package xsul.secconv.pki;

import java.net.URI;
import java.net.URISyntaxException;
import java.rmi.RemoteException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.xmlpull.v1.builder.adapter.XmlElementAdapter;
import sun.misc.BASE64Encoder;
import xsul.MLogger;
import xsul.secconv.SCConstants;
import xsul.secconv.SCUtil;
import xsul.secconv.ServerNegotiator;
import xsul.secconv.token.RequestSecurityTokenResponseType;
import xsul.secconv.token.RequestSecurityTokenType;
import xsul.secconv.token.SecurityContextTokenType;
import xsul.secconv.token.pki.ClientInitTokenType;
import xsul.secconv.token.pki.ServerResponseTokenType;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.7.jar:xsul/secconv/pki/RSAServerNegotiator.class */
public abstract class RSAServerNegotiator implements ServerNegotiator {
    private static final MLogger logger = MLogger.getLogger();
    private static BASE64Encoder encoder = new BASE64Encoder();
    protected PublicKey clPubkey;
    protected String contextId;
    protected SecurityContextTokenType contextToken;
    private Key sessionKey = null;
    protected PrivateKey prikey = null;
    protected PublicKey pubkey = null;
    private byte[] secret = new byte[20];
    private SecureRandom secrand = null;

    public void setContextId(String str) {
        this.contextId = str;
    }

    public String getContextId() {
        return this.contextId;
    }

    @Override // xsul.secconv.ServerNegotiator
    public Key getSessionKey() throws RemoteException {
        return new SecretKeySpec(this.secret, "HmacMD5");
    }

    @Override // xsul.secconv.ServerNegotiator
    public Object processRequest(RequestSecurityTokenType requestSecurityTokenType) throws RemoteException {
        ServerResponseTokenType serverResponseTokenType = new ServerResponseTokenType();
        String claims = requestSecurityTokenType.getClaims();
        if (!claims.equals("HELLO")) {
            throw new RemoteException("claim is not understandable: " + claims);
        }
        try {
            getClientPublicKey(((ClientInitTokenType) XmlElementAdapter.castOrWrap(requestSecurityTokenType.getClientInitToken(), ClientInitTokenType.class)).getPublicKey());
            if (this.pubkey == null) {
                try {
                    init();
                } catch (Exception e) {
                    throw new RemoteException("RSAServer initialization failed", e);
                }
            }
            if (this.pubkey == null) {
                throw new RemoteException("public key null");
            }
            try {
                generateSecret();
                if (this.secret == null) {
                    throw new RemoteException("secret key null");
                }
                try {
                    byte[] encryptSecret = encryptSecret();
                    loadCertificate(serverResponseTokenType);
                    serverResponseTokenType.setSecret(encryptSecret);
                    return createRSTR(serverResponseTokenType, requestSecurityTokenType);
                } catch (Exception e2) {
                    throw new RemoteException("", e2);
                }
            } catch (Exception e3) {
                throw new RemoteException("", e3);
            }
        } catch (Exception e4) {
            throw new RemoteException("cannot get client public key", e4);
        }
    }

    protected void getClientPublicKey(byte[] bArr) throws Exception {
        logger.finest("client pub key: " + encoder.encode(bArr));
        try {
            this.clPubkey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new RemoteException("no such algo", e);
        } catch (InvalidKeySpecException e2) {
            throw new RemoteException("invliad key spec", e2);
        }
    }

    protected void loadCertificate(ServerResponseTokenType serverResponseTokenType) throws Exception {
        serverResponseTokenType.setPublicKey(this.pubkey.getEncoded());
    }

    @Override // xsul.secconv.ServerNegotiator
    public Object processRequest(RequestSecurityTokenResponseType requestSecurityTokenResponseType) throws RemoteException {
        return null;
    }

    protected abstract void init() throws Exception;

    private RequestSecurityTokenResponseType createRSTR(ServerResponseTokenType serverResponseTokenType, RequestSecurityTokenType requestSecurityTokenType) throws RemoteException {
        RequestSecurityTokenResponseType requestSecurityTokenResponseType = new RequestSecurityTokenResponseType();
        try {
            requestSecurityTokenResponseType.setTokenType(new URI(SCConstants.AUTHA_TOKEN));
            requestSecurityTokenResponseType.setRequestType(new URI(SCConstants.REQUEST_TYPE_ISSUE));
        } catch (URISyntaxException e) {
        }
        requestSecurityTokenResponseType.setServerResponseToken(serverResponseTokenType);
        String createContextId = SCUtil.createContextId(requestSecurityTokenType.hashCode());
        try {
            SCUtil.saveSessionKey(createContextId, getSessionKey(), true);
            requestSecurityTokenResponseType.setRequestedSecurityToken(SCUtil.createNewContextResource(createContextId));
            return requestSecurityTokenResponseType;
        } catch (Exception e2) {
            throw new RemoteException("failed to save session key", e2);
        }
    }

    private void generateSecret() throws Exception {
        this.secrand = SecureRandom.getInstance("SHA1PRNG", "SUN");
        this.secrand.setSeed("i am a seed".getBytes());
        this.secrand.nextBytes(this.secret);
        logger.finest("secret: " + encoder.encode(this.secret));
    }

    private byte[] encryptSecret() throws NoSuchPaddingException, IllegalStateException, InvalidKeyException, NoSuchAlgorithmException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, NoSuchPaddingException, NoSuchAlgorithmException {
        Cipher cipher = Cipher.getInstance("RSA", "BC");
        Cipher cipher2 = Cipher.getInstance("RSA", "BC");
        cipher.init(1, this.prikey);
        cipher2.init(1, this.clPubkey);
        byte[] doFinal = cipher.doFinal(this.secret);
        int length = doFinal.length / 4;
        logger.finest("elen: " + length + " client pubkey len: " + (this.clPubkey.getEncoded().length * 8) + " private key len: " + (this.prikey.getEncoded().length * 8));
        logger.finest("done enc2");
        byte[][] bArr = new byte[4][length];
        int i = 0;
        for (int i2 = 0; i2 < 4; i2++) {
            bArr[i2] = cipher2.doFinal(doFinal, length * i2, length);
            i += bArr[i2].length;
        }
        byte[] bArr2 = new byte[i];
        int i3 = 0;
        for (int i4 = 0; i4 < 4; i4++) {
            System.arraycopy(bArr[i4], 0, bArr2, i3, bArr[i4].length);
            i3 += bArr[i4].length;
        }
        return bArr2;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
