package com.tangosol.net.security;

import com.tangosol.io.WrapperInputStream;
import com.tangosol.io.WrapperOutputStream;
import com.tangosol.net.Member;
import com.tangosol.net.internal.ProtocolAwareStream;
import com.tangosol.run.xml.XmlElement;
import com.tangosol.util.Base;
import com.tangosol.util.ExternalizableHelper;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Map;
import java.util.WeakHashMap;
import javax.crypto.Cipher;

/* loaded from: input_file:lib/tangosol.jar:com/tangosol/net/security/AsymmetricEncryptionFilter.class */
public class AsymmetricEncryptionFilter extends AbstractEncryptionFilter {
    protected Key m_keyPrivate;
    protected Certificate m_certificateLocal;
    protected KeyStore m_keystore;
    protected Map m_mapMemberCertificate = Collections.synchronizedMap(new WeakHashMap());
    public static final String DEFAULT_TRANSFORMATION = "RSA/NONE/PKCS1Padding";

    /* loaded from: input_file:lib/tangosol.jar:com/tangosol/net/security/AsymmetricEncryptionFilter$IdentityInputStream.class */
    public class IdentityInputStream extends WrapperInputStream implements ProtocolAwareStream {
        protected InputStream m_streamInner;
        protected ProtocolAwareStream.ProtocolContext m_context;
        protected Certificate m_certificate;
        private final AsymmetricEncryptionFilter this$0;

        public IdentityInputStream(AsymmetricEncryptionFilter asymmetricEncryptionFilter, InputStream inputStream) {
            this.this$0 = asymmetricEncryptionFilter;
            this.m_streamInner = inputStream;
        }

        @Override // com.tangosol.net.internal.ProtocolAwareStream
        public void setProtocolContext(ProtocolAwareStream.ProtocolContext protocolContext) {
            this.m_context = protocolContext;
            try {
                Certificate readIdentity = readIdentity();
                this.m_certificate = readIdentity;
                this.this$0.validate(readIdentity);
                PublicKey publicKey = readIdentity.getPublicKey();
                Cipher cipher = this.this$0.getCipher(2, publicKey);
                cipher.init(2, publicKey);
                setInputStream(new BlockCipherInputStream(this.m_streamInner, cipher));
            } catch (Exception e) {
                throw Base.ensureRuntimeException(e);
            }
        }

        protected Certificate readIdentity() {
            try {
                InputStream inputStream = this.m_streamInner;
                if (!(inputStream instanceof DataInputStream)) {
                    DataInputStream dataInputStream = new DataInputStream(inputStream);
                    inputStream = dataInputStream;
                    this.m_streamInner = dataInputStream;
                }
                return CertificateFactory.getInstance(ExternalizableHelper.readUTF((DataInputStream) inputStream)).generateCertificate(new ByteArrayInputStream(ExternalizableHelper.readByteArray((DataInputStream) inputStream)));
            } catch (Exception e) {
                throw AbstractEncryptionFilter.ensureSecurityException(e, "error reading identity from stream");
            }
        }

        @Override // com.tangosol.io.WrapperInputStream, java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable, com.tangosol.io.InputStreaming, com.tangosol.io.ReadBuffer.BufferInput
        public void close() throws IOException {
            try {
                this.this$0.setCertificate(this.m_context.getFromMember(), this.m_certificate);
                super.close();
            } catch (Throwable th) {
                super.close();
                throw th;
            }
        }
    }

    /* loaded from: input_file:lib/tangosol.jar:com/tangosol/net/security/AsymmetricEncryptionFilter$IdentityOutputStream.class */
    public class IdentityOutputStream extends WrapperOutputStream implements ProtocolAwareStream {
        protected OutputStream m_streamInner;
        private final AsymmetricEncryptionFilter this$0;

        public IdentityOutputStream(AsymmetricEncryptionFilter asymmetricEncryptionFilter, OutputStream outputStream) {
            this.this$0 = asymmetricEncryptionFilter;
            this.m_streamInner = outputStream;
        }

        @Override // com.tangosol.net.internal.ProtocolAwareStream
        public void setProtocolContext(ProtocolAwareStream.ProtocolContext protocolContext) {
            try {
                writeIdentity();
                setOutputStream(new BlockCipherOutputStream(this.m_streamInner, this.this$0.getCipher(1, this.this$0.getPrivateKey())));
            } catch (Exception e) {
                throw Base.ensureRuntimeException(e);
            }
        }

        protected void writeIdentity() {
            try {
                OutputStream outputStream = this.m_streamInner;
                if (!(outputStream instanceof DataOutputStream)) {
                    DataOutputStream dataOutputStream = new DataOutputStream(outputStream);
                    outputStream = dataOutputStream;
                    this.m_streamInner = dataOutputStream;
                }
                Certificate certificateLocal = this.this$0.getCertificateLocal();
                ExternalizableHelper.writeUTF((DataOutputStream) outputStream, certificateLocal.getType());
                ExternalizableHelper.writeByteArray((DataOutputStream) outputStream, certificateLocal.getEncoded());
            } catch (Exception e) {
                throw Base.ensureRuntimeException(e);
            }
        }
    }

