package org.eclipse.milo.opcua.stack.core.channel;

import com.google.common.primitives.Bytes;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.DigestUtil;

/* loaded from: input_file:org/eclipse/milo/opcua/stack/core/channel/SecureChannel.class */
public interface SecureChannel {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.eclipse.milo.opcua.stack.core.channel.SecureChannel$1, reason: invalid class name */
    /* loaded from: input_file:org/eclipse/milo/opcua/stack/core/channel/SecureChannel$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy = new int[SecurityPolicy.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.None.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.Basic128Rsa15.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.Basic256.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.Basic256Sha256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.Aes128_Sha256_RsaOaep.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[SecurityPolicy.Aes256_Sha256_RsaPss.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm = new int[SecurityAlgorithm.values().length];
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.Aes128.ordinal()] = 1;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.Aes256.ordinal()] = 2;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.HmacSha1.ordinal()] = 3;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.HmacSha256.ordinal()] = 4;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.RsaSha1.ordinal()] = 5;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.RsaSha256.ordinal()] = 6;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.RsaSha256Pss.ordinal()] = 7;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.Rsa15.ordinal()] = 8;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.RsaOaepSha1.ordinal()] = 9;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[SecurityAlgorithm.RsaOaepSha256.ordinal()] = 10;
            } catch (NoSuchFieldError e16) {
            }
        }
    }

    KeyPair getKeyPair();

    X509Certificate getLocalCertificate();

    List<X509Certificate> getLocalCertificateChain();

    X509Certificate getRemoteCertificate();

    List<X509Certificate> getRemoteCertificateChain();

    SecurityPolicy getSecurityPolicy();

    MessageSecurityMode getMessageSecurityMode();

    long getChannelId();

    ChannelSecurity getChannelSecurity();

    ChannelSecurity.SecretKeys getEncryptionKeys(ChannelSecurity.SecurityKeys securityKeys);

    ChannelSecurity.SecretKeys getDecryptionKeys(ChannelSecurity.SecurityKeys securityKeys);

    ByteString getLocalNonce();

    ByteString getRemoteNonce();

    default ByteString getLocalCertificateBytes() throws UaException {
        try {
            return getLocalCertificate() != null ? ByteString.of(getLocalCertificate().getEncoded()) : ByteString.NULL_VALUE;
        } catch (CertificateEncodingException e) {
            throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
        }
    }

    default ByteString getLocalCertificateChainBytes() throws UaException {
        List<X509Certificate> localCertificateChain = getLocalCertificateChain();
        return localCertificateChain != null ? getCertificateChainBytes(localCertificateChain) : ByteString.NULL_VALUE;
    }

    default ByteString getLocalCertificateThumbprint() throws UaException {
        try {
            return getLocalCertificate() != null ? ByteString.of(DigestUtil.sha1(getLocalCertificate().getEncoded())) : ByteString.NULL_VALUE;
        } catch (CertificateEncodingException e) {
            throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
        }
    }

    default ByteString getRemoteCertificateBytes() throws UaException {
        try {
            return getRemoteCertificate() != null ? ByteString.of(getRemoteCertificate().getEncoded()) : ByteString.NULL_VALUE;
        } catch (CertificateEncodingException e) {
            throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
        }
    }

    default ByteString getRemoteCertificateChainBytes() throws UaException {
        List<X509Certificate> remoteCertificateChain = getRemoteCertificateChain();
        return remoteCertificateChain != null ? getCertificateChainBytes(remoteCertificateChain) : ByteString.NULL_VALUE;
    }

    default ByteString getRemoteCertificateThumbprint() throws UaException {
        try {
            return getRemoteCertificate() != null ? ByteString.of(DigestUtil.sha1(getRemoteCertificate().getEncoded())) : ByteString.NULL_VALUE;
        } catch (CertificateEncodingException e) {
            throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
        }
    }

    default int getLocalAsymmetricCipherTextBlockSize() {
        if (!isAsymmetricEncryptionEnabled()) {
            return 1;
        }
        return getAsymmetricCipherTextBlockSize(getLocalCertificate(), getSecurityPolicy().getAsymmetricEncryptionAlgorithm());
    }

    default int getRemoteAsymmetricCipherTextBlockSize() {
        if (!isAsymmetricEncryptionEnabled()) {
            return 1;
        }
        return getAsymmetricCipherTextBlockSize(getRemoteCertificate(), getSecurityPolicy().getAsymmetricEncryptionAlgorithm());
    }

    default int getLocalAsymmetricPlainTextBlockSize() {
        if (!isAsymmetricEncryptionEnabled()) {
            return 1;
        }
        return getAsymmetricPlainTextBlockSize(getLocalCertificate(), getSecurityPolicy().getAsymmetricEncryptionAlgorithm());
    }

    default int getRemoteAsymmetricPlainTextBlockSize() {
        if (!isAsymmetricEncryptionEnabled()) {
            return 1;
        }
        return getAsymmetricPlainTextBlockSize(getRemoteCertificate(), getSecurityPolicy().getAsymmetricEncryptionAlgorithm());
    }

    default int getLocalAsymmetricSignatureSize() {
        return getAsymmetricSignatureSize(getLocalCertificate(), getSecurityPolicy().getAsymmetricSignatureAlgorithm());
    }

