package org.apache.catalina.tribes.group.interceptors;

import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.catalina.tribes.ChannelException;
import org.apache.catalina.tribes.ChannelMessage;
import org.apache.catalina.tribes.Member;
import org.apache.catalina.tribes.group.ChannelInterceptorBase;
import org.apache.catalina.tribes.group.InterceptorPayload;
import org.apache.catalina.tribes.io.XByteBuffer;
import org.apache.catalina.tribes.util.StringManager;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.class */
public class EncryptInterceptor extends ChannelInterceptorBase implements EncryptInterceptorMBean {
    private static final String DEFAULT_ENCRYPTION_ALGORITHM = "AES/CBC/PKCS5Padding";
    private String providerName;
    private String encryptionAlgorithm = DEFAULT_ENCRYPTION_ALGORITHM;
    private byte[] encryptionKeyBytes;
    private Cipher encryptionCipher;
    private Cipher decryptionCipher;
    private static final Log log = LogFactory.getLog(EncryptInterceptor.class);
    protected static final StringManager sm = StringManager.getManager((Class<?>) EncryptInterceptor.class);
    private static final int[] DEC = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 10, 11, 12, 13, 14, 15};

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor
    public void start(int i) throws ChannelException {
        if (2 == (i & 2)) {
            try {
                initCiphers();
            } catch (GeneralSecurityException e) {
                log.fatal(sm.getString("encryptInterceptor.init.failed"));
                throw new ChannelException(sm.getString("encryptInterceptor.init.failed"), e);
            }
        }
        super.start(i);
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor
    public void sendMessage(Member[] memberArr, ChannelMessage channelMessage, InterceptorPayload interceptorPayload) throws ChannelException {
        try {
            byte[][] encrypt = encrypt(channelMessage.getMessage().getBytes());
            XByteBuffer message = channelMessage.getMessage();
            message.setLength(0);
            message.append(encrypt[0], 0, encrypt[0].length);
            message.append(encrypt[1], 0, encrypt[1].length);
            super.sendMessage(memberArr, channelMessage, interceptorPayload);
        } catch (BadPaddingException e) {
            log.error(sm.getString("encryptInterceptor.encrypt.failed"));
            throw new ChannelException(e);
        } catch (IllegalBlockSizeException e2) {
            log.error(sm.getString("encryptInterceptor.encrypt.failed"));
            throw new ChannelException(e2);
        }
    }

    @Override // org.apache.catalina.tribes.group.ChannelInterceptorBase, org.apache.catalina.tribes.ChannelInterceptor, org.apache.catalina.tribes.MessageListener
    public void messageReceived(ChannelMessage channelMessage) {
        try {
            byte[] decrypt = decrypt(channelMessage.getMessage().getBytes());
            int blockSize = getDecryptionCipher().getBlockSize();
            if (decrypt.length - blockSize < 0) {
                log.error(sm.getString("encryptInterceptor.decrypt.error.short-message"));
                throw new IllegalStateException(sm.getString("encryptInterceptor.decrypt.error.short-message"));
            }
            XByteBuffer message = channelMessage.getMessage();
            message.setLength(0);
            message.append(decrypt, blockSize, decrypt.length - blockSize);
            super.messageReceived(channelMessage);
        } catch (BadPaddingException e) {
            log.error(sm.getString("encryptInterceptor.decrypt.failed"), e);
        } catch (IllegalBlockSizeException e2) {
            log.error(sm.getString("encryptInterceptor.decrypt.failed"), e2);
        }
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setEncryptionAlgorithm(String str) {
        if (null == getEncryptionAlgorithm()) {
            throw new IllegalStateException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        int indexOf = str.indexOf(47);
        if (indexOf < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        if (str.indexOf(47, indexOf + 1) < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        this.encryptionAlgorithm = str;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setEncryptionKey(byte[] bArr) {
        if (null == bArr) {
            this.encryptionKeyBytes = null;
        } else {
            this.encryptionKeyBytes = (byte[]) bArr.clone();
        }
    }

