package org.yamcs.sle;

import ccsds.sle.transfer.service.common.types.Credentials;
import ccsds.sle.transfer.service.isp1.credentials.HashInput;
import ccsds.sle.transfer.service.isp1.credentials.ISP1Credentials;
import com.beanit.jasn1.ber.ReverseByteArrayOutputStream;
import com.beanit.jasn1.ber.types.BerInteger;
import com.beanit.jasn1.ber.types.BerOctetString;
import com.beanit.jasn1.ber.types.string.BerVisibleString;
import io.netty.util.internal.logging.InternalLogger;
import io.netty.util.internal.logging.InternalLoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;

/* loaded from: input_file:org/yamcs/sle/Isp1Authentication.class */
public class Isp1Authentication {
    final BerVisibleString myUsername;
    final BerVisibleString peerUsername;
    final BerOctetString myPass;
    final BerOctetString peerPass;
    MessageDigest digest;
    final SecureRandom random;
    private static final InternalLogger logger = InternalLoggerFactory.getInstance(Isp1Handler.class);
    boolean debugAuth = false;
    int bufferSize = 128;
    private long maxDeltaRcvTime = 600000;

    /* loaded from: input_file:org/yamcs/sle/Isp1Authentication$HashAlgorithm.class */
    public enum HashAlgorithm {
        SHA1,
        SHA256
    }

    public Isp1Authentication(String str, byte[] bArr, String str2, byte[] bArr2, String str3) {
        this.myUsername = new BerVisibleString(str);
        this.peerUsername = new BerVisibleString(str2);
        this.myPass = new BerOctetString(bArr);
        this.peerPass = new BerOctetString(bArr2);
        try {
            this.random = SecureRandom.getInstance("SHA1PRNG");
            this.digest = MessageDigest.getInstance(str3);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public ISP1Credentials generateIsp1Credentials() {
        BerInteger berInteger = new BerInteger(this.random.nextInt() & Integer.MAX_VALUE);
        BerOctetString berOctetString = new BerOctetString(CcsdsTime.now().getDaySegmented());
        byte[] theProtected = getTheProtected(this.myUsername, this.myPass, berInteger, berOctetString);
        ISP1Credentials iSP1Credentials = new ISP1Credentials();
        iSP1Credentials.setRandomNumber(berInteger);
        iSP1Credentials.setTheProtected(new BerOctetString(theProtected));
        iSP1Credentials.setTime(berOctetString);
        return iSP1Credentials;
    }

    byte[] getTheProtected(BerVisibleString berVisibleString, BerOctetString berOctetString, BerInteger berInteger, BerOctetString berOctetString2) {
        HashInput hashInput = new HashInput();
        hashInput.setPassWord(berOctetString);
        hashInput.setRandomNumber(berInteger);
        hashInput.setUserName(berVisibleString);
        hashInput.setTime(berOctetString2);
        ReverseByteArrayOutputStream reverseByteArrayOutputStream = new ReverseByteArrayOutputStream(128, true);
        try {
            hashInput.encode(reverseByteArrayOutputStream);
            return this.digest.digest(reverseByteArrayOutputStream.getArray());
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public Credentials generateCredentials() {
        Credentials credentials = new Credentials();
        ISP1Credentials generateIsp1Credentials = generateIsp1Credentials();
        ReverseByteArrayOutputStream reverseByteArrayOutputStream = new ReverseByteArrayOutputStream(this.bufferSize, true);
        try {
            generateIsp1Credentials.encode(reverseByteArrayOutputStream);
            credentials.setUsed(new BerOctetString(reverseByteArrayOutputStream.getArray()));
            return credentials;
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    public long getMaxDeltaRcvTime() {
        return this.maxDeltaRcvTime;
    }

    public void setMaxDeltaRcvTime(long j) {
        this.maxDeltaRcvTime = j;
    }

    public void verifyCredentials(Credentials credentials) throws AuthenticationException {
        ISP1Credentials iSP1Credentials = new ISP1Credentials();
        BerOctetString used = credentials.getUsed();
        if (used == null) {
            throw new AuthenticationException("Provider did not provide credentials");
        }
        try {
            iSP1Credentials.decode(new ByteArrayInputStream(used.value));
            if (System.currentTimeMillis() - CcsdsTime.fromCcsds(iSP1Credentials.getTime().value).toJavaMillisec() > this.maxDeltaRcvTime) {
                throw new AuthenticationException("Received provider's credentials are too old");
            }
            if (this.debugAuth) {
                logger.debug("verifying credentials {} against ({}, {})", new Object[]{iSP1Credentials, this.peerUsername, this.peerPass});
            }
            if (!Arrays.equals(getTheProtected(this.peerUsername, this.peerPass, iSP1Credentials.getRandomNumber(), iSP1Credentials.getTime()), iSP1Credentials.getTheProtected().value)) {
                throw new AuthenticationException("Received provider's credentials are not correct (hash does not match computed hash)");
            }
        } catch (Exception e) {
            throw new AuthenticationException("Cannot decode provider's credentials", e);
        }
    }

    public String getMyUsername() {
        return this.myUsername.toString();
    }

    public void debugAuth(boolean z) {
        this.debugAuth = z;
    }
}
