package org.openid4java.association;

import java.math.BigInteger;
import java.security.AlgorithmParameterGenerator;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHGenParameterSpec;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:org/openid4java/association/DiffieHellmanSession.class */
public class DiffieHellmanSession {
    private static Log _log = LogFactory.getLog((Class<?>) DiffieHellmanSession.class);
    private static final boolean DEBUG = _log.isDebugEnabled();
    public static final String DEFAULT_MODULUS_HEX = "DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB";
    public static final String DEFAULT_MODULUS_BASE64 = "ANz5OguIOXLsDhmYmsWizjEOHTdxfo2Vcbt2I3MYZuYe91ouJ4mLBX+YkcLiemOcPym2CBRYHNOyyjmG0mg3BVd9RcLn5S3IHHoXGHblzqdLFEi/368Ygo79JRnxTkXjgmY0rxlJ5bU1zIKaSDuKdiI+XUkKJX8Fvf8W8vsixYOr";
    public static final long DEFAULT_GENERATOR = 2;
    public static final String DEFAULT_GENERATOR_BASE64 = "Ag==";
    public static final String ALGORITHM = "DH";
    public static final String H_ALGORITHM_SHA1 = "SHA-1";
    public static final String H_ALGORITHM_SHA256 = "SHA-256";
    private AssociationSessionType _type;
    private DHParameterSpec _dhParameterSpec;
    private KeyPair _keyPair;
    private MessageDigest _hDigest;

    private DiffieHellmanSession(AssociationSessionType associationSessionType, DHParameterSpec dHParameterSpec) throws AssociationException {
        this._type = associationSessionType;
        this._dhParameterSpec = dHParameterSpec;
        this._keyPair = generateKeyPair(dHParameterSpec);
        try {
            this._hDigest = MessageDigest.getInstance(this._type.getHAlgorithm());
        } catch (NoSuchAlgorithmException e) {
            throw new AssociationException("Unsupported H algorithm: " + this._type.getHAlgorithm(), e);
        }
    }

    public String toString() {
        return this._type + " base: " + this._dhParameterSpec.getG() + " modulus: " + this._dhParameterSpec.getP();
    }

    public static DiffieHellmanSession create(AssociationSessionType associationSessionType, String str, String str2) throws AssociationException {
        return create(associationSessionType, new DHParameterSpec(new BigInteger(Base64.decodeBase64(str.getBytes())), new BigInteger(Base64.decodeBase64(str2.getBytes()))));
    }

    public static DiffieHellmanSession create(AssociationSessionType associationSessionType, DHParameterSpec dHParameterSpec) throws AssociationException {
        DiffieHellmanSession diffieHellmanSession = new DiffieHellmanSession(associationSessionType, dHParameterSpec);
        if (DEBUG) {
            _log.debug("Created DH session: " + diffieHellmanSession);
        }
        return diffieHellmanSession;
    }

    public static DHParameterSpec getDefaultParameter() {
        return new DHParameterSpec(new BigInteger(DEFAULT_MODULUS_HEX, 16), BigInteger.valueOf(2L));
    }

    public static DHParameterSpec generateRandomParameter(int i, int i2) {
        try {
            AlgorithmParameterGenerator algorithmParameterGenerator = AlgorithmParameterGenerator.getInstance(ALGORITHM);
            algorithmParameterGenerator.init(new DHGenParameterSpec(i, i2));
            DHParameterSpec dHParameterSpec = (DHParameterSpec) algorithmParameterGenerator.generateParameters().getParameterSpec(DHParameterSpec.class);
            if (DEBUG) {
                _log.debug("Generated random DHParameterSpec, base: " + dHParameterSpec.getG() + ", modulus: " + dHParameterSpec.getP());
            }
            return dHParameterSpec;
        } catch (GeneralSecurityException e) {
            _log.error("Cannot generate DH params for primeSize: " + i + " keySize: " + i2, e);
            return null;
        }
    }

    protected static KeyPair generateKeyPair(DHParameterSpec dHParameterSpec) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
            keyPairGenerator.initialize(dHParameterSpec);
            return keyPairGenerator.generateKeyPair();
        } catch (GeneralSecurityException e) {
            _log.error("Cannot generate key pair for DHParameterSpec, base: " + dHParameterSpec.getG() + ", modulus: " + dHParameterSpec.getP());
            return null;
        }
    }

