session session = getSession(getSessionIDTo(typedCertificate));
        if (session != null) {
            return session;
        }
        throw new SessionException("Session not found.");
    }

    public PublicKey getPublicKey() {
        return getCertificate().getCert().getPublicKey();
    }

    public HashSet<Long> getOpenedConnexion() {
        if (this.sessions == null) {
            return null;
        }
        return new HashSet<>(this.sessions.keySet());
    }

    private void setPolicyServer(PolicyServer policyServer) {
        this.policyServer = policyServer;
    }

    public Entities getEntities() {
        Entities entities = null;
        if (this.parent != null) {
            try {
                entities = this.parent.getEntities();
            } catch (IOException e) {
            } catch (SecurityNotAvailableException e2) {
            }
        }
        if (entities == null) {
            entities = new Entities();
        }
        entities.add(new Entity(getMyCertificateChain()));
        return entities;
    }

    public Session getSession(long j) {
        return this.sessions.get(Long.valueOf(j));
    }

    public TypedCertificateList getMyCertificateChain() {
        return this.policyServer.getMyCertificateChain(this.type);
    }

    public void setParent(SecurityEntity securityEntity) {
        this.parent = securityEntity;
    }

    public ProActiveSecurityManager generateSiblingCertificate(SecurityConstants.EntityType entityType, String str) {
        ProActiveSecurityManager proActiveSecurityManager = new ProActiveSecurityManager(entityType);
        proActiveSecurityManager.setPolicyServer((PolicyServer) this.policyServer.clone());
        proActiveSecurityManager.generateEntityCertificate(str);
        return proActiveSecurityManager;
    }

    protected void generateEntityCertificate(String str) {
        String str2 = "CN=" + str;
        try {
            KeyPair genKeys = KeyTools.genKeys(1024);
            ProActiveLogger.getLogger(Loggers.SECURITY_MANAGER).debug("generate sibling security manager for " + str2);
            KeyStore keyStore = this.policyServer.getKeyStore();
            TypedCertificate applicationCertificate = this.policyServer.getApplicationCertificate();
            KeyStoreTools.newEntity(keyStore, new TypedCertificate(CertTools.genCert(str2, 561600L, null, genKeys.getPrivate(), genKeys.getPublic(), true, applicationCertificate.getCert().getSubjectX500Principal().getName(), applicationCertificate.getPrivateKey(), applicationCertificate.getCert().getPublicKey()), this.type, genKeys.getPrivate()));
        } catch (IllegalStateException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e2) {
            e2.printStackTrace();
        } catch (KeyStoreException e3) {
            e3.printStackTrace();
        } catch (NoSuchAlgorithmException e4) {
            e4.printStackTrace();
        } catch (NoSuchProviderException e5) {
            e5.printStackTrace();
        } catch (SignatureException e6) {
            e6.printStackTrace();
        } catch (UnrecoverableKeyException e7) {
            e7.printStackTrace();
        } catch (CertificateEncodingException e8) {
            e8.printStackTrace();
        }
    }

    public ProActiveSecurityManager getProActiveSecurityManager(Entity entity) throws AccessControlException {
        accessControl(entity);
        return this;
    }

    public void setProActiveSecurityManager(Entity entity, PolicyServer policyServer) throws AccessControlException {
        accessControl(entity);
        this.sessions.clear();
        this.policyServer = policyServer;
    }

    private boolean accessControl(Entity entity) {
        return true;
    }

    public Hashtable<Long, Session> getSessions() {
        return this.sessions;
    }

    public SecurityConstants.EntityType getType() {
        return this.type;
    }

    public String getApplicationName() {
        return this.policyServer.getApplicationName();
    }

    public List<PolicyRule> getPolicies() {
        return this.policyServer.getPolicies();
    }

    public RuleEntities getAccessAuthorizations() {
        return this.policyServer.getAccessAuthorizations();
    }

    public KeyStore getKeyStore() {
        return this.policyServer.getKeyStore();
    }
}