    @Override // com.tangosol.io.WrapperStreamFactory
    public InputStream getInputStream(InputStream inputStream) {
        return new IdentityInputStream(this, inputStream);
    }

    @Override // com.tangosol.io.WrapperStreamFactory
    public OutputStream getOutputStream(OutputStream outputStream) {
        return new IdentityOutputStream(this, outputStream);
    }

    @Override // com.tangosol.run.xml.XmlConfigurable
    public void setConfig(XmlElement xmlElement) {
        String string = xmlElement.getSafeElement("keyAlias").getString();
        String string2 = xmlElement.getSafeElement("keyPassword").getString();
        String string3 = xmlElement.getSafeElement("storeType").getString(AbstractEncryptionFilter.DEFAULT_KEYSTORE_TYPE);
        String string4 = xmlElement.getSafeElement("store").getString(AbstractEncryptionFilter.DEFAULT_KEYSTORE_PATH);
        String string5 = xmlElement.getSafeElement("storePassword").getString(string2);
        String string6 = xmlElement.getSafeElement("transformation").getString(DEFAULT_TRANSFORMATION);
        if (string.length() == 0) {
            throw new IllegalArgumentException("keyAlias required");
        }
        if (string2.length() == 0) {
            throw new IllegalArgumentException("keyPassword required");
        }
        char[] cArr = new char[string2.length()];
        string2.getChars(0, cArr.length, cArr, 0);
        char[] cArr2 = new char[string5.length()];
        string5.getChars(0, cArr2.length, cArr2, 0);
        try {
            KeyStore keyStore = getKeyStore(string3, string4, cArr2);
            Key key = keyStore.getKey(string, cArr);
            if (key == null) {
                throw new IllegalArgumentException("private key not found");
            }
            setPrivateKey(key);
            Certificate certificate = keyStore.getCertificate(string);
            if (certificate == null) {
                throw new IllegalArgumentException("certificate not found");
            }
            setCertificateLocal(certificate);
            setKeyStore(keyStore);
            setCipherTransformation(string6);
        } catch (Exception e) {
            throw ensureRuntimeException(e, new StringBuffer().append("Error reading ").append(string).append(" from keystore: ").append(string4).toString());
        }
    }

    protected Certificate getCertificate(Member member) {
        return (Certificate) this.m_mapMemberCertificate.get(member);
    }

    protected void setCertificate(Member member, Certificate certificate) {
        this.m_mapMemberCertificate.put(member, certificate);
    }

    protected void validate(Certificate certificate) {
        try {
            if (getKeyStore().getCertificateAlias(certificate) == null) {
                throw new SecurityException(new StringBuffer().append("unknown peer certificate: ").append(certificate).toString());
            }
            if (certificate instanceof X509Certificate) {
                try {
                    ((X509Certificate) certificate).checkValidity();
                } catch (Exception e) {
                    throw ensureSecurityException(e);
                }
            }
        } catch (Exception e2) {
            throw ensureRuntimeException(e2);
        }
    }

    public byte[] encryptPrivate(byte[] bArr, Member member) {
        Certificate certificate = getCertificate(member);
        if (certificate == null) {
            throw new SecurityException(new StringBuffer().append("No certificate for member ").append(member).toString());
        }
        try {
            return makeCipher(1, certificate.getPublicKey()).doFinal(bArr);
        } catch (Exception e) {
            throw ensureRuntimeException(e);
        }
    }

    public byte[] decryptPrivate(byte[] bArr) {
        try {
            return makeCipher(2, getPrivateKey()).doFinal(bArr);
        } catch (Exception e) {
            throw ensureRuntimeException(e);
        }
    }

    protected void setPrivateKey(Key key) {
        this.m_keyPrivate = key;
    }

    protected Key getPrivateKey() {
        return this.m_keyPrivate;
    }

    protected void setCertificateLocal(Certificate certificate) {
        this.m_certificateLocal = certificate;
    }

    protected Certificate getCertificateLocal() {
        return this.m_certificateLocal;
    }

    protected void setKeyStore(KeyStore keyStore) {
        this.m_keystore = keyStore;
    }

    protected KeyStore getKeyStore() {
        return this.m_keystore;
    }
}