    public AssociationSessionType getType() {
        return this._type;
    }

    public String getModulus() {
        return new String(Base64.encodeBase64(this._dhParameterSpec.getP().toByteArray()));
    }

    public String getGenerator() {
        return new String(Base64.encodeBase64(this._dhParameterSpec.getG().toByteArray()));
    }

    public String getPublicKey() {
        return publicKeyToString((DHPublicKey) this._keyPair.getPublic());
    }

    protected DHPrivateKey getPrivateKey() {
        return (DHPrivateKey) this._keyPair.getPrivate();
    }

    public String encryptMacKey(byte[] bArr, String str) throws AssociationException {
        byte[] digestedZZ = getDigestedZZ(str);
        if (digestedZZ.length != bArr.length) {
            throw new AssociationException("MAC key legth different from shared secret digest length!");
        }
        byte[] bArr2 = new byte[digestedZZ.length];
        for (int i = 0; i < digestedZZ.length; i++) {
            bArr2[i] = (byte) (digestedZZ[i] ^ bArr[i]);
        }
        String str2 = new String(Base64.encodeBase64(bArr2));
        if (DEBUG) {
            _log.debug("Encrypted MAC key Base64: " + str2);
        }
        return str2;
    }

    public byte[] decryptMacKey(String str, String str2) throws AssociationException {
        byte[] digestedZZ = getDigestedZZ(str2);
        byte[] decodeBase64 = Base64.decodeBase64(str.getBytes());
        if (digestedZZ.length != decodeBase64.length) {
            throw new AssociationException("Encrypted MAC key legth different from shared secret digest length!");
        }
        byte[] bArr = new byte[digestedZZ.length];
        for (int i = 0; i < digestedZZ.length; i++) {
            bArr[i] = (byte) (digestedZZ[i] ^ decodeBase64[i]);
        }
        if (DEBUG) {
            _log.debug("Decrypted MAC key Base64: " + new String(Base64.encodeBase64(bArr)));
        }
        return bArr;
    }

    protected static String publicKeyToString(DHPublicKey dHPublicKey) {
        return new String(Base64.encodeBase64(dHPublicKey.getY().toByteArray()));
    }

    protected DHPublicKey stringToPublicKey(String str) {
        try {
            return (DHPublicKey) KeyFactory.getInstance(ALGORITHM).generatePublic(new DHPublicKeySpec(new BigInteger(Base64.decodeBase64(str.getBytes())), this._dhParameterSpec.getP(), this._dhParameterSpec.getG()));
        } catch (GeneralSecurityException e) {
            _log.error("Cannot create PublicKey object from: " + str, e);
            return null;
        }
    }

    protected byte[] getDigestedZZ(String str) {
        DHPublicKey stringToPublicKey = stringToPublicKey(str);
        return this._hDigest.digest(stringToPublicKey.getY().modPow(getPrivateKey().getX(), this._dhParameterSpec.getP()).toByteArray());
    }

    private static boolean isDhSupported() {
        try {
            AlgorithmParameterGenerator.getInstance(ALGORITHM);
            KeyPairGenerator.getInstance(ALGORITHM);
            KeyFactory.getInstance(ALGORITHM);
            return true;
        } catch (NoSuchAlgorithmException e) {
            return false;
        }
    }

    public static boolean isDhSupported(AssociationSessionType associationSessionType) {
        String hAlgorithm = associationSessionType.getHAlgorithm();
        if (hAlgorithm == null) {
            return true;
        }
        return isDhShaSupported(hAlgorithm);
    }

    public static boolean isDhShaSupported(String str) {
        if (!isDhSupported()) {
            return false;
        }
        try {
            MessageDigest.getInstance(str);
            return true;
        } catch (NoSuchAlgorithmException e) {
            return false;
        }
    }

    public static boolean isDhSha1Supported() {
        return isDhShaSupported("SHA-1");
    }

    public static boolean isDhSha256Supported() {
        return isDhShaSupported("SHA-256");
    }
}