    public void setEncryptionKey(String str) {
        if (null == str) {
            setEncryptionKey((byte[]) null);
        } else {
            setEncryptionKey(fromHexString(str.trim()));
        }
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public byte[] getEncryptionKey() {
        byte[] encryptionKeyInternal = getEncryptionKeyInternal();
        if (null != encryptionKeyInternal) {
            encryptionKeyInternal = (byte[]) encryptionKeyInternal.clone();
        }
        return encryptionKeyInternal;
    }

    private byte[] getEncryptionKeyInternal() {
        return this.encryptionKeyBytes;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public void setProviderName(String str) {
        this.providerName = str;
    }

    @Override // org.apache.catalina.tribes.group.interceptors.EncryptInterceptorMBean
    public String getProviderName() {
        return this.providerName;
    }

    private void initCiphers() throws GeneralSecurityException {
        if (null == getEncryptionKey()) {
            throw new IllegalStateException(sm.getString("encryptInterceptor.key.required"));
        }
        String encryptionAlgorithm = getEncryptionAlgorithm();
        String algorithmMode = getAlgorithmMode(encryptionAlgorithm);
        if (!"CBC".equalsIgnoreCase(algorithmMode)) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.requires-cbc-mode", algorithmMode));
        }
        String providerName = getProviderName();
        Cipher cipher = null == providerName ? Cipher.getInstance(encryptionAlgorithm) : Cipher.getInstance(encryptionAlgorithm, getProviderName());
        byte[] bArr = new byte[cipher.getBlockSize()];
        new SecureRandom().nextBytes(bArr);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        int indexOf = encryptionAlgorithm.indexOf(47);
        SecretKeySpec secretKeySpec = new SecretKeySpec(getEncryptionKey(), indexOf >= 0 ? encryptionAlgorithm.substring(0, indexOf) : encryptionAlgorithm);
        cipher.init(1, secretKeySpec, ivParameterSpec);
        this.encryptionCipher = cipher;
        Cipher cipher2 = null == providerName ? Cipher.getInstance(encryptionAlgorithm) : Cipher.getInstance(encryptionAlgorithm, getProviderName());
        cipher2.init(2, secretKeySpec, new IvParameterSpec(bArr));
        this.decryptionCipher = cipher2;
    }

    private Cipher getEncryptionCipher() {
        return this.encryptionCipher;
    }

    private Cipher getDecryptionCipher() {
        return this.decryptionCipher;
    }

    private static String getAlgorithmMode(String str) {
        int indexOf = str.indexOf(47);
        if (indexOf < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        int indexOf2 = str.indexOf(47, indexOf + 1);
        if (indexOf < 0) {
            throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.required"));
        }
        return str.substring(indexOf + 1, indexOf2);
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    private byte[][] encrypt(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException {
        Cipher encryptionCipher = getEncryptionCipher();
        byte[] iv = encryptionCipher.getIV();
        return new byte[]{encryptionCipher.update(iv, 0, iv.length), encryptionCipher.doFinal(bArr)};
    }

    private byte[] decrypt(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException {
        return getDecryptionCipher().doFinal(bArr);
    }

    private static int getDec(int i) {
        try {
            return DEC[i - 48];
        } catch (ArrayIndexOutOfBoundsException e) {
            return -1;
        }
    }

    private static byte[] fromHexString(String str) {
        if (str == null) {
            return null;
        }
        if ((str.length() & 1) == 1) {
            throw new IllegalArgumentException(sm.getString("hexUtils.fromHex.oddDigits"));
        }
        char[] charArray = str.toCharArray();
        byte[] bArr = new byte[str.length() >> 1];
        for (int i = 0; i < bArr.length; i++) {
            int dec = getDec(charArray[2 * i]);
            int dec2 = getDec(charArray[(2 * i) + 1]);
            if (dec < 0 || dec2 < 0) {
                throw new IllegalArgumentException(sm.getString("hexUtils.fromHex.nonHex"));
            }
            bArr[i] = (byte) ((dec << 4) + dec2);
        }
        return bArr;
    }
}