    default int getRemoteAsymmetricSignatureSize() {
        return getAsymmetricSignatureSize(getRemoteCertificate(), getSecurityPolicy().getAsymmetricSignatureAlgorithm());
    }

    default boolean isAsymmetricSigningEnabled() {
        return (getSecurityPolicy() == SecurityPolicy.None || getLocalCertificate() == null) ? false : true;
    }

    default boolean isAsymmetricEncryptionEnabled() {
        return (getSecurityPolicy() == SecurityPolicy.None || getLocalCertificate() == null || getRemoteCertificate() == null) ? false : true;
    }

    default int getSymmetricBlockSize() {
        if (!isSymmetricEncryptionEnabled()) {
            return 1;
        }
        switch (AnonymousClass1.$SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[getSecurityPolicy().getSymmetricEncryptionAlgorithm().ordinal()]) {
            case 1:
            case CertificateUtil.SUBJECT_ALT_NAME_DNS_NAME /* 2 */:
                return 16;
            default:
                return 1;
        }
    }

    default int getSymmetricSignatureSize() {
        switch (getSecurityPolicy().getSymmetricSignatureAlgorithm()) {
            case HmacSha1:
                return 20;
            case HmacSha256:
                return 32;
            default:
                return 0;
        }
    }

    default int getSymmetricSignatureKeySize() {
        switch (AnonymousClass1.$SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[getSecurityPolicy().ordinal()]) {
            case 1:
                return 0;
            case CertificateUtil.SUBJECT_ALT_NAME_DNS_NAME /* 2 */:
                return 16;
            case 3:
                return 24;
            case 4:
            case 5:
            case CertificateUtil.SUBJECT_ALT_NAME_URI /* 6 */:
                return 32;
            default:
                return 0;
        }
    }

    default int getSymmetricEncryptionKeySize() {
        switch (AnonymousClass1.$SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityPolicy[getSecurityPolicy().ordinal()]) {
            case 1:
                return 0;
            case CertificateUtil.SUBJECT_ALT_NAME_DNS_NAME /* 2 */:
            case 5:
                return 16;
            case 3:
            case 4:
            case CertificateUtil.SUBJECT_ALT_NAME_URI /* 6 */:
                return 32;
            default:
                return 0;
        }
    }

    default boolean isSymmetricSigningEnabled() {
        return (getLocalCertificate() == null || getSecurityPolicy() == SecurityPolicy.None || (getMessageSecurityMode() != MessageSecurityMode.Sign && getMessageSecurityMode() != MessageSecurityMode.SignAndEncrypt)) ? false : true;
    }

    default boolean isSymmetricEncryptionEnabled() {
        return (getRemoteCertificate() == null || getSecurityPolicy() == SecurityPolicy.None || getMessageSecurityMode() != MessageSecurityMode.SignAndEncrypt) ? false : true;
    }

    static int getAsymmetricKeyLength(Certificate certificate) {
        PublicKey publicKey = certificate != null ? certificate.getPublicKey() : null;
        if (publicKey instanceof RSAPublicKey) {
            return ((RSAPublicKey) publicKey).getModulus().bitLength();
        }
        return 0;
    }

    static int getAsymmetricSignatureSize(Certificate certificate, SecurityAlgorithm securityAlgorithm) {
        switch (AnonymousClass1.$SwitchMap$org$eclipse$milo$opcua$stack$core$security$SecurityAlgorithm[securityAlgorithm.ordinal()]) {
            case 5:
            case CertificateUtil.SUBJECT_ALT_NAME_URI /* 6 */:
            case CertificateUtil.SUBJECT_ALT_NAME_IP_ADDRESS /* 7 */:
                return (getAsymmetricKeyLength(certificate) + 7) / 8;
            default:
                return 0;
        }
    }

    static int getAsymmetricCipherTextBlockSize(Certificate certificate, SecurityAlgorithm securityAlgorithm) {
        switch (securityAlgorithm) {
            case Rsa15:
            case RsaOaepSha1:
            case RsaOaepSha256:
                return (getAsymmetricKeyLength(certificate) + 7) / 8;
            default:
                return 1;
        }
    }

    static int getAsymmetricPlainTextBlockSize(X509Certificate x509Certificate, SecurityAlgorithm securityAlgorithm) {
        switch (securityAlgorithm) {
            case Rsa15:
                return ((getAsymmetricKeyLength(x509Certificate) + 7) / 8) - 11;
            case RsaOaepSha1:
                return ((getAsymmetricKeyLength(x509Certificate) + 7) / 8) - 42;
            case RsaOaepSha256:
                return ((getAsymmetricKeyLength(x509Certificate) + 7) / 8) - 66;
            default:
                return 1;
        }
    }

    static ByteString getCertificateChainBytes(List<X509Certificate> list) throws UaException {
        ArrayList arrayList = new ArrayList(list.size());
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(it.next().getEncoded());
            } catch (CertificateEncodingException e) {
                throw new UaException(StatusCodes.Bad_CertificateInvalid, e);
            }
        }
        return ByteString.of((byte[]) arrayList.stream().reduce(new byte[0], (bArr, bArr2) -> {
            return Bytes.concat((byte[][]) new byte[]{bArr, bArr2});
        }));
    }
}
